CVE-2011-5331 (Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval. ...) NOT-FOR-US: Distributed Ruby CVE-2011-5330 (Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls. ...) NOT-FOR-US: Distributed Ruby CVE-2011-5329 (The redirection plugin before 2.2.9 for WordPress has XSS in the admin ...) NOT-FOR-US: redirection plugin for WordPress CVE-2011-5328 (The user-access-manager plugin before 1.2 for WordPress has CSRF. ...) NOT-FOR-US: Wordpress plugin CVE-2011-5327 (In the Linux kernel before 3.1, an off by one in the drivers/target/lo ...) - linux (Fixed before src:linux-2.6 -> src:linux rename) NOTE: https://git.kernel.org/linus/12f09ccb4612734a53e47ed5302e0479c10a50f8 CVE-2011-5326 (imlib2 before 1.4.9 allows remote attackers to cause a denial of servi ...) {DSA-3555-1} - imlib2 1.4.8-1 (bug #639414) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c94d83ccab15d5ef02f88d42dce38ed3f0892882 NOTE: https://www.openwall.com/lists/oss-security/2016/04/10/5 CVE-2011-5325 (Directory traversal vulnerability in the BusyBox implementation of tar ...) {DLA-2559-1 DLA-1445-1} - busybox 1:1.27.2-1 (bug #802702) [wheezy] - busybox (Minor issue) [squeeze] - busybox (Minor issue) CVE-2011-5324 (The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7. ...) NOT-FOR-US: GE Healthcare Centricity PACS-IW CVE-2011-5323 (GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other ...) NOT-FOR-US: GE Healthcare Centricity PACS-IW CVE-2011-5322 (GE Healthcare Centricity Analytics Server 1.1 has a default password o ...) NOT-FOR-US: GE Healthcare Centricity Analytics Server CVE-2011-5321 (The tty_open function in drivers/tty/tty_io.c in the Linux kernel befo ...) {DLA-246-1} - linux 3.2.20-1 - linux-2.6 3.2.1-1 NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c290f8358acaeffd8e0c551ddcc24d1206143376 (v3.2-rc1) NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a2b5fddd53b80efcb3266ee36e23b8de28e761a (v2.6.28-rc1) NOTE: 3.2.20-1 is the first version after the src:linux-2.6 -> src:linux rename. CVE-2011-5319 (content/renderer/device_sensors/device_motion_event_pump.cc in Google ...) - chromium-browser 41.0.2272.76-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2011-5320 (scanf and related functions in glibc before 2.15 allow local users to ...) {DLA-165-1} - glibc 2.15 - eglibc 2.13-25 (bug #553206) NOTE: 2.15 ist the first version recieving the fix, mark with upstream version which should NOTE: be handled correctly then by the tracker. NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=13138 NOTE: https://www.openwall.com/lists/oss-security/2015/02/26/2 NOTE: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0 NOTE: CVE assigned specific to the https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4 issue CVE-2011-5318 (Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.C ...) NOT-FOR-US: diafan.CMS CVE-2011-5317 (Cross-site scripting (XSS) vulnerability in editText.php in WonderCMS ...) NOT-FOR-US: WonderCMS CVE-2011-5316 (Cross-site request forgery (CSRF) vulnerability in admin/index.php in ...) NOT-FOR-US: Cambio CVE-2011-5315 (Cross-site request forgery (CSRF) vulnerability in admin/index.php in ...) NOT-FOR-US: whCMS CVE-2011-5314 (templates/default/index.php in Redaxscript 0.3.2 allows remote attacke ...) NOT-FOR-US: Redaxscript CVE-2011-5313 (Multiple SQL injection vulnerabilities in includes/password.php in Red ...) NOT-FOR-US: Redaxscript CVE-2011-5312 (Multiple cross-site scripting (XSS) vulnerabilities in Gollos 2.8 allo ...) NOT-FOR-US: Gollos CVE-2011-5311 (Cross-site request forgery (CSRF) vulnerability in pages.php in Wikipa ...) NOT-FOR-US: Wikipad CVE-2011-5310 (Directory traversal vulnerability in pages.php in Wikipad 1.6.0 allows ...) NOT-FOR-US: Wikipad CVE-2011-5309 (Cross-site scripting (XSS) vulnerability in pages.php in Wikipad 1.6.0 ...) NOT-FOR-US: Wikipad CVE-2011-5308 (Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnv ...) NOT-FOR-US: cdnvote plugin for WordPress CVE-2011-5307 (Cross-site scripting (XSS) vulnerability in index.php in the PhotoSmas ...) NOT-FOR-US: PhotoSmash plugin for WordPress CVE-2011-5306 (Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/setup ...) NOT-FOR-US: CosmoShop ePRO CVE-2011-5305 (Multiple cross-site scripting (XSS) vulnerabilities in CosmoShop ePRO ...) NOT-FOR-US: CosmoShop ePRO CVE-2011-5304 (Multiple cross-site scripting (XSS) vulnerabilities in the Sodahead Po ...) NOT-FOR-US: Sodahead Polls plugin for WordPress CVE-2011-5303 (Cross-site scripting (XSS) vulnerability in Spitfire CMS 1.0.436 allow ...) NOT-FOR-US: Spitfire CMS CVE-2011-5302 (Cross-site request forgery (CSRF) vulnerability in adm/admin_edit.php ...) NOT-FOR-US: PHPDug CVE-2011-5301 (Multiple cross-site scripting (XSS) vulnerabilities in PHPDug 2.0.0 al ...) NOT-FOR-US: PHPDug CVE-2011-5300 (Cross-site request forgery (CSRF) vulnerability in admin/setup/config/ ...) NOT-FOR-US: poMMo Aardvark CVE-2011-5299 (Multiple cross-site scripting (XSS) vulnerabilities in poMMo Aardvark ...) NOT-FOR-US: poMMo Aardvark CVE-2011-5298 (Multiple cross-site request forgery (CSRF) vulnerabilities in Argyle S ...) NOT-FOR-US: Argyle Social CVE-2011-5297 (Multiple cross-site scripting (XSS) vulnerabilities in TTChat 1.0.4 al ...) NOT-FOR-US: TTChat CVE-2011-5296 (Cross-site scripting (XSS) vulnerability in profilo.php in Happy Chat ...) NOT-FOR-US: Happy Chat CVE-2011-5295 (Buffer overflow in the Download method in a certain ActiveX control in ...) NOT-FOR-US: Gogago YouTube Video Converter CVE-2011-5294 (The SaveMessage method in the LEADeMail.LEADSmtp.20 ActiveX control in ...) NOT-FOR-US: Kofax e-Transactions Sender Sendbox CVE-2011-5293 (The cmdSave method in the ThreeDify.ThreeDifyDesigner.1 ActiveX contro ...) NOT-FOR-US: ThreeDify Designer CVE-2011-5292 (The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FT ...) NOT-FOR-US: Easewe FTP OCX CVE-2011-5291 (The SaveData method in the Cygnicon.ViewControl.1 ActiveX control in C ...) NOT-FOR-US: Ashampoo 3D CAD Professional CVE-2011-5290 (The SaveToFile method in the UniBasicPack.UniTextBox ActiveX control i ...) NOT-FOR-US: IDrive Online Backup CVE-2011-5289 (The SaveDecrypted method in the ChilkatCrypt2.ChilkatOmaDrm.1 ActiveX ...) NOT-FOR-US: aTube Catcher CVE-2011-5288 (Multiple buffer overflows in the ThreeDify.ThreeDifyDesigner.1 ActiveX ...) NOT-FOR-US: ThreeDify Designer CVE-2011-5287 (Multiple cross-site scripting (XSS) vulnerabilities in HESK before 2.4 ...) NOT-FOR-US: HESK CVE-2011-5286 (SQL injection vulnerability in social-slider-2/ajax.php in the Social ...) NOT-FOR-US: Social Slider plugin for WordPress CVE-2011-5285 (Multiple cross-site scripting (XSS) vulnerabilities in BugFree 2.1.3 a ...) NOT-FOR-US: BugFree CVE-2011-5284 (Cross-site request forgery (CSRF) vulnerability in the web management ...) NOT-FOR-US: Smoothwall CVE-2011-5283 (Cross-site scripting (XSS) vulnerability in the web management interfa ...) NOT-FOR-US: Smoothwall CVE-2011-5282 (mIRC prior to 7.22 has a message leak because chopping of outbound mes ...) NOT-FOR-US: mIRC CVE-2011-5374 RESERVED CVE-2011-5281 RESERVED CVE-2011-5280 (Multiple stack-based buffer overflows in BOINC 6.13.x allow remote att ...) - boinc 7.0.2+dfsg-1 (low) [squeeze] - boinc (Minor issue) CVE-2011-5279 (CRLF injection vulnerability in the CGI implementation in Microsoft In ...) NOT-FOR-US: Microsoft IIS CVE-2011-5278 (SQL injection vulnerability in signature.php in Advanced Forum Signatu ...) NOT-FOR-US: MyBB plugin Advanced Forum Signatures CVE-2011-5277 (Multiple SQL injection vulnerabilities in signature.php in the Advance ...) NOT-FOR-US: MyBB plugin Advanced Forum Signatures CVE-2011-5276 (SQL injection vulnerability in the drawAdminTools_PackageInstaller fun ...) - dtc 0.34.1-1 CVE-2011-5275 (The install script in Domain Technologie Control (DTC) before 0.34.1 g ...) - dtc 0.34.1-1 CVE-2011-5274 (The drawAdminTools_PackageInstaller function in shared/inc/forms/packa ...) - dtc 0.34.1-1 CVE-2011-5273 (Directory traversal vulnerability in shared/package-installer in Domai ...) - dtc 0.34.1-1 CVE-2011-5272 (SQL injection vulnerability in Domain Technologie Control (DTC) before ...) - dtc 0.34.1-1 CVE-2011-5271 (Pacemaker before 1.1.6 configure script creates temporary files insecu ...) - pacemaker 1.1.6-1 (unimportant; bug #633964) NOTE: https://github.com/ClusterLabs/pacemaker/commit/23ad834 NOTE: Only exploitable at build time CVE-2011-5270 (wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the ...) - wordpress 3.2.1+dfsg-1 CVE-2011-5269 (Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3 ...) NOT-FOR-US: ProjectForge CVE-2011-5268 (connection.c in Bip before 0.8.9 does not properly close sockets, whic ...) - bip 0.8.9-1 [squeeze] - bip (Minor issue) [wheezy] - bip (Minor issue) NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: https://www.openwall.com/lists/oss-security/2014/01/02/9 CVE-2011-5267 (Multiple cross-site scripting (XSS) vulnerabilities in spell-check-sav ...) NOT-FOR-US: SpellChecker module in Xinha CVE-2011-5266 (Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2 ...) NOT-FOR-US: Imperva SecureSphere Web Application Firewall (WAF) CVE-2011-5265 (Cross-site scripting (XSS) vulnerability in cached_image.php in the Fe ...) NOT-FOR-US: Wordpress plugin CVE-2011-5264 (Cross-site scripting (XSS) vulnerability in lazyest-backup.php in the ...) NOT-FOR-US: Wordpress plugin CVE-2011-5263 (Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SA ...) NOT-FOR-US: SAP NetWeaver CVE-2011-5262 (SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allo ...) NOT-FOR-US: SonicWALL Aventail CVE-2011-5261 (Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis M ...) NOT-FOR-US: Axis M10 Series Network Cameras CVE-2011-5260 (Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP ...) NOT-FOR-US: NetWeaver CVE-2011-5259 (SQL injection vulnerability in lib/controllers/CentralController.php i ...) NOT-FOR-US: OrangehRM CVE-2011-5258 (Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM befor ...) NOT-FOR-US: OrangehRM CVE-2011-5257 (Multiple cross-site scripting (XSS) vulnerabilities in the Classipress ...) NOT-FOR-US: WordPress theme CVE-2011-5256 (Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey ...) - limesurvey (bug #472802) CVE-2011-5255 (Multiple cross-site scripting (XSS) vulnerabilities in admin/login in ...) NOT-FOR-US: X3 CMS CVE-2011-5254 (Unspecified vulnerability in the Connections plugin before 0.7.1.6 for ...) NOT-FOR-US: Connections plugin for WordPress CVE-2011-5253 (Dl Download Ticket Service 0.3 through 0.9 allows remote attackers to ...) NOT-FOR-US: Dl Download Ticket Service CVE-2011-5252 (Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x b ...) NOT-FOR-US: Orchard CVE-2011-5251 (Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and ...) NOT-FOR-US: vBulletin CVE-2011-5250 (Snare for Linux before 1.7.0 has CSRF in the web interface. ...) NOT-FOR-US: Snare for Linux CVE-2011-5249 (Cross-site scripting (XSS) vulnerability in the events page in the Sys ...) NOT-FOR-US: SNARE CVE-2011-5248 RESERVED CVE-2011-5247 (Snare for Linux before 1.7.0 has password disclosure because the rende ...) NOT-FOR-US: Snare for Linux CVE-2011-5246 RESERVED CVE-2011-5373 REJECTED CVE-2011-5372 REJECTED CVE-2011-5371 REJECTED CVE-2011-5370 REJECTED CVE-2011-5245 (The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEas ...) NOT-FOR-US: RESTEasy framework for JBoss CVE-2011-5244 (Multiple off-by-one errors in the (1) token and (2) linetoken function ...) {DSA-2357-1} - evince 2.32.0-1 [squeeze] - evince 2.30.3-2+squeeze1 NOTE: This issue was already fixed in DSA-2357-1 by shipping the correct fix from the start CVE-2011-5243 (TwitterOAuth does not verify that the server hostname matches a domain ...) NOT-FOR-US: TwitterOAuth CVE-2011-5242 (tmhOAuth before 0.61 does not verify that the server hostname matches ...) NOT-FOR-US: tmhOAuth CVE-2011-5241 (Services_Twitter 0.6.3 does not verify that the server hostname matche ...) NOT-FOR-US: PEAR module for Twitter CVE-2011-5240 (Magento 1.5 and 1.6.2 does not verify that the server hostname matches ...) NOT-FOR-US: Magento CVE-2011-5239 (CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname match ...) - civicrm (Fixed before initial upload to the archive) CVE-2011-5238 (google-checkout-php-sample-code before 1.3.2 does not verify that the ...) NOT-FOR-US: google-checkout-php-sample-code CVE-2011-5237 (PayPal WPS ToolKit does not verify that the server hostname matches a ...) NOT-FOR-US: PayPal WPS ToolKit CVE-2011-5236 (Moneris eSelectPlus 2.03 PHP API does not verify that the server hostn ...) NOT-FOR-US: Moneris eSelectPlus 2.03 PHP API CVE-2011-5235 (SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote ...) NOT-FOR-US: mnoGoSearch CVE-2011-5234 (SQL injection vulnerability in user.php in Social Network Community 2 ...) NOT-FOR-US: Social Network Community CVE-2011-5233 (Heap-based buffer overflow in IrfanView before 4.32 allows remote atta ...) NOT-FOR-US: IrfanView CVE-2011-5232 REJECTED CVE-2011-5231 REJECTED CVE-2011-5230 (Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass ...) NOT-FOR-US: Seotoaster CVE-2011-5229 (SQL injection vulnerability in quickstart/profile/index.php in the For ...) NOT-FOR-US: appRain CMF CVE-2011-5228 (Cross-site scripting (XSS) vulnerability in the Search module (quickst ...) NOT-FOR-US: appRain CMF CVE-2011-5227 (Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in E ...) NOT-FOR-US: Enterasys Network Management Suite CVE-2011-5226 (Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel. ...) NOT-FOR-US: WordPress plugin Sentinel CVE-2011-5225 (Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in ...) NOT-FOR-US: WordPress plugin Sentinel CVE-2011-5224 (SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress ...) NOT-FOR-US: WordPress plugin Sentinel CVE-2011-5223 (Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti ...) - cacti 0.8.7i-1 (low) [squeeze] - cacti 0.8.7g-1+squeeze4 CVE-2011-5222 (SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and ...) NOT-FOR-US: PHP Flirt-Projekt CVE-2011-5221 (Cross-site scripting (XSS) vulnerability in the getLog function in svn ...) - websvn 2.3.1-1 CVE-2011-5220 (Cross-site scripting (XSS) vulnerability in templates/default/Admin/Lo ...) NOT-FOR-US: PHP-SCMS CVE-2011-5219 (Directory traversal vulnerability in examples/show_code.php in mPDF 5. ...) NOT-FOR-US: mPDF CVE-2011-5218 (SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows ...) NOT-FOR-US: DotA OpenStats CVE-2011-5217 (Directory traversal vulnerability in the PXE Mtftp service in Hitachi ...) NOT-FOR-US: Hitachi JP1/ServerConductor/DeploymentManager CVE-2011-5216 (SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress p ...) NOT-FOR-US: WordPress plugin SCORM Cloud CVE-2011-5215 (SQL injection vulnerability in index.php in Video Community Portal all ...) NOT-FOR-US: Video Community Portal CVE-2011-5214 (Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.10 ...) NOT-FOR-US: BrowserCRM CVE-2011-5213 (Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earl ...) NOT-FOR-US: BrowserCRM CVE-2011-5212 (SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 al ...) NOT-FOR-US: Subrion CMS CVE-2011-5211 (Cross-site scripting (XSS) vulnerability in the poll module in Subrion ...) NOT-FOR-US: Subrion CMS CVE-2011-5210 (Directory traversal vulnerability in admin/preview.php in Limny 3.0.0 ...) NOT-FOR-US: Limny CVE-2011-5209 (Cross-site scripting (XSS) vulnerability in search/ in GraphicsClone S ...) NOT-FOR-US: GraphicsClone CVE-2011-5208 (Multiple directory traversal vulnerabilities in the BackWPup plugin be ...) NOT-FOR-US: BackWPup CVE-2011-5207 (Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php ...) NOT-FOR-US: WP TheCartPress CVE-2011-5206 (Cross-site scripting (XSS) vulnerability in notes.php in Rapidleech be ...) NOT-FOR-US: Rapidleech CVE-2011-5205 (Cross-site scripting (XSS) vulnerability in audl.php in Rapidleech 2.3 ...) NOT-FOR-US: Rapidleech CVE-2011-5204 (Akiva WebBoard 8.x stores passwords in plaintext, which allows local u ...) NOT-FOR-US: Akiva WebBoard CVE-2011-5203 (SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before ...) NOT-FOR-US: Akiva WebBoard CVE-2011-5202 (BazisVirtualCDBus.sys in WinCDEmu 3.6 allows local users to cause a de ...) NOT-FOR-US: WinCDEmu CVE-2011-5201 (Multiple SQL injection vulnerabilities in sign.php in tinyguestbook al ...) NOT-FOR-US: tinyguestbook CVE-2011-5200 (Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow ...) NOT-FOR-US: DeDeCMS CVE-2011-5199 (Cross-site scripting (XSS) vulnerability in sign.php in tinyguestbook ...) NOT-FOR-US: tinyguestbook CVE-2011-5198 (SQL injection vulnerability in search.php in Neturf eCommerce Shopping ...) NOT-FOR-US: Neturf eCommerce Shopping Cart CVE-2011-5197 (Cross-site request forgery (CSRF) vulnerability in index/manager/fileU ...) NOT-FOR-US: Public Knowledge Project Open Harvester Systems CVE-2011-5196 (Cross-site request forgery (CSRF) vulnerability in index/manager/fileU ...) - ojs (low) [squeeze] - ojs (Minor issue) CVE-2011-5195 (Cross-site request forgery (CSRF) vulnerability in index/manager/fileU ...) NOT-FOR-US: Public Knowledge Project Open Conference Systems CVE-2011-5194 (Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhoi ...) NOT-FOR-US: Wordpress Whois search plugin CVE-2011-5193 (Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhoi ...) NOT-FOR-US: Wordpress Whois search plugin CVE-2011-5192 (Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty L ...) NOT-FOR-US: Wordpress Pretty Link Lite plugin CVE-2011-5191 (Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty L ...) NOT-FOR-US: Wordpress Pretty Link Lite plugin CVE-2011-5190 (Multiple cross-site scripting (XSS) vulnerabilities in Social Book Fac ...) NOT-FOR-US: Social Book Facebook Clone 2010 CVE-2011-5189 (Cross-site scripting (XSS) vulnerability in the Webform Validation mod ...) NOT-FOR-US: Drupal addon CVE-2011-5187 (Cross-site scripting (XSS) vulnerability in the Support Ticketing Syst ...) NOT-FOR-US: Drupal addon CVE-2011-5186 (Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop p ...) NOT-FOR-US: jbShop plugin for e107 CVE-2011-5185 (Cross-site scripting (XSS) vulnerability in video_comments.php in Onli ...) NOT-FOR-US: Online Subtitles Workshop CVE-2011-5184 (Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node ...) NOT-FOR-US: HP Network Node Manager CVE-2011-5182 NOT-FOR-US: Wordpress Lanoba Social plugin CVE-2011-5181 (Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk ...) NOT-FOR-US: Wordpress ClickDesk Live Support - Live Chat plugin CVE-2011-5180 (Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in th ...) NOT-FOR-US: Wordpress ZooEffect plugin CVE-2011-5179 (Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php i ...) NOT-FOR-US: Skysa App Bar CVE-2011-5177 (Multiple cross-site scripting (XSS) vulnerabilities in admin/controlle ...) NOT-FOR-US: eSyndiCat Pro CVE-2011-5188 (Cross-site scripting (XSS) vulnerability in the Support Timer module 6 ...) NOT-FOR-US: Drupal module CVE-2011-5183 (Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier a ...) NOT-FOR-US: OrderSys CVE-2011-5178 (Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/u ...) NOT-FOR-US: Infoblox NetMRI CVE-2011-5176 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in B ...) NOT-FOR-US: Banana Dance CVE-2011-5175 (SQL injection vulnerability in search.php in Banana Dance, possibly B. ...) NOT-FOR-US: Banana Dance CVE-2011-5174 (Buffer overflow in Intel Trusted Execution Technology (TXT) SINIT Auth ...) NOT-FOR-US: Intel Trusted Execution Technology CVE-2011-5173 (Buffer overflow in Bugbear Entertainment FlatOut 2005 allows user-assi ...) NOT-FOR-US: Bugbear Entertainment FlatOut 2005 CVE-2011-5172 (Stack-based buffer overflow in StoryBoard Quick 6 Build 3786, and poss ...) NOT-FOR-US: StoryBoard Quick 6 Build, StoryBoard Artist and StoryBoard Studio CVE-2011-5171 (Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build 1 ...) NOT-FOR-US: CyberLink Power2Go CVE-2011-5170 (Stack-based buffer overflow in Castillo Bueno Systems CCMPlayer 1.5 al ...) NOT-FOR-US: Castillo Bueno Systems CCMPlayer CVE-2011-5169 (SQL injection vulnerability in sgms/reports/scheduledreports/configure ...) NOT-FOR-US: SonicWall ViewPoint CVE-2011-5168 (SQL injection vulnerability in user.php in Banana Dance before B.1.5 a ...) NOT-FOR-US: Banana Dance CVE-2011-5167 (Heap-based buffer overflow in the SetDevNames method of the Tidestone ...) NOT-FOR-US: Oracle Hyperion Strategic Finance CVE-2011-5166 (Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote atta ...) NOT-FOR-US: KnFTP CVE-2011-5165 (Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier ...) NOT-FOR-US: Free MP3 CD Ripper CVE-2011-5164 (Stack-based buffer overflow in VanDyke Software AbsoluteFTP 1.9.6 thro ...) NOT-FOR-US: VanDyke Software AbsoluteFTP CVE-2011-5163 (Buffer overflow in an unspecified third-party component in the Batch m ...) NOT-FOR-US: Schneider Electric CitectSCADA CVE-2011-5162 (Stack-based buffer overflow in GOM Player 2.1.33.5071 allows user-assi ...) NOT-FOR-US: GOM Player CVE-2011-5161 (Unrestricted file upload vulnerability in the patient photograph funct ...) NOT-FOR-US: OpenEMR CVE-2011-5160 (Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 all ...) NOT-FOR-US: OpenEMR CVE-2011-5159 (Cross-site scripting (XSS) vulnerability in admin/configuration.php in ...) NOT-FOR-US: Geeklog CVE-2011-5158 (Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and ...) NOT-FOR-US: DATEV Grundpaket Basis CVE-2011-5157 (Untrusted search path vulnerability in Attachmate Reflection before 14 ...) NOT-FOR-US: Attachmate Reflection CVE-2011-5156 (Untrusted search path vulnerability in Effective File Search 6.7 allow ...) NOT-FOR-US: Effective File Search CVE-2011-5155 (Untrusted search path vulnerability in Help & Manual 5.5.1 Build 1 ...) NOT-FOR-US: Help & Manual 5.5.1 Build CVE-2011-5154 (Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and ( ...) NOT-FOR-US: SAP GUI CVE-2011-5153 (Untrusted search path vulnerability in FotoSlate 4.0 Build 146 allows ...) NOT-FOR-US: FotoSlate CVE-2011-5152 (Multiple untrusted search path vulnerabilities in ACDSee Photo Editor ...) NOT-FOR-US: ACDSee Photo Editor CVE-2011-5151 (Untrusted search path vulnerability in ACDSee Picture Frame Manager 1. ...) NOT-FOR-US: ACDSee Picture Frame Manager CVE-2011-3090 (Race condition in Google Chrome before 19.0.1084.46 allows remote atta ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2011-5150 (Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 ...) NOT-FOR-US: SpamTitan 5.07 CVE-2011-5149 (Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 ...) NOT-FOR-US: SpamTitan 5.08 CVE-2011-5148 (Multiple incomplete blacklist vulnerabilities in the Simple File Uploa ...) NOT-FOR-US: Simple File Upload CVE-2011-5147 (Static code injection vulnerability in ajax_save_name.php in the Ajax ...) NOT-FOR-US: tinymce plugin CVE-2011-5145 (Multiple SQL injection vulnerabilities in Open Business Management (OB ...) NOT-FOR-US: Open Business Management CVE-2011-5144 (Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote at ...) NOT-FOR-US: Open Business Management CVE-2011-5143 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business M ...) NOT-FOR-US: Open Business Management CVE-2011-5142 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business M ...) NOT-FOR-US: Open Business Management CVE-2011-5141 (Directory traversal vulnerability in exportcsv/exportcsv_index.php in ...) NOT-FOR-US: Open Business Management CVE-2011-5140 (Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY- ...) NOT-FOR-US: DIY CMS CVE-2011-5139 (SQL injection vulnerability in page.php in Pre Studio Business Cards D ...) NOT-FOR-US: Pre Studio Business Cards Designer CVE-2011-5138 (Cross-site scripting (XSS) vulnerability in member.php in tForum b0.91 ...) NOT-FOR-US: tForum CVE-2011-5137 (Multiple SQL injection vulnerabilities in tForum b0.915 allow remote a ...) NOT-FOR-US: tForum CVE-2011-5136 (showImg.php in EPractize Labs Subscription Manager, possibly 1.0, allo ...) NOT-FOR-US: EPractize Labs Subscription Manager CVE-2011-5135 (Multiple SQL injection vulnerabilities in the save_connection function ...) NOT-FOR-US: DoceboLMS CVE-2011-5134 (Unrestricted file upload vulnerability in editor/extensions/browser/fi ...) NOT-FOR-US: JCE component for Joomla! CVE-2011-5133 (Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and ...) NOT-FOR-US: MyBB CVE-2011-5132 (Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows r ...) NOT-FOR-US: MyBB CVE-2011-5131 (Cross-site request forgery (CSRF) vulnerability in global.php in MyBB ...) NOT-FOR-US: MyBB CVE-2011-5130 (dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when regi ...) NOT-FOR-US: Family Connections CMS CVE-2011-5129 (Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote at ...) - xchat (unimportant; bug #686454) CVE-2011-5128 (Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize ...) NOT-FOR-US: Adminimize plugin for Wordpress CVE-2011-5127 (Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2 ...) NOT-FOR-US: Blue Coat CVE-2011-5126 (Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 ...) NOT-FOR-US: Blue Coat CVE-2011-5125 (Cross-site scripting (XSS) vulnerability in Blue Coat Director before ...) NOT-FOR-US: Blue Coat CVE-2011-5124 (Stack-based buffer overflow in the BCAAA component before build 60258, ...) NOT-FOR-US: Blue Coat CVE-2011-5123 (The Antivirus component in Comodo Internet Security before 5.3.175888. ...) NOT-FOR-US: Comodo Internet Security CVE-2011-5122 (The Antivirus component in Comodo Internet Security before 5.3.175888. ...) NOT-FOR-US: Comodo Internet Security CVE-2011-5121 (The Antivirus component in Comodo Internet Security before 5.3.175888. ...) NOT-FOR-US: Comodo Internet Security CVE-2011-5120 (The Antivirus component in Comodo Internet Security before 5.4.189822. ...) NOT-FOR-US: Comodo Internet Security CVE-2011-5119 (Multiple race conditions in Comodo Internet Security before 5.8.211697 ...) NOT-FOR-US: Comodo Internet Security CVE-2011-5118 (Multiple race conditions in Comodo Internet Security before 5.8.213334 ...) NOT-FOR-US: Comodo Internet Security CVE-2011-5117 (Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, S ...) NOT-FOR-US: Sophos SafeGuard CVE-2011-5116 (SQL injection vulnerability in setseed-hub in SetSeed CMS 5.8.20, 5.11 ...) NOT-FOR-US: SetSeed CMS CVE-2011-5115 (Cross-site scripting (XSS) vulnerability in DLGuard, possibly 4.6 and ...) NOT-FOR-US: DLguard CVE-2011-5114 (Multiple cross-site scripting (XSS) vulnerabilities in the Authoritati ...) NOT-FOR-US: DLguard CVE-2011-5113 (SQL injection vulnerability in frontend/models/techfoliodetail.php in ...) NOT-FOR-US: Joomla addon CVE-2011-5112 (SQL injection vulnerability in Alameda (com_alameda) component before ...) NOT-FOR-US: Joomla addon CVE-2011-5111 (Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang ...) NOT-FOR-US: Kajian Website CMS CVE-2011-5110 (Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earl ...) NOT-FOR-US: Blogs Manager CVE-2011-5109 (Multiple SQL injection vulnerabilities in Freelancer calendar 1.01 and ...) NOT-FOR-US: Freelancer calendar CVE-2011-5108 (Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS 2.0 ...) NOT-FOR-US: AdaptCMS CVE-2011-5107 (Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Be ...) NOT-FOR-US: Wordpress plugin CVE-2011-5106 (Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexi ...) NOT-FOR-US: Wordpress plugin CVE-2011-5105 (Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch. ...) NOT-FOR-US: ZOHO ManageEngine ADSelfService Plus CVE-2011-5104 (Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-l ...) NOT-FOR-US: Wordpress plugin CVE-2011-5103 (SQL injection vulnerability in Alurian Prismotube PHP Video Script all ...) NOT-FOR-US: Alurian Prismotube PHP Video Script CVE-2011-5102 (The Investigative Reports web interface in the TRITON management conso ...) NOT-FOR-US: Websense CVE-2011-5101 (The Rumor technology in McAfee SaaS Endpoint Protection before 5.2.4 a ...) NOT-FOR-US: McAfee CVE-2011-5100 (The web interface in McAfee Firewall Reporter before 5.1.0.13 does not ...) NOT-FOR-US: McAfee CVE-2011-5099 (SQL injection vulnerability in helper/popup.php in the ccNewsletter (m ...) NOT-FOR-US: Joomla addon CVE-2011-5098 (chef-server-api/app/controllers/clients.rb in Chef Server in Chef befo ...) - chef 0.10.10-1 CVE-2011-5097 (chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef be ...) - chef 0.10.10-1 CVE-2011-5096 (Stack-based buffer overflow in cstore.exe in the Media Application Ser ...) NOT-FOR-US: Avaya Aura Application Server CVE-2011-5095 (The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when ...) - openssl 0.9.8a-1 (bug #684527) NOTE: fips version not used in Debian CVE-2011-5094 (** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with certa ...) NOTE: Disputed NSS issue CVE-2011-5093 (Best Practical Solutions RT 4.x before 4.0.6 does not properly impleme ...) NOTE: Dupe of CVE-2011-4458 CVE-2011-5092 (Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 a ...) NOTE: Dupe of CVE-2011-4458 CVE-2011-5091 (Multiple SQL injection vulnerabilities in GR Board (aka grboard) 1.8.6 ...) NOT-FOR-US: GR Board CVE-2011-5090 (GR Board (aka grboard) 1.8.6.5 Community Edition does not require auth ...) NOT-FOR-US: GR Board CVE-2011-5089 (Buffer overflow in the Security Login ActiveX controls in ICONICS GENE ...) NOT-FOR-US: ICONICS, BizViz CVE-2011-5088 (The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 a ...) NOT-FOR-US: ICONICS GENESIS32, BizViz CVE-2011-5087 (Unspecified vulnerability in AdAstrA TRACE MODE Data Center allows rem ...) NOT-FOR-US: AdAstrA TRACE MODE Data Center CVE-2011-5086 (https50.ocx in IP*Works! SSL in the server in Unitronics UniOPC before ...) NOT-FOR-US: Unitronics UniOPC CVE-2011-5085 (Unspecified vulnerability in Movable Type 4.x before 4.36 and 5.x befo ...) {DSA-2423-1} - movabletype-opensource 5.1.2+dfsg-1 CVE-2011-5084 (Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4. ...) {DSA-2423-1} - movabletype-opensource 5.1.2+dfsg-1 CVE-2011-5083 (Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dot ...) - dotclear 2.5+dfsg-1 (low; bug #670227) NOTE: Post-authentication; vulnerability is actually in admin/media.php. CVE-2011-5082 (Cross-site scripting (XSS) vulnerability in the s2Member Pro plugin be ...) NOT-FOR-US: s2Member Pro plugin for WordPress CVE-2011-5081 (Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC ...) - backuppc 3.1.0-9.1 (low; bug #661011) [squeeze] - backuppc 3.1.0-9.1 [lenny] - backuppc (Minor issue) CVE-2011-5080 (Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tc ...) NOT-FOR-US: jftcaforms extension for TYPO3 CVE-2011-5079 (Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 ...) NOT-FOR-US: irfaq extension for TYPO3 CVE-2011-5078 (The web administration interface in the server in Sybase M-Business An ...) NOT-FOR-US: Sybase CVE-2011-5077 (Unrestricted file upload vulnerability in attachement.php in HDWiki 5. ...) NOT-FOR-US: HDWiki CVE-2011-5076 (SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, ...) NOT-FOR-US: HDWiki CVE-2011-5075 (translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 ...) NOT-FOR-US: Support Incident Tracker CVE-2011-5074 (Multiple cross-site request forgery (CSRF) vulnerabilities in Support ...) NOT-FOR-US: Support Incident Tracker CVE-2011-5073 (Multiple cross-site scripting (XSS) vulnerabilities in Support Inciden ...) NOT-FOR-US: Support Incident Tracker CVE-2011-5072 (Multiple SQL injection vulnerabilities in Support Incident Tracker (ak ...) NOT-FOR-US: Support Incident Tracker CVE-2011-5071 (Multiple SQL injection vulnerabilities in Support Incident Tracker (ak ...) NOT-FOR-US: Support Incident Tracker CVE-2011-5070 (Multiple cross-site scripting (XSS) vulnerabilities in Support Inciden ...) NOT-FOR-US: Support Incident Tracker CVE-2011-5069 (Unrestricted file upload vulnerability in incident_attachments.php in ...) NOT-FOR-US: Support Incident Tracker CVE-2011-5068 (Multiple cross-site request forgery (CSRF) vulnerabilities in Support ...) NOT-FOR-US: Support Incident Tracker CVE-2011-5067 (move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 all ...) NOT-FOR-US: Support Incident Tracker CVE-2011-5066 (The SibRaRecoverableSiXaResource class in the Default Messaging Compon ...) NOT-FOR-US: WebSphere CVE-2011-5065 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...) NOT-FOR-US: WebSphere CVE-2011-5064 (DigestAuthenticator.java in the HTTP Digest Access Authentication impl ...) {DSA-2401-1} - tomcat6 6.0.32-7 - tomcat7 7.0.12 - tomcat5.5 CVE-2011-5063 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...) {DSA-2401-1} - tomcat6 6.0.32-7 - tomcat7 7.0.12 - tomcat5.5 CVE-2011-5062 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...) {DSA-2401-1} - tomcat6 6.0.32-7 - tomcat7 7.0.12 - tomcat5.5 CVE-2011-5061 (functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x allow ...) NOT-FOR-US: WHMCompleteSolution CVE-2011-5060 (The par_mktmpdir function in the PAR module before 1.003 for Perl crea ...) - libpar-perl 1.005-1 (bug #650707) [squeeze] - libpar-perl 1.000-1+squeeze1 CVE-2011-5059 (Stack-based buffer overflow in Final Draft 8 before 8.02 allows remote ...) NOT-FOR-US: Final Draft CVE-2011-5058 (The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 S ...) NOT-FOR-US: 3S CoDeSys CVE-2011-5057 (Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces ...) - libstruts1.2-java (Affects Struts 2, #657870) CVE-2011-5056 (The authoritative server in MaraDNS through 2.0.04 computes hash value ...) - maradns (Only affects 2.x, see #653838) CVE-2011-5055 (MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without ...) - maradns 1.4.09-1 (low) [squeeze] - maradns (Minor issue) CVE-2011-5054 (kcheckpass passes a user-supplied argument to the pam_start function, ...) - kdebase-workspace (unimportant) NOTE: the kcheckpass utility is not present in sid (still present in src package, will check with KDE maints) NOTE: Not exploitable without OpenPAM CVE-2011-5053 (The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar ...) NOT-FOR-US: This vulnerability affects a protocol, not a product. More information can be found at http://www.kb.cert.org/vuls/id/723755 . All products listed there are not part of Debian. CVE-2011-5052 (Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote ...) NOT-FOR-US: CoCSoft Stream Down CVE-2011-5051 (Multiple unrestricted file upload vulnerabilities in the WP Symposium ...) NOT-FOR-US: Symposium plugin for Wordpress CVE-2011-5050 (SQL injection vulnerability in corporate/Controller in Elitecore Techn ...) NOT-FOR-US: Elitecore Technologies Cyberoam UTM CVE-2011-5049 (MySQL 5.5.8, when running on Windows, allows remote attackers to cause ...) NOT-FOR-US: MySQL on Windows CVE-2011-5048 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Web Experie ...) NOT-FOR-US: IBM Web Experience Factory CVE-2011-5047 (Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in pf ...) NOT-FOR-US: pfSense CVE-2011-5046 (The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode d ...) NOT-FOR-US: Microsoft Windows 7 CVE-2011-5045 (Cross-site scripting (XSS) vulnerability in details_view.php in PHP Bo ...) NOT-FOR-US: PHP Booking Calendar 10e (not in Debian) CVE-2011-5044 (SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for ...) NOT-FOR-US: SopCast (not in Debian) CVE-2011-5043 (TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause a deni ...) NOT-FOR-US: TomatoSoft Free Mp3 Player (not in Debian) CVE-2011-5042 (Cross-site scripting (XSS) vulnerability in inc/lib/lib.base.php in SA ...) NOT-FOR-US: SASHA (not in Debian) CVE-2011-5041 (Multiple cross-site scripting (XSS) vulnerabilities in Pulse Pro CMS 1 ...) NOT-FOR-US: Pulse Pro CMS (not in Debian) CVE-2011-5040 (Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biz ...) NOT-FOR-US: Infoproject Biznis Heroj (not in Debian) CVE-2011-5039 (Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj all ...) NOT-FOR-US: Infoproject Biznis Heroj (not in Debian) CVE-2011-5038 (SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly ...) NOT-FOR-US: hitAppoint (not in Debian) CVE-2011-5037 (Google V8 computes hash values for form parameters without restricting ...) - libv8 3.6.6.14-2 (bug #653962) [squeeze] - libv8 (Unsupported in squeeze-lts) CVE-2011-5036 (Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes ...) {DSA-2783-1} - ruby-rack 1.4.0-1 (bug #653963) - librack-ruby NOTE: https://github.com/rack/rack/commit/5b9d09a81a9fdc9475f0ab0095cb2a33bf2a8f91 CVE-2011-5035 (Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Se ...) {DSA-2420-1} - openjdk-6 6b24-1.11.1-1 - openjdk-7 7~u3-2.1-1 - sun-java6 [squeeze] - sun-java6 (Non-free not supported) - glassfish (Debian only builds some core libs, not the full application stack) CVE-2011-5034 (Apache Geronimo 2.2.1 and earlier computes hash values for form parame ...) NOT-FOR-US: Apache Geronimo CVE-2011-5033 (Stack-based buffer overflow in CFS.c in ConfigServer Security & Fi ...) NOT-FOR-US: ConfigServer Security & Firewall CVE-2011-5032 (WMDrive.sys 3.4.181.224 in WinMount 3.5.1018 allows local users to cau ...) NOT-FOR-US: WinMount CVE-2011-5031 (Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalid ...) NOT-FOR-US: cApexWEB CVE-2011-5030 (Cross-site scripting (XSS) vulnerability in the Meta tags quick module ...) NOT-FOR-US: Meta tags quick module for Drupal CVE-2011-5029 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...) NOT-FOR-US: Sumple PHP Blog CVE-2011-5028 (Directory traversal vulnerability in novelllogmanager/FileDownload in ...) NOT-FOR-US: Novell Sentinel Log Manager CVE-2011-5027 (Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allow ...) - zabbix 1:1.8.10-1 (bug #652664) [squeeze] - zabbix (Will be handled through point update) CVE-2011-5026 (Cross-site scripting (XSS) vulnerability in the addPost function in da ...) NOT-FOR-US: Winn Guestbook CVE-2011-5025 (Multiple cross-site scripting (XSS) vulnerabilities in the wiki applic ...) - yaws 1.92-1 (low; bug #653966) [squeeze] - yaws (Minor issue) CVE-2011-5024 (Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mai ...) NOT-FOR-US: ht://Dig integration for Mailman CVE-2011-5023 (Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows rem ...) NOT-FOR-US: Pligg CMS CVE-2011-5022 (SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows re ...) NOT-FOR-US: Pligg CMS CVE-2011-5021 (PHPIDS before 0.7 does not properly implement Regular Expression Denia ...) - php-ids (bug #488848) CVE-2011-5020 (An SQL Injection vulnerability exists in the ID parameter in Online TV ...) NOT-FOR-US: Online TV Database CVE-2011-5019 (Cross-site scripting (XSS) vulnerability in setup/index.php in Textpat ...) - textpattern (low) [squeeze] - textpattern (Vulnerability is in setup.php, which becomes inaccessible after installation) CVE-2011-5018 (Koala Framework before 2011-11-21 has XSS via the request_uri paramete ...) NOT-FOR-US: Koala Framework CVE-2011-5017 RESERVED CVE-2011-5016 RESERVED CVE-2011-5015 RESERVED CVE-2011-5014 RESERVED CVE-2011-5013 RESERVED CVE-2011-5012 (Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7 ...) NOT-FOR-US: Attachmate Reflection CVE-2011-5011 (Multiple cross-site request forgery (CSRF) vulnerabilities in xt:Comme ...) NOT-FOR-US: xt:Commerce CVE-2011-5010 (apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows rem ...) NOT-FOR-US: Ctek SkyRouter CVE-2011-5009 (The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 S ...) NOT-FOR-US: 3S CoDeSys CVE-2011-5008 (Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 ...) NOT-FOR-US: 3S CoDeSys CVE-2011-5007 (Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSy ...) NOT-FOR-US: 3S CoDeSys CVE-2011-5006 (Stack-based buffer overflow in QQPlayer 3.2.845 allows remote attacker ...) NOT-FOR-US: QQPlayer CVE-2011-5005 (Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier a ...) NOT-FOR-US: QuiXplorer CVE-2011-5004 (Unrestricted file upload vulnerability in models/importcsv.php in the ...) NOT-FOR-US: Joomla extension CVE-2011-5003 (Stack-based buffer overflow in the Phonetic Indexer (AvidPhoneticIndex ...) NOT-FOR-US: Avid Media Composer CVE-2011-5002 (Multiple stack-based buffer overflows in Final Draft 8 before 8.02 all ...) NOT-FOR-US: Final Draft CVE-2011-5001 (Stack-based buffer overflow in the CGenericScheduler::AddTask function ...) NOT-FOR-US: Trend Micro Control Manager CVE-2011-5000 (The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and e ...) - openssh 1:5.9p1-1 [squeeze] - openssh 1:5.5p1-6+squeeze4 NOTE: looking at the code an additional integer overflow check was added in at least 5.9 CVE-2011-4999 REJECTED CVE-2011-4998 REJECTED CVE-2011-4997 REJECTED CVE-2011-4996 REJECTED CVE-2011-4995 REJECTED CVE-2011-4994 REJECTED CVE-2011-4993 REJECTED CVE-2011-4992 REJECTED CVE-2011-4991 REJECTED CVE-2011-4990 REJECTED CVE-2011-4989 REJECTED CVE-2011-4988 REJECTED CVE-2011-4987 REJECTED CVE-2011-4986 REJECTED CVE-2011-4985 REJECTED CVE-2011-4984 REJECTED CVE-2011-4983 REJECTED CVE-2011-4982 REJECTED CVE-2011-4981 REJECTED CVE-2011-4980 REJECTED CVE-2011-4979 REJECTED CVE-2011-4978 REJECTED CVE-2011-4977 REJECTED CVE-2011-4976 REJECTED CVE-2011-4975 REJECTED CVE-2011-4974 REJECTED CVE-2011-4973 (Authentication bypass vulnerability in mod_nss 1.0.8 allows remote att ...) - libapache2-mod-nss 1.0.8-4 (low; bug #729626) [wheezy] - libapache2-mod-nss (Minor issue) NOTE: https://www.redhat.com/archives/mod_nss-list/2011-May/msg00001.html NOTE: https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=a6c3370491ae1d3bc552e8de9353c82f73e510e3 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1017197 CVE-2011-4972 (hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not ...) NOT-FOR-US: Drupal module CVE-2011-4971 (Multiple integer signedness errors in the (1) process_bin_sasl_auth, ( ...) {DSA-2832-1} - memcached 1.4.13-0.3 (bug #706426) NOTE: https://github.com/memcached/memcached/commit/6695ccbc525c36d693aaa3e8337b36aa0c784424 CVE-2011-4970 (Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) ...) - lcgdm 1.8.6-1 (low; bug #702895) [wheezy] - lcgdm (Minor issue) - dpm [squeeze] - dpm (Minor issue) CVE-2011-4969 (Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when ...) - jquery 1.6.4-1 (low; bug #699482) [squeeze] - jquery (Minor issue) NOTE: http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/ NOTE: https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9 CVE-2011-4968 (nginx http proxy module does not verify peer identity of https origin ...) - nginx 1.9.1-1 (low; bug #697940) [jessie] - nginx (Minor issue) [squeeze] - nginx (Minor issue) [wheezy] - nginx (Minor issue) NOTE: http://trac.nginx.org/nginx/ticket/13 NOTE: Upstream commit: http://trac.nginx.org/nginx/changeset/060c2e692b96a150b584b8e30d596be1f2defa9c/nginx CVE-2011-4967 (tog-Pegasus has a package hash collision DoS vulnerability ...) NOT-FOR-US: OpenPegasus CVE-2011-4966 (modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode ...) - freeradius 2.1.12+dfsg-1.2 (low; bug #694407) [squeeze] - freeradius (Minor issue) CVE-2011-4965 REJECTED CVE-2011-4964 REJECTED CVE-2011-4963 (nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote ...) - nginx (Only affects Nginx on Windows) CVE-2011-4962 (code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x befor ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2011-4961 (SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2011-4960 (SQL injection vulnerability in the Folder::findOrMake method in Silver ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2011-4959 (SQL injection vulnerability in the addslashes method in SilverStripe 2 ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2011-4958 (Cross-site scripting (XSS) vulnerability in the process function in SS ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2011-4957 (The make_clickable function in wp-includes/formatting.php in WordPress ...) {DSA-2470-1} - wordpress 3.2.1+dfsg-1 CVE-2011-4956 (Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 all ...) {DSA-2470-1} - wordpress 3.2.1+dfsg-1 CVE-2011-4955 (Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in ...) NOT-FOR-US: wordpress bsuite plugin CVE-2011-4954 (cobbler has local privilege escalation via the use of insecure locatio ...) - cobbler (Fixed before initial upload) CVE-2011-4953 (The set_mgmt_parameters function in item.py in cobbler before 2.2.2 al ...) - cobbler (Fixed before initial upload) CVE-2011-4952 (cobbler: Web interface lacks CSRF protection when using Django framewo ...) - cobbler (Fixed before initial upload) CVE-2011-4951 (Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware E ...) NOT-FOR-US: EGroupware CVE-2011-4950 (Cross-site scripting (XSS) vulnerability in phpgwapi/js/jscalendar/tes ...) NOT-FOR-US: EGroupware CVE-2011-4949 (SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/with_db/ ...) NOT-FOR-US: EGroupware CVE-2011-4948 (Directory traversal vulnerability in admin/remote.php in EGroupware En ...) NOT-FOR-US: EGroupware CVE-2011-4947 (Cross-site request forgery (CSRF) vulnerability in e107_admin/users_ex ...) NOT-FOR-US: e107 CVE-2011-4946 (SQL injection vulnerability in e107_admin/users_extended.php in e107 b ...) NOT-FOR-US: e107 CVE-2011-4945 (PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which ...) - policykit-1 0.103-1 [squeeze] - policykit-1 (vulnerable code introduced in 0.103) CVE-2011-4944 (Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissio ...) {DLA-25-1} - python2.7 2.7.3~rc2-2 (low; bug #650555) - python2.6 2.6.8-1 (unimportant; bug #615118) NOTE: Negligible impact CVE-2011-4943 (ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed ...) NOT-FOR-US: ImpressPages CMS CVE-2011-4942 (Multiple cross-site scripting (XSS) vulnerabilities in admin/configura ...) NOT-FOR-US: Geeklog CVE-2011-4941 (Unspecified vulnerability in Piwik 1.2 through 1.4 allows remote attac ...) - piwik (bug #506933) CVE-2011-4940 (The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPSe ...) {DLA-25-1} - python2.7 2.7.2-8 (unimportant) - python2.6 (unimportant; bug #664135) - python2.5 (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2012/03/14/11 NOTE: This only affects IE7, which is inherently insecure anyway CVE-2011-4939 (The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin befor ...) - pidgin 2.10.2-1 (bug #664028) [squeeze] - pidgin (vulnerable code not present) NOTE: http://pidgin.im/news/security/?id=60 CVE-2011-4938 (Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 a ...) NOT-FOR-US: Ariadne CMS not in Debian CVE-2011-4937 (Joomla! 1.7.1 has core information disclosure due to inadequate error ...) NOT-FOR-US: Joomla! CVE-2011-4936 REJECTED CVE-2011-4935 REJECTED CVE-2011-4934 REJECTED CVE-2011-4933 REJECTED CVE-2011-4932 (Eval injection vulnerability in ip_cms/modules/standard/content_manage ...) NOT-FOR-US: ImpressPages CMS not in Debian CVE-2011-4931 (gpw generates shorter passwords than required ...) - gpw (unimportant; bug #651510) NOTE: This has only marginal security impact CVE-2011-4930 (Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, ...) - condor (Fixed before initial release) CVE-2011-4929 (Unspecified vulnerability in the bazaar repository adapter in Redmine ...) {DSA-2261-1} - redmine 1.0.5-1 (bug #608397) NOTE: http://www.redmine.org/news/49 CVE-2011-4928 (Cross-site scripting (XSS) vulnerability in the textile formatter in R ...) {DSA-2261-1} - redmine 1.0.5-1 (bug #608397) NOTE: http://www.redmine.org/news/49 CVE-2011-4927 (Unspecified vulnerability in the bazaar repository adapter in Redmine ...) {DSA-2261-1} - redmine 1.0.5-1 (bug #608397) NOTE: http://www.redmine.org/news/49 CVE-2011-4926 (Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page ...) NOT-FOR-US: WordPress plugin Adminimize CVE-2011-4925 (Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource ...) - torque (The version in Debian doesn't yet have MUNGE support) CVE-2011-4924 (Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, ...) - zope2.12 2.12.22-1 - zope3 (low) - zope2.10 (low) [lenny] - zope2.10 (Minor issue) [lenny] - zope3 (Minor issue) - zope2.11 - zope2.9 NOTE: http://openwall.com/lists/oss-security/2012/01/19/16 CVE-2011-4923 (Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, ...) - backuppc 3.2.1-2 (bug #646865) [squeeze] - backuppc 3.1.0-9.1 CVE-2011-4922 (cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retain ...) - pidgin 2.7.11-1 (low) [lenny] - pidgin (Minor issue) [squeeze] - pidgin (Minor issue) NOTE: http://www.pidgin.im/news/security/?id=50 CVE-2011-4921 (SQL injection vulnerability in usersettings.php in e107 0.7.26, and po ...) NOT-FOR-US: e107 CVE-2011-4920 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, an ...) NOT-FOR-US: e107 CVE-2011-4919 (mpack 1.6 has information disclosure via eavesdropping on mails sent b ...) - mpack 1.6-8 (low; bug #655971) [squeeze] - mpack (Minor issue) NOTE: http://openwall.com/lists/oss-security/2011/12/31/1 CVE-2011-4918 (Multiple cross-site scripting (XSS) vulnerabilities in Elxis CMS 2009. ...) NOT-FOR-US: Elxis CMS, Aphrodite CVE-2011-4917 RESERVED - linux (unimportant) - linux-2.6 (unimportant) NOTE: Minor info leak, unlikely to be fixed upstream CVE-2011-4916 RESERVED CVE-2011-4915 (fs/proc/base.c in the Linux kernel through 3.1 allows local users to o ...) - linux (unimportant) - linux-2.6 (unimportant) NOTE: Minor info leak, unlikely to be fixed upstream CVE-2011-4914 (The ROSE protocol implementation in the Linux kernel before 2.6.39 doe ...) {DSA-2389-1} - linux-2.6 2.6.38-4 CVE-2011-4913 (The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux ker ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-4 CVE-2011-4912 (Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout ...) NOT-FOR-US: Joomla! CVE-2011-4911 (Joomla! before 1.5.12 does not perform a JEXEC check in unspecified fi ...) NOT-FOR-US: Joomla! CVE-2011-4910 (Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allo ...) NOT-FOR-US: Joomla! CVE-2011-4909 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) NOT-FOR-US: Joomla! CVE-2011-4908 (TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upl ...) NOT-FOR-US: Joomla! CVE-2011-4907 (Joomla! 1.5x through 1.5.12: Missing JEXEC Check ...) NOT-FOR-US: Joomla! CVE-2011-4906 (Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows fil ...) NOT-FOR-US: Joomla! CVE-2011-4905 (Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial ...) - activemq 5.5.0+dfsg-5 (bug #655495) CVE-2011-4899 (** DISPUTED ** wp-admin/setup-config.php in the installation component ...) - wordpress (unimportant) NOTE: https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt CVE-2011-4898 (** DISPUTED ** wp-admin/setup-config.php in the installation component ...) - wordpress (unimportant) NOTE: https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt CVE-2011-4904 (TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access ...) {DSA-2289-1} - typo3-src 4.5.4+dfsg1-1 (bug #635937) CVE-2011-4903 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...) {DSA-2289-1} - typo3-src 4.5.4+dfsg1-1 (bug #635937) CVE-2011-4902 (TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows ...) {DSA-2289-1} - typo3-src 4.5.4+dfsg1-1 (bug #635937) CVE-2011-4901 (TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows ...) {DSA-2289-1} - typo3-src 4.5.4+dfsg1-1 (bug #635937) CVE-2011-4900 (TYPO3 before 4.5.4 allows Information Disclosure in the backend. ...) {DSA-2289-1} - typo3-src 4.5.4+dfsg1-1 (bug #635937) CVE-2011-4897 (Tor before 0.2.2.25-alpha, when configured as a relay without the Nick ...) - tor 0.2.2.27-beta-1 (unimportant) CVE-2011-4896 (Tor before 0.2.2.24-alpha continues to use a reachable bridge that was ...) - tor 0.2.2.27-beta-1 (unimportant) CVE-2011-4895 (Tor before 0.2.2.34, when configured as a bridge, sets up circuits thr ...) - tor 0.2.2.34-1 (unimportant) CVE-2011-4894 (Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort ...) - tor 0.2.2.34-1 (unimportant) CVE-2011-4893 REJECTED CVE-2011-4892 REJECTED CVE-2011-4891 REJECTED CVE-2011-4890 (The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows rem ...) NOT-FOR-US: IBM solidDB CVE-2011-4889 (The javax.naming.directory.AttributeInUseException class in the Virtua ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2011-4888 RESERVED CVE-2011-4887 (Cross-site scripting (XSS) vulnerability in the Violations Table in th ...) NOT-FOR-US: Imperva SecureSphere Web Application Firewall CVE-2011-4886 RESERVED CVE-2011-4885 (PHP before 5.3.9 computes hash values for form parameters without rest ...) {DSA-2399-1} - php5 5.3.9-1 (low) CVE-2011-4884 RESERVED CVE-2011-4883 (The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 doe ...) NOT-FOR-US: atvise.com webMI CVE-2011-4882 (The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 all ...) NOT-FOR-US: atvise.com webMI CVE-2011-4881 (The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 doe ...) NOT-FOR-US: atvise.com webMI CVE-2011-4880 (Directory traversal vulnerability in the web server in Certec atvise w ...) NOT-FOR-US: atvise.com webMI CVE-2011-4879 (miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005 ...) NOT-FOR-US: Siemens WinCC CVE-2011-4878 (Directory traversal vulnerability in miniweb.exe in the HMI web server ...) NOT-FOR-US: Siemens WinCC CVE-2011-4877 (HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 20 ...) NOT-FOR-US: Siemens WinCC CVE-2011-4876 (Directory traversal vulnerability in HmiLoad in the runtime loader in ...) NOT-FOR-US: Siemens WinCC CVE-2011-4875 (Stack-based buffer overflow in HmiLoad in the runtime loader in Siemen ...) NOT-FOR-US: Siemens WinCC CVE-2011-4874 (Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows ...) NOT-FOR-US: MICROSYS PROMOTIC CVE-2011-4873 (Unspecified vulnerability in the server in Certec EDV atvise before 2. ...) NOT-FOR-US: Certec EDV atvise CVE-2011-4872 (Multiple HTC Android devices including Desire HD FRG83D and GRI40, Gla ...) NOT-FOR-US: Android devices CVE-2011-4871 (Open Automation Software OPC Systems.NET before 5.0 allows remote atta ...) NOT-FOR-US: opcsystems.com CVE-2011-4870 (Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and ...) NOT-FOR-US: Invensys Wonderware CVE-2011-4869 (validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly per ...) {DSA-2370-1} - unbound 1.4.14-1 (medium) CVE-2011-4868 (The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when u ...) - isc-dhcp 4.2.2.dfsg.1-5 (low; bug #655746) [squeeze] - isc-dhcp (vulnerable code not present) CVE-2011-4867 (The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for Android ...) NOT-FOR-US: Tencent QQPhoto (com.tencent.qqphoto) application CVE-2011-4866 (The Kaixin001 (com.kaixin001.activity) application 1.3.1 and 1.3.3 for ...) NOT-FOR-US: Kaixin001 (com.kaixin001.activity) application CVE-2011-4865 (The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 app ...) NOT-FOR-US: Tencent WBlog CVE-2011-4864 (The Tencent MobileQQ (com.tencent.mobileqq) application 2.2 for Androi ...) NOT-FOR-US: Tencent MobileQQ (com.tencent.mobileqq) application CVE-2011-4863 (The Tencent QQPimSecure (com.tencent.qqpimsecure) application 3.0.2 fo ...) NOT-FOR-US: Tencent QQPimSecure (com.tencent.qqpimsecure) application CVE-2011-4862 (Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 throu ...) {DSA-2375-1 DSA-2373-1 DSA-2372-1} - heimdal 1.5.dfsg.1-1 (high) - inetutils 2:1.8-6 (high) - krb5 1.8+dfsg~aa+r23527-1 (high) - krb5-appl 1:1.0.1-1.2 (high; bug #654231) NOTE: krb5 fixed through move of code to krb5-appl. CVE-2011-4861 (The modbus_125_handler function in the Schneider Electric Quantum Ethe ...) NOT-FOR-US: Schneider Electric Quantum Ethernet Module CVE-2011-4860 (The ComputePassword function in the Schneider Electric Quantum Etherne ...) NOT-FOR-US: Schneider Electric Quantum Ethernet Module CVE-2011-4859 (The Schneider Electric Quantum Ethernet Module, as used in the Quantum ...) NOT-FOR-US: Schneider Electric Quantum Ethernet Module CVE-2011-4858 (Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 ...) {DSA-2401-1} - tomcat5 - tomcat6 6.0.35-1 - tomcat7 7.0.26-1 CVE-2011-4857 (Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5 ...) NOT-FOR-US: Winamp CVE-2011-4856 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 sen ...) NOT-FOR-US: Plesk CVE-2011-4855 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 omi ...) NOT-FOR-US: Plesk CVE-2011-4854 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 doe ...) NOT-FOR-US: Plesk CVE-2011-4853 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 inc ...) NOT-FOR-US: Plesk CVE-2011-4852 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 gen ...) NOT-FOR-US: Plesk CVE-2011-4851 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 gen ...) NOT-FOR-US: Plesk CVE-2011-4850 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 doe ...) NOT-FOR-US: Plesk CVE-2011-4849 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 doe ...) NOT-FOR-US: Plesk CVE-2011-4848 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 inc ...) NOT-FOR-US: Plesk CVE-2011-4847 (SQL injection vulnerability in the Control Panel in Parallels Plesk Pa ...) NOT-FOR-US: Plesk CVE-2011-4846 RESERVED CVE-2011-4845 RESERVED CVE-2011-4844 RESERVED CVE-2011-4843 RESERVED CVE-2011-4842 RESERVED CVE-2011-4841 RESERVED CVE-2011-4840 RESERVED CVE-2011-4839 RESERVED CVE-2011-4838 (JRuby before 1.6.5.1 computes hash values without restricting the abil ...) {DLA-209-1} - jruby 1.5.6-4 (low; bug #686867) CVE-2011-4837 (Cross-site request forgery (CSRF) vulnerability in /ctrl in the web in ...) NOT-FOR-US: HomeSeer CVE-2011-4836 (Cross-site scripting (XSS) vulnerability in the web interface in HomeS ...) NOT-FOR-US: HomeSeer CVE-2011-4835 (Directory traversal vulnerability in the web interface in HomeSeer HS2 ...) NOT-FOR-US: HomeSeer CVE-2011-4834 (The GetInstalledPackages function in the configuration tool in HP Appl ...) NOT-FOR-US: HP Application Lifestyle Management CVE-2011-4833 (Multiple SQL injection vulnerabilities in the Leads module in SugarCRM ...) - sugarcrm-ce-5.0 (bug #457876) CVE-2011-4832 (Directory traversal vulnerability in CaupoShop Pro 2.x, CaupoShop Clas ...) NOT-FOR-US: CaupoShop CVE-2011-4831 (Directory traversal vulnerability in webFileBrowser.php in Web File Br ...) NOT-FOR-US: Web File Browser CVE-2011-4830 (Multiple cross-site scripting (XSS) vulnerabilities in the com_listing ...) NOT-FOR-US: Joomla extension CVE-2011-4829 (SQL injection vulnerability in the com_listing component in Barter Sit ...) NOT-FOR-US: Joomla extension CVE-2011-4828 (Unrestricted file upload vulnerability in includes/inline_image_upload ...) NOT-FOR-US: AutoSec Tools V-CMS CVE-2011-4827 (Multiple cross-site scripting (XSS) vulnerabilities in AutoSec Tools V ...) NOT-FOR-US: AutoSec Tools V-CMS CVE-2011-4826 (SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 ...) NOT-FOR-US: AutoSec Tools V-CMS CVE-2011-4825 (Static code injection vulnerability in inc/function.base.php in Ajax F ...) NOT-FOR-US: Ajax File and Image Manager CVE-2011-4824 (SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h a ...) {DSA-2384-1} - cacti 0.8.7i-1 (high; bug #652371) CVE-2011-4823 (Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikreal ...) NOT-FOR-US: Joomla extension CVE-2011-4822 (Multiple cross-site scripting (XSS) vulnerabilities in the user profil ...) NOT-FOR-US: Atlassian FishEye CVE-2011-4821 (Directory traversal vulnerability in the TFTP server in D-Link DIR-601 ...) NOT-FOR-US: D-Link router CVE-2011-4820 (IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass ...) NOT-FOR-US: IBM CVE-2011-4819 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asse ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2011-4818 (Open redirect vulnerability in IBM Maximo Asset Management and Asset M ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2011-4817 (The About option on the Help menu in IBM Maximo Asset Management and A ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2011-4816 (SQL injection vulnerability in the KPI component in IBM Maximo Asset M ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2011-4815 (Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restri ...) {DLA-88-1} - ruby1.8 1.8.7.358-1 - ruby1.9 (Includes randomisation of the hash function) - ruby1.9.1 (Includes randomisation of the hash function) CVE-2011-4814 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 ...) - dolibarr 3.3.4-1 (low) CVE-2011-4813 (Directory traversal vulnerability in clientarea.php in WHMCompleteSolu ...) NOT-FOR-US: WHMCompleteSolution CVE-2011-4812 (Cross-site scripting (XSS) vulnerability in nowosci.php in BestShopPro ...) NOT-FOR-US: BestShopPro CVE-2011-4811 (SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows ...) NOT-FOR-US: BestShopPro CVE-2011-4810 (Multiple directory traversal vulnerabilities in WHMCompleteSolution (W ...) NOT-FOR-US: WHMCompleteSolution CVE-2011-4809 (Multiple cross-site scripting (XSS) vulnerabilities in the HM Communit ...) NOT-FOR-US: Joomla extension CVE-2011-4808 (SQL injection vulnerability in the HM Community (com_hmcommunity) comp ...) NOT-FOR-US: Joomla extension CVE-2011-4807 (Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and ...) NOT-FOR-US: phpAlbum CVE-2011-4806 (Multiple cross-site scripting (XSS) vulnerabilities in main.php in php ...) NOT-FOR-US: phpAlbum CVE-2011-4805 (Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crys ...) NOT-FOR-US: SAP Crystal Report Server CVE-2011-4804 (Directory traversal vulnerability in the obSuggest (com_obsuggest) com ...) NOT-FOR-US: Joomla extension CVE-2011-4803 (SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin ...) NOT-FOR-US: WPTouch WordPress plugin CVE-2011-4802 (Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probab ...) - dolibarr 3.3.4-1 CVE-2011-4801 (SQL injection vulnerability in akeyActivationLogin.do in Authenex Web ...) NOT-FOR-US: Authenex Strong Authentication System CVE-2011-4800 (Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 ...) NOT-FOR-US: Serv-U FTP Server CVE-2011-4799 REJECTED CVE-2011-4798 REJECTED CVE-2011-4797 REJECTED CVE-2011-4796 REJECTED CVE-2011-4795 REJECTED CVE-2011-4794 REJECTED CVE-2011-4793 REJECTED CVE-2011-4792 REJECTED CVE-2011-4791 (DBServer.exe in HP Data Protector Media Operations 6.11 and earlier al ...) NOT-FOR-US: HP Data Protector CVE-2011-4790 (Unspecified vulnerability in HP Network Automation 7.5x, 7.6x, 9.0, an ...) NOT-FOR-US: HP Network Automation CVE-2011-4789 (Stack-based buffer overflow in magentservice.exe in the server in HP L ...) NOT-FOR-US: HP Diagnostics CVE-2011-4788 (Absolute path traversal vulnerability in the web interface on HP Stora ...) NOT-FOR-US: HP StorageWorks CVE-2011-4787 (A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care S ...) NOT-FOR-US: HP Easy Printer Care CVE-2011-4786 (A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care S ...) NOT-FOR-US: HP Easy Printer Care CVE-2011-4785 (Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on ...) NOT-FOR-US: HP-ChaiSOE/1.0 web server CVE-2011-4784 (The NVIDIA Stereoscopic 3D driver before 7.17.12.7565 does not properl ...) NOT-FOR-US: NVIDIA Windows driver CVE-2011-4783 (The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted re ...) NOT-FOR-US: IDA Pro CVE-2011-4782 (Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFil ...) - phpmyadmin 4:3.4.9-1 (unimportant) [squeeze] - phpmyadmin (Vulnerable code not present) [lenny] - phpmyadmin (Vulnerable code not present) NOTE: unlikely exploitation scenario CVE-2011-4781 RESERVED CVE-2011-4780 (Multiple cross-site scripting (XSS) vulnerabilities in libraries/displ ...) - phpmyadmin 4:3.4.9-1 (unimportant) [squeeze] - phpmyadmin (Vulnerable code not present) [lenny] - phpmyadmin (Vulnerable code not present) NOTE: unlikely exploitation scenario CVE-2011-4779 REJECTED CVE-2011-4778 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x ...) NOT-FOR-US: Splunk Web CVE-2011-4777 (Cross-site scripting (XSS) vulnerability in the Site Editor (aka SiteB ...) NOT-FOR-US: Plesk CVE-2011-4776 (Multiple cross-site scripting (XSS) vulnerabilities in the Control Pan ...) NOT-FOR-US: Plesk CVE-2011-4775 RESERVED CVE-2011-4774 RESERVED CVE-2011-5146 (Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users ...) - bokken 1.5-3 (bug #651931) CVE-2011-4773 (The AnGuanJia (com.anguanjia.safe) application 2.10.343 for Android do ...) NOT-FOR-US: AnGuanJia (com.anguanjia.safe) application CVE-2011-4772 (The 360 KouXin (com.qihoo360.kouxin) application 1.5.3 for Android doe ...) NOT-FOR-US: 360 KouXin (com.qihoo360.kouxin) application CVE-2011-4771 (The Scan to PDF Free (com.scan.to.pdf.trial) application 2.0.4 for And ...) NOT-FOR-US: Scan to PDF Free (com.scan.to.pdf.trial) application CVE-2011-4770 (The QIWI Wallet (ru.mw) application before 1.14.2 for Android does not ...) NOT-FOR-US: QIWI Wallet (ru.mw) application CVE-2011-4769 (The 360 MobileSafe (com.qihoo360.mobilesafe) application 2.x before 2. ...) NOT-FOR-US: 360 MobileSafe (com.qihoo360.mobilesafe) application CVE-2011-4768 (The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Bus ...) NOT-FOR-US: Plesk CVE-2011-4767 (The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Bus ...) NOT-FOR-US: Plesk CVE-2011-4766 (** DISPUTED ** The Site Editor (aka SiteBuilder) feature in Parallels ...) NOT-FOR-US: Plesk CVE-2011-4765 (The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Bus ...) NOT-FOR-US: Plesk CVE-2011-4764 (Multiple cross-site scripting (XSS) vulnerabilities in the Site Editor ...) NOT-FOR-US: Plesk CVE-2011-4763 (Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBui ...) NOT-FOR-US: Plesk CVE-2011-4762 (Parallels Plesk Small Business Panel 10.2.0 sends incorrect Content-Ty ...) NOT-FOR-US: Plesk CVE-2011-4761 (Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type hea ...) NOT-FOR-US: Plesk CVE-2011-4760 (Parallels Plesk Small Business Panel 10.2.0 has web pages containing e ...) NOT-FOR-US: Plesk CVE-2011-4759 (Parallels Plesk Small Business Panel 10.2.0 generates web pages contai ...) NOT-FOR-US: Plesk CVE-2011-4758 (Parallels Plesk Small Business Panel 10.2.0 receives cleartext passwor ...) NOT-FOR-US: Plesk CVE-2011-4757 (Parallels Plesk Small Business Panel 10.2.0 generates a password form ...) NOT-FOR-US: Plesk CVE-2011-4756 (Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPO ...) NOT-FOR-US: Plesk CVE-2011-4755 (Parallels Plesk Small Business Panel 10.2.0 does not properly validate ...) NOT-FOR-US: Plesk CVE-2011-4754 (Multiple cross-site scripting (XSS) vulnerabilities in Parallels Plesk ...) NOT-FOR-US: Plesk CVE-2011-4753 (Multiple SQL injection vulnerabilities in Parallels Plesk Small Busine ...) NOT-FOR-US: Plesk CVE-2011-4752 (SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type header ...) NOT-FOR-US: SmarterTools SmaterStats CVE-2011-4751 (SmarterTools SmarterStats 6.2.4100 generates web pages containing exte ...) NOT-FOR-US: SmarterTools SmaterStats CVE-2011-4750 (Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools Sm ...) NOT-FOR-US: SmarterTools SmaterStats CVE-2011-4749 (The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 ...) NOT-FOR-US: Plesk CVE-2011-4748 (The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 ...) NOT-FOR-US: Plesk CVE-2011-4747 (The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 ...) NOT-FOR-US: Plesk CVE-2011-4746 (The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 ...) NOT-FOR-US: Plesk CVE-2011-4745 (Multiple cross-site scripting (XSS) vulnerabilities in the billing sys ...) NOT-FOR-US: Plesk CVE-2011-4744 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 se ...) NOT-FOR-US: Plesk CVE-2011-4743 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 om ...) NOT-FOR-US: Plesk CVE-2011-4742 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 ha ...) NOT-FOR-US: Plesk CVE-2011-4741 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 in ...) NOT-FOR-US: Plesk CVE-2011-4740 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 ge ...) NOT-FOR-US: Plesk CVE-2011-4739 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 ge ...) NOT-FOR-US: Plesk CVE-2011-4738 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 do ...) NOT-FOR-US: Plesk CVE-2011-4737 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 in ...) NOT-FOR-US: Plesk CVE-2011-4736 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 re ...) NOT-FOR-US: Plesk CVE-2011-4735 (Multiple cross-site scripting (XSS) vulnerabilities in the Control Pan ...) NOT-FOR-US: Plesk CVE-2011-4734 (Multiple SQL injection vulnerabilities in the Control Panel in Paralle ...) NOT-FOR-US: Plesk CVE-2011-4733 (The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1 ...) NOT-FOR-US: Plesk CVE-2011-4732 (The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1 ...) NOT-FOR-US: Plesk CVE-2011-4731 (The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1 ...) NOT-FOR-US: Plesk CVE-2011-4730 (The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1 ...) NOT-FOR-US: Plesk CVE-2011-4729 (The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1 ...) NOT-FOR-US: Plesk CVE-2011-4728 (The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1 ...) NOT-FOR-US: Plesk CVE-2011-4727 (The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1 ...) NOT-FOR-US: Plesk CVE-2011-4726 (Multiple cross-site scripting (XSS) vulnerabilities in the Server Admi ...) NOT-FOR-US: Plesk CVE-2011-4725 (Multiple SQL injection vulnerabilities in the Server Administration Pa ...) NOT-FOR-US: Plesk CVE-2011-4724 RESERVED CVE-2011-4723 (The D-Link DIR-300 router stores cleartext passwords, which allows con ...) NOT-FOR-US: D-Link DIR-300 router CVE-2011-4722 (Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswi ...) NOT-FOR-US: Ipswitch WhatsUp Gold CVE-2011-4721 RESERVED CVE-2011-4720 (Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a deni ...) NOT-FOR-US: Hillstone HS TFTP Server CVE-2011-4719 (Multiple unspecified vulnerabilities in Google Chrome before 16.0.912. ...) - chromium-browser - webkit NOTE: Duplicate for chromebooks CVE-2011-4718 (Session fixation vulnerability in the Sessions subsystem in PHP before ...) - php5 5.5.2+dfsg-1 (low) [wheezy] - php5 (Too intrusive to backport, mitigations exists) [squeeze] - php5 (Too intrusive to backport, mitigations exists) NOTE: 5.5.2 implements strict sessions RFC (https://wiki.php.net/rfc/strict_sessions) CVE-2011-4717 (Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows ...) NOT-FOR-US: zFTPServer Suite CVE-2011-4716 (Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1. ...) NOT-FOR-US: DreamBox CVE-2011-4715 (Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha ...) - koha (bug #389876) CVE-2011-4714 (Directory traversal vulnerability in Virtual Vertex Muster before 6.20 ...) NOT-FOR-US: Virtual Vertex Muster CVE-2011-4713 (Directory traversal vulnerability in catalog/content.php in osCSS2 2.1 ...) NOT-FOR-US: osCSS2 CVE-2011-4712 (Directory traversal vulnerability in Oxide WebServer allows remote att ...) NOT-FOR-US: Oxide CVE-2011-4711 (Multiple directory traversal vulnerabilities in namazu.cgi in Namazu b ...) - namazu2 (Windows-specific issue) CVE-2011-4710 (Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 ...) NOT-FOR-US: Pixie CMS CVE-2011-4709 (Multiple cross-site scripting (XSS) vulnerabilities in Hotaru.php in t ...) NOT-FOR-US: Hotaru CVE-2011-4708 (Cross-site scripting (XSS) vulnerability in IBM Rational Asset Manager ...) NOT-FOR-US: IBM Rational Asset Manager CVE-2011-4707 (Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan ...) NOT-FOR-US: SAP Netweaver CVE-2011-4706 RESERVED CVE-2011-4705 (The Ming Blacklist Free (vc.software.blacklist) application 1.8.1 and ...) NOT-FOR-US: Ming Blacklist Free (vc.software.blacklist) application CVE-2011-4704 (The Voxofon (com.voxofon) application before 2.5.2 for Android does no ...) NOT-FOR-US: Voxofon (com.voxofon) application CVE-2011-4703 (The Limit My Call (com.limited.call.view) application 2.11 for Android ...) NOT-FOR-US: Limit My Call (com.limited.call.view) application CVE-2011-4702 (The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android doe ...) NOT-FOR-US: Nimbuzz (com.nimbuzz) application CVE-2011-4701 (The CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application 2.0.0 ...) NOT-FOR-US: CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application CVE-2011-4700 (The UberMedia UberSocial (com.twidroid) application 7.x before 7.2.4 f ...) NOT-FOR-US: UberMedia UberSocial (com.twidroid) application CVE-2011-4699 (The Ubermedia Twidroyd Legacy (com.twidroydlegacy) application 4.3.11 ...) NOT-FOR-US: Ubermedia Twidroyd Legacy (com.twidroydlegacy) application CVE-2011-4698 (The AndroidAppTools Easy Filter (com.phoneblocker.android) application ...) NOT-FOR-US: AndroidAppTools Easy Filter (com.phoneblocker.android) CVE-2011-4697 (The Xiaomi MiTalk Messenger (com.xiaomi.channel) application before 2. ...) NOT-FOR-US: Xiaomi MiTalk Messenger (com.xiaomi.channel) application CVE-2011-4696 (Directory traversal vulnerability in Eye-Fi Helper before 3.4.23 allow ...) NOT-FOR-US: Eye-Fi Helper CVE-2011-4695 (Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is ins ...) NOT-FOR-US: Microsoft Windows CVE-2011-4694 (Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows ...) NOT-FOR-US: Adobe Flash Player CVE-2011-4693 (Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows ...) NOT-FOR-US: Adobe Flash Player CVE-2011-4692 (WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-4691 (Google Chrome 15.0.874.121 and earlier does not prevent capture of dat ...) - chromium-browser 17.0.963.56~r121963-1 (unimportant) CVE-2011-4690 (Opera 11.60 and earlier does not prevent capture of data about the tim ...) NOT-FOR-US: Opera CVE-2011-4689 (Microsoft Internet Explorer 6 through 9 does not prevent capture of da ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-4688 (Mozilla Firefox 8.0.1 and earlier does not prevent capture of data abo ...) - iceweasel (unimportant) CVE-2011-4687 (Opera before 11.60 allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Opera CVE-2011-4686 (Unspecified vulnerability in the Web Workers implementation in Opera b ...) NOT-FOR-US: Opera CVE-2011-4685 (Dragonfly in Opera before 11.60 allows remote attackers to cause a den ...) NOT-FOR-US: Opera CVE-2011-4684 (Opera before 11.60 does not properly handle certificate revocation, wh ...) NOT-FOR-US: Opera CVE-2011-4683 (Unspecified vulnerability in Opera before 11.60 has unknown impact and ...) NOT-FOR-US: Opera CVE-2011-4682 (The JavaScript engine in Opera before 11.60 does not properly implemen ...) NOT-FOR-US: Opera CVE-2011-4681 (Opera before 11.60 does not properly consider the number of . (dot) ch ...) NOT-FOR-US: Opera CVE-2011-4680 (Multiple cross-site scripting (XSS) vulnerabilities in the customer po ...) NOT-FOR-US: vtiger CRM CVE-2011-4679 (vtiger CRM before 5.3.0 does not properly recognize the disabled statu ...) NOT-FOR-US: vtiger CRM CVE-2011-4678 (The password reset feature in One Click Orgs before 1.2.3 generates di ...) NOT-FOR-US: One Click Orgs CVE-2011-4677 (One Click Orgs before 1.2.3 does not have an off autocomplete attribut ...) NOT-FOR-US: One Click Orgs CVE-2011-4676 RESERVED CVE-2011-4675 (The pathname canonicalization functionality in io/filesystem/filesyste ...) - widelands 1:15-3 (low) NOTE: Nearly a duplicate of CVE-2011-1932. NOTE: CVE's SPLIT decision is unclear. CVE-2011-4674 (SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, an ...) - zabbix 1:1.8.9-1 (bug #651225) [squeeze] - zabbix (Will be handled through point update) CVE-2011-4673 (SQL injection vulnerability in modules/sharedaddy.php in the Jetpack p ...) NOT-FOR-US: Jetpack plugin for Wordpress CVE-2011-4672 (Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earli ...) NOT-FOR-US: Valid tiny-erp, different from TinyERP, the former name of OpenERP CVE-2011-4671 (SQL injection vulnerability in adrotate/adrotate-out.php in the AdRota ...) NOT-FOR-US: Adrorate plugin for Wordpress CVE-2011-4670 (Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2. ...) NOT-FOR-US: vTiger CRM CVE-2011-4669 (SQL injection vulnerability in wp-users.php in WordPress Users plugin ...) NOT-FOR-US: Wordpress plugin CVE-2011-4668 (IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers ...) NOT-FOR-US: Tivoli CVE-2011-4667 (The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and ...) NOT-FOR-US: Cisco CVE-2011-4666 RESERVED CVE-2011-4665 RESERVED CVE-2011-4664 RESERVED CVE-2011-4663 RESERVED CVE-2011-4662 RESERVED CVE-2011-4661 (A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to ...) NOT-FOR-US: Cisco CVE-2011-4660 RESERVED CVE-2011-4659 (Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phon ...) NOT-FOR-US: Cisco TelePresence Software CVE-2011-4658 RESERVED CVE-2011-4657 RESERVED CVE-2011-4656 RESERVED CVE-2011-4655 RESERVED CVE-2011-4654 RESERVED CVE-2011-4653 RESERVED CVE-2011-4652 RESERVED CVE-2011-4651 RESERVED CVE-2011-4650 (Cisco Data Center Network Manager is affected by Excessive Logging Dur ...) NOT-FOR-US: Cisco CVE-2011-4649 RESERVED CVE-2011-4648 RESERVED CVE-2011-4647 (Multiple cross-site scripting (XSS) vulnerabilities in the story creat ...) NOT-FOR-US: Geeklog CVE-2011-4646 (SQL injection vulnerability in wp-postratings.php in the WP-PostRating ...) NOT-FOR-US: Wordpress plugin CVE-2011-4645 RESERVED CVE-2011-4644 (Splunk 4.2.5 and earlier, when a Free license is selected, enables pot ...) NOT-FOR-US: Splunk Web CVE-2011-4643 (Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2. ...) NOT-FOR-US: Splunk Web CVE-2011-4642 (mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly ...) NOT-FOR-US: Splunk Web CVE-2011-4641 RESERVED CVE-2011-4640 (Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan ...) NOT-FOR-US: SpamTitan CVE-2011-4639 (The (1) Traceroute and (2) Ping implementations in tools.php in SpamTi ...) NOT-FOR-US: SpamTitan CVE-2011-4638 (Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3. ...) NOT-FOR-US: SpamTitan CVE-2011-4637 RESERVED CVE-2011-4636 RESERVED CVE-2011-4635 RESERVED CVE-2011-4634 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4. ...) - phpmyadmin 4:3.4.8-1 (low) [squeeze] - phpmyadmin (Vulnerable code not present) [lenny] - phpmyadmin (Vulnerable code not present) CVE-2011-4633 RESERVED CVE-2011-4632 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...) {DSA-2289-1} - typo3-src 4.5.4+dfsg1-1 (bug #635937) CVE-2011-4631 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...) {DSA-2289-1} - typo3-src 4.5.4+dfsg1-1 (bug #635937) CVE-2011-4630 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...) {DSA-2289-1} - typo3-src 4.5.4+dfsg1-1 (bug #635937) CVE-2011-4629 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...) {DSA-2289-1} - typo3-src 4.5.4+dfsg1-1 (bug #635937) CVE-2011-4628 (TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows ...) {DSA-2289-1} - typo3-src 4.5.4+dfsg1-1 (bug #635937) CVE-2011-4627 (TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows ...) {DSA-2289-1} - typo3-src 4.5.4+dfsg1-1 (bug #635937) CVE-2011-4626 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...) {DSA-2289-1} - typo3-src 4.5.4+dfsg1-1 (bug #635937) CVE-2011-4625 (simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectl ...) {DSA-2330-1} - simplesamlphp 1.8.1-1 CVE-2011-4624 (Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND ...) NOT-FOR-US: WordPress flash-album-gallery CVE-2011-4623 (Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf. ...) - rsyslog 5.7.4-1 [squeeze] - rsyslog (Minor issue) CVE-2011-4622 (The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and p ...) {DSA-2389-1} - linux-2.6 3.1.8-1 CVE-2011-4621 (The Linux kernel before 2.6.37 does not properly implement a certain c ...) - linux-2.6 2.6.37-1 [squeeze] - linux-2.6 (Vulnerable code introduced in 2.6.35) CVE-2011-4620 (Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB ...) {DSA-2425-1} - plib 1.8.5-5.1 (bug #654785) CVE-2011-4619 (The Server Gated Cryptography (SGC) implementation in OpenSSL before 0 ...) {DSA-2390-1} - openssl 1.0.0h-1 CVE-2011-4618 (Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanc ...) NOT-FOR-US: WordPress advanced-text-widget CVE-2011-4617 (virtualenv.py in virtualenv before 1.5 allows local users to overwrite ...) - python-virtualenv 1.6-1 (low; bug #652653) [lenny] - python-virtualenv (Minor issue) [squeeze] - python-virtualenv 1.4.9-3squeeze1 CVE-2011-4616 (Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro modu ...) - libhtml-template-pro-perl 0.9507-1 (low; bug #652587) [squeeze] - libhtml-template-pro-perl 0.9502-1+squeeze1 CVE-2011-4615 (Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1 ...) - zabbix 1:1.8.10-1 (bug #652664) [squeeze] - zabbix (Will be handled through point update) CVE-2011-4614 (PHP remote file inclusion vulnerability in Classes/Controller/Abstract ...) - typo3-src 4.5.9+dfsg1-1 (bug #652365) [squeeze] - typo3-src (Only affects 4.5 onwards) [lenny] - typo3-src (Only affects 4.5 onwards) CVE-2011-4613 (The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu ...) {DSA-2364-1} - xorg 1:7.6+10 (low; bug #652249) [lenny] - xorg (Introduced in 1:7.4~4) CVE-2011-XXXX [X launcher doesn't drop group privileges] - xorg 1:7.6+10 (low) [squeeze] - xorg 1:7.5+8+squeeze1 [lenny] - xorg (potential privilege handling weakness, no known attack vector) NOTE: http://anonscm.debian.org/gitweb/?p=pkg-xorg/debian/xorg.git;a=commitdiff;h=e81b3943be75ca6674867fc7756905490e979522 CVE-2011-4612 (icecast before 2.3.3 allows remote attackers to inject control charact ...) - icecast2 2.3.3-1 (bug #652663) [lenny] - icecast2 (Minor issue) [squeeze] - icecast2 (Minor issue) [wheezy] - icecast2 2.3.2-9+deb7u2 CVE-2011-4611 (Integer overflow in the perf_event_interrupt function in arch/powerpc/ ...) {DSA-2389-1} - linux-2.6 3.0.0-1 CVE-2011-4610 (JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1 ...) - jbossas4 (Only builds a few libraries, not the full application server) CVE-2011-4609 (The svc_run function in the RPC implementation in glibc before 2.15 al ...) - eglibc 2.13-33 (low; bug #671478) [squeeze] - eglibc 2.11.3-4 CVE-2011-4608 (mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat ...) - jbossas4 (Only builds a few libraries, not the full application server) CVE-2011-4607 (PuTTY 0.59 through 0.61 does not clear sensitive process memory when m ...) - putty 0.62-1 (unimportant) [squeeze] - putty 0.60+2010-02-20-1+squeeze2 NOTE: DSA-2736-1 NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html NOTE: Hardening measure, not a vulnerability CVE-2011-4606 (Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 al ...) - rocksndiamonds 3.3.0.1+dfsg1-2.2 (bug #651620) [squeeze] - rocksndiamonds (Contrib not supported) [lenny] - rocksndiamonds (Contrib not supported) CVE-2011-4605 (The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invok ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2011-4604 (The bat_socket_read function in net/batman-adv/icmp_socket.c in the Li ...) - batmand-adv-kernelland [squeeze] - batmand-adv-kernelland (Vulnerable code not present) - linux-2.6 [squeeze] - linux-2.6 (Vulnerable code not present) [lenny] - linux-2.6 (Vulnerable code not present) CVE-2011-4603 (The silc_channel_message function in ops.c in the SILC protocol plugin ...) - pidgin 2.10.1-1 (low) [squeeze] - pidgin 2.7.3-1+squeeze2 CVE-2011-4602 (The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not ...) - pidgin 2.10.1-1 (low) [squeeze] - pidgin 2.7.3-1+squeeze2 CVE-2011-4601 (family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin b ...) - pidgin 2.10.1-1 (low) [squeeze] - pidgin 2.7.3-1+squeeze2 CVE-2011-4600 (The networkReloadIptablesRules function in network/bridge_driver.c in ...) - libvirt 0.9.9-1 (low) [squeeze] - libvirt (Unsupported in squeeze-lts) CVE-2011-4599 (Stack-based buffer overflow in the _canonicalize function in common/ul ...) {DSA-2397-1} - icu 4.8.1.1-3 (bug #654883) CVE-2011-4598 (The handle_request_info function in channels/chan_sip.c in Asterisk Op ...) {DSA-2367-1} - asterisk 1:1.8.8.0~dfsg-1 (bug #651552) [lenny] - asterisk (Vulnerable code not present) CVE-2011-4597 (The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1 ...) {DSA-2367-1} - asterisk 1:1.8.8.0~dfsg-1 (bug #651552) CVE-2011-4596 (Multiple directory traversal vulnerabilities in OpenStack Nova before ...) - nova 2012.1~e1-4 CVE-2011-4595 (Pretty-Link WordPress plugin 1.5.2 has XSS ...) NOT-FOR-US: WordPress pretty-link plugin CVE-2011-4594 (The __sys_sendmsg function in net/socket.c in the Linux kernel before ...) - linux-2.6 3.1-1 [squeeze] - linux-2.6 (Introduced and fixed during 3.1 dev cycle) [lenny] - linux-2.6 (Introduced and fixed during 3.1 dev cycle) CVE-2011-4593 (Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 ...) - moodle (Only affects 2.x) CVE-2011-4592 (The command-line cron implementation in Moodle 2.0.x before 2.0.6 and ...) - moodle (Only affects 2.x) CVE-2011-4591 (Cross-site scripting (XSS) vulnerability in the print_object function ...) - moodle (Only affects 2.x) CVE-2011-4590 (The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x ...) - moodle (Only affects 2.x) CVE-2011-4589 (backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2 ...) - moodle (Only affects 2.x) CVE-2011-4588 (The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x befor ...) {DSA-2421-1} - moodle 1.9.9.dfsg2-5 (bug #652235) CVE-2011-4587 (lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, a ...) {DSA-2421-1} - moodle 1.9.9.dfsg2-5 (bug #652235) CVE-2011-4586 (CRLF injection vulnerability in calendar/set.php in the Calendar subsy ...) {DSA-2421-1} - moodle 1.9.9.dfsg2-5 (bug #652235) CVE-2011-4585 (login/change_password.php in Moodle 1.9.x before 1.9.15 does not use h ...) {DSA-2421-1} - moodle 1.9.9.dfsg2-5 (bug #652235) CVE-2011-4584 (The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2 ...) {DSA-2421-1} - moodle 1.9.9.dfsg2-5 (bug #652235) CVE-2011-4583 (Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service ...) - moodle (Only affects 2.x) CVE-2011-4582 (Open redirect vulnerability in the Calendar set page in Moodle 2.1.x b ...) - moodle (Only affects 2.x) CVE-2011-4581 (mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1 ...) - moodle (Only affects 2.x) CVE-2011-4580 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss E ...) NOT-FOR-US: JBoss Enterprise Portal Platform CVE-2011-4579 (The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in liba ...) {DSA-2378-1} - libav 4:0.7.3-1 - ffmpeg 7:2.4.1-1 - ffmpeg-debian NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2 CVE-2011-4578 (event.c in acpid (aka acpid2) before 2.0.11 does not have an appropria ...) {DSA-2362-1} - acpid 1:2.0.11-1 CVE-2011-4577 (OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is ...) - openssl 1.0.0f-1 (unimportant) NOTE: RFC 3779 support has not been enabled at compile time. CVE-2011-4576 (The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0 ...) {DSA-2390-1} - openssl 1.0.0f-1 CVE-2011-4575 (Cross-site scripting (XSS) vulnerability in the JMX console in JBoss E ...) NOT-FOR-US: JMX Console CVE-2011-4574 RESERVED CVE-2011-4573 (Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly ...) NOT-FOR-US: JBoss Operations Network CVE-2011-4572 (Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF ...) NOT-FOR-US: CF Image Hosting Script CVE-2011-4571 (SQL injection vulnerability in the Estate Agent (com_estateagent) comp ...) NOT-FOR-US: Joomla extension CVE-2011-4570 (SQL injection vulnerability in the Time Returns (com_timereturns) comp ...) NOT-FOR-US: Joomla extension CVE-2011-4569 (SQL injection vulnerability in userbarsettings.php in the Userbar plug ...) NOT-FOR-US: MyBB extension CVE-2011-4568 (Cross-site scripting (XSS) vulnerability in view/frontend-head.php in ...) NOT-FOR-US: Wordpress extension CVE-2011-4567 (Cross-site scripting (XSS) vulnerability in includes/templates/templat ...) NOT-FOR-US: Zen Cart CVE-2011-4566 (Integer overflow in the exif_process_IFD_TAG function in exif.c in the ...) {DSA-2399-1} - php5 5.3.9-1 CVE-2011-4565 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, ...) NOT-FOR-US: XOOPS CVE-2011-4564 (Cross-site scripting (XSS) vulnerability in the admin script in Active ...) NOT-FOR-US: Active CMS CVE-2011-4563 (Cross-site scripting (XSS) vulnerability in index.php in JAKCMS 2.0.4. ...) NOT-FOR-US: JAKCMS CVE-2011-4562 (Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/ ...) NOT-FOR-US: Wordpress plugin CVE-2011-4561 (Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 ...) NOT-FOR-US: Phorum CVE-2011-4560 (Cross-site scripting (XSS) vulnerability in the Petition Node module 6 ...) NOT-FOR-US: Petition node module for Drupal CVE-2011-4559 (SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 ...) NOT-FOR-US: vTiger CVE-2011-4558 (Tiki 8.2 and earlier allows remote administrators to execute arbitrary ...) - tikiwiki NOTE: http://dev.tiki.org/item4059 NOTE: http://info.tiki.org/article185-Tiki-Security-Patches-Available-for-8-3-and-6-6-LTS CVE-2011-4557 RESERVED CVE-2011-4556 RESERVED CVE-2011-4555 (One Click Orgs before 1.2.3 does not require unique e-mail addresses f ...) NOT-FOR-US: One Click Orgs CVE-2011-4554 (One Click Orgs before 1.2.3 allows remote authenticated users to trigg ...) NOT-FOR-US: One Click Orgs CVE-2011-4553 (Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 ...) NOT-FOR-US: One Click Orgs CVE-2011-4552 (Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs ...) NOT-FOR-US: One Click Orgs CVE-2011-4551 (Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in Tik ...) - tikiwiki CVE-2011-4550 RESERVED CVE-2011-4549 RESERVED CVE-2011-4548 (Multiple unspecified vulnerabilities in Google Chrome before 16.0.912. ...) - chromium-browser - webkit NOTE: duplicate for chromebooks CVE-2011-4547 (Multiple cross-site scripting (XSS) vulnerabilities in includes/templa ...) NOT-FOR-US: Zen Cart CVE-2011-4546 RESERVED CVE-2011-4545 (CRLF injection vulnerability in admin/displayImage.php in Prestashop 1 ...) NOT-FOR-US: Prestashop CVE-2011-4544 (Multiple cross-site scripting (XSS) vulnerabilities in Prestashop befo ...) NOT-FOR-US: Prestashop CVE-2011-4543 (Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow ...) NOT-FOR-US: osCommerce CVE-2011-4542 (Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitra ...) - hastymail CVE-2011-4541 (Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 2. ...) - hastymail CVE-2011-4540 (Multiple cross-site scripting (XSS) vulnerabilities in AtMail Open (ak ...) - atmailopen CVE-2011-4539 (dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 do ...) {DSA-2519-2 DSA-2519-1} - dhcp3 (Only affects DHCP 4.x) - isc-dhcp 4.2.2.dfsg.1-5 (bug #652259; low) CVE-2011-4538 (Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to ...) NOT-FOR-US: Lexmark CVE-2011-4537 (Multiple buffer overflows in 7-Technologies (7T) Interactive Graphical ...) NOT-FOR-US: 7-Technologies IGSS CVE-2011-4536 (Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka H ...) NOT-FOR-US: WellinTech KingView CVE-2011-4535 (Buffer overflow in TurboPower Abbrevia before 4.0, as used in ScadaTEC ...) NOT-FOR-US: TurboPower Abbrevia CVE-2011-4534 (ZenSysSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows rem ...) NOT-FOR-US: COPA-DATA CVE-2011-4533 (zenAdminSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows r ...) NOT-FOR-US: COPA-DATA CVE-2011-4532 (Absolute path traversal vulnerability in the ALMListView.ALMListCtrl A ...) NOT-FOR-US: Siemens Automation License Manager CVE-2011-4531 (Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allo ...) NOT-FOR-US: Siemens Automation License Manager CVE-2011-4530 (Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does ...) NOT-FOR-US: Siemens Automation License Manager CVE-2011-4529 (Multiple buffer overflows in Siemens Automation License Manager (ALM) ...) NOT-FOR-US: Siemens Automation License Manager CVE-2011-4528 (Unbound before 1.4.13p2 attempts to free unallocated memory during pro ...) {DSA-2370-1} - unbound 1.4.14-1 (medium) CVE-2011-4527 RESERVED CVE-2011-4526 (Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess ...) NOT-FOR-US: Advantech/BroadWin WebAccess CVE-2011-4525 (Advantech/BroadWin WebAccess before 7.0 allows remote attackers to tri ...) NOT-FOR-US: Advantech/BroadWin WebAccess CVE-2011-4524 (Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remo ...) NOT-FOR-US: Advantech/BroadWin WebAccess CVE-2011-4523 (Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/Br ...) NOT-FOR-US: Advantech/BroadWin WebAccess CVE-2011-4522 (Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/B ...) NOT-FOR-US: Advantech/BroadWin WebAccess CVE-2011-4521 (SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 ...) NOT-FOR-US: Advantech/BroadWin WebAccess CVE-2011-4520 (Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTI ...) NOT-FOR-US: MICROSYS PROMOTIC CVE-2011-4519 (Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOT ...) NOT-FOR-US: MICROSYS PROMOTIC CVE-2011-4518 (Directory traversal vulnerability in the PmWebDir object in the web se ...) NOT-FOR-US: MICROSYS PROMOTIC CVE-2011-4517 (The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.90 ...) {DSA-2371-1} - jasper 1.900.1-13 (bug #652649) - ghostscript 8.64~dfsg-2 NOTE: ghostscript using system jasper since this version CVE-2011-4516 (Heap-based buffer overflow in the jpc_cox_getcompparms function in lib ...) {DSA-2371-1} - jasper 1.900.1-13 (bug #652649) - ghostscript 8.64~dfsg-2 NOTE: ghostscript using system jasper since this version CVE-2011-4515 (Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing ...) NOT-FOR-US: Siemens WinCC CVE-2011-4514 (The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008 ...) NOT-FOR-US: Siemens WinCC CVE-2011-4513 (Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA ...) NOT-FOR-US: Siemens WinCC CVE-2011-4512 (CRLF injection vulnerability in the HMI web server in Siemens WinCC fl ...) NOT-FOR-US: Siemens WinCC CVE-2011-4511 (Cross-site scripting (XSS) vulnerability in the HMI web server in Siem ...) NOT-FOR-US: Siemens WinCC CVE-2011-4510 (Cross-site scripting (XSS) vulnerability in the HMI web server in Siem ...) NOT-FOR-US: Siemens WinCC CVE-2011-4509 (The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 200 ...) NOT-FOR-US: Siemens WinCC CVE-2011-4508 (The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 200 ...) NOT-FOR-US: Siemens WinCC CVE-2011-4507 (The D-Link DIR-685 router, when certain WPA and WPA2 configurations ar ...) NOT-FOR-US: D-Link DIR-685 router CVE-2011-4506 (The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 wit ...) NOT-FOR-US: hardware device with broken UPnP UGD implementation CVE-2011-4505 (The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware be ...) NOT-FOR-US: hardware device with broken UPnP UGD implementation CVE-2011-4504 (The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyX ...) NOT-FOR-US: hardware device with broken UPnP UGD implementation CVE-2011-4503 (The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 al ...) NOT-FOR-US: hardware device with broken UPnP UGD implementation CVE-2011-4502 (The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K ...) NOT-FOR-US: hardware device with broken UPnP UGD implementation CVE-2011-4501 (The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K ...) NOT-FOR-US: hardware device with broken UPnP UGD implementation CVE-2011-4500 (The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware ...) NOT-FOR-US: hardware device with broken UPnP UGD implementation CVE-2011-4499 (The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Li ...) NOT-FOR-US: hardware device with broken UPnP UGD implementation CVE-2011-4498 (Cross-site request forgery (CSRF) vulnerability in the web console in ...) NOT-FOR-US: Zenprise Device Manager CVE-2011-4497 (QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4 ...) NOT-FOR-US: Asus device CVE-2011-4496 (Buffer overflow in Aviosoft DTV Player 1.0.1.2 allows remote attackers ...) NOT-FOR-US: Aviosoft DTV Player CVE-2011-4495 RESERVED CVE-2011-4494 RESERVED CVE-2011-4493 RESERVED CVE-2011-4492 RESERVED CVE-2011-4491 RESERVED CVE-2011-4490 RESERVED CVE-2011-4489 RESERVED CVE-2011-4488 RESERVED CVE-2011-4487 (SQL injection vulnerability in Cisco Unified Communications Manager (C ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-4486 (Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-4485 RESERVED CVE-2011-4484 RESERVED CVE-2011-4483 RESERVED CVE-2011-4482 RESERVED CVE-2011-4481 RESERVED CVE-2011-4480 RESERVED CVE-2011-4479 RESERVED CVE-2011-4478 RESERVED CVE-2011-4477 RESERVED CVE-2011-4476 RESERVED CVE-2011-4475 RESERVED CVE-2011-4474 RESERVED CVE-2011-4473 RESERVED CVE-2011-4472 RESERVED CVE-2011-4471 RESERVED CVE-2011-4470 RESERVED CVE-2011-4469 RESERVED CVE-2011-4468 RESERVED CVE-2011-4467 RESERVED CVE-2011-4466 RESERVED CVE-2011-4465 (Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect ( ...) NOT-FOR-US: IBM Lotus Mobile Connect CVE-2011-4464 RESERVED CVE-2011-4463 RESERVED CVE-2011-4462 (Plone 4.1.3 and earlier computes hash values for form parameters witho ...) - plone3 CVE-2011-4461 (Jetty 8.1.0.RC2 and earlier computes hash values for form parameters w ...) - jetty 6.1.26-1 [squeeze] - jetty (Minor issue) CVE-2011-4460 (SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x ...) {DSA-2480-1} - request-tracker4 4.0.5-3 CVE-2011-4459 (Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 doe ...) {DSA-2480-1} - request-tracker4 4.0.5-3 CVE-2011-4458 (Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and ...) {DSA-2480-1} - request-tracker4 4.0.5-3 CVE-2011-4457 (OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when J ...) NOT-FOR-US: OWASP HTML Sanitizer CVE-2011-4456 REJECTED CVE-2011-4455 (Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier ...) - tikiwiki NOTE: http://secunia.com/advisories/46740/ CVE-2011-4454 (Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earl ...) - tikiwiki NOTE: http://secunia.com/advisories/46740/ CVE-2011-4453 (The PageListSort function in scripts/pagelist.php in PmWiki 2.x before ...) - pmwiki (bug #330117) CVE-2011-4452 (Cross-site request forgery (CSRF) vulnerability in the AdminUsers comp ...) NOT-FOR-US: WikkaWiki CVE-2011-4451 (** DISPUTED ** libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when ...) NOT-FOR-US: WikkaWiki CVE-2011-4450 (Directory traversal vulnerability in handlers/files.xml/files.xml.php ...) NOT-FOR-US: WikkaWiki CVE-2011-4449 (actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MO ...) NOT-FOR-US: WikkaWiki CVE-2011-4448 (SQL injection vulnerability in actions/usersettings/usersettings.php i ...) NOT-FOR-US: WikkaWiki CVE-2011-4447 (The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0. ...) - bitcoin 0.5.1-1 CVE-2011-4446 RESERVED CVE-2011-4445 RESERVED CVE-2011-4444 RESERVED CVE-2011-4443 RESERVED CVE-2011-4442 RESERVED CVE-2011-4441 RESERVED CVE-2011-4440 RESERVED CVE-2011-4439 RESERVED CVE-2011-4438 RESERVED CVE-2011-4437 RESERVED CVE-2011-4436 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...) NOT-FOR-US: Dell appliance CVE-2011-4435 (The web-server component in the Consolidation and Analysis Engine (CAE ...) NOT-FOR-US: IBM DB2 CVE-2011-4434 (Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 ...) NOT-FOR-US: Microsoft Windows CVE-2011-4433 REJECTED CVE-2011-4432 (www/include/configuration/nconfigObject/contact/DB-Func.php in Merethi ...) NOT-FOR-US: Merethis Centreon CVE-2011-4431 (Directory traversal vulnerability in main.php in Merethis Centreon bef ...) NOT-FOR-US: Merethis Centreon CVE-2011-4430 REJECTED CVE-2011-4429 REJECTED CVE-2011-4428 REJECTED CVE-2011-4427 REJECTED CVE-2011-4426 REJECTED CVE-2011-4425 REJECTED CVE-2011-4424 REJECTED CVE-2011-4423 REJECTED CVE-2011-4422 REJECTED CVE-2011-4421 REJECTED CVE-2011-4420 REJECTED CVE-2011-4419 REJECTED CVE-2011-4418 REJECTED CVE-2011-4417 REJECTED CVE-2011-4416 REJECTED CVE-2011-4415 (The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0 ...) - apache2 2.4.1-1 (unimportant) NOTE: apache2 does not protect or claim to protect against DoS through .htaccess CVE-2011-4414 REJECTED CVE-2011-4413 REJECTED CVE-2011-4412 REJECTED CVE-2011-4411 REJECTED CVE-2011-4410 REJECTED CVE-2011-4409 (The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LT ...) NOT-FOR-US: Ubuntu One CVE-2011-4408 (The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11. ...) - ubuntu-sso-client (bug #680492) CVE-2011-4407 (ppa.py in Software Properties before 0.81.13.3 does not validate the s ...) - software-properties 0.76.7debian2+nmu2 [squeeze] - software-properties (Vulnerable code not present) [lenny] - software-properties (Vulnerable code not present) NOTE: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/915210/ CVE-2011-4406 (The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does n ...) - accountsservice 0.6.15-3 CVE-2011-4405 (The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 1 ...) - system-config-printer 1.3.7-1 (low; bug #651204) [squeeze] - system-config-printer (Minor issue) CVE-2011-4404 (The default configuration of the HTTP server in Jetty in vSphere Updat ...) - jetty 6.1.19-1 (low; bug #528389) NOTE: duplicate of CVE-2009-1523 CVE-2011-4403 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart ...) NOT-FOR-US: Zen Cart CVE-2011-4402 REJECTED CVE-2011-4401 REJECTED CVE-2011-4400 REJECTED CVE-2011-4399 REJECTED CVE-2011-4398 REJECTED CVE-2011-4397 REJECTED CVE-2011-4396 REJECTED CVE-2011-4395 REJECTED CVE-2011-4394 REJECTED CVE-2011-4393 REJECTED CVE-2011-4392 REJECTED CVE-2011-4391 REJECTED CVE-2011-4390 REJECTED CVE-2011-4389 REJECTED CVE-2011-4388 REJECTED CVE-2011-4387 REJECTED CVE-2011-4386 REJECTED CVE-2011-4385 REJECTED CVE-2011-4384 REJECTED CVE-2011-4383 REJECTED CVE-2011-4382 REJECTED CVE-2011-4381 REJECTED CVE-2011-4380 REJECTED CVE-2011-4379 REJECTED CVE-2011-4378 REJECTED CVE-2011-4377 REJECTED CVE-2011-4376 REJECTED CVE-2011-4375 REJECTED CVE-2011-4374 (Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows atta ...) NOT-FOR-US: Adobe Reader CVE-2011-4373 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Window ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2011-4372 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Window ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2011-4371 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Window ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2011-4370 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Window ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2011-4369 (Unspecified vulnerability in the PRC component in Adobe Reader and Acr ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2011-4368 (Cross-site scripting (XSS) vulnerability in Remote Development Service ...) NOT-FOR-US: Adobe Cold Fusion CVE-2011-4367 (Multiple directory traversal vulnerabilities in MyFaces JavaServer Fac ...) - mojarra (The Debian package only ships some API classes) CVE-2011-4366 REJECTED CVE-2011-4365 REJECTED CVE-2011-4364 (Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5. ...) {DSA-2378-1} - libav 4:0.7.3-1 - ffmpeg 7:2.4.1-1 - ffmpeg-debian NOTE: http://www.usenix.org/events/woot11/tech/final_files/Yamaguchi.pdf NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=494cfacdb9ba3f0549e37f76b3a2f86a7aeeac3c CVE-2011-4363 (ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when T ...) - libproc-processtable-perl 0.45-6 (low; bug #650500) [squeeze] - libproc-processtable-perl 0.45-1+squeeze1 CVE-2011-4362 (Integer signedness error in the base64_decode function in the HTTP aut ...) {DSA-2368-1} - lighttpd 1.4.30-1 (low; bug #652726) NOTE: http://openwall.com/lists/oss-security/2011/11/29/8 NOTE: http://redmine.lighttpd.net/issues/2370 NOTE: the announcement says that the debian package is not affected, but there are no additional patches that would cause different behavior (i.e. the base64_reverse_table is the same in debian and upstream), so if upstream is affected, so too is the debian package CVE-2011-4361 (MediaWiki before 1.17.1 does not check for read permission before hand ...) {DSA-2366-1} - mediawiki 1:1.15.5-4 (bug #650434) NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html CVE-2011-4360 (MediaWiki before 1.17.1 allows remote attackers to obtain the page tit ...) {DSA-2366-1} - mediawiki 1:1.15.5-4 (bug #650434) [squeeze] - mediawiki (Vulnerable code not present) NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html CVE-2011-4359 [MyFaces - includeViewParameters re-evaluates param/model values as EL expressions] REJECTED CVE-2011-4358 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 ...) {DSA-2359-1} - mojarra 2.0.3-2 (bug #650430) CVE-2011-4357 (Format string vulnerability in the p_cgi_error function in python/neo_ ...) {DSA-2355-1} - clearsilver 0.10.5-1.3 (bug #649322) CVE-2011-4356 (Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4. ...) - celery 2.4.6-1 - django-celery (Vulnerable code not present) CVE-2011-4355 (GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defi ...) - gdb 7.6-1 (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=703238 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blob_plain;f=gdb/NEWS;hb=HEAD (lists "auto-load safe-path" under "Changes in GDB 7.5") CVE-2011-4354 (crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as u ...) {DSA-2390-1} - openssl 0.9.8o-4squeeze3 (bug #650621) CVE-2011-4353 (The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse ...) {DSA-2378-1} - libav 4:0.7.3-1 - ffmpeg 7:2.4.1-1 - ffmpeg-debian NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=67a7ed6 NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=c76505e NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=30c08e2 NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=7367cbe NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=28acce2 CVE-2011-4352 (Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c ...) - libav 4:0.7.3-1 - ffmpeg (Was introduced in 0.6) - ffmpeg-debian (Was introduced in 0.6) NOTE: http://article.gmane.org/gmane.comp.video.libav.devel/15182 CVE-2011-4351 (Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x befo ...) {DSA-2378-1} - libav 4:0.7.3-1 - ffmpeg 7:2.4.1-1 - ffmpeg-debian NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=a31ccacb1a9b2abc0e140a812fb0ffca6f7c2591 NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=0d93d5c4614fafea74bdac681673f5b32eb49063 NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=73472053516f82b7d273a3d42c583f894077a191 CVE-2011-4350 (Yaws 1.91 has a directory traversal vulnerability in the way certain U ...) - yaws 1.91-2 (bug #650009) [lenny] - yaws (Vulnerable code not present) [squeeze] - yaws (Vulnerable code not present) CVE-2011-4349 (Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) ...) - colord 0.1.15-1 (medium; bug #650021) CVE-2011-4348 (Race condition in the sctp_rcv function in net/sctp/input.c in the Lin ...) - linux-2.6 (Incomplete fix for RHEL5-specific backport regression) NOTE: incomplete fix for CVE-2011-2482 CVE-2011-4347 (The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in ...) {DSA-2443-1} - linux-2.6 CVE-2011-4346 (Cross-site scripting (XSS) vulnerability in the web interface in Red H ...) NOT-FOR-US: Red Hat Satellite CVE-2011-4345 (Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when ...) - namazu2 2.0.21-1 (low) [squeeze] - namazu2 (Minor issue) CVE-2011-4344 (Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins be ...) - jenkins-winstone 0.9.10-jenkins-29+dfsg-1 (bug #649900) CVE-2011-4343 (Information disclosure vulnerability in Apache MyFaces Core 2.0.1 thro ...) NOT-FOR-US: Apache MyFaces CVE-2011-4342 (PHP remote file inclusion vulnerability in wp_xml_export.php in the Ba ...) NOT-FOR-US: Wordpress plugin CVE-2011-4341 (Multiple SQL injection vulnerabilities in symphony/content/content.pub ...) NOT-FOR-US: Symphony CMS CVE-2011-4340 (Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2. ...) NOT-FOR-US: Symphony CMS CVE-2011-4339 (ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmito ...) {DSA-2376-2 DSA-2376-1} - ipmitool 1.8.11-5 (bug #651917) CVE-2011-4338 (Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.con ...) NOT-FOR-US: Arch-Linux specific tool CVE-2011-4337 (Static code injection vulnerability in translate.php in Support Incide ...) NOT-FOR-US: Support Incident Tracker CVE-2011-4336 (Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to sn ...) - tikiwiki CVE-2011-4335 (Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2 ...) NOT-FOR-US: Contao CVE-2011-4334 (edit.php in LabWiki 1.1 and earlier does not properly verify uploaded ...) NOT-FOR-US: LabWiki CVE-2011-4333 (Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and ...) NOT-FOR-US: LabWiki CVE-2011-4332 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 a ...) NOT-FOR-US: Joomla! CVE-2011-4331 REJECTED CVE-2011-4330 (Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/tran ...) - linux-2.6 3.1.4-1 [squeeze] - linux-2.6 2.6.32-40 CVE-2011-4329 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 ...) - dolibarr 3.3.4-1 (low) CVE-2011-4328 (plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions ( ...) {DSA-2435-1} - gnash 0.8.10-1 (low; bug #649384) CVE-2011-4327 (ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platfo ...) - openssh (Only affects platforms w/o /dev/random) NOTE: http://www.openssh.com/txt/portable-keysign-rand-helper.adv CVE-2011-4326 (The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel b ...) - linux-2.6 2.6.39-1 [squeeze] - linux-2.6 2.6.32-40 [lenny] - linux-2.6 (Vulnerable code not present) CVE-2011-4325 (The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain ...) - linux-2.6 2.6.32-1 CVE-2011-4324 (The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux kern ...) - linux-2.6 (RHEL5-specific backport error) CVE-2011-4323 REJECTED CVE-2011-4322 (websitebaker prior to and including 2.8.1 has an authentication error ...) NOT-FOR-US: websitebaker CVE-2011-4321 (The password reset functionality in Joomla! 1.5.x through 1.5.24 uses ...) NOT-FOR-US: Joomla! CVE-2011-4320 (The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alp ...) - ejabberd 2.1.9-1 (low) [squeeze] - ejabberd (Only triggerable with malformed config file) NOTE: https://support.process-one.net/browse/EJAB-1498 CVE-2011-4319 (Cross-site scripting (XSS) vulnerability in the i18n translations help ...) - rails (Only affects RoR 3.0 and above) CVE-2011-4318 (Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostn ...) - dovecot 1:2.0.18-1 (unimportant; bug #649511) NOTE: Additional hardening CVE-2011-4317 (The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2 ...) {DSA-2405-1} - apache2 2.2.21-3 NOTE: Related to CVE-2011-3368 and CVE-2011-3639 but a different issue CVE-2011-4316 (Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in cert ...) NOT-FOR-US: ovirt NOTE: While the Red Hat advisory refers to SPICE, this is a vulnerability in NOTE: the server-side ovirt logic (contacted Red Hat for clarification) CVE-2011-4315 (Heap-based buffer overflow in compression-pointer processing in core/n ...) - nginx 1.1.8-1 (low) [squeeze] - nginx 0.7.67-3+squeeze1 [lenny] - nginx (Minor issue) NOTE: http://trac.nginx.org/nginx/changeset/4268/nginx CVE-2011-4314 (message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used i ...) - openid4java 0.9.6.662-1 - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2011-4313 (query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9 ...) {DSA-2347-1} - bind9 1:9.8.1.dfsg.P1-1 (high; bug #649099) CVE-2011-4312 (Multiple cross-site scripting (XSS) vulnerabilities in the commenting ...) NOT-FOR-US: Review Board CVE-2011-4311 (ResourceSpace before 4.2.2833 does not properly validate access keys, ...) NOT-FOR-US: ResourceSpace CVE-2011-4310 (The news module in CMSMS before 1.9.4.3 allows remote attackers to cor ...) - cmsms (bug #608888) CVE-2011-4309 (Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attacke ...) - moodle (Only affects 2.x) CVE-2011-4308 (mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, ...) {DSA-2421-1} - moodle 1.9.9.dfsg2-5 CVE-2011-4307 (Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php ...) - moodle (Only affects 2.x) CVE-2011-4306 (Cross-site scripting (XSS) vulnerability in course/editsection.html in ...) {DSA-2338-1} - moodle 1.9.9.dfsg2-4 CVE-2011-4305 (message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authen ...) {DSA-2338-1} - moodle 1.9.9.dfsg2-4 CVE-2011-4304 (The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2 ...) - moodle (Only affects 2.x) CVE-2011-4303 (lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 ...) - moodle (Only affects 2.x) CVE-2011-4302 (mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x be ...) {DSA-2338-1} - moodle 1.9.9.dfsg2-4 CVE-2011-4301 (The MoodleQuickForm class in the Forms Library in lib/formslib.php in ...) {DSA-2338-1} - moodle 1.9.9.dfsg2-4 CVE-2011-4300 (The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x befo ...) - moodle (Only affects 2.x) CVE-2011-4299 (Cross-site scripting (XSS) vulnerability in mod/wiki/pagelib.php in Mo ...) - moodle (Only affects 2.x) CVE-2011-4298 (Multiple cross-site request forgery (CSRF) vulnerabilities in mod/wiki ...) - moodle (Only affects 2.x) CVE-2011-4297 (comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 do ...) - moodle (Only affects 2.x) CVE-2011-4296 (lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 ...) - moodle (Only affects 2.x) CVE-2011-4295 (The moodle_enrol_external:role_assign function in enrol/externallib.ph ...) - moodle (Only affects 2.x) CVE-2011-4294 (The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x b ...) {DSA-2338-1} - moodle 1.9.9.dfsg2-4 CVE-2011-4293 (The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before ...) - moodle (Only affects 2.x) CVE-2011-4292 (Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a ...) - moodle (Only affects 2.x) CVE-2011-4291 (Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a ...) - moodle (Only affects 2.x) CVE-2011-4290 (Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php ...) {DSA-2262-1} - moodle 1.9.9.dfsg2-3 CVE-2011-4289 (Moodle 2.0.x before 2.0.3 does not recognize the configuration setting ...) - moodle (Only affects 2.x) CVE-2011-4288 (Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly im ...) {DSA-2262-1} - moodle 1.9.9.dfsg2-3 CVE-2011-4287 (admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force ...) - moodle (Only affects 2.x) CVE-2011-4286 (Multiple cross-site scripting (XSS) vulnerabilities in the media-filte ...) {DSA-2262-1} - moodle 1.9.9.dfsg2-3 CVE-2011-4285 (The default configuration of Moodle 2.0.x before 2.0.2 has an incorrec ...) - moodle (Only affects 2.x) CVE-2011-4284 (Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive ...) - moodle (Only affects 2.x) CVE-2011-4283 (Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterp ...) {DSA-2262-1} - moodle 1.9.9.dfsg2-3 CVE-2011-4282 (Multiple cross-site scripting (XSS) vulnerabilities in the course-tags ...) - moodle (Only affects 2.x) CVE-2011-4281 (Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2 ...) - moodle (Only affects 2.x) CVE-2011-4280 (Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka ...) - moodle (Only affects 2.x) CVE-2011-4279 (Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setti ...) - moodle (Only affects 2.x) CVE-2011-4278 (Cross-site scripting (XSS) vulnerability in the tag autocomplete funct ...) {DSA-2262-1} - moodle 1.9.9.dfsg2-3 CVE-2011-4277 (Cross-site scripting (XSS) vulnerability in CourseForum ProjectForum 7 ...) NOT-FOR-US: CourseForum CVE-2011-4276 (The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) ...) NOT-FOR-US: Android CVE-2011-4275 (Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Op ...) NOT-FOR-US: IT Operations Portal CVE-2011-4274 (Cross-site scripting (XSS) vulnerability in the A-Form PC and PC/Mobil ...) NOT-FOR-US: Movable Type plugin CVE-2011-4273 (Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserv ...) NOT-FOR-US: GoAhead Webserver CVE-2011-4272 REJECTED CVE-2011-4271 REJECTED CVE-2011-4270 REJECTED CVE-2011-4269 REJECTED CVE-2011-4268 REJECTED CVE-2011-4267 REJECTED CVE-2011-4266 (Untrusted search path vulnerability in FFFTP before 1.98d allows local ...) NOT-FOR-US: FFFTP CVE-2011-4265 (Cross-site scripting (XSS) vulnerability in phpWebSite before 1.0.0 al ...) NOT-FOR-US: phpWebSite CVE-2011-4264 (Cross-site scripting (XSS) vulnerability in Etomite before 1.1 allows ...) NOT-FOR-US: Etomite CVE-2011-4263 (Cross-site scripting (XSS) vulnerability in Schneider Electric PowerCh ...) NOT-FOR-US: Schneider Electric PowerChute Business Edition CVE-2011-4262 (Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 all ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-4261 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execu ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-4260 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execu ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-4259 (Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remo ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-4258 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execu ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-4257 (The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-4256 (The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPl ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-4255 (Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-4254 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execu ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-4253 (Unspecified vulnerability in the RV20 codec in RealNetworks RealPlayer ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-4252 (The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPl ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-4251 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execu ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-4250 (Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-4249 (Array index error in the RV30 codec in RealNetworks RealPlayer before ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-4248 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execu ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-4247 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execu ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-4246 (The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPla ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-4245 (The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and Ma ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-4244 (Heap-based buffer overflow in the RealVideo renderer in RealNetworks R ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-4243 RESERVED CVE-2011-4242 RESERVED CVE-2011-4241 RESERVED CVE-2011-4240 RESERVED CVE-2011-4239 RESERVED CVE-2011-4238 RESERVED CVE-2011-4237 (CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Comm ...) NOT-FOR-US: Cisco CVE-2011-4236 RESERVED CVE-2011-4235 RESERVED CVE-2011-4234 RESERVED CVE-2011-4233 RESERVED CVE-2011-4232 (The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces diff ...) NOT-FOR-US: Cisco CVE-2011-4231 (Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hu ...) NOT-FOR-US: Cisco IOS CVE-2011-4230 RESERVED CVE-2011-4229 RESERVED CVE-2011-4228 RESERVED CVE-2011-4227 RESERVED CVE-2011-4226 RESERVED CVE-2011-4225 RESERVED CVE-2011-4224 RESERVED CVE-2011-4223 (Unspecified vulnerability in Investintech.com Absolute PDF Server allo ...) NOT-FOR-US: Investintech.com Absolute PDF Server CVE-2011-4222 (Unspecified vulnerability in Investintech.com Able2Extract and Able2Ex ...) NOT-FOR-US: Investintech.com Able2Extract CVE-2011-4221 (Unspecified vulnerability in Investintech.com Able2Doc and Able2Doc Pr ...) NOT-FOR-US: Investintech.com Able2Doc CVE-2011-4220 (Investintech.com SlimPDF Reader does not properly restrict the argumen ...) NOT-FOR-US: Investintech.com SlimPDF CVE-2011-4219 (Investintech.com SlimPDF Reader does not prevent faulting-address data ...) NOT-FOR-US: Investintech.com SlimPDF CVE-2011-4218 (Investintech.com SlimPDF Reader does not prevent faulting-instruction ...) NOT-FOR-US: Investintech.com SlimPDF CVE-2011-4217 (Investintech.com SlimPDF Reader does not properly restrict read operat ...) NOT-FOR-US: Investintech.com SlimPDF CVE-2011-4216 (Investintech.com SlimPDF Reader does not properly restrict write opera ...) NOT-FOR-US: Investintech.com SlimPDF CVE-2011-4215 (SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action ...) NOT-FOR-US: OneOrZero Action & Information Management System (AIMS) CVE-2011-4214 (OneOrZero Action & Information Management System (AIMS) 2.7.0 allo ...) NOT-FOR-US: OneOrZero Action & Information Management System (AIMS) CVE-2011-4213 (The sandbox environment in the Google App Engine Python SDK before 1.5 ...) NOT-FOR-US: Google App Engine CVE-2011-4212 (The sandbox environment in the Google App Engine Python SDK before 1.5 ...) NOT-FOR-US: Google App Engine CVE-2011-4211 (The FakeFile implementation in the sandbox environment in the Google A ...) NOT-FOR-US: Google App Engine CVE-2011-4210 RESERVED CVE-2011-4209 RESERVED CVE-2011-4208 RESERVED CVE-2011-4207 RESERVED CVE-2011-4206 RESERVED CVE-2011-4205 RESERVED CVE-2011-4204 RESERVED CVE-2011-4203 (CRLF injection vulnerability in calendar/set.php in the Calendar compo ...) NOT-FOR-US: Moodle addon CVE-2011-4202 (The Tadasoft Restorepoint 3.2 evaluation image uses weak permissions ( ...) NOT-FOR-US: Tadasoft Restorepoint CVE-2011-4201 (remote_support.cgi in the Tadasoft Restorepoint 3.2 evaluation image a ...) NOT-FOR-US: Tadasoft Restorepoint CVE-2011-4200 RESERVED CVE-2011-4199 RESERVED CVE-2011-4198 RESERVED CVE-2011-4197 (etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 cr ...) NOT-FOR-US: pfSense CVE-2011-XXXX [spip privilege escalation] - spip 2.1.12-1 (bug #649113) [squeeze] - spip 2.1.1-3squeeze2 CVE-2011-XXXX [spip XSS] - spip 2.1.12-1 (bug #649113) [squeeze] - spip 2.1.1-3squeeze2 CVE-2011-XXXX [spip path disclosure] - spip 2.1.12-1 (unimportant; bug #646758) NOTE: http://archives.rezo.net/archives/spip-ann.mbox/5XCQ4RYDCYRXQSQQK42DT7IO2GVT7ZSI/ NOTE: Path disclosure not an issue for Debian CVE-2011-4196 RESERVED CVE-2011-4195 (kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 an ...) NOT-FOR-US: Suse kiwi (different from python-kiwi) CVE-2011-4194 (Buffer overflow in Novell iPrint Server in Novell Open Enterprise Serv ...) NOT-FOR-US: Novell iPrint CVE-2011-4193 (Cross-site scripting (XSS) vulnerability in the overlay files tab in S ...) NOT-FOR-US: Suse kiwi (different from python-kiwi) CVE-2011-4192 (kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and ...) NOT-FOR-US: Suse kiwi (different from python-kiwi) CVE-2011-4191 (Stack-based buffer overflow in the xdrDecodeString function in XNFS.NL ...) NOT-FOR-US: Novell NetWare CVE-2011-4190 (The kdump implementation is missing the host key verification in the k ...) NOT-FOR-US: kdump as used in SuSE CVE-2011-4189 (The client in Novell GroupWise 8.0x through 8.02HP3 allows remote atta ...) NOT-FOR-US: Novell GroupWise CVE-2011-4188 (Buffer overflow in the Create Attribute function in jclient in Novell ...) NOT-FOR-US: Novell iManager CVE-2011-4187 (Buffer overflow in the GetDriverSettings function in nipplib.dll in No ...) NOT-FOR-US: Novell iPrint Client CVE-2011-4186 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...) NOT-FOR-US: Novell iPrint Client CVE-2011-4185 (The GetPrinterURLList2 method in the ActiveX control in Novell iPrint ...) NOT-FOR-US: ActiveX CVE-2011-4184 RESERVED CVE-2011-4183 (A vulnerability in open build service allows remote attackers to uploa ...) - open-build-service (Fixed before initial upload to Debian) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=736243 NOTE: https://github.com/openSUSE/open-build-service/commit/5281e4bff9df31f1f91e22a0d1e9086b93b23d7e CVE-2011-4182 (Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise ...) NOT-FOR-US: sysconfig in SUSE Linux Enterprise CVE-2011-4181 (A vulnerability in open build service allows remote attackers to gain ...) - open-build-service (Fixed before initial upload to Debian) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=734003 NOTE: https://github.com/openSUSE/open-build-service/commit/5281e4bff9df31f1f91e22a0d1e9086b93b23d7e CVE-2011-4180 RESERVED CVE-2011-4179 RESERVED CVE-2011-4178 RESERVED CVE-2011-4177 RESERVED CVE-2011-4176 RESERVED CVE-2011-4175 RESERVED CVE-2011-4174 RESERVED CVE-2011-4173 (Cross-site request forgery (CSRF) vulnerability in Simple Machines For ...) NOT-FOR-US: Simple Machines Forum CVE-2011-4172 (Multiple cross-site scripting (XSS) vulnerabilities in KENT-WEB WEB FO ...) NOT-FOR-US: KENT WEB FORUM CVE-2011-4171 (Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM W ...) NOT-FOR-US: WebSphere CVE-2011-4170 (Cross-site scripting (XSS) vulnerability in the theme_adium_append_mes ...) - empathy 3.2.1.1-1 [squeeze] - empathy (Minor issue) [lenny] - empathy (only affects webkit theming, not present in Lenny) CVE-2011-4169 (Unspecified vulnerability in HP Managed Printing Administration before ...) NOT-FOR-US: HP Managed Printing Administration CVE-2011-4168 (Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in ...) NOT-FOR-US: HP Managed Printing Administration CVE-2011-4167 (Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing ...) NOT-FOR-US: HP Managed Printing Administration CVE-2011-4166 (Directory traversal vulnerability in the MPAUploader.Uploader.1.Upload ...) NOT-FOR-US: HP Managed Printing Administration CVE-2011-4165 (Unspecified vulnerability in HP Database Archiving Software 6.31 allow ...) NOT-FOR-US: HP Database Archiving Software CVE-2011-4164 (Unspecified vulnerability in HP Database Archiving Software 6.31 allow ...) NOT-FOR-US: HP Database Archiving Software CVE-2011-4163 (Unspecified vulnerability in HP Database Archiving Software 6.31 allow ...) NOT-FOR-US: HP Database Archiving Software CVE-2011-4162 (The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, ...) NOT-FOR-US: HP Protect Tools Device Access Manager CVE-2011-4161 (The default configuration of the HP CM8060 Color MFP with Edgeline; Co ...) NOT-FOR-US: HP CM8060 Color MFP CVE-2011-4160 (Unspecified vulnerability in HP Operations Agent 11.00 and Performance ...) NOT-FOR-US: HP Operations Agent CVE-2011-4159 (Unspecified vulnerability in System Administration Manager (SAM) in EM ...) NOT-FOR-US: HP-UX CVE-2011-4158 (Unspecified vulnerability in HP Directories Support for ProLiant Manag ...) NOT-FOR-US: HP Directories Support CVE-2011-4157 (Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on th ...) NOT-FOR-US: HP SAN/iQ CVE-2011-4156 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i ...) NOT-FOR-US: HP Network Node Manager CVE-2011-4155 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i ...) NOT-FOR-US: HP Network Node Manager CVE-2011-4154 RESERVED CVE-2011-4153 (PHP 5.3.8 does not always check the return value of the zend_strndup f ...) {DSA-2408-1} - php5 5.3.9-1 (low) CVE-2011-4152 RESERVED CVE-2011-4151 (The krb5_db2_lockout_audit function in the Key Distribution Center (KD ...) - krb5 1.10+dfsg~alpha1-1 (low; bug #646367) [squeeze] - krb5 (Minor issue) [lenny] - krb5 (introduced in 1.8) CVE-2011-4150 REJECTED CVE-2011-4149 REJECTED CVE-2011-4148 REJECTED CVE-2011-4147 REJECTED CVE-2011-4146 REJECTED CVE-2011-4145 REJECTED CVE-2011-4144 (Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 be ...) NOT-FOR-US: EMC CVE-2011-4143 (EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote att ...) NOT-FOR-US: EMC CVE-2011-4142 (The Web Search feature in EMC SourceOne Email Management 6.5 before 6. ...) NOT-FOR-US: EMC SourceOne Email Management CVE-2011-4141 (Untrusted search path vulnerability in EMC RSA SecurID Software Token ...) NOT-FOR-US: RSA SecurID CVE-2011-4140 (The CSRF protection mechanism in Django through 1.2.7 and 1.3.x throug ...) {DSA-2332-1} - python-django 1.3.1-1 (bug #641405) CVE-2011-4139 (Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host ...) {DSA-2332-1} - python-django 1.3.1-1 (bug #641405) CVE-2011-4138 (The verify_exists functionality in the URLField implementation in Djan ...) {DSA-2332-1} - python-django 1.3.1-1 (bug #641405) CVE-2011-4137 (The verify_exists functionality in the URLField implementation in Djan ...) {DSA-2332-1} - python-django 1.3.1-1 (bug #641405) CVE-2011-4136 (django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, ...) {DSA-2332-1} - python-django 1.3.1-1 (bug #641405) CVE-2011-4135 (Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexN ...) NOT-FOR-US: Flexera FlexNet Publisher CVE-2011-4134 (Heap-based buffer overflow in lmadmin in Flexera FlexNet Publisher 11. ...) NOT-FOR-US: Flexera FlexNet Publisher CVE-2011-4133 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before ...) {DSA-2262-1} - moodle 1.9.9.dfsg2-3 CVE-2011-4132 (The cleanup_journal_tail function in the Journaling Block Device (JBD) ...) - linux-2.6 3.1.6-1 [squeeze] - linux-2.6 2.6.32-40 CVE-2011-4131 (The NFSv4 implementation in the Linux kernel before 3.2.2 does not pro ...) - linux 3.2.9-1 (low) - linux-2.6 [squeeze] - linux-2.6 (Too intrusive to backport, minor impact) CVE-2011-4130 (Use-after-free vulnerability in the Response API in ProFTPD before 1.3 ...) {DSA-2346-2 DSA-2346-1} - proftpd-dfsg 1.3.4~rc3-2 (high; bug #648373) [lenny] - proftpd-dfsg (vulnerable functionality not present) NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3711 CVE-2011-4129 ((1) services/twitter/twitter-contact-view.c and (2) services/twitter/t ...) - libsocialweb 0.25.20-1 CVE-2011-4128 (Buffer overflow in the gnutls_session_get_data function in lib/gnutls_ ...) - gnutls26 2.12.14-1 (low; bug #648441) [squeeze] - gnutls26 2.8.6-1+squeeze1 [lenny] - gnutls26 (Minor issue) CVE-2011-4127 (The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl c ...) {DSA-2443-1 DSA-2389-1} - libguestfs 1:1.14.8-1 - linux-2.6 CVE-2011-4126 RESERVED CVE-2011-4125 RESERVED CVE-2011-4124 RESERVED CVE-2011-4123 REJECTED CVE-2011-4122 (Directory traversal vulnerability in openpam_configure.c in OpenPAM be ...) NOT-FOR-US: OpenPAM CVE-2011-4121 (The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up ...) - ruby1.9.1 (Only affected trunk versions) CVE-2011-4120 (Yubico PAM Module before 2.10 performed user authentication when 'use_ ...) - yubico-pam 2.10-1 CVE-2011-4119 RESERVED CVE-2011-4117 (The Batch::BatchRun module 1.03 for Perl does not properly handle temp ...) NOT-FOR-US: perl Batch::BatchRun CPAN module CVE-2011-4116 (_is_safe in the File::Temp module for Perl does not properly handle sy ...) - perl (unimportant; bug #776268) NOTE: http://thread.gmane.org/gmane.comp.security.oss.general/6174/focus=6177 NOTE: https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14 CVE-2011-4115 (Parallel::ForkManager module before 1.0.0 for Perl does not properly h ...) - libparallel-forkmanager-perl (issue introduced in 0.7.6 upstream, never in Debian) NOTE: affected code was never in Debian. Upstream fixed in 1.0.0 NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=68298 CVE-2011-4114 (The par_mktmpdir function in the PAR::Packer module before 1.012 for P ...) - libpar-packer-perl 1.012-1 (bug #650706) [squeeze] - libpar-packer-perl 1.006-1+squeeze1 CVE-2011-4113 (SQL injection vulnerability in the Views module before 6.x-2.13 for Dr ...) - drupal6-mod-views 2.14-1 CVE-2011-4112 (The net subsystem in the Linux kernel before 3.1 does not properly res ...) - linux-2.6 3.1-1 (unimportant) NOTE: Turned out to be a non-issue, https://www.openwall.com/lists/oss-security/2011/11/24/3 CVE-2011-4111 (Buffer overflow in the ccid_card_vscard_handle_message function in hw/ ...) - qemu 0.15.1+dfsg-2 [lenny] - qemu (Vulnerable CCID code not present) [squeeze] - qemu (Vulnerable CCID code not present) - xen 4.4.0-1 [wheezy] - xen (Vulnerable code introduced after 0.14.50, embedded version is 0.10.2) NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: Vulnerable code introduced after 0.14.50: http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d CVE-2011-4110 (The user_update function in security/keys/user_defined.c in the Linux ...) {DSA-2389-1} - linux-2.6 3.1.4-1 CVE-2011-4109 (Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_ ...) {DSA-2390-1} - openssl 1.0.0c-1 CVE-2011-4108 (The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f ...) {DSA-2390-1} - openssl 1.0.0f-1 (low; bug #645805) NOTE: http://rt.openssl.org/Ticket/Display.html?id=2625&user=guest&pass=guest CVE-2011-4107 (The simplexml_load_string function in the XML import plug-in (librarie ...) {DSA-2391-1} - phpmyadmin 4:3.4.7.1-1 (bug #656247) [lenny] - phpmyadmin (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=751112 CVE-2011-4106 (TimThumb (timthumb.php) before 2.0 does not validate the entire source ...) NOT-FOR-US: wordpress plugin timthumb CVE-2011-4105 (LightDM before 1.0.6 allows local users to change ownership of arbitra ...) - lightdm 1.0.6-2 CVE-2011-4104 (The from_yaml method in serializers.py in Django Tastypie before 0.9.1 ...) - django-tastypie 0.9.10-1 (bug #647314) CVE-2011-4103 (emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 doe ...) {DSA-2344-1} - python-django-piston 0.2.2-2 (high; bug #647315) CVE-2011-4102 (Heap-based buffer overflow in the erf_read_header function in wiretap/ ...) {DSA-2351-1} - wireshark 1.6.3-1 NOTE: http://www.wireshark.org/security/wnpa-sec-2011-19.html NOTE: http://anonsvn.wireshark.org/viewvc/trunk/wiretap/erf.c?r1=39508&r2=39507&pathrev=39508&view=patch NOTE: Affects 1.0 and 1.2, the versions listed in the advisory are relative to the supported upstream branches CVE-2011-4101 (The dissect_infiniband_common function in epan/dissectors/packet-infin ...) - wireshark 1.6.3-1 (unimportant) NOTE: no code injection, not treated as a security issue, see README.Debian.security NOTE: http://www.wireshark.org/security/wnpa-sec-2011-18.html CVE-2011-4100 (The csnStreamDissector function in epan/dissectors/packet-csn1.c in th ...) - wireshark 1.6.3-1 [squeeze] - wireshark (Affects only 1.6.0-1.6.2) [lenny] - wireshark (Affects only 1.6.0-1.6.2) NOTE: http://www.wireshark.org/security/wnpa-sec-2011-17.html CVE-2011-4099 (The capsh program in libcap before 2.22 does not change the current wo ...) - libcap2 1:2.22-1 (low) [squeeze] - libcap2 (Minor issue) CVE-2011-4098 (The fallocate implementation in the GFS2 filesystem in the Linux kerne ...) - linux 3.2.1-1 - linux-2.6 [squeeze] - linux-2.6 (fallocate support was added to GFS2 in 2.37) CVE-2011-4097 (Integer overflow in the oom_badness function in mm/oom_kill.c in the L ...) - linux-2.6 3.0.0-6 [squeeze] - linux-2.6 (Introduced in 2.6.39) [lenny] - linux-2.6 (Introduced in 2.6.39) CVE-2011-4096 (The idnsGrokReply function in Squid before 3.1.16 does not properly fr ...) {DSA-2381-1} - squid3 3.1.16-1 [lenny] - squid3 (no IPv6 support) CVE-2011-4095 (Jara 1.6 has an XSS vulnerability ...) NOT-FOR-US: Jara CVE-2011-4094 (Jara 1.6 has a SQL injection vulnerability. ...) NOT-FOR-US: Jara CVE-2011-4093 (Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 ...) - net6 1:1.3.14-1 (low; bug #647318) [squeeze] - net6 (Minor issue) [lenny] - net6 (Minor issue) CVE-2011-4092 (obby (aka libobby) does not verify SSL server certificates, which allo ...) - obby (low; bug #647317) [wheezy] - obby (Minor design limitation) [lenny] - obby (Minor design limitation) [squeeze] - obby (Minor design limitation) CVE-2011-4091 (The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3. ...) [squeeze] - net6 (Minor issue) [lenny] - net6 (Minor issue) - net6 1:1.3.14-1 (low; bug #647318) CVE-2011-4090 (Serendipity before 1.6 has an XSS issue in the karma plugin which may ...) - serendipity (bug #650937) [squeeze] - serendipity (Minor issue) NOTE: http://seclists.org/oss-sec/2011/q4/192 CVE-2011-4089 (The bzexe command in bzip2 1.0.5 and earlier generates compressed exec ...) - bzip2 1.0.6-1 (low; bug #632862) [squeeze] - bzip2 1.0.5-6+squeeze1 [lenny] - bzip2 (Minor issue) CVE-2011-4088 (ABRT might allow attackers to obtain sensitive information from crash ...) NOT-FOR-US: abrt/libreport CVE-2011-4087 (The br_parse_ip_options function in net/bridge/br_netfilter.c in the L ...) - linux-2.6 3.0.0-1 [squeeze] - linux-2.6 (Introduced in 2.6.37) [lenny] - linux-2.6 (Introduced in 2.6.37) CVE-2011-4086 (The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linu ...) {DSA-2469-1} - linux-2.6 (low) CVE-2011-4085 (The servlets invoked by httpha-invoker in JBoss Enterprise Application ...) NOT-FOR-US: JBoss Enterprise SOA Platform CVE-2011-4084 REJECTED CVE-2011-4083 (The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x ...) NOT-FOR-US: RedHat sos CVE-2011-4082 (A local file inclusion flaw was found in the way the phpLDAPadmin befo ...) - phpldapadmin 0.9.8-1 CVE-2011-4081 (crypto/ghash-generic.c in the Linux kernel before 3.1 allows local use ...) - linux-2.6 3.0.0-6 [squeeze] - linux-2.6 (CRYPTO_GHASH Introduced in 2.6.32) CVE-2011-4080 (The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kern ...) - linux-2.6 2.6.39-1 [lenny] - linux-2.6 (introduced in 2.6.37 with eaf06b241b091357e72b76863ba16e89610d31bd) [squeeze] - linux-2.6 (introduced in 2.6.37 with eaf06b241b091357e72b76863ba16e89610d31bd) CVE-2011-4079 (Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.2 ...) - openldap 2.4.28-1 (unimportant; bug #647610) NOTE: Not exploitable with glibc, see NOTE: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7059;selectid=7059 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4079 CVE-2011-4078 (include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5. ...) - roundcube 0.6+dfsg-1 (bug #646675) [squeeze] - roundcube (squeeze PHP version does not expose the issue) NOTE: http://trac.roundcube.net/ticket/1488086 NOTE: This is arguably a PHP issue, but will probably not be fixed upstream. CVE-2011-4077 (Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c ...) {DSA-2389-1} - linux-2.6 3.0.0-6 CVE-2011-4076 (OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCE ...) - nova 2012.1~e1-1 NOTE: https://bugs.launchpad.net/nova/+bug/868360 NOTE: the patch for this bug is available at https://review.openstack.org/#/c/794/ CVE-2011-4075 (The masort function in lib/functions.php in phpLDAPadmin 1.2.x before ...) {DSA-2333-1} - phpldapadmin 1.2.0.5-2.1 (bug #646754) CVE-2011-4074 (Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1. ...) {DSA-2333-1} - phpldapadmin 1.2.0.5-2.1 (bug #646769) CVE-2011-4073 (Use-after-free vulnerability in the cryptographic helper handler funct ...) {DSA-2374-1} - openswan 1:2.6.37-1 (low; bug #650674) CVE-2011-4072 REJECTED CVE-2011-4071 RESERVED CVE-2011-4070 RESERVED CVE-2011-4069 (html/admin/login.php in PacketFence before 3.0.2 allows remote attacke ...) NOT-FOR-US: PacketFence CVE-2011-4068 (The check_password function in html/admin/login.php in PacketFence bef ...) NOT-FOR-US: PacketFence CVE-2011-4067 RESERVED CVE-2011-4066 (SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earl ...) NOT-FOR-US: GNU Board CVE-2011-4065 RESERVED CVE-2011-4063 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x bef ...) - asterisk 1:1.8.7.1~dfsg-1 (bug #647252) [lenny] - asterisk (Only affects >= 1.8) [squeeze] - asterisk (Only affects >= 1.8) CVE-2011-4062 (Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows lo ...) {DSA-2325-1} - kfreebsd-10 10.0~svn226224-1 - kfreebsd-9 9.0~svn225873-1 - kfreebsd-8 8.2-11 (bug #645377) - kfreebsd-7 CVE-2011-4061 (Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) ...) NOT-FOR-US: DB2 CVE-2011-4060 (The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 do ...) NOT-FOR-US: QNX CVE-2011-4059 RESERVED CVE-2011-4058 RESERVED CVE-2011-4064 (Cross-site scripting (XSS) vulnerability in the setup interface in php ...) - phpmyadmin 4:3.4.6-1 (unimportant) CVE-2011-4057 (Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other ver ...) NOT-FOR-US: Wibu-Systems AG CodeMeter Runtime CVE-2011-4056 (An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix Fac ...) NOT-FOR-US: Siemens Tecnomatix CVE-2011-4055 (Buffer overflow in the WebClient ActiveX control in Siemens Tecnomatix ...) NOT-FOR-US: Siemens Tecnomatix CVE-2011-4054 (Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder ...) NOT-FOR-US: CA SiteMinder CVE-2011-4053 (Untrusted search path vulnerability in 7-Technologies (7T) Interactive ...) NOT-FOR-US: 7-Technologies (7T) Interactive Graphical SCADA System CVE-2011-4052 (Stack-based buffer overflow in CEServer.exe in the CEServer component ...) NOT-FOR-US: InduSoft Web Studio CVE-2011-4051 (CEServer.exe in the CEServer component in the Remote Agent module in I ...) NOT-FOR-US: InduSoft Web Studio CVE-2011-4050 (Buffer overflow in 7-Technologies (7T) Interactive Graphical SCADA Sys ...) NOT-FOR-US: Interactive Graphical SCADA System CVE-2011-4049 RESERVED CVE-2011-4048 (The Dell KACE K2000 System Deployment Appliance has a default username ...) NOT-FOR-US: Dell appliance CVE-2011-4047 (The Dell KACE K2000 System Deployment Appliance allows remote attacker ...) NOT-FOR-US: Dell appliance CVE-2011-4046 (The Dell KACE K2000 System Deployment Appliance stores the recovery ac ...) NOT-FOR-US: Dell appliance CVE-2011-4045 (Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in AR ...) NOT-FOR-US: ARC Informatique CVE-2011-4044 (An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVu ...) NOT-FOR-US: ARC Informatique CVE-2011-4043 (Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in A ...) NOT-FOR-US: ARC Informatique CVE-2011-4042 (An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVu ...) NOT-FOR-US: ARC Informatique CVE-2011-4041 (webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers t ...) NOT-FOR-US: Advantech WebAccess CVE-2011-4040 (Buffer overflow in MiniSmtp 3.0.11818 in NJStar Communicator allows re ...) NOT-FOR-US: NJStar Communicator CVE-2011-4039 (Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in ...) NOT-FOR-US: Invensys Wonderware HMI Reports CVE-2011-4038 (Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Re ...) NOT-FOR-US: Invensys Wonderware HMI Reports CVE-2011-4037 (Buffer overflow in Sielco Sistemi Winlog PRO before 2.07.09 and Winlog ...) NOT-FOR-US: Sielco Sistemi Winlog PRO CVE-2011-4036 (Directory traversal vulnerability in Schneider Electric Vijeo Historia ...) NOT-FOR-US: Schneider Electric Vijeo CVE-2011-4035 (Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo H ...) NOT-FOR-US: Schneider Electric Vijeo CVE-2011-4034 (Buffer overflow in the Steema TeeChart ActiveX control, as used in Sch ...) NOT-FOR-US: Steema TeeChart CVE-2011-4033 (Buffer overflow in the Steema TeeChart ActiveX control, as used in Sch ...) NOT-FOR-US: Steema TeeChart CVE-2011-4032 RESERVED CVE-2011-4031 (Integer underflow in the asfrtp_parse_packet function in libavformat/r ...) - libav 0.8-1 (bug #675767) - ffmpeg (Vulnerable code not present) CVE-2011-4030 (The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4 ...) - plone3 (Only affects Plone 4.x) CVE-2011-4029 (The LockServer function in os/utils.c in X.Org xserver before 1.11.2 a ...) - xorg-server 2:1.11.1.901-2 (low) [squeeze] - xorg-server 2:1.7.7-14 [lenny] - xorg-server (Minor issue) NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=b67581cf825940fdf52bf2e0af4330e695d724a4 NOTE: this has a poc now: http://web.archive.org/web/20111204204028/http://vladz.devzero.fr:80/Xorg-CVE-2011-4029.txt CVE-2011-4028 (The LockServer function in os/utils.c in X.Org xserver before 1.11.2 a ...) - xorg-server 2:1.11.1.901-2 (low) [squeeze] - xorg-server 2:1.7.7-14 [lenny] - xorg-server (Minor issue) NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44b91e37622ef8c146d8f2ac92d708a18ed34 CVE-2011-4027 RESERVED CVE-2011-4026 (SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remot ...) NOT-FOR-US: NexusPHP CVE-2011-XXXX [lintian disclosure of file presense] - lintian 2.5.2 (unimportant) [squeeze] - lintian 2.4.3+squeeze1 CVE-2011-XXXX [0.1.1+dfsg-1 multiple issues] - ibid 0.1.1+dfsg-1 [squeeze] - ibid 0.1.0+dfsg-2+squeeze1 CVE-2011-4025 RESERVED CVE-2011-4024 (Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Invent ...) - ocsinventory-server 2.0.2-1 (unimportant) NOTE: Authentication is needed, only supported in trusted environments, see debtags CVE-2011-4023 (Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remo ...) NOT-FOR-US: Cisco CVE-2011-4022 (The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allo ...) NOT-FOR-US: Cisco CVE-2011-4021 RESERVED CVE-2011-4020 RESERVED CVE-2011-4019 (Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified ...) NOT-FOR-US: Cisco IOS CVE-2011-4018 RESERVED CVE-2011-4017 RESERVED CVE-2011-4016 (The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when P ...) NOT-FOR-US: Cisco IOS CVE-2011-4015 (Cisco IOS 15.2S allows remote attackers to cause a denial of service ( ...) NOT-FOR-US: Cisco IOS CVE-2011-4014 (The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7. ...) NOT-FOR-US: Cisco CVE-2011-4013 RESERVED CVE-2011-4012 (Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C (PFC3C) ...) NOT-FOR-US: Cisco IOS CVE-2011-4011 RESERVED CVE-2011-4010 RESERVED CVE-2011-4009 RESERVED CVE-2011-4008 RESERVED CVE-2011-4007 (Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set ...) NOT-FOR-US: Cisco IOS CVE-2011-4006 (The ESMTP inspection feature on Cisco Adaptive Security Appliances (AS ...) NOT-FOR-US: Cisco CVE-2011-4005 (Cross-site request forgery (CSRF) vulnerability in the Services Ready ...) NOT-FOR-US: Cisco SRP CVE-2011-4004 (Buffer overflow in the ATAS32 processing functionality in the Cisco We ...) NOT-FOR-US: Cisco Webex CVE-2011-4003 RESERVED CVE-2011-4002 (HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to exe ...) NOT-FOR-US: HP no Mawashimono Nikki CVE-2011-4001 (Directory traversal vulnerability in HP no Mawashimono Nikki 6.6 and e ...) NOT-FOR-US: HP no Mawashimono Nikki CVE-2011-4000 (Buffer overflow in ChaSen 2.4.x allows remote attackers to execute arb ...) {DSA-2361-1} - chasen 2.4.4-17 (medium; bug #648359) CVE-2011-3999 (Cross-site scripting (XSS) vulnerability in the RSS/Atom feed-reader i ...) NOT-FOR-US: Iwate Portal Bar CVE-2011-3998 (Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and e ...) NOT-FOR-US: Apple WebObjects CVE-2011-3997 (Opengear console servers with firmware before 2.2.1 allow remote attac ...) NOT-FOR-US: Opengear CVE-2011-3996 (The LiveData Service in CSWorks before 2.0.4115.1 allows remote attack ...) NOT-FOR-US: CSWorks CVE-2011-3995 (Unspecified vulnerability in Twilight Frontier Touhou Hisouten 1.06 an ...) NOT-FOR-US: Twilight Frontier Touhou Hisouten CVE-2011-3994 (Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before ...) NOT-FOR-US: Movable Type plugin CVE-2011-3993 (SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, ...) NOT-FOR-US: Movable Type plugin CVE-2011-3992 (Buffer overflow in the SSH server functionality on the D-Link DES-3800 ...) NOT-FOR-US: D-Link device CVE-2011-3991 (Untrusted search path vulnerability in FFFTP 1.98a and earlier allows ...) NOT-FOR-US: FFFTP CVE-2011-3990 (Cross-site scripting (XSS) vulnerability in plugin/comment.inc.php in ...) NOT-FOR-US: PukiWiki CVE-2011-3989 (SQL injection vulnerability in DBD::mysqlPP 0.04 and earlier allows re ...) NOT-FOR-US: DBD::mysqlPP Perl module CVE-2011-3988 (SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11 ...) NOT-FOR-US: EC-CUBE CVE-2011-3987 (dtsoftbus01.sys in DAEMON Tools Lite before 4.41.3, Pro Standard befor ...) NOT-FOR-US: DAEMON Tools CVE-2011-3986 (Cross-site scripting (XSS) vulnerability in Pligg before 1.2.0 allows ...) NOT-FOR-US: Pligg CVE-2011-3985 (Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows ...) NOT-FOR-US: Plume CVE-2011-3984 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and ...) NOT-FOR-US: KENT-WEB WEB FORUM CVE-2011-3983 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and ...) NOT-FOR-US: KENT-WEB WEB FORUM CVE-2011-3982 (The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and 7.1 do ...) NOT-FOR-US: IBM AIX driver CVE-2011-3981 (PHP remote file inclusion vulnerability in actions.php in the Allwebme ...) NOT-FOR-US: Wordpress plugin CVE-2011-3980 (Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndro ...) NOT-FOR-US: TYPO3 extension CVE-2011-3979 (Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/ ...) NOT-FOR-US: Zikula Application Framework CVE-2011-3978 (Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php ...) NOT-FOR-US: LightNEasy CVE-2011-3977 (Unspecified vulnerability in nxconfigure.sh in NoMachine NX Node 3.x b ...) NOT-FOR-US: NoMachine NX components CVE-2011-3976 (Stack-based buffer overflow in AmmSoft ScriptFTP 3.3 allows remote FTP ...) NOT-FOR-US: AmmSoft ScriptFTP CVE-2011-3975 (A certain HTC update for Android 2.3.4 build GRJ22, when the Sense int ...) NOT-FOR-US: HTC Android CVE-2011-3974 (Integer signedness error in the decode_residual_inter function in cavs ...) {DSA-2336-1} - libav 4:0.7.1-7 (bug #641478) - ffmpeg 7:2.4.1-1 - ffmpeg-debian CVE-2011-3973 (cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 ...) {DSA-2336-1} - libav 4:0.7.1-7 (bug #641478) - ffmpeg 7:2.4.1-1 - ffmpeg-debian CVE-2011-3972 (The shader translator implementation in Google Chrome before 17.0.963. ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3971 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 allow ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3970 (libxslt, as used in Google Chrome before 17.0.963.46, allows remote at ...) - libxslt 1.1.26-11 (low; bug #660650) [squeeze] - libxslt 1.1.26-6+squeeze1 CVE-2011-3969 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 allow ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3968 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 allow ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3967 (Unspecified vulnerability in Google Chrome before 17.0.963.46 allows r ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3966 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 allow ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3965 (Google Chrome before 17.0.963.46 does not properly check signatures, w ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3964 (Google Chrome before 17.0.963.46 does not properly implement the drag- ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3963 (Google Chrome before 17.0.963.46 does not properly handle PDF FAX imag ...) - chromium-browser (Only affects proprietary Chrome) [squeeze] - chromium-browser CVE-2011-3962 (Google Chrome before 17.0.963.46 does not properly perform path clippi ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3961 (Race condition in Google Chrome before 17.0.963.46 allows remote attac ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3960 (Google Chrome before 17.0.963.46 does not properly decode audio data, ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3959 (Buffer overflow in the locale implementation in Google Chrome before 1 ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3958 (Google Chrome before 17.0.963.46 does not properly perform casts of va ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3957 (Use-after-free vulnerability in the garbage-collection functionality i ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3956 (The extension implementation in Google Chrome before 17.0.963.46 does ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3955 (Google Chrome before 17.0.963.46 allows remote attackers to cause a de ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3954 (Google Chrome before 17.0.963.46 allows remote attackers to cause a de ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3953 (Google Chrome before 17.0.963.46 does not prevent monitoring of the cl ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3952 (The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 ...) {DSA-2494-1} - libav 4:0.8.1-1 - ffmpeg 7:2.4.1-1 CVE-2011-3951 (The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg befor ...) {DSA-2494-1} - libav 4:0.8.1-1 - ffmpeg 7:2.4.1-1 CVE-2011-3950 (The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg ...) - libav (Specific to newer ffmpeg after split) - ffmpeg (Specific to newer ffmpeg after split) CVE-2011-3949 (The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmp ...) - libav (Specific to newer ffmpeg after split) - ffmpeg (Specific to newer ffmpeg after split) CVE-2011-3948 RESERVED CVE-2011-3947 (Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0. ...) {DSA-2471-1} - libav 4:0.8.1-1 - ffmpeg 7:2.4.1-1 CVE-2011-3946 (The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg bef ...) {DSA-3003-1} - libav 6:10.3-1 (unimportant) - ffmpeg 7:2.4.1-1 (unimportant) NOTE: Not suitable for code injection, not treated as security issue CVE-2011-3945 (The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcode ...) - libav 4:0.8.1-1 - ffmpeg (Vulnerable code not present) CVE-2011-3944 (The smacker_decode_header_tree function in libavcodec/smacker.c in FFm ...) {DSA-2855-1} - libav 6:9.10-1 - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commitdiff;h=0679cec6e8802643bbe6d5f68ca1110a7d3171da CVE-2011-3943 RESERVED CVE-2011-3942 RESERVED CVE-2011-3941 (The decode_mb function in libavcodec/error_resilience.c in FFmpeg befo ...) - libav 4:0.8.1-1 - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=6193ff68549ecbaf1a4d63a0e06964ec580ac620 CVE-2011-3940 (nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before ...) {DSA-2471-1} - libav 4:0.8.1-1 - ffmpeg 7:2.4.1-1 CVE-2011-3939 RESERVED CVE-2011-3938 RESERVED CVE-2011-3937 (The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, ...) - libav 6:0.8.3-1 - ffmpeg (Vulnerable code not present, introduced in 0.7) CVE-2011-3936 (The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7 ...) {DSA-2471-1} - libav 4:0.8.1-1 - ffmpeg 7:2.4.1-1 CVE-2011-3935 (The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows ...) {DSA-3003-1} - libav 6:10-1 - ffmpeg (vuln. code not present, introduced later) NOTE: [Diego] applies to 0.8 and 9 only, cherrypicked fixes on ML CVE-2011-3934 (Double free vulnerability in the vp3_update_thread_context function in ...) {DSA-3003-1} - libav 6:10-1 (unimportant) - ffmpeg 7:2.4.1-1 (unimportant) NOTE: Fixed in libav trunk: http://git.libav.org/?p=libav.git;a=commit;h=759001c534287a96dc96d1e274665feb7059145d NOTE: only a crasher CVE-2011-3933 RESERVED CVE-2011-3932 RESERVED CVE-2011-3931 RESERVED CVE-2011-3930 RESERVED CVE-2011-3929 (The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x be ...) {DSA-2471-1} - libav 4:0.8.1-1 - ffmpeg 7:2.4.1-1 CVE-2011-3928 (Use-after-free vulnerability in Google Chrome before 16.0.912.77 allow ...) - chromium-browser 16.0.912.77~r118311-1 [squeeze] - chromium-browser CVE-2011-3927 (Skia, as used in Google Chrome before 16.0.912.77, does not perform al ...) - chromium-browser 16.0.912.77~r118311-1 [squeeze] - chromium-browser CVE-2011-3926 (Heap-based buffer overflow in the tree builder in Google Chrome before ...) - chromium-browser 16.0.912.77~r118311-1 [squeeze] - chromium-browser CVE-2011-3925 (Use-after-free vulnerability in the Safe Browsing feature in Google Ch ...) - chromium-browser 16.0.912.77~r118311-1 [squeeze] - chromium-browser CVE-2011-3924 (Use-after-free vulnerability in Google Chrome before 16.0.912.77 allow ...) - chromium-browser 16.0.912.77~r118311-1 [squeeze] - chromium-browser CVE-2011-3923 (Apache Struts before 2.3.1.2 allows remote attackers to bypass securit ...) - libstruts1.2-java (Only affects 2.x) NOTE: https://cwiki.apache.org/confluence/display/WW/S2-009 NOTE: http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html CVE-2011-3922 (Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows ...) - chromium-browser 16.0.912.75~r116452-1 [squeeze] - chromium-browser CVE-2011-3921 (Use-after-free vulnerability in Google Chrome before 16.0.912.75 allow ...) - chromium-browser 16.0.912.75~r116452-1 [squeeze] - chromium-browser CVE-2011-3920 RESERVED CVE-2011-3919 (Heap-based buffer overflow in libxml2, as used in Google Chrome before ...) {DSA-2394-1} - chromium-browser 16.0.912.75~r116452-1 [squeeze] - chromium-browser - libxml2 2.7.8.dfsg-7 (bug #656377) CVE-2011-3918 (The Zygote process in Android 4.0.3 and earlier accepts fork requests ...) NOT-FOR-US: Android CVE-2011-3917 (Stack-based buffer overflow in FileWatcher in Google Chrome before 16. ...) - chromium-browser 16.0.912.63~r113337-1 [squeeze] - chromium-browser CVE-2011-3916 (Google Chrome before 16.0.912.63 does not properly handle PDF cross re ...) - chromium-browser (Chrome pdf plugin) CVE-2011-3915 (Buffer overflow in Google Chrome before 16.0.912.63 allows remote atta ...) - chromium-browser (Chrome pdf plugin) - webkit (Chrome pdf plugin) CVE-2011-3914 (The internationalization (aka i18n) functionality in Google V8, as use ...) - chromium-browser 16.0.912.63~r113337-1 [squeeze] - chromium-browser - webkit (v8-i18n chrome issue) CVE-2011-3913 (Use-after-free vulnerability in Google Chrome before 16.0.912.63 allow ...) - chromium-browser 16.0.912.63~r113337-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/100827 CVE-2011-3912 (Use-after-free vulnerability in Google Chrome before 16.0.912.63 allow ...) - chromium-browser 16.0.912.63~r113337-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/100502 CVE-2011-3911 (Google Chrome before 16.0.912.63 does not properly handle PDF document ...) - chromium-browser (Chrome pdf plugin) - webkit (Chrome pdf plugin) CVE-2011-3910 (Google Chrome before 16.0.912.63 does not properly handle YUV video fr ...) - chromium-browser 16.0.912.63~r113337-1 - webkit (Chrome issue) [squeeze] - chromium-browser CVE-2011-3909 (The Cascading Style Sheets (CSS) implementation in Google Chrome befor ...) - chromium-browser 16.0.912.63~r113337-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/98374 CVE-2011-3908 (Google Chrome before 16.0.912.63 does not properly parse SVG documents ...) - chromium-browser 16.0.912.63~r113337-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/99025 CVE-2011-3907 (The view-source feature in Google Chrome before 16.0.912.63 allows rem ...) - chromium-browser 16.0.912.63~r113337-1 - webkit (Chrome issue) [squeeze] - chromium-browser CVE-2011-3906 (The PDF parser in Google Chrome before 16.0.912.63 allows remote attac ...) - chromium-browser (Chrome pdf plugin) - webkit (Chrome pdf plugin) CVE-2011-3905 (libxml2, as used in Google Chrome before 16.0.912.63, allows remote at ...) {DSA-2394-1} - libxml2 2.7.8.dfsg-5.1 (bug #652352) CVE-2011-3904 (Use-after-free vulnerability in Google Chrome before 16.0.912.63 allow ...) - chromium-browser 16.0.912.63~r113337-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/99462 CVE-2011-3903 (Google Chrome before 16.0.912.63 does not properly perform regex match ...) - chromium-browser 16.0.912.63~r113337-1 - webkit (Chrome issue) [squeeze] - chromium-browser CVE-2011-3902 RESERVED CVE-2011-3901 (Android SQLite Journal before 4.0.1 has an information disclosure vuln ...) NOT-FOR-US: Android SQLite Journal CVE-2011-3900 (Google V8, as used in Google Chrome before 15.0.874.121, allows remote ...) - chromium-browser 15.0.874.121~r109964-1 - webkit (Chrome issue) - libv8 3.5.10.24 [squeeze] - chromium-browser [squeeze] - libv8 CVE-2011-3899 RESERVED CVE-2011-3898 (Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) ...) - chromium-browser 15.0.874.121~r109964-1 (unimportant) - webkit (Chrome issue) CVE-2011-3897 (Use-after-free vulnerability in Google Chrome before 15.0.874.120 allo ...) - chromium-browser 15.0.874.121~r109964-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/99023 CVE-2011-3896 (Buffer overflow in Google Chrome before 15.0.874.120 allows remote att ...) - chromium-browser 15.0.874.121~r109964-1 - webkit (Chrome issue) [squeeze] - chromium-browser CVE-2011-3895 (Heap-based buffer overflow in the Vorbis decoder in Google Chrome befo ...) {DSA-2471-1} - chromium-browser 15.0.874.121~r109964-1 [squeeze] - chromium-browser - webkit (Chrome issue) - ffmpeg 7:2.4.1-1 - libav 4:0.8~beta2-1 (bug #654534; bug #654573) CVE-2011-3894 (Google Chrome before 15.0.874.120 does not properly perform VP8 decodi ...) - chromium-browser 15.0.874.121~r109964-1 - webkit (Chrome issue) [squeeze] - chromium-browser CVE-2011-3893 (Google Chrome before 15.0.874.120 does not properly implement the MKV ...) {DSA-2471-1} - chromium-browser 15.0.874.121~r109964-1 - webkit (Chrome issue) - libav 4:0.8~beta2-1 (bug #654534; bug #654572) - ffmpeg 7:2.4.1-1 [squeeze] - chromium-browser NOTE: this is due to http://llvm.org/bugs/show_bug.cgi?id=7554 NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=106599 NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=106621 CVE-2011-3892 (Double free vulnerability in the Theora decoder in Google Chrome befor ...) {DSA-2471-1} - chromium-browser 15.0.874.121~r109964-1 - webkit (Chrome issue) [squeeze] - chromium-browser - libav 4:0.8~beta2-1 (bug #654534; bug #654571) - ffmpeg 7:2.4.1-1 NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=107489 CVE-2011-3891 (Google Chrome before 15.0.874.102 does not properly restrict access to ...) - chromium-browser 15.0.874.106~r107270-1 - webkit (Chrome issue) [squeeze] - chromium-browser CVE-2011-3890 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 allo ...) - chromium-browser 15.0.874.106~r107270-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/97451 CVE-2011-3889 (Heap-based buffer overflow in the Web Audio implementation in Google C ...) - chromium-browser 15.0.874.106~r107270-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/96843 CVE-2011-3888 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 allo ...) - chromium-browser 15.0.874.106~r107270-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/96868 CVE-2011-3887 (Google Chrome before 15.0.874.102 does not properly handle javascript: ...) - chromium-browser 15.0.874.106~r107270-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/96260 CVE-2011-3886 (Google V8, as used in Google Chrome before 15.0.874.102, allows remote ...) - chromium-browser 15.0.874.106~r107270-1 - webkit (Chrome issue) - libv8 3.6 [squeeze] - libv8 [squeeze] - chromium-browser CVE-2011-3885 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 allo ...) - chromium-browser 15.0.874.106~r107270-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/97402 CVE-2011-3884 (Google Chrome before 15.0.874.102 does not properly address timing iss ...) - chromium-browser 15.0.874.106~r107270-1 - webkit (Chrome issue) [squeeze] - chromium-browser CVE-2011-3883 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 allo ...) - chromium-browser 15.0.874.106~r107270-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/96632 CVE-2011-3882 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 allo ...) - chromium-browser 15.0.874.106~r107270-1 - webkit (Chrome issue) [squeeze] - chromium-browser CVE-2011-3881 (WebKit, as used in Google Chrome before 15.0.874.102 and Android befor ...) - chromium-browser 15.0.874.106~r107270-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/97353 CVE-2011-3880 (Google Chrome before 15.0.874.102 does not prevent use of an unspecifi ...) - chromium-browser 15.0.874.106~r107270-1 (unimportant) - webkit (Chrome issue) CVE-2011-3879 (Google Chrome before 15.0.874.102 does not prevent redirects to chrome ...) - chromium-browser 15.0.874.106~r107270-1 (unimportant) NOTE: http://trac.webkit.org/changeset/96610 CVE-2011-3878 (Race condition in Google Chrome before 15.0.874.102 allows remote atta ...) - chromium-browser 15.0.874.106~r107270-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/96999 CVE-2011-3877 (Cross-site scripting (XSS) vulnerability in the appcache internals pag ...) - chromium-browser 15.0.874.106~r107270-1 - webkit (Chrome issue) [squeeze] - chromium-browser CVE-2011-3876 (Google Chrome before 15.0.874.102 does not properly handle downloading ...) - chromium-browser 15.0.874.106~r107270-1 [squeeze] - chromium-browser CVE-2011-3875 (Google Chrome before 15.0.874.102 does not properly handle drag and dr ...) - chromium-browser 15.0.874.106~r107270-1 (unimportant) - webkit (Chrome issue) CVE-2011-3874 (Stack-based buffer overflow in libsysutils in Android 2.2.x through 2. ...) NOT-FOR-US: Android CVE-2011-3873 (Google Chrome before 14.0.835.202 does not properly implement shader t ...) - chromium-browser 14.0.835.202~r103287-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-XXXX [Fix file indirectory injection] - puppet 2.7.3-3 (unimportant) [squeeze] - puppet 2.6.2-5+squeeze1 NOTE: Only exploitable during build/test suite run NOTE: DSA-2314-1 CVE-2011-3872 (Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterpri ...) {DSA-2352-1} - puppet 2.7.6-1 CVE-2011-3871 (Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when runni ...) {DSA-2314-1} - puppet 2.7.3-3 CVE-2011-3870 (Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows loca ...) {DSA-2314-1} - puppet 2.7.3-3 CVE-2011-3869 (Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows loca ...) {DSA-2314-1} - puppet 2.7.3-3 CVE-2011-3868 (Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware Player ...) NOT-FOR-US: VMware CVE-2011-3867 REJECTED CVE-2011-3866 (Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly re ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 7.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2011-3865 (Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme ...) NOT-FOR-US: Wordpress theme CVE-2011-3864 (Cross-site scripting (XSS) vulnerability in the The Erudite theme befo ...) NOT-FOR-US: Wordpress theme CVE-2011-3863 (Cross-site scripting (XSS) vulnerability in the RedLine theme before 1 ...) NOT-FOR-US: Wordpress theme CVE-2011-3862 (Cross-site scripting (XSS) vulnerability in the Morning Coffee theme b ...) NOT-FOR-US: Wordpress theme CVE-2011-3861 (Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 ...) NOT-FOR-US: Wordpress theme CVE-2011-3860 (Cross-site scripting (XSS) vulnerability in the Cover WP theme before ...) NOT-FOR-US: Wordpress theme CVE-2011-3859 (Cross-site scripting (XSS) vulnerability in the Trending theme before ...) NOT-FOR-US: Wordpress theme CVE-2011-3858 (Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme bef ...) NOT-FOR-US: Wordpress theme CVE-2011-3857 (Cross-site scripting (XSS) vulnerability in the Antisnews theme before ...) NOT-FOR-US: Wordpress theme CVE-2011-3856 (Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme b ...) NOT-FOR-US: Wordpress theme CVE-2011-3855 (Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4 ...) NOT-FOR-US: Wordpress theme CVE-2011-3854 (Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4 ...) NOT-FOR-US: Wordpress theme CVE-2011-3853 (Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0. ...) NOT-FOR-US: Wordpress theme CVE-2011-3852 (Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1. ...) NOT-FOR-US: Wordpress theme CVE-2011-3851 (Cross-site scripting (XSS) vulnerability in the News theme before 0.2 ...) NOT-FOR-US: Wordpress theme CVE-2011-3850 (Cross-site scripting (XSS) vulnerability in the Atahualpa theme before ...) NOT-FOR-US: Wordpress theme CVE-2011-3849 (Unspecified vulnerability in dxserver before 6279 in CA Directory 8.1 ...) NOT-FOR-US: CA Directory CVE-2011-3848 (Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2. ...) {DSA-2314-1} - puppet 2.7.3-2 CVE-2011-3847 RESERVED CVE-2011-3846 (Cross-site request forgery (CSRF) vulnerability in HP System Managemen ...) NOT-FOR-US: HP System Management Homepage CVE-2011-3845 (Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in wit ...) NOT-FOR-US: Apple Safari CVE-2011-3844 (Apple Safari 5.0.5 does not properly implement the setInterval functio ...) NOT-FOR-US: Apple Safari CVE-2011-3843 RESERVED CVE-2011-3842 RESERVED CVE-2011-3841 (Cross-site scripting (XSS) vulnerability in uploadify/get_profile_avat ...) NOT-FOR-US: Wordpress plugin CVE-2011-3840 RESERVED CVE-2011-3839 (The administration functionality in Wuzly 2.0 allows remote attackers ...) NOT-FOR-US: Wuzly CVE-2011-3838 (Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attac ...) NOT-FOR-US: Wuzly CVE-2011-3837 (Directory traversal vulnerability in blog_system/data_functions.php in ...) NOT-FOR-US: Wuzly CVE-2011-3836 (Multiple cross-site request forgery (CSRF) vulnerabilities in Wuzly 2. ...) NOT-FOR-US: Wuzly CVE-2011-3835 (Multiple cross-site scripting (XSS) vulnerabilities in Wuzly 2.0 allow ...) NOT-FOR-US: Wuzly CVE-2011-3834 (Multiple integer overflows in the in_avi.dll plugin in Winamp before 5 ...) NOT-FOR-US: Winamp CVE-2011-3833 (Unrestricted file upload vulnerability in ftp_upload_file.php in Suppo ...) NOT-FOR-US: Support Incident Tracker CVE-2011-3832 (Eval injection vulnerability in config.php in Support Incident Tracker ...) NOT-FOR-US: Support Incident Tracker CVE-2011-3831 (SQL injection vulnerability in incident_attachments.php in Support Inc ...) NOT-FOR-US: Support Incident Tracker CVE-2011-3830 (Cross-site scripting (XSS) vulnerability in search.php in Support Inci ...) NOT-FOR-US: Support Incident Tracker CVE-2011-3829 (ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows ...) NOT-FOR-US: Support Incident Tracker CVE-2011-3828 (DVRemoteAx.ax 2.1.0.39 in the DVR Remote ActiveX control allows remote ...) NOT-FOR-US: DVR Remote CVE-2011-3827 (The iCalendar component in gwwww1.dll in GroupWise Internet Agent (GWI ...) NOT-FOR-US: Novell GroupWise CVE-2011-3826 (Zikula 1.2.4 allows remote attackers to obtain sensitive information v ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3825 (Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3824 (Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3823 (Yamamah 1.0 allows remote attackers to obtain sensitive information vi ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3822 (XOOPS 2.5.0 allows remote attackers to obtain sensitive information vi ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3821 (xajax 0.6 beta1 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3820 (WSN Software 6.0.6 allows remote attackers to obtain sensitive informa ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3819 (WoW Server Status 4.1 allows remote attackers to obtain sensitive info ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3818 (WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3817 (Website Baker 2.8.1 allows remote attackers to obtain sensitive inform ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3816 (WEBinsta mailing list manager 1.3e allows remote attackers to obtain s ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3815 (WeBid 1.0.0 allows remote attackers to obtain sensitive information vi ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3814 (WebCalendar 1.2.3, and other versions before 1.2.5, allows remote atta ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3813 (Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sens ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3812 (Vanilla 2.0.16 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3811 (TomatoCart 1.1.3 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3810 (TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3809 (TheHostingTool (THT) 1.2.3 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3808 (The Bug Genie 2.1.2 allows remote attackers to obtain sensitive inform ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3807 (Textpattern 4.2.0 allows remote attackers to obtain sensitive informat ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3806 (TCExam 11.1.015 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3805 (TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3804 (SweetRice 0.7.1 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3803 (SugarCRM 6.1.0 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3802 (StatusNet 0.9.6 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3801 (SimpleTest 1.0.1 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3800 (Serendipity 1.5.5 allows remote attackers to obtain sensitive informat ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3799 (ReOS 2.0.5 allows remote attackers to obtain sensitive information via ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3798 (Rapid Leech 2.3-v42-svn322 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3797 (ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive inform ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3796 (PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive informa ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3795 (Podcast Generator 1.3 allows remote attackers to obtain sensitive info ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3794 (Pligg CMS 1.1.3 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3793 (Pixie 1.04 allows remote attackers to obtain sensitive information via ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3792 (Pixelpost 1.7.3 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3791 (Piwik 1.1 allows remote attackers to obtain sensitive information via ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3790 (Piwigo 2.1.5 allows remote attackers to obtain sensitive information v ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3789 (phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive informa ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3788 (PhpSecInfo 0.2.1 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3787 (phpScheduleIt 1.2.12 allows remote attackers to obtain sensitive infor ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3786 (PHProjekt 6.0.5 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3785 (PHP Point Of Sale (POS) 10.7 allows remote attackers to obtain sensiti ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3784 (Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensiti ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3783 (phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3782 (phpLD 2-151.2.0 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3781 (PHPIDS 0.6.5 allows remote attackers to obtain sensitive information v ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3780 (PHP iCalendar 2.4 allows remote attackers to obtain sensitive informat ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3779 (PhpHostBot 2.0 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3778 (PhpGedView 4.2.3 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3777 (phpFreeChat 1.3 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3776 (phpFormGenerator 2.09 allows remote attackers to obtain sensitive info ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3775 (PHPfileNavigator 2.3.3 allows remote attackers to obtain sensitive inf ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3774 (php Easy Survey Package (phpESP) 2.1.1 allows remote attackers to obta ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3773 (PHPDevShell 3.0.0-Beta-4b allows remote attackers to obtain sensitive ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3772 (phpCollab 2.5 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3771 (phpBook 2.1.0 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3770 (phpAlbum 0.4.1.14 allows remote attackers to obtain sensitive informat ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3769 (PHPads 2.0 allows remote attackers to obtain sensitive information via ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3768 (Phorum 5.2.15a allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3767 (osCommerce 3.0a5 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3766 (OrangeHRM 2.6.0.2 allows remote attackers to obtain sensitive informat ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3765 (Open-Realty 2.5.8 allows remote attackers to obtain sensitive informat ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3764 (OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain sens ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3763 (OpenCart 1.4.9.3 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3762 (OpenBlog 1.2.1 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3761 (NuSOAP 0.9.5 allows remote attackers to obtain sensitive information v ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3760 (Nucleus 3.61 allows remote attackers to obtain sensitive information v ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3759 (MyBB (aka MyBulletinBoard) 1.6 allows remote attackers to obtain sensi ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3758 (::mound:: 2.1.6 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3757 (Moodle 2.0.1 allows remote attackers to obtain sensitive information v ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3756 (MicroBlog 0.9.5 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3755 (MantisBT 1.2.4 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3754 (Mambo 4.6.5 allows remote attackers to obtain sensitive information vi ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3753 (LinPHA 1.3.4 allows remote attackers to obtain sensitive information v ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3752 (LimeSurvey 1.90+ build9642-20101214 allows remote attackers to obtain ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3751 (LifeType 1.2.10 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3750 (kPlaylist 1.8.502 allows remote attackers to obtain sensitive informat ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3749 (ka-Map 1.0-20070205 allows remote attackers to obtain sensitive inform ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3748 (Kamads Classifieds 2_B3 allows remote attackers to obtain sensitive in ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3747 (Joomla! 1.6.0 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3746 (Jcow 4.2.1 allows remote attackers to obtain sensitive information via ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3745 (HycusCMS 1.0.3 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3744 (HTML Purifier 4.2.0 allows remote attackers to obtain sensitive inform ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3743 (Hesk 2.2 allows remote attackers to obtain sensitive information via a ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3742 (HelpCenter Live 2.1.7 allows remote attackers to obtain sensitive info ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3741 (Ganglia 3.1.7 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3740 (FrontAccounting 2.3.1 allows remote attackers to obtain sensitive info ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3739 (Freeway 1.5 Alpha allows remote attackers to obtain sensitive informat ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3738 (Feng Office 1.7.2 allows remote attackers to obtain sensitive informat ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3737 (eyeOS 2.2.0.0 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3736 (ExoPHPDesk 1.2.1 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3735 (Escort Agency CMS (aka escort-agency-cms) allows remote attackers to o ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3734 (Energine 2.3.8 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3733 (Elgg 1.7.6 allows remote attackers to obtain sensitive information via ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3732 (eggBlog 4.1.2 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3731 (e107 0.7.24 allows remote attackers to obtain sensitive information vi ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3730 (Drupal 7.0 allows remote attackers to obtain sensitive information via ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3729 (dotproject 2.1.4 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3728 (Dolphin 7.0.4 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3727 (DokuWiki 2009-12-25c allows remote attackers to obtain sensitive infor ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3726 (DoceboLMS 4.0.4 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3725 (DeluxeBB 1.3 allows remote attackers to obtain sensitive information v ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3724 (CubeCart 4.4.3 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3723 (Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive inform ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3722 (Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtai ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3721 (concrete 5.4.0.5, 5.4.1, and 5.4.1.1 allows remote attackers to obtain ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3720 (conceptcms 5.3.1, 5.3.3, and possibly other versions allows remote att ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3719 (CodeIgniter 1.7.2 allows remote attackers to obtain sensitive informat ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3718 (CMS Made Simple (CMSMS) 1.9.2 allows remote attackers to obtain sensit ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3717 (ClipBucket 2.0.9 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3716 (Claroline 1.9.7 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3715 (ClanTiger 1.1.3 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3714 (ClanSphere 2010.0 allows remote attackers to obtain sensitive informat ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3713 (cFTP r80 allows remote attackers to obtain sensitive information via a ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3712 (CakePHP 1.3.7 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3711 (BIGACE 2.7.5 allows remote attackers to obtain sensitive information v ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3710 (bbPress 1.0.2 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3709 (b2evolution 3.3.3 allows remote attackers to obtain sensitive informat ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3708 (Automne 4.0.2 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3707 (JanRain PHP OpenID library (aka php-openid) 2.2.2 allows remote attack ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3706 (ATutor 2.0 allows remote attackers to obtain sensitive information via ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3705 (Arctic Fox CMS 0.9.4 allows remote attackers to obtain sensitive infor ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3704 (appRain 0.1.0 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3703 (AneCMS 1.0 allows remote attackers to obtain sensitive information via ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3702 (Ananta Gazelle 1.0 allows remote attackers to obtain sensitive informa ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3701 (AlegroCart 1.2.3 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3700 (Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to obtain ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3699 (John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain ...) - libphp-adodb (unimportant) NOTE: path is already known CVE-2011-3698 (AdaptCMS 2.0.2 Beta allows remote attackers to obtain sensitive inform ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3697 (Achievo 1.4.5 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3696 (60cycleCMS 2.5.2 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3695 (111WebCalendar 1.2.3 allows remote attackers to obtain sensitive infor ...) NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway) CVE-2011-3694 (The Server Administration Console in NetSaro Enterprise Messenger Serv ...) NOT-FOR-US: NetSaro Enterprise Messenger CVE-2011-3693 (NetSaro Enterprise Messenger Server 2.0 allows local users to discover ...) NOT-FOR-US: NetSaro Enterprise Messenger CVE-2011-3692 (NetSaro Enterprise Messenger Server 2.0 stores cleartext console crede ...) NOT-FOR-US: NetSaro Enterprise Messenger CVE-2011-3691 (Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 ...) NOT-FOR-US: Foxit Reader CVE-2011-3690 (Untrusted search path vulnerability in PlotSoft PDFill PDF Editor 8.0 ...) NOT-FOR-US: PlotSoft PDFill PDF Editor CVE-2011-3689 (Cross-site scripting (XSS) vulnerability in Licenses.html in Wibu-Syst ...) NOT-FOR-US: Wibu-Systems CodeMeter WebAdmin CVE-2011-3688 (Multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9. ...) NOT-FOR-US: Sonexis ConferenceManager CVE-2011-3687 (Multiple cross-site scripting (XSS) vulnerabilities in Sonexis Confere ...) NOT-FOR-US: Sonexis ConferenceManager CVE-2011-3686 (Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.a ...) NOT-FOR-US: Sonexis ConferenceManager CVE-2011-3685 (Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cip ...) NOT-FOR-US: Tembria Server Monitor CVE-2011-3684 (Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server ...) NOT-FOR-US: Tembria Server Monitor CVE-2011-3683 RESERVED CVE-2011-3682 RESERVED CVE-2011-3681 REJECTED CVE-2011-3680 REJECTED CVE-2011-3679 REJECTED CVE-2011-3678 REJECTED CVE-2011-3677 REJECTED CVE-2011-3676 REJECTED CVE-2011-3675 REJECTED CVE-2011-3674 REJECTED CVE-2011-3673 REJECTED CVE-2011-3672 REJECTED CVE-2011-3671 (Use-after-free vulnerability in the nsHTMLSelectElement function in ns ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 9.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2011-3670 (Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before ...) {DSA-2406-1 DSA-2402-1 DSA-2400-1} - icedove 7.0-1 [lenny] - icedove - xulrunner (unimportant) - iceweasel 7.0-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-10 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2011-3669 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in B ...) - bugzilla (low) [squeeze] - bugzilla (Minor issue) [lenny] - bugzilla (Minor issue) CVE-2011-3668 (Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bug ...) - bugzilla (low) [squeeze] - bugzilla (Minor issue) [lenny] - bugzilla (Minor issue) CVE-2011-3667 (The User.offer_account_by_email WebService method in Bugzilla 2.x and ...) - bugzilla (low) [squeeze] - bugzilla (Not supported in Squeeze LTS) [lenny] - bugzilla (Minor issue) CVE-2011-3666 (Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS ...) - iceweasel (MacOS specific) CVE-2011-3665 (Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaM ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 9.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2011-3664 (Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey befo ...) - iceweasel (MacOS specific) CVE-2011-3663 (Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaM ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 9.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2011-3662 RESERVED CVE-2011-3661 (YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 thro ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 9.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2011-3660 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 9.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2011-3659 (Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 10.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2011-3658 (The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and Se ...) - iceweasel 9.0-1 - iceape 2.7.1-1 [squeeze] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceape (Only affects Firefox >= 4) CVE-2011-3657 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x an ...) - bugzilla (low) [squeeze] - bugzilla (Not supported in Squeeze LTS) [lenny] - bugzilla (Minor issue) CVE-2011-3656 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6 ...) - iceweasel 4.0-1 [squeeze] - iceweasel (Iceweasel not supported in Squeeze LTS) CVE-2011-3655 (Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perfor ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 8.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2011-3654 (The browser engine in Mozilla Firefox before 8.0 and Thunderbird befor ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 8.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2011-3653 (Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do n ...) - iceweasel (MacOS X-specific) CVE-2011-3652 (The browser engine in Mozilla Firefox before 8.0 and Thunderbird befor ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 8.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2011-3651 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 8.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2011-3650 (Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird befo ...) {DSA-2345-1 DSA-2342-1 DSA-2341-1} - icedove 3.1.16-1 [lenny] - icedove - xulrunner (unimportant) - iceweasel 8.0-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-9 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2011-3649 (Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) A ...) - iceweasel (Windows-specific) CVE-2011-3648 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6 ...) {DSA-2345-1 DSA-2342-1 DSA-2341-1} - icedove 3.1.16-1 [lenny] - icedove - xulrunner (unimportant) - iceweasel 8.0-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-9 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2011-3647 (The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird ...) {DSA-2345-1 DSA-2342-1 DSA-2341-1} - icedove 3.1.16-1 [lenny] - icedove - xulrunner (unimportant) - iceweasel 7.0-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-9 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2011-3646 (phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote atta ...) - phpmyadmin 4:3.4.6-1 (unimportant) CVE-2011-3645 (Newgen OmniDocs allows remote attackers to bypass intended access rest ...) NOT-FOR-US: Newgen OmniDocs CVE-2011-XXXX [atftp DoS] - atftp 0.7.dfsg-11 (low) [squeeze] - atftp (Minor issue) [lenny] - atftp (Introduced with ipv6 patch) CVE-2011-3644 RESERVED CVE-2011-3643 RESERVED CVE-2011-3642 (Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 thr ...) - mahara (low; bug #699230) [squeeze] - mahara (Minor issue) NOTE: https://code.google.com/p/flowplayer-core/issues/detail?id=441 CVE-2011-3641 RESERVED CVE-2011-3640 (** DISPUTED ** Untrusted search path vulnerability in Mozilla Network ...) {DSA-2339-1} - nss 3.13.1.with.ckbi.1.88-1 (low; bug #647614) [lenny] - nss (Minor issue) [squeeze] - nss (Minor issue) - chromium-browser (unimportant) NOTE: attacker needs to get malicious file into cwd first NOTE: http://seclists.org/fulldisclosure/2011/Oct/734 CVE-2011-3639 (The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 an ...) {DSA-2405-1} - apache2 2.2.18-1 NOTE: Related to CVE-2011-3368 and CVE-2011-4317 but a different issue CVE-2011-3638 (fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modif ...) - linux-2.6 3.0.0-1 [squeeze] - linux-2.6 2.6.32-40 CVE-2011-3637 (The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2 ...) - linux-2.6 2.6.39-1 [squeeze] - linux-2.6 (Introduced in 2.6.39) [lenny] - linux-2.6 (Introduced in 2.6.39) CVE-2011-3636 (Cross-site request forgery (CSRF) vulnerability in the management inte ...) NOT-FOR-US: FreeIPA CVE-2011-3635 (Cross-site scripting (XSS) vulnerability in the theme_adium_append_mes ...) - empathy 3.2.1.1-1 [squeeze] - empathy (Minor issue) [lenny] - empathy (only affects webkit theming, not present in Lenny) CVE-2011-3634 (methods/https.cc in apt before 0.8.11 accepts connections when the cer ...) {DLA-0005-1} - apt 0.8.11 (low) [squeeze] - apt 0.8.10.3+squeeze2 NOTE: Minor issue, apt is only affected if apt-transport-https is installed NOTE: http://bazaar.launchpad.net/~donkult/apt/sid/revision/2053.1.28 NOTE: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353 CVE-2011-3633 REJECTED CVE-2011-3632 (Hardlink before 0.1.2 operates on full file system objects path names ...) - hardlink (Only the C version, ours are written in Python) CVE-2011-3631 (Hardlink before 0.1.2 has multiple integer overflows leading to heap-b ...) - hardlink (Only the C version, ours are written in Python) CVE-2011-3630 (Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow ...) - hardlink (Only the C version, ours are written in Python) CVE-2011-3629 (Joomla! core 1.7.1 allows information disclosure due to weak encryptio ...) NOT-FOR-US: Joomla! CVE-2011-3628 (Untrusted search path vulnerability in pam_motd (aka the MOTD module) ...) - pam 1.1.3-7 (low; bug #670076) [squeeze] - pam (Minor issue) [lenny] - pam (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/%2Bsource/pam/%2Bbug/610125 NOTE: https://launchpadlibrarian.net/82729670/610125.patch NOTE: its not clear which version fixed this, but its present in the checked version 1.1.3-7 CVE-2011-3627 (The bytecode engine in ClamAV before 0.97.3 allows remote attackers to ...) - clamav 0.97.3+dfsg-1 (low) [squeeze] - clamav 0.97.3+dfsg-1~squeeze1 CVE-2011-3626 (Double free vulnerability in the prepare_exec function in src/exec.c i ...) NOT-FOR-US: Logsurfer CVE-2011-3625 (Stack-based buffer overflow in the sub_read_line_sami function in subr ...) - mplayer 2:1.0~rc4.dfsg1+svn33713-2 (bug #645987) [squeeze] - mplayer (Malformed SMI file correctly rejected, possibly introduced by later changes) - mplayer2 2.0-134-g84d8671-9 (bug #646937) CVE-2011-3624 (Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and ea ...) - ruby1.8 (low; bug #646020) [lenny] - ruby1.8 (Minor issue) [squeeze] - ruby1.8 (Minor issue) [wheezy] - ruby1.8 (Minor issue) - ruby1.9 (low; bug #646020) [lenny] - ruby1.9 (Minor issue) - ruby1.9.1 (low; bug #646020) [squeeze] - ruby1.9.1 (Minor issue, there seems to be no patch upstream) [wheezy] - ruby1.9.1 (Minor issue) CVE-2011-3623 (Multiple stack-based buffer overflows in VideoLAN VLC media player bef ...) - vlc 1.1.3-1 NOTE: https://bugs.gentoo.org/show_bug.cgi?id=285370 CVE-2011-3622 (A Cross-Site Scripting (XSS) vulnerability exists in the admin login s ...) NOT-FOR-US: phorum CVE-2011-3621 (A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_ ...) NOT-FOR-US: fluxbb CVE-2011-3620 (Apache Qpid 0.12 does not properly verify credentials during the joini ...) - qpid-cpp (Red Hat-specific extension, see bug #672124) CVE-2011-3619 (The apparmor_setprocattr function in security/apparmor/lsm.c in the Li ...) - linux-2.6 3.0.0-1 [squeeze] - linux-2.6 (Introduced in 2.6.36) [lenny] - linux-2.6 (Introduced in 2.6.36) CVE-2011-3618 (atop: symlink attack possible due to insecure tempfile handling ...) - atop 1.23-1.1 (low; bug #622794) [lenny] - atop 1.23-1+lenny1 (bug #622794) [squeeze] - atop 1.23-1+squeeze1 (bug #622794) CVE-2011-3617 (Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to del ...) - tahoe-lafs 1.8.3-1 (bug #641540) CVE-2011-3616 (The getSkillname function in the eve module in Conky 1.8.1 and earlier ...) - conky 1.8.0-1.1 (low; bug #612033) [squeeze] - conky 1.8.0-1+squeeze1 [lenny] - conky 1.6.0-2+lenny1 CVE-2011-3615 (Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) ...) NOT-FOR-US: Simple Machines Forum CVE-2011-3614 (An Access Control vulnerability exists in the Facebook, Twitter, and E ...) NOT-FOR-US: Vanilla Forums CVE-2011-3613 (An issue exists in Vanilla Forums before 2.0.17.9 due to the way cooki ...) NOT-FOR-US: Vanilla Forums CVE-2011-3612 (Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in ...) NOT-FOR-US: UseBB CVE-2011-3611 (A File Inclusion vulnerability exists in act parameter to admin.php in ...) NOT-FOR-US: UseBB CVE-2011-3610 (A Cross-site Scripting (XSS) vulnerability exists in the Serendipity f ...) NOT-FOR-US: Serendipity plugin CVE-2011-3609 (A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBo ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2011-3608 REJECTED CVE-2011-3607 (Integer overflow in the ap_pregsub function in server/util.c in the Ap ...) {DSA-2405-1} - apache2 2.2.21-4 CVE-2011-3606 (A DOM based cross-site scripting flaw was found in the JBoss Applicati ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2011-3605 (The process_rs function in the router advertisement daemon (radvd) bef ...) {DSA-2323-1} - radvd 1:1.8-1.1 (bug #644614) NOTE: http://seclists.org/oss-sec/2011/q4/30 CVE-2011-3604 (The process_ra function in the router advertisement daemon (radvd) bef ...) {DSA-2323-1} - radvd 1:1.8-1.1 (bug #644614) NOTE: http://seclists.org/oss-sec/2011/q4/30 CVE-2011-3603 (The router advertisement daemon (radvd) before 1.8.2 does not properly ...) NOTE: http://seclists.org/oss-sec/2011/q4/30 NOTE: should be rejected (http://seclists.org/oss-sec/2011/q4/72) CVE-2011-3602 (Directory traversal vulnerability in device-linux.c in the router adve ...) {DSA-2323-1} - radvd 1:1.8-1.1 (bug #644614) NOTE: http://seclists.org/oss-sec/2011/q4/30 CVE-2011-3601 (Buffer overflow in the process_ra function in the router advertisement ...) {DSA-2323-1} - radvd 1:1.8-1.2 (bug #644614) [squeeze] - radvd (No support for ND_OPT_DNSSL_INFORMATION) [lenny] - radvd (No support for ND_OPT_DNSSL_INFORMATION) NOTE: http://seclists.org/oss-sec/2011/q4/30 CVE-2011-3600 (The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler i ...) - libxmlrpc3-java 3.1.3-1 (low) [lenny] - libxmlrpc3-java (Minor issue) CVE-2011-3599 (The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when ...) - libcrypt-dsa-perl 1.17-3 (unimportant; bug #644189) NOTE: All supported Debian kernels have /dev/random, so severity unimportant CVE-2011-3598 (Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin befo ...) - phppgadmin 5.0.3-1 (low; bug #644290) [squeeze] - phppgadmin 4.2.3-1.1squeeze1 [lenny] - phppgadmin 4.2.2-1lenny1 CVE-2011-3597 (Eval injection vulnerability in the Digest module before 1.17 for Perl ...) - libdigest-perl 1.17-1 (low; bug #644108) [squeeze] - libdigest-perl 1.16-1+squeeze1 [lenny] - libdigest-perl 1.15-2+lenny1 - perl 5.12.4-6 (low; bug #644108) [squeeze] - perl 5.10.1-17squeeze3 [lenny] - perl (Minor issue) NOTE: https://github.com/gisle/digest/commit/33800e83550bcad19c4fc593874ec3497841fa1e CVE-2011-3596 (Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-c ...) - polipo 1.0.4.1-1.2 (bug #644289) [squeeze] - polipo (Minor issue) NOTE: http://seclists.org/fulldisclosure/2011/Oct/10 CVE-2011-3595 (Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! t ...) NOT-FOR-US: Joomla! CVE-2011-3594 (The g_markup_escape_text function in the SILC protocol plug-in in libp ...) - pidgin 2.10.1-1 (unimportant) [squeeze] - pidgin 2.7.3-1+squeeze2 NOTE: relatively obscure client crash CVE-2011-3593 (A certain Red Hat patch to the vlan_hwaccel_do_receive function in net ...) - linux-2.6 (RHEL6 only because of badly backported patches) CVE-2011-3592 (Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlin ...) - phpmyadmin 4:3.4.5-1 [squeeze] - phpmyadmin (Vulnerable code not present) [lenny] - phpmyadmin (Vulnerable code not present) CVE-2011-3591 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4. ...) - phpmyadmin 4:3.4.5-1 [squeeze] - phpmyadmin (Vulnerable code not present) [lenny] - phpmyadmin (Vulnerable code not present) CVE-2011-3590 (The Red Hat mkdumprd script for kexec-tools, as distributed in the kex ...) - kexec-tools (The flaw exists in kdump.init and mkdumprd scrits, shipped only with Red Hat and Fedora) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=716439 CVE-2011-3589 (The Red Hat mkdumprd script for kexec-tools, as distributed in the kex ...) - kexec-tools (The flaw exists in kdump.init and mkdumprd scrits, shipped only with Red Hat and Fedora) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=716439 CVE-2011-3588 (The SSH configuration in the Red Hat mkdumprd script for kexec-tools, ...) - kexec-tools (The flaw exists in kdump.init and mkdumprd scrits, shipped only with Red Hat and Fedora) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=716439 CVE-2011-3587 (Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone ...) - zope2.10 (Introduced in 2.12) - zope2.12 2.12.20-2 CVE-2011-3586 REJECTED CVE-2011-3585 (Multiple race conditions in the (1) mount.cifs and (2) umount.cifs pro ...) - samba 2:3.4.7~dfsg-2 (low) - cifs-utils 2:4.5-1 (low) NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed NOTE: http://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=810f7e4e0f2dbcbee0294d9b371071cb08268200 CVE-2011-3584 (The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to ...) - typo3-src 4.5.6+dfsg1-1 (low; bug #641683) [squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze2 [lenny] - typo3-src 4.2.5-1+lenny9 CVE-2011-3583 (It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared stat ...) - typo3-src 4.5.6+dfsg1-1 (low; bug #641682) [squeeze] - typo3-src (Only affects 4.5.x) [lenny] - typo3-src (Only affects 4.5.x) CVE-2011-3582 (A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced E ...) NOT-FOR-US: Advanced Electron Forums CVE-2011-3581 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal functio ...) {DSA-2353-1} - ldns 1.6.11-1 (bug #647297) CVE-2011-3580 (IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote att ...) NOT-FOR-US: IceWarp Mail Server CVE-2011-3579 (server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10 ...) NOT-FOR-US: IceWarp Mail Server CVE-2011-3578 (Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.p ...) - mantis 1.2.7-1 [squeeze] - mantis 1.1.8+dfsg-10squeeze1 CVE-2011-3577 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 do ...) NOT-FOR-US: IBM WebSphere Commerce CVE-2011-3576 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 all ...) NOT-FOR-US: IBM Lotus Domino CVE-2011-3575 (Stack-based buffer overflow in the NSFComputeEvaluateExt function in N ...) NOT-FOR-US: IBM Lotus Domino CVE-2011-3574 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows ...) NOT-FOR-US: Oracle Communications Unified CVE-2011-3573 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows ...) NOT-FOR-US: Oracle Communications Unified CVE-2011-3572 REJECTED CVE-2011-3571 (Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) ...) NOTE: CVE was misused by Oracle. Replaced by CVE-2012-0507. CVE-2011-3570 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows ...) NOT-FOR-US: Oracle Communications Unified CVE-2011-3569 (Unspecified vulnerability in the Oracle Web Services Manager component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-3568 (Unspecified vulnerability in the Oracle Web Services Manager component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-3567 REJECTED CVE-2011-3566 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-3565 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows ...) NOT-FOR-US: Oracle Communications Unified CVE-2011-3564 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 ...) - glassfish (administration component not shipped) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=783897 CVE-2011-3563 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2420-1} - openjdk-6 6b24-1.11.1-1 - openjdk-7 7~u3-2.1-1 CVE-2011-3562 (Unspecified vulnerability in the Portal component in Oracle Fusion Mid ...) NOT-FOR-US: Oracle Fusion CVE-2011-3561 (Unspecified vulnerability in the Java Runtime Environment component in ...) - sun-java6 (bug #645881) [lenny] - sun-java6 (Non-free not supported) [squeeze] - sun-java6 (Non-free not supported) CVE-2011-3560 (Unspecified vulnerability in the Java Runtime Environment component in ...) {DSA-2358-1 DSA-2356-1} - sun-java6 (bug #645881) [lenny] - sun-java6 (Non-free not supported) [squeeze] - sun-java6 (Non-free not supported) - openjdk-6 6b23~pre11-1 - openjdk-7 7~b147-2.0-1 CVE-2011-3559 (Unspecified vulnerability in Oracle Communications Server 2.0; GlassFi ...) NOT-FOR-US: Oracle Communications Server, GlassFish Enterprise Server, Sun Java System App Server CVE-2011-3558 (Unspecified vulnerability in the Java Runtime Environment component in ...) - sun-java6 (bug #645881) [lenny] - sun-java6 (Non-free not supported) [squeeze] - sun-java6 (Non-free not supported) [lenny] - openjdk-6 (Hotspot version too old) [squeeze] - openjdk-6 (Hotspot version too old) - openjdk-6 6b23~pre11-1 - openjdk-7 7~b147-2.0-1 CVE-2011-3557 (Unspecified vulnerability in the Java Runtime Environment component in ...) {DSA-2358-1 DSA-2356-1} - sun-java6 (bug #645881) [lenny] - sun-java6 (Non-free not supported) [squeeze] - sun-java6 (Non-free not supported) - openjdk-6 6b23~pre11-1 - openjdk-7 7~b147-2.0-1 CVE-2011-3556 (Unspecified vulnerability in the Java Runtime Environment component in ...) {DSA-2358-1 DSA-2356-1} - sun-java6 (bug #645881) [lenny] - sun-java6 (Non-free not supported) [squeeze] - sun-java6 (Non-free not supported) - openjdk-6 6b23~pre11-1 - openjdk-7 7~b147-2.0-1 CVE-2011-3555 (Unspecified vulnerability in the Java Runtime Environment component in ...) - sun-java6 (bug #645881) [lenny] - sun-java6 (Non-free not supported) [squeeze] - sun-java6 (Non-free not supported) CVE-2011-3554 (Unspecified vulnerability in the Java Runtime Environment component in ...) {DSA-2358-1 DSA-2356-1} - sun-java6 (bug #645881) [lenny] - sun-java6 (Non-free not supported) [squeeze] - sun-java6 (Non-free not supported) - openjdk-6 6b23~pre11-1 - openjdk-7 7~b147-2.0-1 CVE-2011-3553 (Unspecified vulnerability in the Java Runtime Environment component in ...) {DSA-2358-1 DSA-2356-1} - sun-java6 (bug #645881) [lenny] - sun-java6 (Non-free not supported) [squeeze] - sun-java6 (Non-free not supported) - openjdk-6 6b23~pre11-1 - openjdk-7 7~b147-2.0-1 CVE-2011-3552 (Unspecified vulnerability in the Java Runtime Environment component in ...) {DSA-2358-1 DSA-2356-1} - sun-java6 (bug #645881) [lenny] - sun-java6 (Non-free not supported) [squeeze] - sun-java6 (Non-free not supported) - openjdk-6 6b23~pre11-1 - openjdk-7 7~b147-2.0-1 CVE-2011-3551 (Unspecified vulnerability in the Java Runtime Environment component in ...) {DSA-2358-1 DSA-2356-1} - sun-java6 (bug #645881) [lenny] - sun-java6 (Non-free not supported) [squeeze] - sun-java6 (Non-free not supported) - openjdk-6 6b23~pre11-1 - openjdk-7 7~b147-2.0-1 CVE-2011-3550 (Unspecified vulnerability in the Java Runtime Environment component in ...) - sun-java6 (bug #645881) [lenny] - sun-java6 (Non-free not supported) [squeeze] - sun-java6 (Non-free not supported) CVE-2011-3549 (Unspecified vulnerability in the Java Runtime Environment component in ...) - sun-java6 (bug #645881) [lenny] - sun-java6 (Non-free not supported) [squeeze] - sun-java6 (Non-free not supported) CVE-2011-3548 (Unspecified vulnerability in the Java Runtime Environment component in ...) {DSA-2358-1 DSA-2356-1} - sun-java6 (bug #645881) [lenny] - sun-java6 (Non-free not supported) [squeeze] - sun-java6 (Non-free not supported) - openjdk-6 6b23~pre11-1 - openjdk-7 7~b147-2.0-1 CVE-2011-3547 (Unspecified vulnerability in the Java Runtime Environment component in ...) {DSA-2358-1 DSA-2356-1} - sun-java6 (bug #645881) [lenny] - sun-java6 (Non-free not supported) [squeeze] - sun-java6 (Non-free not supported) - openjdk-6 6b23~pre11-1 - openjdk-7 7~b147-2.0-1 CVE-2011-3546 (Unspecified vulnerability in the Java Runtime Environment component in ...) - sun-java6 (bug #645881) [lenny] - sun-java6 (Non-free not supported) [squeeze] - sun-java6 (Non-free not supported) CVE-2011-3545 (Unspecified vulnerability in the Java Runtime Environment component in ...) - sun-java6 (bug #645881) [lenny] - sun-java6 (Non-free not supported) [squeeze] - sun-java6 (Non-free not supported) CVE-2011-3544 (Unspecified vulnerability in the Java Runtime Environment component in ...) {DSA-2358-1 DSA-2356-1} - sun-java6 (bug #645881) [lenny] - sun-java6 (Non-free not supported) [squeeze] - sun-java6 (Non-free not supported) - openjdk-6 6b23~pre11-1 - openjdk-7 7~b147-2.0-1 CVE-2011-3543 (Unspecified vulnerability in Oracle Solaris 11 Express allows remote a ...) NOT-FOR-US: Oracle Solaris 11 Express CVE-2011-3542 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows l ...) NOT-FOR-US: Oracle Solaris CVE-2011-3541 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-3540 REJECTED CVE-2011-3539 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows l ...) NOT-FOR-US: Oracle Solaris CVE-2011-3538 (Unspecified vulnerability in the Sun Ray component in Oracle Virtualiz ...) NOT-FOR-US: Oracle Virtualization CVE-2011-3537 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...) NOT-FOR-US: Oracle Solaris CVE-2011-3536 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...) NOT-FOR-US: Oracle Solaris CVE-2011-3535 (Unspecified vulnerability in the Solaris component in Oracle Sun Produ ...) NOT-FOR-US: Oracle Solaris CVE-2011-3534 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...) NOT-FOR-US: Oracle Solaris CVE-2011-3533 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft CVE-2011-3532 (Unspecified vulnerability in the Oracle Agile Product Supplier Collabo ...) NOT-FOR-US: Oracle Supply Chain CVE-2011-3531 (Unspecified vulnerability in the Oracle Web Services Manager component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-3530 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft CVE-2011-3529 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft CVE-2011-3528 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft CVE-2011-3527 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft CVE-2011-3526 (Unspecified vulnerability in the Siebel Core - UIF Server component in ...) NOT-FOR-US: Oracle Siebel CVE-2011-3525 (Unspecified vulnerability in the Application Express component in Orac ...) NOT-FOR-US: Oracle Database Server CVE-2011-3524 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...) NOT-FOR-US: Oracle JD Edwards Products CVE-2011-3523 (Unspecified vulnerability in the Oracle Web Services Manager component ...) NOT-FOR-US: Oracle Fusion CVE-2011-3522 (Unspecified vulnerability in SysFW 8.0 on certain SPARC T3, Netra SPAR ...) NOT-FOR-US: SPARC T3, Netra SPARC T3, Sun Fire, and Sun Blade CVE-2011-3521 (Unspecified vulnerability in the Java Runtime Environment component in ...) {DSA-2358-1 DSA-2356-1} - sun-java6 (bug #645881) [lenny] - sun-java6 (Non-free not supported) [squeeze] - sun-java6 (Non-free not supported) - openjdk-6 6b23~pre11-1 - openjdk-7 7~b147-2.0-1 CVE-2011-3520 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: PeopleSoft Enterprise PeopleTools CVE-2011-3519 (Unspecified vulnerability in the Oracle Applications Framework compone ...) NOT-FOR-US: Oracle E-Business Suite CVE-2011-3518 (Unspecified vulnerability in the Siebel Core - UIF Client component in ...) NOT-FOR-US: Oracle Siebel CVE-2011-3517 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle Su ...) NOT-FOR-US: Oracle Sun Products Suite CVE-2011-3516 (Unspecified vulnerability in the Java Runtime Environment component in ...) - sun-java6 (Windows-specific) - openjdk-6 (Windows-specific) CVE-2011-3515 (Unspecified vulnerability in the Oracle Solaris 10 and 11 Express allo ...) NOT-FOR-US: Oracle Solaris CVE-2011-3514 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...) NOT-FOR-US: Oracle JD Edwards Products CVE-2011-3513 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2011-3512 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2011-3511 (Unspecified vulnerability in the Database Vault component in Oracle Da ...) NOT-FOR-US: Oracle Database Server CVE-2011-3510 (Unspecified vulnerability in the Oracle Business Intelligence Enterpri ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-3509 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...) NOT-FOR-US: Oracle JD Edwards Products CVE-2011-3508 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...) NOT-FOR-US: Oracle Solaris CVE-2011-3507 (Unspecified vulnerability in the Oracle Communications Unified compone ...) NOT-FOR-US: Oracle Sun Products Suite CVE-2011-3506 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle Su ...) NOT-FOR-US: Oracle Sun Products Suite CVE-2011-3505 REJECTED CVE-2011-3504 (The Matroska format decoder in FFmpeg before 0.8.3 does not properly a ...) {DSA-2336-1} - libav 4:0.7.2-1 (bug #643859) - ffmpeg 7:2.4.1-1 - ffmpeg-debian CVE-2011-3503 (Untrusted search path vulnerability in eSignal 10.6.2425.1208, and pos ...) NOT-FOR-US: eSignal CVE-2011-3502 (The web server in Cogent DataHub 7.1.1.63 and earlier allows remote at ...) NOT-FOR-US: Cogent DataHub CVE-2011-3501 (Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote ...) NOT-FOR-US: Cogent DataHub CVE-2011-3500 (Directory traversal vulnerability in the web server in Cogent DataHub ...) NOT-FOR-US: Cogent DataHub CVE-2011-3499 (Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attacker ...) NOT-FOR-US: Progea Movicon / PowerHMI CVE-2011-3498 (Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and ...) NOT-FOR-US: Progea Movicon / PowerHMI CVE-2011-3497 (service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote at ...) NOT-FOR-US: Measuresoft ScadaPro CVE-2011-3496 (service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote at ...) NOT-FOR-US: Measuresoft ScadaPro CVE-2011-3495 (Multiple directory traversal vulnerabilities in service.exe in Measure ...) NOT-FOR-US: Measuresoft ScadaPro CVE-2011-3494 (WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to ...) NOT-FOR-US: eSignal CVE-2011-3493 (Multiple stack-based buffer overflows in the DH_OneSecondTick function ...) NOT-FOR-US: Cogent DataHub CVE-2011-3492 (Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and ...) NOT-FOR-US: Azeotech DAQFactory CVE-2011-3491 (Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and ...) NOT-FOR-US: Progea Movicon / PowerHMI CVE-2011-3490 (Multiple stack-based buffer overflows in service.exe in Measuresoft Sc ...) NOT-FOR-US: Measuresoft ScadaPro CVE-2011-3489 (RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and ea ...) NOT-FOR-US: Rockwell RSLogix CVE-2011-3488 (Use-after-free vulnerability in Equis MetaStock 11 and earlier allows ...) NOT-FOR-US: Equis MetaStock CVE-2011-3487 (Directory traversal vulnerability in CarelDataServer.exe in Carel Plan ...) NOT-FOR-US: Carel PlantVisor CVE-2011-3486 (Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to ca ...) NOT-FOR-US: Beckhoff TwinCAT CVE-2011-3485 RESERVED CVE-2011-3481 (The index_get_ids function in index.c in imapd in Cyrus IMAP Server be ...) {DSA-2377-1} - cyrus-imapd-2.2 - cyrus-imapd-2.4 2.4.11-1 - kolab-cyrus-imapd [squeeze] - kolab-cyrus-imapd (Unsupported in squeeze-lts) CVE-2011-3480 REJECTED CVE-2011-3479 (Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcA ...) NOT-FOR-US: Symantec pcAnywhere CVE-2011-3478 (The host-services component in Symantec pcAnywhere 12.5.x through 12.5 ...) NOT-FOR-US: Symantec pcAnywhere CVE-2011-3477 (GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in S ...) NOT-FOR-US: Symantec CVE-2011-3476 REJECTED CVE-2011-3475 RESERVED CVE-2011-3474 RESERVED CVE-2011-3473 RESERVED CVE-2011-3472 RESERVED CVE-2011-3471 RESERVED CVE-2011-3470 RESERVED CVE-2011-3469 RESERVED CVE-2011-3468 RESERVED CVE-2011-3467 RESERVED CVE-2011-3466 RESERVED CVE-2011-3465 RESERVED CVE-2011-3464 (Off-by-one error in the png_formatted_warning function in pngerror.c i ...) - libpng (Only affects libpng 1.5, which is only in experimental) CVE-2011-3463 (WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properl ...) NOT-FOR-US: Mac OS X CVE-2011-3462 (Time Machine in Apple Mac OS X before 10.7.3 does not verify the uniqu ...) NOT-FOR-US: Mac OS X CVE-2011-3461 RESERVED CVE-2011-3460 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows re ...) NOT-FOR-US: QuickTime CVE-2011-3459 (Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows r ...) NOT-FOR-US: QuickTime CVE-2011-3458 (QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to u ...) NOT-FOR-US: QuickTime CVE-2011-3457 (The OpenGL implementation in Apple Mac OS X before 10.7.3 does not pro ...) NOT-FOR-US: Mac OS X CVE-2011-3456 RESERVED CVE-2011-3455 RESERVED CVE-2011-3454 RESERVED CVE-2011-3453 (Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows r ...) NOT-FOR-US: Mac OS X CVE-2011-3452 (Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the ...) NOT-FOR-US: Mac OS X CVE-2011-3451 RESERVED CVE-2011-3450 (CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restri ...) NOT-FOR-US: Mac OS X CVE-2011-3449 (Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7 ...) NOT-FOR-US: Mac OS X CVE-2011-3448 (Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7. ...) NOT-FOR-US: Mac OS X CVE-2011-3447 (CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly con ...) NOT-FOR-US: Mac OS X CVE-2011-3446 (Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not pro ...) NOT-FOR-US: Mac OS X CVE-2011-3445 RESERVED CVE-2011-3444 (Address Book in Apple Mac OS X before 10.7.3 automatically switches to ...) NOT-FOR-US: Mac OS X CVE-2011-3443 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...) NOT-FOR-US: Webspecidied Safari webkit issue, likely a Apple dupe CVE-2011-3442 (The kernel in Apple iOS before 5.0.1 does not ensure the validity of f ...) NOT-FOR-US: Apple iOS CVE-2011-3441 (libinfo in Apple iOS before 5.0.1 does not properly formulate domain-n ...) NOT-FOR-US: Apple iOS CVE-2011-3440 (The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does ...) NOT-FOR-US: Apple iOS CVE-2011-3439 (FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attac ...) {DSA-2350-1} - freetype 2.4.8-1 (bug #649122) CVE-2011-3438 (WebKit, as used in Safari 5.0.6, allows remote attackers to cause a de ...) NOT-FOR-US: Apple Safari CVE-2011-3437 (Integer signedness error in Apple Type Services (ATS) in Apple Mac OS ...) NOT-FOR-US: Apple Type Services (ATS) in Apple Mac OS CVE-2011-3436 (Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a ...) NOT-FOR-US: Open Directory in Apple Mac OS CVE-2011-3435 (Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users ...) NOT-FOR-US: Open Directory in Apple Mac OS CVE-2011-3434 (The WiFi component in Apple iOS before 5 stores WiFi credentials in an ...) NOT-FOR-US: WiFi component in Apple iOS CVE-2011-3433 RESERVED CVE-2011-3432 (The UIKit Alerts component in Apple iOS before 5 allows remote attacke ...) NOT-FOR-US: UIKit Alerts component in Apple iOS CVE-2011-3431 (The Home screen component in Apple iOS before 5 does not properly supp ...) NOT-FOR-US: Home screen component in Apple iOS CVE-2011-3430 (The Settings component in Apple iOS before 5, when a configuration pro ...) NOT-FOR-US: Apple iOS CVE-2011-3429 (The Settings component in Apple iOS before 5 stores a cleartext parent ...) NOT-FOR-US: Apple iOS CVE-2011-3428 (Buffer overflow in QuickTime before 7.7.1 for Windows allows remote at ...) NOT-FOR-US: Apple Quicktime CVE-2011-3427 (The Data Security component in Apple iOS before 5 and Apple TV before ...) NOT-FOR-US: Apple iOS CVE-2011-3426 (Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before ...) NOT-FOR-US: Apple iOS CVE-2011-3425 RESERVED CVE-2011-3424 (Session fixation vulnerability in the Managed File Transfer server in ...) NOT-FOR-US: TIBCO Managed File Transfer Internet Server CVE-2011-3423 (Cross-site scripting (XSS) vulnerability in the Managed File Transfer ...) NOT-FOR-US: TIBCO Managed File Transfer Internet Server CVE-2011-3482 (The csnStreamDissector function in epan/dissectors/packet-csn1.c in th ...) - wireshark 1.6.2-1 [squeeze] - wireshark (Affects only 1.6.0 and 1.6.1) [lenny] - wireshark (Affects only 1.6.0 and 1.6.1) NOTE: http://www.wireshark.org/security/wnpa-sec-2011-16.html CVE-2011-3483 (Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial ...) {DSA-2395-1} - wireshark 1.6.2-1 [lenny] - wireshark (Affects only 1.6.0 and 1.6.1) NOTE: http://www.wireshark.org/security/wnpa-sec-2011-14.html CVE-2011-3484 (The unxorFrame function in epan/dissectors/packet-opensafety.c in the ...) - wireshark 1.6.2-1 [squeeze] - wireshark (Affects only 1.6.0 and 1.6.1) [lenny] - wireshark (Affects only 1.6.0 and 1.6.1) NOTE: http://www.wireshark.org/security/wnpa-sec-2011-12.html CVE-2011-3422 (The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does ...) NOT-FOR-US: Apple Mac OS X CVE-2011-3421 (Multiple unspecified vulnerabilities in Google Chrome before 14.0.835. ...) - chromium-browser 14.0.835.163~r101024-1 (unimportant) NOTE: duplicate CVE-2011-3420 (Multiple unspecified vulnerabilities in Google Chrome before 14.0.835. ...) - chromium-browser 14.0.835.163~r101024-1 (unimportant) NOTE: duplicate CVE-2011-3419 REJECTED CVE-2011-3418 REJECTED CVE-2011-3417 (The Forms Authentication feature in the ASP.NET subsystem in Microsoft ...) NOT-FOR-US: Microsoft ASP.NET CVE-2011-3416 (The Forms Authentication feature in the ASP.NET subsystem in Microsoft ...) NOT-FOR-US: Microsoft ASP.NET CVE-2011-3415 (Open redirect vulnerability in the Forms Authentication feature in the ...) NOT-FOR-US: Microsoft ASP.NET CVE-2011-3414 (The CaseInsensitiveHashProvider.getHashCode function in the HashTable ...) NOT-FOR-US: Microsoft .NET Framework NOTE: Might affect Mono, pinged maintainers CVE-2011-3413 (Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibili ...) NOT-FOR-US: Microsoft PowerPoint CVE-2011-3412 (Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote atta ...) NOT-FOR-US: Microsoft Publisher CVE-2011-3411 (Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitr ...) NOT-FOR-US: Microsoft Publisher CVE-2011-3410 (Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP ...) NOT-FOR-US: Microsoft Publisher CVE-2011-3409 REJECTED CVE-2011-3408 (Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the ...) NOT-FOR-US: Microsoft Windows XP CVE-2011-3407 REJECTED CVE-2011-3406 (Buffer overflow in Active Directory, Active Directory Application Mode ...) NOT-FOR-US: Microsoft Active Directory CVE-2011-3405 REJECTED CVE-2011-3404 (Microsoft Internet Explorer 6 through 9 does not properly use the Cont ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-3403 (Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handl ...) NOT-FOR-US: Microsoft Excel CVE-2011-3402 (Unspecified vulnerability in the TrueType font parsing engine in win32 ...) NOT-FOR-US: Microsoft Windows CVE-2011-3401 (ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windo ...) NOT-FOR-US: Microsoft Media Player CVE-2011-3400 (Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly h ...) NOT-FOR-US: Microsoft Windows XP CVE-2011-3399 REJECTED CVE-2011-3398 REJECTED CVE-2011-3397 (The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 ...) NOT-FOR-US: Microsoft Windows XP CVE-2011-3396 (Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 a ...) NOT-FOR-US: Microsoft PowerPoint CVE-2011-3395 REJECTED CVE-2011-3394 (SQL injection vulnerability in findagent.php in MYRE Real Estate Softw ...) NOT-FOR-US: MYRE Real Estate CVE-2011-3393 (Multiple cross-site scripting (XSS) vulnerabilities in findagent.php i ...) NOT-FOR-US: MYRE Real Estate CVE-2011-3392 (Cross-site scripting (XSS) vulnerability in control.php in the control ...) NOT-FOR-US: Phorum CVE-2011-3391 (IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code t ...) NOT-FOR-US: IBM Rational Build Forge CVE-2011-3354 (The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel b ...) - quassel 0.7.3-1 (low; bug #640960) [squeeze] - quassel 0.6.3-2+squeeze1 (bug #640960) NOTE: http://git.quassel-irc.org/?p=quassel.git;a=commit;h=da215fcb9cd3096a3e223c87577d5d4ab8f8518b CVE-2011-3390 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in IB ...) NOT-FOR-US: IBM OpenAdmin Too CVE-2011-3350 (masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c ...) - masqmail 0.2.30-1 (low; bug #638002) [lenny] - masqmail (no security issue by itself) [squeeze] - masqmail 0.2.27-1.1+squeeze1 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windo ...) {DSA-2398-1 DSA-2368-1 DSA-2358-1 DSA-2356-1 DLA-400-1 DLA-154-1} - sun-java6 (bug #645881) [lenny] - sun-java6 (Non-free not supported) [squeeze] - sun-java6 (Non-free not supported) - openjdk-6 6b23~pre11-1 - openjdk-7 7~b147-2.0-1 - iceweasel NOTE: http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/ - chromium-browser 15.0.874.106~r107270-1 [squeeze] - chromium-browser - lighttpd 1.4.30-1 NOTE: strictly speaking this is no lighttpd issue, but lighttpd adds a workaround - curl 7.24.0-1 NOTE: http://curl.haxx.se/docs/adv_20120124B.html - python2.6 2.6.8-0.1 (bug #684511) [squeeze] - python2.6 (Minor issue) - python2.7 2.7.3~rc1-1 - python3.1 (bug #678998) [squeeze] - python3.1 (Minor issue) - python3.2 3.2.3~rc1-1 NOTE: http://bugs.python.org/issue13885 NOTE: python3.1 is fixed starting 3.1.5 - cyassl - gnutls26 (unimportant) - gnutls28 (unimportant) NOTE: No mitigation for gnutls, it is recommended to use TLS 1.1 or 1.2 which is supported since 2.0.0 - haskell-tls (unimportant) NOTE: No mitigation for haskell-tls, it is recommended to use TLS 1.1, which is supported since 0.2 - matrixssl (low) [squeeze] - matrixssl (Minor issue) [wheezy] - matrixssl (Minor issue) NOTE: matrixssl fix this upstream in 3.2.2 - bouncycastle 1.49+dfsg-1 [squeeze] - bouncycastle (Minor issue) [wheezy] - bouncycastle (Minor issue) NOTE: No mitigation for bouncycastle, it is recommended to use TLS 1.1, which is supported since 1.4.9 - nss 3.13.1.with.ckbi.1.88-1 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=665814 NOTE: https://hg.mozilla.org/projects/nss/rev/7f7446fcc7ab - polarssl (unimportant) NOTE: No mitigation for polarssl, it is recommended to use TLS 1.1, which is supported in all releases - tlslite [wheezy] - tlslite (Minor issue) - pound 2.6-2 NOTE: Pound 2.6-2 added an anti_beast.patch to mitigate BEAST attacks. - erlang 1:15.b-dfsg-1 [squeeze] - erlang (Minor issue) - asterisk 1:13.7.2~dfsg-1 [jessie] - asterisk 1:11.13.1~dfsg-2+deb8u1 [wheezy] - asterisk (Minor issue) [squeeze] - asterisk (Not supported in Squeeze LTS) NOTE: http://downloads.digium.com/pub/security/AST-2016-001.html NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24972 NOTE: patch for 11 (jessie): https://code.asterisk.org/code/changelog/asterisk?cs=f233bcd81d85626ce5bdd27b05bc95d131faf3e4 NOTE: all versions vulnerable, backport required for wheezy CVE-2011-3388 (Opera before 11.51 allows remote attackers to cause an insecure site t ...) NOT-FOR-US: Opera CVE-2011-3387 (The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authent ...) NOT-FOR-US: IBM Java CVE-2011-3386 (Unspecified vulnerability in Medtronic Paradigm wireless insulin pump ...) NOT-FOR-US: Medtronic Paradigm wireless insulin pump CVE-2011-3385 (Cross-site scripting (XSS) vulnerability in WebsiteBaker before 2.8, a ...) NOT-FOR-US: WebsiteBaker CVE-2011-3384 (Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and ...) NOT-FOR-US: Sage CVE-2011-3383 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and ...) NOT-FOR-US: KENT-WEB WEB FORUM CVE-2011-3382 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allow ...) NOT-FOR-US: Phorum CVE-2011-3381 (Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.1 ...) NOT-FOR-US: Phorum CVE-2011-3380 (Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a deni ...) - openswan (vulnerable versions never uploaded to the archive) CVE-2011-3379 (The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __auto ...) - php5 5.3.9-1 [squeeze] - php5 (Introduced in 5.3.7) [lenny] - php5 (Introduced in 5.3.7) CVE-2011-3378 (RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attack ...) - rpm 4.9.1.2-1 (low; bug #645325) [squeeze] - rpm 4.8.1-6+squeeze1 [lenny] - rpm (rpm isn't used a a package manager, very limited attack vector) CVE-2011-3377 (The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x be ...) {DSA-2420-1} - openjdk-6 6b21~pre1-1 - icedtea-web 1.1.4-1 NOTE: Browser plugin was removed in openjdk-6 6b21~pre1-1. CVE-2011-3376 (org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat ...) - tomcat7 7.0.22-1 CVE-2011-3375 (Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not pro ...) {DSA-2401-1} - tomcat6 6.0.33-1 - tomcat7 7.0.22-1 CVE-2011-3374 (It was found that apt-key in apt, all versions, do not correctly valid ...) - apt (unimportant; bug #642480) NOTE: Not exploitable in Debian, since no keyring URI is defined CVE-2011-3373 (Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 do ...) NOT-FOR-US: Views Bulk Operations module for Drupal CVE-2011-3372 (imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2 ...) {DSA-2318-1} - cyrus-imapd-2.2 2.4.11-1 (medium) - cyrus-imapd-2.4 2.4.11-1 (medium) - kolab-cyrus-imapd (medium) [squeeze] - kolab-cyrus-imapd (Unsupported in squeeze-lts) CVE-2011-3371 (Multiple cross-site scripting (XSS) vulnerabilities in include/functio ...) NOT-FOR-US: PunBB CVE-2011-3370 (statusnet before 0.9.9 has XSS ...) - statusnet (bug #491723) CVE-2011-3369 (The add_conversation function in conversations.c in EtherApe before 0. ...) - etherape 0.9.12-1 (low; bug #645324) [lenny] - etherape (Minor issue) [squeeze] - etherape 0.9.8-1+squeeze1 CVE-2011-3368 (The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2 ...) {DSA-2405-1} - apache2 2.2.21-2 (medium) NOTE: http://article.gmane.org/gmane.comp.apache.announce/61 CVE-2011-3367 (Arora, possibly 0.11 and other versions, does not use a certain font w ...) - arora (unimportant) NOTE: Requires CA compromise to exploit, browser still displays warning. CVE-2011-3366 (Rekonq 0.7.0 and earlier does not use a certain font when rendering ce ...) - rekonq (Only affected the 0.8.x devel versions and was fixed before final 0.8 release, see bug #647298) NOTE: http://www.kde.org/info/security/advisory-20111003-1.txt CVE-2011-3365 (The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and poss ...) - kde4libs 4:4.7.2-1 [squeeze] - kde4libs (only 4.6.0 - 4.7.1 are vulnerable) [lenny] - kde4libs (only 4.6.0 - 4.7.1 are vulnerable) CVE-2011-3364 (Incomplete blacklist vulnerability in the svEscape function in setting ...) - network-manager-applet (ifcfg-rh plugin not built/included in Debian) CVE-2011-3363 (The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel be ...) - linux-2.6 2.6.39-1 [squeeze] - linux-2.6 2.6.32-34 [lenny] - linux-2.6 (vulnerability introduced in commit 1bfe73c2) CVE-2011-3362 (Integer signedness error in the decode_residual_block function in cavs ...) {DSA-2336-1} - libav 4:0.7.1-7 (bug #641478) - ffmpeg 7:2.4.1-1 - ffmpeg-debian NOTE: http://www.ocert.org/advisories/ocert-2011-002.html CVE-2011-3361 (Cross-site scripting (XSS) vulnerability in CGI/Browse.pm in BackupPC ...) - backuppc 3.2.1-2 (bug #641450) [squeeze] - backuppc 3.1.0-9.1 NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=f1f1ef74-716d-4af8-b1bf-c1ba6d9a98a1%40SC1EXHC-02.global.atheros.com&forum_name=backuppc-devel NOTE: http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/lib/BackupPC/CGI/Browse.pm?r1=1.23&r2=1.24 CVE-2011-3360 (Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 an ...) {DSA-2324-1} - wireshark 1.6.2-1 (low) NOTE: http://www.wireshark.org/security/wnpa-sec-2011-15.html CVE-2011-3359 (The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux ker ...) - linux-2.6 2.6.39-1 [squeeze] - linux-2.6 2.6.32-34 [lenny] - linux-2.6 (b43 allocate recieve buffer is 2404 bytes, which is already larger than the upstream fix of increasing it to 2382 bytes) CVE-2011-3358 (Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before ...) {DSA-2308-1} - mantis 1.2.7-1 (low; bug #640297) [squeeze] - mantis (Vulnerable code not present) CVE-2011-3357 (Directory traversal vulnerability in bug_actiongroup_ext_page.php in M ...) {DSA-2308-1} - mantis 1.2.7-1 (medium; bug #640297) CVE-2011-3356 (Multiple cross-site scripting (XSS) vulnerabilities in config_defaults ...) - mantis 1.2.7-1 (low; bug #640297) [squeeze] - mantis (Vulnerable code not present) [lenny] - mantis (Vulnerable code not present) CVE-2011-3355 (evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) con ...) - evolution-data-server3 3.2.1-1 (bug #641052) CVE-2011-3353 (Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev ...) {DSA-2389-1} - linux-2.6 3.1.0~rc4-1~experimental.1 (low) [lenny] - linux-2.6 (vulnerable code introduced in commit 3b463ae0) [squeeze] - linux-2.6 2.6.32-36 CVE-2011-3352 (Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improp ...) NOT-FOR-US: Zikula CVE-2011-3351 (openvas-scanner before 2011-09-11 creates a temporary file insecurely ...) - openvas-server (low; bug #641327) [squeeze] - openvas-server (Minor issue) NOTE: openvas-scanner in experimental also affected according to #671327 CVE-2011-3349 (lightdm before 0.9.6 writes in .dmrc and Xauthority files using root p ...) - lightdm 0.9.6-1 (bug #639151) CVE-2011-3348 (The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when ...) - apache2 2.2.21-1 [squeeze] - apache2 2.2.16-6+squeeze4 [lenny] - apache2 (introduced in 2.2.12) CVE-2011-3347 (A certain Red Hat patch to the be2net implementation in the kernel pac ...) - linux-2.6 3.2-1 [squeeze] - linux-2.6 (Vulnerable code not present) CVE-2011-3346 (Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before ...) - qemu-kvm 0.15.1+dfsg-1 (bug #646118) [squeeze] - qemu-kvm (SCSI support in 0.12 generally broken, no complete fix other than updating to 0.15) CVE-2011-3345 (ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ofa_ker ...) - ofa-kernel (bug #541849) CVE-2011-3344 (Cross-site scripting (XSS) vulnerability in the Lookup Login/Password ...) NOT-FOR-US: Red Hat Network Satellite server CVE-2011-3343 (Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to ...) {DSA-2386-1} - openttd 1.1.3-1 NOTE: https://www.openwall.com/lists/oss-security/2011/09/02/4 CVE-2011-3342 (Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attacke ...) {DSA-2386-1} - openttd 1.1.3-1 NOTE: https://www.openwall.com/lists/oss-security/2011/09/02/4 CVE-2011-3341 (Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 al ...) {DSA-2386-1} - openttd 1.1.3-1 NOTE: https://www.openwall.com/lists/oss-security/2011/09/02/4 CVE-2011-3340 (SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remo ...) NOT-FOR-US: ATCOM Netvolution CVE-2011-3339 (Cross-site scripting (XSS) vulnerability in the Admin Control Center i ...) NOT-FOR-US: Sentinel HASP Run-time Environment CVE-2011-3338 RESERVED CVE-2011-3337 (eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 f ...) NOT-FOR-US: eEye Digital Security Audits CVE-2011-3336 (regcomp in the BSD implementation of libc is vulnerable to denial of s ...) NOT-FOR-US: BSD CVE-2011-3335 RESERVED CVE-2011-3334 RESERVED CVE-2011-3333 RESERVED CVE-2011-3332 (Stack-based buffer overflow in Iceni Argus 6.20 and earlier and Infix ...) NOT-FOR-US: Iceni Argus CVE-2011-3331 RESERVED CVE-2011-3330 (Buffer overflow in the UnitelWay Windows Device Driver, as used in Sch ...) NOT-FOR-US: Schneider Electric CVE-2011-3329 RESERVED CVE-2011-3328 (The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color ...) - libpng (Introduced in 1.5.4, which was only in experimental and which has been fixed since then) CVE-2011-3327 (Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ ...) {DSA-2316-1} - quagga 0.99.19-1 CVE-2011-3326 (The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99 ...) {DSA-2316-1} - quagga 0.99.19-1 CVE-2011-3325 (ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attacker ...) {DSA-2316-1} - quagga 0.99.19-1 CVE-2011-3324 (The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 impleme ...) {DSA-2316-1} - quagga 0.99.19-1 CVE-2011-3323 (The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows re ...) {DSA-2316-1} - quagga 0.99.19-1 CVE-2011-3322 (Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon ...) NOT-FOR-US: Scadatec Limited Procyon SCADA CVE-2011-3321 (Heap-based buffer overflow in the Siemens WinCC Runtime Advanced Loade ...) NOT-FOR-US: SIMATIC WinCC CVE-2011-3320 (Cross-site scripting (XSS) vulnerability in the Web Administrator comp ...) NOT-FOR-US: GE Intelligent Platforms Proficy Historian CVE-2011-3319 (Buffer overflow in the WRF parsing functionality in the Cisco WebEx Re ...) NOT-FOR-US: WebEx CVE-2011-3318 (Cisco Video Surveillance 2421 and 2500 series cameras with software 1. ...) NOT-FOR-US: Cisco CVE-2011-3317 (Multiple cross-site scripting (XSS) vulnerabilities in the Solution En ...) NOT-FOR-US: Cisco CVE-2011-3316 RESERVED CVE-2011-3315 (Directory traversal vulnerability in Cisco Unified Communications Mana ...) NOT-FOR-US: Cisco CVE-2011-3314 RESERVED CVE-2011-3313 RESERVED CVE-2011-3312 RESERVED CVE-2011-3311 RESERVED CVE-2011-3310 (The Home Page component in Cisco CiscoWorks Common Services before 4.1 ...) NOT-FOR-US: Cisco CiscoWorks CVE-2011-3309 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...) NOT-FOR-US: Cisco CVE-2011-3308 RESERVED CVE-2011-3307 RESERVED CVE-2011-3306 RESERVED CVE-2011-3305 (Directory traversal vulnerability in Cisco Network Admission Control ( ...) NOT-FOR-US: Cisco Network Admission Control CVE-2011-3304 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...) NOT-FOR-US: Cisco CVE-2011-3303 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...) NOT-FOR-US: Cisco CVE-2011-3302 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...) NOT-FOR-US: Cisco CVE-2011-3301 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...) NOT-FOR-US: Cisco CVE-2011-3300 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...) NOT-FOR-US: Cisco CVE-2011-3299 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...) NOT-FOR-US: Cisco CVE-2011-3298 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...) NOT-FOR-US: Cisco CVE-2011-3297 (Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 befo ...) NOT-FOR-US: Cisco CVE-2011-3296 (Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 befo ...) NOT-FOR-US: Cisco CVE-2011-3295 (The NETIO and IPV4_IO processes in Cisco IOS XR 3.8 through 4.1, as us ...) NOT-FOR-US: Cisco IOS XR CVE-2011-3294 (Cross-site scripting (XSS) vulnerability in the login page in the admi ...) NOT-FOR-US: Cisco TelePresence CVE-2011-3293 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Solu ...) NOT-FOR-US: Cisco CVE-2011-3292 RESERVED CVE-2011-3291 RESERVED CVE-2011-3290 (Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Orac ...) NOT-FOR-US: Cisco CVE-2011-3289 (Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate attac ...) NOT-FOR-US: Cisco IOS CVE-2011-3288 (Cisco Unified Presence before 8.5(4) does not properly detect recursio ...) NOT-FOR-US: Cisco CVE-2011-3287 (Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x t ...) NOT-FOR-US: Cisco CVE-2011-3286 RESERVED CVE-2011-3285 (CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive ...) NOT-FOR-US: Cisco CVE-2011-3284 RESERVED CVE-2011-3283 (Cisco Carrier Routing System 3.9.1 allows remote attackers to cause a ...) NOT-FOR-US: Cisco CVE-2011-3282 (Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15 ...) NOT-FOR-US: Cisco CVE-2011-3281 (Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in certain H ...) NOT-FOR-US: Cisco CVE-2011-3280 (Memory leak in the NAT implementation in Cisco IOS 12.1 through 12.4 a ...) NOT-FOR-US: Cisco CVE-2011-3279 (The provider-edge MPLS NAT implementation in Cisco IOS 12.1 through 12 ...) NOT-FOR-US: Cisco CVE-2011-3278 (Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 ...) NOT-FOR-US: Cisco CVE-2011-3277 (Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 ...) NOT-FOR-US: Cisco CVE-2011-3276 (Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 ...) NOT-FOR-US: Cisco CVE-2011-3275 (Memory leak in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x throug ...) NOT-FOR-US: Cisco CVE-2011-3274 (Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15 ...) NOT-FOR-US: Cisco CVE-2011-3273 (Memory leak in Cisco IOS 15.0 through 15.1, when IPS or Zone-Based Fir ...) NOT-FOR-US: Cisco CVE-2011-3272 (The IP Service Level Agreement (IP SLA) functionality in Cisco IOS 15. ...) NOT-FOR-US: Cisco CVE-2011-3271 (Unspecified vulnerability in the Smart Install functionality in Cisco ...) NOT-FOR-US: Cisco CVE-2011-3270 (Unspecified vulnerability in Cisco IOS 12.2SB before 12.2(33)SB10 and ...) NOT-FOR-US: Cisco CVE-2011-3269 (Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allo ...) NOT-FOR-US: Lexmark CVE-2011-3268 (Buffer overflow in the crypt function in PHP before 5.3.7 allows conte ...) - php5 5.3.8-1 [squeeze] - php5 (Only affected 5.3.7) [lenny] - php5 (Only affected 5.3.7) CVE-2011-3267 (PHP before 5.3.7 does not properly implement the error_log function, w ...) {DSA-2408-1} - php5 5.3.7-1 [squeeze] - php5 (Vulnerable code not present) [lenny] - php5 (Vulnerable code not present) CVE-2011-3266 (The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and ...) - wireshark 1.6.2-1 (unimportant) NOTE: no code injection, not treated as a security issue, see README.Debian.security CVE-2011-3265 (popup.php in Zabbix before 1.8.7 allows remote attackers to read the c ...) - zabbix 1:1.8.9-1 [squeeze] - zabbix (Not supported in Squeeze LTS) CVE-2011-3264 (Zabbix before 1.8.6 allows remote attackers to obtain sensitive inform ...) - zabbix 1:1.8.6-1 (unimportant) [squeeze] - zabbix (Not supported in Squeeze LTS) NOTE: Installation path is known anyway for the Debian package CVE-2011-3263 (zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows con ...) - zabbix 1:1.8.6-1 [squeeze] - zabbix (Not supported in Squeeze LTS) CVE-2011-3262 (tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow ...) {DSA-2337-1} - xen 4.1.1-1 - xen-3 [lenny] - xen-3 (Minor issue; only marginally affected) CVE-2011-3261 (Double free vulnerability in OfficeImport in Apple iOS before 5 allows ...) NOT-FOR-US: Apple iOS CVE-2011-3260 (Buffer overflow in OfficeImport in Apple iOS before 5 allows remote at ...) NOT-FOR-US: Apple iOS CVE-2011-3259 (The kernel in Apple iOS before 5 and Apple TV before 4.4 does not prop ...) NOT-FOR-US: Apple iOS CVE-2011-3258 RESERVED CVE-2011-3257 (The Data Access component in Apple iOS before 5 does not properly hand ...) NOT-FOR-US: Apple iOS CVE-2011-3256 (FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5 ...) {DSA-2328-1} - freetype 2.4.7-1 (bug #646120) CVE-2011-3255 (CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspe ...) NOT-FOR-US: Apple iOS CVE-2011-3254 (Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS befo ...) NOT-FOR-US: Apple iOS CVE-2011-3253 (CalDAV in Apple iOS before 5 does not validate X.509 certificates for ...) NOT-FOR-US: Apple iOS CVE-2011-3252 (Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, all ...) NOT-FOR-US: Apple iTunes CVE-2011-3251 (Apple QuickTime before 7.7.1 on Windows allows remote attackers to exe ...) NOT-FOR-US: Apple QuickTime CVE-2011-3250 (Integer overflow in Apple QuickTime before 7.7.1 allows remote attacke ...) NOT-FOR-US: Apple QuickTime CVE-2011-3249 (Buffer overflow in Apple QuickTime before 7.7.1 allows remote attacker ...) NOT-FOR-US: Apple QuickTime CVE-2011-3248 (Integer signedness error in Apple QuickTime before 7.7.1 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2011-3247 (Integer overflow in Apple QuickTime before 7.7.1 on Windows allows rem ...) NOT-FOR-US: Apple QuickTime CVE-2011-3246 (CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 do ...) NOT-FOR-US: Apple iOS CVE-2011-3245 (The Keyboards component in Apple iOS before 5 displays the final chara ...) NOT-FOR-US: Apple iOS CVE-2011-3244 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-3243 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple i ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-3242 (The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X ...) NOT-FOR-US: Apple Safari CVE-2011-3241 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-3240 RESERVED CVE-2011-3239 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-3238 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-3237 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-3236 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-3235 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-3234 (Google Chrome before 14.0.835.163 does not properly handle boxes, whic ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/92132 CVE-2011-3233 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-3232 (YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, a ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 7.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) - icedove (Only affects Thunderbird 5) CVE-2011-3231 (The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before ...) NOT-FOR-US: Apple Safari CVE-2011-3230 (Apple Safari before 5.1.1 on Mac OS X does not enforce an intended pol ...) NOT-FOR-US: Apple Safari CVE-2011-3229 (Directory traversal vulnerability in Apple Safari before 5.1.1 allows ...) NOT-FOR-US: Apple Safari CVE-2011-3228 (QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to e ...) NOT-FOR-US: QuickTime in Apple Mac OS X CVE-2011-3227 (libsecurity in Apple Mac OS X before 10.7.2 does not properly handle e ...) NOT-FOR-US: libsecurity in Apple Mac OS X CVE-2011-3226 (Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 se ...) NOT-FOR-US: Open Directory in Apple Mac OS X CVE-2011-3225 (The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 doe ...) NOT-FOR-US: SMB File Server component in Apple Mac OS X CVE-2011-3224 (The User Documentation component in Apple Mac OS X through 10.6.8 uses ...) NOT-FOR-US: User Documentation component in Apple Mac OS X CVE-2011-3223 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows re ...) NOT-FOR-US: QuickTime in Apple Mac OS X CVE-2011-3222 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows re ...) NOT-FOR-US: QuickTime in Apple Mac OS X CVE-2011-3221 (QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the ...) NOT-FOR-US: QuickTime in Apple Mac OS X CVE-2011-3220 (QuickTime in Apple Mac OS X before 10.7.2 does not properly process UR ...) NOT-FOR-US: QuickTime in Apple Mac OS X CVE-2011-3219 (Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, all ...) NOT-FOR-US: Apple CoreMedia CVE-2011-3218 (The "Save for Web" selection in QuickTime Player in Apple Mac OS X thr ...) NOT-FOR-US: QuickTime in Apple Mac OS X CVE-2011-3217 (MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to e ...) NOT-FOR-US: Mac OS X CVE-2011-3216 (The kernel in Apple Mac OS X before 10.7.2 does not properly implement ...) NOT-FOR-US: kernel in Apple Mac OS X CVE-2011-3215 (The kernel in Apple Mac OS X before 10.7.2 does not properly prevent F ...) NOT-FOR-US: kernel in Apple Mac OS X CVE-2011-3214 (IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a ...) NOT-FOR-US: IOGraphics in Apple Mac OS X CVE-2011-3213 (The File Systems component in Apple Mac OS X before 10.7.2 does not pr ...) NOT-FOR-US: File Systems component in Apple Mac OS X CVE-2011-3212 (CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that ...) NOT-FOR-US: CoreStorage in Apple Mac OS X CVE-2011-3211 (The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remo ...) {DSA-2302-1} - bcfg2 1.1.2-2 (bug #640028) NOTE: information as reported by maintainer CVE-2011-3210 (The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through ...) - openssl 1.0.0e-1 [lenny] - openssl 0.9.8g-15+lenny13 [squeeze] - openssl 0.9.8o-4squeeze3 CVE-2011-3209 (The div_long_long_rem implementation in include/asm-x86/div64.h in the ...) - linux-2.6 2.6.26-1 CVE-2011-3208 (Stack-based buffer overflow in the split_wildmats function in nntpd.c ...) {DSA-2318-1} - cyrus-imapd-2.2 2.4.11-1 (medium) - cyrus-imapd-2.4 2.4.11-1 (medium) - kolab-cyrus-imapd (medium) [squeeze] - kolab-cyrus-imapd (Unsupported in squeeze-lts) CVE-2011-3207 (crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initial ...) - openssl 1.0.0e-1 [squeeze] - openssl (only affects 1.0.0 through 1.0.0d) [lenny] - openssl (only affects 1.0.0 through 1.0.0d) CVE-2011-3206 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...) NOT-FOR-US: RHQ CVE-2011-3205 (Buffer overflow in the gopherToHTML function in gopher.cc in the Gophe ...) {DSA-2304-1} - squid3 3.1.15-1 (low; bug #639755) - squid (Only a buffer overflow in Squid 3, see https://bugzilla.redhat.com/show_bug.cgi?id=734583#c4) NOTE: http://www.squid-cache.org/Advisories/SQUID-2011_3.txt CVE-2011-3204 (hammerhead.cc in Hammerhead 2.1.4 allows local users to write to arbit ...) - hammerhead (bug #639890) [lenny] - hammerhead (Minor issue) [squeeze] - hammerhead (Minor issue) NOTE: https://launchpad.net/bugs/826679 CVE-2011-3203 (A Code Execution vulnerability exists the attachment parameter to inde ...) NOT-FOR-US: Jcow CVE-2011-3202 (A Cross-Site Scripting (XSS) vulnerability exists in the g parameter t ...) NOT-FOR-US: Jcow CVE-2011-3201 (GNOME Evolution before 3.2.3 allows user-assisted remote attackers to ...) - evolution (unimportant) NOTE: Any attacks still involve quite some social engineering CVE-2011-3200 (Stack-based buffer overflow in the parseLegacySyslogMsg function in to ...) - rsyslog 5.8.5-1 (low; bug #644611) [squeeze] - rsyslog (Minor issue) [lenny] - rsyslog (Minor issue) NOTE: off-by-one/-two limited to 0 or :0 CVE-2011-3199 (Multiple cross-site scripting (XSS) vulnerabilities in Domain Technolo ...) {DSA-2365-1} - dtc 0.34.1-1 (bug #637584) CVE-2011-3198 (Domain Technologie Control (DTC) before 0.34.1 includes a password in ...) {DSA-2365-1} - dtc 0.34.1-1 (bug #637537) CVE-2011-3197 (SQL injection vulnerability in Domain Technologie Control (DTC) before ...) {DSA-2365-1} - dtc 0.34.1-1 (bug #637487; bug #637498) CVE-2011-3196 (The setup script in Domain Technologie Control (DTC) before 0.34.1 use ...) {DSA-2365-1} - dtc 0.34.1-1 (bug #637485) CVE-2011-3195 (shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0. ...) {DSA-2365-1} - dtc 0.34.1-1 (bug #637477) CVE-2011-3194 (Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt ...) {DLA-117-1} - qt4-x11 4:4.7.4-1 (bug #641738) CVE-2011-3193 (Heap-based buffer overflow in the Lookup_MarkMarkPos function in the H ...) {DLA-117-1} - qt4-x11 4:4.7.4-1 (bug #641738) - pango1.0 1.28.3-1 NOTE: affected code in pango1.0 removed earlier, but this is the version checked (lenny is affected) CVE-2011-3192 (The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2. ...) {DSA-2298-1} - apache2 2.2.19-2 CVE-2011-3191 (Integer signedness error in the CIFSFindNext function in fs/cifs/cifss ...) {DSA-2310-1 DSA-2303-1} - linux-2.6 3.0.0-5 CVE-2011-3190 (Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 ...) {DSA-2401-1} - tomcat6 6.0.35-1 - tomcat7 7.0.21-1 - tomcat5.5 CVE-2011-3189 (The crypt function in PHP 5.3.7, when the MD5 hash type is used, retur ...) - php5 5.3.8-1 [squeeze] - php5 (Introduced in 5.3.7) [lenny] - php5 (Introduced in 5.3.7) CVE-2011-3188 (The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3 ...) {DSA-2310-1 DSA-2303-1} - linux-2.6 3.0.0-2 CVE-2011-3187 (The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip ...) - rails (unimportant) NOTE: X-Forwarded-For header is user supplied (like User-Agent) CVE-2011-3186 (CRLF injection vulnerability in actionpack/lib/action_controller/respo ...) {DSA-2301-1} - rails 2.3.14 CVE-2011-3185 (gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted rem ...) - pidgin (Windows-specific) CVE-2011-3184 (The msn_httpconn_parse_data function in httpconn.c in the MSN protocol ...) - pidgin 2.10.0-1 (unimportant) NOTE: Only exploitable by a malicious MSN server to crash the client CVE-2011-3183 (A Cross-Site Scripting (XSS) vulnerability exists in the rcID paramete ...) NOT-FOR-US: Concrete CMS CVE-2011-3182 (PHP before 5.3.7 does not properly check the return values of the mall ...) {DSA-2408-1} - php5 5.3.7-1 (unimportant) NOTE: exploitable by malicious scripts only CVE-2011-3181 (Multiple cross-site scripting (XSS) vulnerabilities in the Tracking fe ...) {DSA-2391-1} - phpmyadmin 4:3.4.4-1 [lenny] - phpmyadmin (Vulnerable code not present) CVE-2011-3180 (kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 an ...) NOT-FOR-US: Suse kiwi (different from python-kiwi) CVE-2011-3179 (The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and ...) NOT-FOR-US: Novell Messenger CVE-2011-3178 (In the web ui of the openbuildservice before 2.3.0 a code injection of ...) - open-build-service (Fixed before initial upload to Debian) CVE-2011-3177 (The YaST2 network created files with world readable permissions which ...) NOT-FOR-US: YaST CVE-2011-3176 (Stack-based buffer overflow in the Preboot Service in Novell ZENworks ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2011-3175 (Stack-based buffer overflow in the Preboot Service in Novell ZENworks ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2011-3174 (Buffer overflow in the DoFindReplace function in the ISGrid.Grid2.1 Ac ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2011-3173 (Stack-based buffer overflow in the GetDriverSettings function in nippl ...) NOT-FOR-US: Novell Open Enterprise Server CVE-2011-3172 (A vulnerability in pam_modules of SUSE Linux Enterprise allows attacke ...) - libpam-unix2 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=707645 NOTE: Issue was not fixed up to the version removed from unstable. NOTE: Proposed update form SUSE: https://bugzilla.suse.com/attachment.cgi?id=441720 CVE-2011-3171 (Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly oth ...) NOT-FOR-US: pure-FTPd add-on CVE-2011-3170 (The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earl ...) {DSA-2354-1} - cups 1.5.0-8 NOTE: This ID is for an incomplete fix for CVE-2011-2896 CVE-2011-3169 (Unspecified vulnerability in the SMTP service implementation in HP TCP ...) NOT-FOR-US: HP OpenVMS CVE-2011-3168 (Unspecified vulnerability in the POP and IMAP service implementations ...) NOT-FOR-US: HP OpenVMS CVE-2011-3167 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) NOT-FOR-US: HP OpenView CVE-2011-3166 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) NOT-FOR-US: HP OpenView CVE-2011-3165 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) NOT-FOR-US: HP OpenView CVE-2011-3164 (Unspecified vulnerability in HP-UX Containers (formerly HP-UX Secure R ...) NOT-FOR-US: HP-UX CVE-2011-3163 (HP MFP Digital Sending Software 4.9x through 4.91.21 allows local user ...) NOT-FOR-US: HP MFP Digital Sending Software CVE-2011-3162 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...) NOT-FOR-US: HP Data Protector CVE-2011-3161 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...) NOT-FOR-US: HP Data Protector CVE-2011-3160 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...) NOT-FOR-US: HP Data Protector CVE-2011-3159 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...) NOT-FOR-US: HP Data Protector CVE-2011-3158 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...) NOT-FOR-US: HP Data Protector CVE-2011-3157 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...) NOT-FOR-US: HP Data Protector CVE-2011-3156 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...) NOT-FOR-US: HP Data Protector CVE-2011-3155 (Unspecified vulnerability in HP Onboard Administrator (OA) 3.21 throug ...) NOT-FOR-US: HP Onboard Administrator CVE-2011-3154 (DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1 ...) - update-manager (ubuntu-specific issue) NOTE: see bug #650307 CVE-2011-3153 (dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows loca ...) - lightdm 1.0.6-2 CVE-2011-3152 (DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87. ...) - update-manager (ubuntu-specific issue) NOTE: see bug #650307 CVE-2011-3151 (The Ubuntu SELinux initscript before version 1:0.10 used touch to crea ...) NOT-FOR-US: Historic Ubuntu init script issue CVE-2011-3150 (Software Center in Ubuntu 11.10, 11.04 10.10 does not properly validat ...) - software-center (ubuntu-specific issue) NOTE: debian package does not contain the vulnerable purchaseview.py code, and probably won't ever as that's part of their commercial interface code CVE-2011-3149 (The _expand_arg function in the pam_env module (modules/pam_env/pam_en ...) {DSA-2326-1} - pam 1.1.3-5 [lenny] - pam (user_env parsing not yet available) CVE-2011-3148 (Stack-based buffer overflow in the _assemble_line function in modules/ ...) {DSA-2326-1} - pam 1.1.3-5 [lenny] - pam (user_env parsing not yet available) CVE-2011-3147 (Versions of nova before 2012.1 could expose hypervisor host files to a ...) - nova 2012.1~e1-1 NOTE: http://bazaar.launchpad.net/~hudson-openstack/nova/trunk/revision/1604 CVE-2011-3146 (librsvg before 2.34.1 uses the node name to identify the type of node, ...) - librsvg 2.34.1-1 [squeeze] - librsvg (Minor issue) NOTE: http://git.gnome.org/browse/librsvg/commit/?id=34c95743ca692ea0e44778e41a7c0a129363de84 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=658014 CVE-2011-3145 (When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreui ...) {DSA-2382-1} - ecryptfs-utils 92-1 [lenny] - ecryptfs-utils (Vulnerable code not present) CVE-2011-3144 (Cross-site scripting (XSS) vulnerability in Control Microsystems Clear ...) NOT-FOR-US: Control Microsystems ClearSCADA CVE-2011-3143 (Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, ...) NOT-FOR-US: Control Microsystems ClearSCADA CVE-2011-3142 (Stack-based buffer overflow in an ActiveX control in KVWebSvr.dll in W ...) NOT-FOR-US: WellinTech KingView CVE-2011-3141 (Buffer overflow in the InBatch BatchField ActiveX control for Invensys ...) NOT-FOR-US: Wonderware InBatch CVE-2011-3140 (IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX ...) NOT-FOR-US: IBM Web Application Firewall CVE-2011-3139 REJECTED CVE-2011-3138 (The LTPA STS module support implementation in IBM Tivoli Federated Ide ...) NOT-FOR-US: Tivoli CVE-2011-3137 (Unspecified vulnerability in the Management Console in IBM Tivoli Fede ...) NOT-FOR-US: Tivoli CVE-2011-3136 (Unspecified vulnerability in the Management Console in IBM Tivoli Fede ...) NOT-FOR-US: Tivoli CVE-2011-3135 (Unspecified vulnerability in the Runtime in IBM Tivoli Federated Ident ...) NOT-FOR-US: Tivoli CVE-2011-3134 (Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, ...) NOT-FOR-US: TIBCO Spotfire Server CVE-2011-3133 (Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3 ...) NOT-FOR-US: TIBCO Spotfire Server CVE-2011-3132 (Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0. ...) NOT-FOR-US: TIBCO Spotfire Server CVE-2011-3131 (Xen 4.1.1 and earlier allows local guest OS kernels with control of a ...) {DSA-2582-1} - xen 4.1.2-1 CVE-2011-3130 (wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before ...) {DSA-2470-1} - wordpress 3.2.1+dfsg-1 NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce CVE-2011-3129 (The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 be ...) {DSA-2470-1} - wordpress 3.2.1+dfsg-1 NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce CVE-2011-3128 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached att ...) {DSA-2470-1} - wordpress 3.2.1+dfsg-1 NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce CVE-2011-3127 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rend ...) {DSA-2470-1} - wordpress 3.2.1+dfsg-1 NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce CVE-2011-3126 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attacke ...) {DSA-2470-1} - wordpress 3.2.1+dfsg-1 NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce CVE-2011-3125 (Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before ...) {DSA-2470-1} - wordpress 3.2.1+dfsg-1 NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce CVE-2011-3124 (IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, a ...) NOT-FOR-US: InfoSphere CVE-2011-3123 (IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, a ...) NOT-FOR-US: InfoSphere CVE-2011-3122 (Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before ...) {DSA-2470-1} - wordpress 3.2.1+dfsg-1 NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce NOTE: original advisory seems to be http://technet.microsoft.com/en-us/security/msvr/msvr11-010 CVE-2011-3121 RESERVED CVE-2011-3120 REJECTED CVE-2011-3119 REJECTED CVE-2011-3118 REJECTED CVE-2011-3117 REJECTED CVE-2011-3116 REJECTED CVE-2011-3115 (Google V8, as used in Google Chrome before 19.0.1084.52, allows remote ...) - libv8 (Only affects >= 3.9, bug #687574) CVE-2011-3114 (Multiple buffer overflows in the PDF functionality in Google Chrome be ...) - chromium-browser (PDF functionality not built) [squeeze] - chromium-browser CVE-2011-3113 (The PDF functionality in Google Chrome before 19.0.1084.52 does not pr ...) - chromium-browser (PDF functionality not built) [squeeze] - chromium-browser CVE-2011-3112 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...) - chromium-browser (PDF functionality specific to Chrome) [squeeze] - chromium-browser CVE-2011-3111 (Google V8, as used in Google Chrome before 19.0.1084.52, allows remote ...) - libv8 3.8.9.20-2 (bug #687574) [squeeze] - libv8 (Unsupported in squeeze-lts) CVE-2011-3110 (The PDF functionality in Google Chrome before 19.0.1084.52 allows remo ...) - chromium-browser (PDF functionality not built) [squeeze] - chromium-browser CVE-2011-3109 (Google Chrome before 19.0.1084.52 on Linux does not properly perform a ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2011-3108 (Use-after-free vulnerability in Google Chrome before 19.0.1084.52 allo ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2011-3107 (Google Chrome before 19.0.1084.52 does not properly implement JavaScri ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2011-3106 (The WebSockets implementation in Google Chrome before 19.0.1084.52 doe ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2011-3105 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2011-3104 (Skia, as used in Google Chrome before 19.0.1084.52, allows remote atta ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2011-3103 (Google V8, as used in Google Chrome before 19.0.1084.52, does not prop ...) - libv8 (Only affects >= 3.9, bug #687574) CVE-2011-3102 (Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084 ...) {DSA-2479-1} - libxml2 2.7.8.dfsg-9.1 (bug #674191) NOTE: http://git.gnome.org/browse/libxml2/commit/?id=d8e1faeaa99c7a7c07af01c1c72de352eb590a3e CVE-2011-3101 (Google Chrome before 19.0.1084.46 on Linux does not properly mitigate ...) [squeeze] - chromium-browser - chromium-browser 20.0.1132.21~r139451-1 CVE-2011-3100 (Google Chrome before 19.0.1084.46 does not properly draw dash paths, w ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2011-3099 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...) - chromium-browser (PDF viewer not included in Chromium) [squeeze] - chromium-browser CVE-2011-3098 (Google Chrome before 19.0.1084.46 on Windows uses an incorrect search ...) - chromium-browser (Windows-specific) [squeeze] - chromium-browser CVE-2011-3097 (The PDF functionality in Google Chrome before 19.0.1084.46 allows remo ...) - chromium-browser (PDF functionality not built) [squeeze] - chromium-browser CVE-2011-3096 (Use-after-free vulnerability in Google Chrome before 19.0.1084.46 on L ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2011-3095 (The OGG container in Google Chrome before 19.0.1084.46 allows remote a ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2011-3094 (Google Chrome before 19.0.1084.46 does not properly handle Tibetan tex ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2011-3093 (Google Chrome before 19.0.1084.46 does not properly handle glyphs, whi ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2011-3092 (The regex implementation in Google V8, as used in Google Chrome before ...) - libv8 (Only affects >= 3.9, bug #687574) CVE-2011-3091 (Use-after-free vulnerability in the IndexedDB implementation in Google ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2011-3089 (Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allo ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2011-3088 (Google Chrome before 19.0.1084.46 does not properly draw hairlines, wh ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2011-3087 (Google Chrome before 19.0.1084.46 does not properly perform window nav ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2011-3086 (Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allo ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2011-3085 (The Autofill feature in Google Chrome before 19.0.1084.46 does not pro ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2011-3084 (Google Chrome before 19.0.1084.46 does not use a dedicated process for ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2011-3083 (browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0. ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2011-3082 RESERVED CVE-2011-3081 (Use-after-free vulnerability in Google Chrome before 18.0.1025.168 all ...) - chromium-browser 18.0.1025.168~r134367-1 [squeeze] - chromium-browser CVE-2011-3080 (Race condition in the Inter-process Communication (IPC) implementation ...) - chromium-browser 18.0.1025.168~r134367-1 [squeeze] - chromium-browser CVE-2011-3079 (The Inter-process Communication (IPC) implementation in Google Chrome ...) {DSA-3260-1} - chromium-browser 18.0.1025.168~r134367-1 [squeeze] - chromium-browser - iceweasel (Only affects Firefox on Windows) - icedove (Only affects Thunderbird on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-57/ CVE-2011-3078 (Use-after-free vulnerability in Google Chrome before 18.0.1025.168 all ...) - chromium-browser 18.0.1025.168~r134367-1 [squeeze] - chromium-browser CVE-2011-3077 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 all ...) - chromium-browser 18.0.1025.151~r130497-1 [squeeze] - chromium-browser CVE-2011-3076 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 all ...) - chromium-browser 18.0.1025.151~r130497-1 [squeeze] - chromium-browser CVE-2011-3075 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 all ...) - chromium-browser 18.0.1025.151~r130497-1 [squeeze] - chromium-browser CVE-2011-3074 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 all ...) - chromium-browser 18.0.1025.151~r130497-1 [squeeze] - chromium-browser CVE-2011-3073 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 all ...) - chromium-browser 18.0.1025.151~r130497-1 [squeeze] - chromium-browser CVE-2011-3072 (Google Chrome before 18.0.1025.151 allows remote attackers to bypass t ...) - chromium-browser 18.0.1025.151~r130497-1 [squeeze] - chromium-browser CVE-2011-3071 (Use-after-free vulnerability in the HTMLMediaElement implementation in ...) - chromium-browser 18.0.1025.151~r130497-1 [squeeze] - chromium-browser CVE-2011-3070 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 all ...) - chromium-browser 18.0.1025.151~r130497-1 [squeeze] - chromium-browser CVE-2011-3069 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...) - chromium-browser 18.0.1025.151~r130497-1 [squeeze] - chromium-browser CVE-2011-3068 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...) - chromium-browser 18.0.1025.151~r130497-1 [squeeze] - chromium-browser CVE-2011-3067 (Google Chrome before 18.0.1025.151 allows remote attackers to bypass t ...) - chromium-browser 18.0.1025.151~r130497-1 [squeeze] - chromium-browser CVE-2011-3066 (Skia, as used in Google Chrome before 18.0.1025.151, does not properly ...) - chromium-browser 18.0.1025.151~r130497-1 [squeeze] - chromium-browser CVE-2011-3065 (Skia, as used in Google Chrome before 18.0.1025.142, allows remote att ...) - chromium-browser 18.0.1025.142~r129054-1 [squeeze] - chromium-browser CVE-2011-3064 (Use-after-free vulnerability in Google Chrome before 18.0.1025.142 all ...) [squeeze] - chromium-browser - chromium-browser 18.0.1025.142~r129054-1 CVE-2011-3063 (Google Chrome before 18.0.1025.142 does not properly validate the rend ...) - chromium-browser 18.0.1025.142~r129054-1 [squeeze] - chromium-browser CVE-2011-3062 (Off-by-one error in the OpenType Sanitizer in Google Chrome before 18. ...) - chromium-browser 18.0.1025.142~r129054-1 [squeeze] - chromium-browser - icedove 10.0.4-1 [squeeze] - icedove (Vulnerable code not present) - iceweasel 10.0.4esr-1 [squeeze] - iceweasel (Vulnerable code not present) - iceape 2.7.4-1 [squeeze] - iceape (Vulnerable code not present) CVE-2011-3061 (Google Chrome before 18.0.1025.142 does not properly check X.509 certi ...) - chromium-browser 18.0.1025.142~r129054-1 [squeeze] - chromium-browser CVE-2011-3060 (Google Chrome before 18.0.1025.142 does not properly handle text fragm ...) - chromium-browser 18.0.1025.142~r129054-1 [squeeze] - chromium-browser CVE-2011-3059 (Google Chrome before 18.0.1025.142 does not properly handle SVG text e ...) - chromium-browser 18.0.1025.142~r129054-1 [squeeze] - chromium-browser CVE-2011-3058 (Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP ...) - chromium-browser 18.0.1025.142~r129054-1 [squeeze] - chromium-browser CVE-2011-3057 (Google V8, as used in Google Chrome before 17.0.963.83, allows remote ...) - libv8 3.8.9.20-1 (bug #687574) [squeeze] - libv8 (Unsupported in squeeze-lts) NOTE: http://code.google.com/p/chromium/issues/detail?id=117794 NOTE: access restricted to chrome/libv8 bug log, so uncheckable CVE-2011-3056 (Google Chrome before 17.0.963.83 allows remote attackers to bypass the ...) - chromium-browser 17.0.963.83~r127885-1 [squeeze] - chromium-browser CVE-2011-3055 (The browser native UI in Google Chrome before 17.0.963.83 does not req ...) - chromium-browser 17.0.963.83~r127885-1 [squeeze] - chromium-browser CVE-2011-3054 (The WebUI privilege implementation in Google Chrome before 17.0.963.83 ...) - chromium-browser 17.0.963.83~r127885-1 [squeeze] - chromium-browser CVE-2011-3053 (Use-after-free vulnerability in Google Chrome before 17.0.963.83 allow ...) - chromium-browser 17.0.963.83~r127885-1 [squeeze] - chromium-browser CVE-2011-3052 (The WebGL implementation in Google Chrome before 17.0.963.83 does not ...) - chromium-browser 17.0.963.83~r127885-1 [squeeze] - chromium-browser CVE-2011-3051 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...) - chromium-browser 17.0.963.83~r127885-1 [squeeze] - chromium-browser CVE-2011-3050 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...) - chromium-browser 17.0.963.83~r127885-1 [squeeze] - chromium-browser CVE-2011-3049 (Google Chrome before 17.0.963.83 does not properly restrict the extens ...) - chromium-browser 17.0.963.83~r127885-1 [squeeze] - chromium-browser CVE-2011-3048 (The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, ...) {DSA-2446-1} - libpng 1.2.49-1 (bug #667475) CVE-2011-3047 (The GPU process in Google Chrome before 17.0.963.79 allows remote atta ...) - chromium-browser 17.0.963.83~r127885-1 [squeeze] - chromium-browser CVE-2011-3046 (The extension subsystem in Google Chrome before 17.0.963.78 does not p ...) - chromium-browser 17.0.963.78~r125577-1 [squeeze] - chromium-browser CVE-2011-3045 (Integer signedness error in the png_inflate function in pngrutil.c in ...) {DSA-2439-1} - libpng 1.2.47-2 (bug #665208; high) CVE-2011-3044 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...) - chromium-browser 17.0.963.66~r124982-1 [squeeze] - chromium-browser CVE-2011-3043 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...) - chromium-browser 17.0.963.66~r124982-1 [squeeze] - chromium-browser CVE-2011-3042 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...) - chromium-browser 17.0.963.66~r124982-1 [squeeze] - chromium-browser CVE-2011-3041 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...) - chromium-browser 17.0.963.66~r124982-1 [squeeze] - chromium-browser CVE-2011-3040 (Google Chrome before 17.0.963.65 does not properly handle text, which ...) - chromium-browser 17.0.963.66~r124982-1 [squeeze] - chromium-browser CVE-2011-3039 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...) - chromium-browser 17.0.963.66~r124982-1 [squeeze] - chromium-browser CVE-2011-3038 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...) - chromium-browser 17.0.963.66~r124982-1 [squeeze] - chromium-browser CVE-2011-3037 (Google Chrome before 17.0.963.65 does not properly perform casts of un ...) - chromium-browser 17.0.963.66~r124982-1 [squeeze] - chromium-browser CVE-2011-3036 (Google Chrome before 17.0.963.65 does not properly perform a cast of a ...) - chromium-browser 17.0.963.66~r124982-1 [squeeze] - chromium-browser CVE-2011-3035 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...) - chromium-browser 17.0.963.66~r124982-1 [squeeze] - chromium-browser CVE-2011-3034 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...) - chromium-browser 17.0.963.66~r124982-1 [squeeze] - chromium-browser CVE-2011-3033 (Buffer overflow in Skia, as used in Google Chrome before 17.0.963.65, ...) - chromium-browser 17.0.963.66~r124982-1 [squeeze] - chromium-browser CVE-2011-3032 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...) - chromium-browser 17.0.963.66~r124982-1 [squeeze] - chromium-browser CVE-2011-3031 (Use-after-free vulnerability in the element wrapper in Google V8, as u ...) - chromium-browser 17.0.963.66~r124982-1 [squeeze] - chromium-browser CVE-2011-3030 RESERVED CVE-2011-3029 RESERVED CVE-2011-3028 RESERVED CVE-2011-3027 (Google Chrome before 17.0.963.56 does not properly perform a cast of a ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3026 (Integer overflow in libpng, as used in Google Chrome before 17.0.963.5 ...) {DSA-2410-1} - libpng 1.2.46-5 (high; bug #660026) CVE-2011-3025 (Google Chrome before 17.0.963.56 does not properly parse H.264 data, w ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3024 (Google Chrome before 17.0.963.56 allows remote attackers to cause a de ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3023 (Use-after-free vulnerability in Google Chrome before 17.0.963.56 allow ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3022 (translate/translate_manager.cc in Google Chrome before 17.0.963.56 and ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3021 (Use-after-free vulnerability in Google Chrome before 17.0.963.56 allow ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3020 (Unspecified vulnerability in the Native Client validator implementatio ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3019 (Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3018 (Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3017 (Use-after-free vulnerability in Google Chrome before 17.0.963.56 allow ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3016 (Use-after-free vulnerability in Google Chrome before 17.0.963.56 allow ...) - chromium-browser 17.0.963.56~r121963-1 [squeeze] - chromium-browser CVE-2011-3015 (Multiple integer overflows in the PDF codecs in Google Chrome before 1 ...) - chromium-browser (PDF functionality not built) CVE-2011-3014 (The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1 ...) NOT-FOR-US: Novell Data Synchronizer CVE-2011-3013 (WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1 ...) NOT-FOR-US: Novell Data Synchronizer CVE-2011-3012 (The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremu ...) - openarena 0.8.5-5+exp1 NOTE: Current openarena packages use the share ioquake3 engine [squeeze] - openarena (Minor issue, will be fixed in point update) - ioquake3 1.36+svn1946-4 - tremulous 1.1.0-6 (bug #660836) [squeeze] - tremulous 1.1.0-7~squeeze1 CVE-2011-3011 (BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle ...) NOT-FOR-US: CA ARCserve D2D CVE-2011-3010 (Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5. ...) - twiki CVE-2011-3009 (Ruby before 1.8.6-p114 does not reset the random seed upon forking, wh ...) - ruby1.8 1.8.7.352-1 [squeeze] - ruby1.8 1.8.7.302-2squeeze2 CVE-2011-3008 (The default configuration of Avaya Secure Access Link (SAL) Gateway 1. ...) NOT-FOR-US: Avaya Secure Access Link Gateway CVE-2011-3007 (The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint Pr ...) NOT-FOR-US: McAfee SaaS CVE-2011-3006 (The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS E ...) NOT-FOR-US: McAfee SaaS CVE-2011-3005 (Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunder ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 7.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2011-3004 (The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey b ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 7.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2011-3003 (Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attac ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 7.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2011-3002 (Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefo ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 7.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2011-3001 (Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey b ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 7.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2011-3000 (Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7. ...) {DSA-2317-1 DSA-2313-1 DSA-2312-1} - icedove 3.1.15-1 [lenny] - icedove - xulrunner (unimportant) - iceweasel 7.0-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-8 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2011-2999 (Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6. ...) {DSA-2317-1 DSA-2313-1 DSA-2312-1} - icedove 3.1.15-1 [lenny] - icedove - xulrunner (unimportant) - iceweasel 7.0-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-8 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2011-2998 (Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote ...) {DSA-2317-1 DSA-2313-1 DSA-2312-1} - icedove 3.1.15-1 [lenny] - icedove - xulrunner (unimportant) - iceweasel 7.0-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-8 [lenny] - iceape (Only a stub package) NOTE: Only affects firefox 3.6 code base, not 4.0 oder later NOTE: xulrunner in wheezy is not covered by security support CVE-2011-2997 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - xulrunner (Only affects Firefox 6) - iceweasel 7.0-1 [lenny] - iceweasel (Only affects Firefox 6) [squeeze] - iceweasel (Only affects Firefox 6) - iceape (Only affects Firefox 6) CVE-2011-2996 (Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x b ...) - icedove (Only affects MacOS) - xulrunner (Only affects MacOS) - iceweasel (Only affects MacOS) - iceape (Only affects MacOS) CVE-2011-2995 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2317-1 DSA-2313-1 DSA-2312-1} - icedove 3.1.15-1 [lenny] - icedove - xulrunner (unimportant) - iceweasel 7.0-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-8 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2011-2994 RESERVED CVE-2011-2993 (The implementation of digital signatures for JAR files in Mozilla Fire ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 6.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2011-2992 (The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 6.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) - icedove (Only affects Thunderbird 5) CVE-2011-2991 (The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x bef ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 6.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) - icedove (Only affects Thunderbird 5) CVE-2011-2990 (The implementation of Content Security Policy (CSP) violation reports ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 6.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2011-2989 (The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x bef ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 6.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) - icedove (Only affects Thunderbird 5) CVE-2011-2988 (Buffer overflow in an unspecified string class in the WebGL shader imp ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 6.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) - icedove (Only affects Thunderbird 5) CVE-2011-2987 (Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANG ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 6.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) - icedove (Only affects Thunderbird 5) CVE-2011-2986 (Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x bef ...) - xulrunner (Only affects Windows) - iceweasel (Only affects Windows) - icedove (Only affects Thunderbird 5) CVE-2011-2985 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 6.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) - icedove (Only affects Thunderbird 5) CVE-2011-2984 (Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3 ...) {DSA-2297-1 DSA-2296-1 DSA-2295-1} - icedove 3.1.12-1 [lenny] - icedove - xulrunner (unimportant) [lenny] - xulrunner (Only affects Firefox >= 3.5) - iceweasel 6.0-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-5 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2011-2983 (Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, ...) {DSA-2297-1 DSA-2296-1 DSA-2295-1} - icedove 3.1.12-1 [lenny] - icedove - xulrunner (unimportant) [lenny] - xulrunner 1.9.0.19-13 - iceweasel 6.0-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-5 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2011-2982 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2297-1 DSA-2296-1 DSA-2295-1} - icedove 3.1.12-1 [lenny] - icedove - xulrunner (unimportant) [lenny] - xulrunner 1.9.0.19-13 - iceweasel 6.0-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-5 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2011-2981 (The event-management implementation in Mozilla Firefox before 3.6.20, ...) {DSA-2297-1 DSA-2296-1 DSA-2295-1} - icedove 3.1.12-1 [lenny] - icedove - xulrunner (unimportant) [lenny] - xulrunner 1.9.0.19-13 - iceweasel 6.0-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-5 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2011-2980 (Untrusted search path vulnerability in the ThinkPadSensor::Startup fun ...) - icedove (Only affects Windows) - xulrunner (Only affects Windows) - iceweasel (Only affects Windows) CVE-2011-2979 (Bugzilla 4.1.x before 4.1.3 generates different responses for certain ...) {DSA-2322-1} - bugzilla (Only affects Bugzilla 4.1, never uploaded to the archive) CVE-2011-2978 (Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4 ...) {DSA-2322-1} - bugzilla (low) [squeeze] - bugzilla 3.6.2.0-4.4 CVE-2011-2977 (Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x befo ...) - bugzilla (Only affects Bugzilla on Windows) CVE-2011-2976 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.16rc1 through 2 ...) - bugzilla 3.6.1.0-0.1 (low) NOTE: Fixed in 3.5.1, but 3.6.1 was first fixed upload to archive CVE-2011-2975 (Double free vulnerability in the msAddImageSymbol function in mapsymbo ...) - mapserver 6.0.1-1 [lenny] - mapserver (Vulnerable code not present) [squeeze] - mapserver (Vulnerable code not present) CVE-2011-2974 REJECTED CVE-2011-2973 REJECTED CVE-2011-2972 REJECTED CVE-2011-2971 REJECTED CVE-2011-2970 REJECTED CVE-2011-2969 REJECTED CVE-2011-2968 REJECTED CVE-2011-2967 REJECTED CVE-2011-2966 REJECTED CVE-2011-2965 REJECTED CVE-2011-2964 (foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 al ...) {DSA-2380-1} - foomatic-filters 4.0.9-1 NOTE: There two implementation of the affected filter: the version from foomatic-filters NOTE: 4.0 is written in C and has been assigned CVE-2011-2964 and the version in NOTE: foomatic-filters 3.x is written in Perl and has been assigned CVE-2011-2697 NOTE: Fixed in foomatic-filters 4.0.8 CVE-2011-2963 (TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not ...) NOT-FOR-US: Progea Movicon CVE-2011-2962 (Multiple stack-based buffer overflows in Invensys Wonderware Informati ...) NOT-FOR-US: Invensys Wonderware Information Server CVE-2011-2961 (Heap-based buffer overflow in AngelServer.exe 6.0.11.3 in Sunway pNetP ...) NOT-FOR-US: Sunway pNetPower CVE-2011-2960 (Heap-based buffer overflow in httpsvr.exe 6.0.5.3 in Sunway ForceContr ...) NOT-FOR-US: Sunway ForceControl CVE-2011-2959 (Stack-based buffer overflow in the Open Database Connectivity (ODBC) s ...) NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System (IGSS) CVE-2011-2958 (Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXo ...) NOT-FOR-US: Ecava IntegraXor CVE-2011-2957 (Unspecified vulnerability in Rockwell Automation FactoryTalk Diagnosti ...) NOT-FOR-US: Rockwell Automation FactoryTalk Diagnostics Viewer CVE-2011-2956 (AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authenti ...) NOT-FOR-US: AzeoTech DAQFactory CVE-2011-XXXX [rtkit: failure to drop supplemental groups] - rtkit 0.10-2 CVE-2011-XXXX [minissdpd multiple issues] - minissdpd 1.0.20110729-1 (bug #635836) CVE-2011-2955 (Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 1 ...) NOT-FOR-US: RealNetworks RealPlayer 11.0 CVE-2011-2954 (Use-after-free vulnerability in the AutoUpdate feature in RealNetworks ...) NOT-FOR-US: RealNetworks RealPlayer 11.0 CVE-2011-2953 (An unspecified ActiveX control in the browser plugin in RealNetworks R ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-2952 (Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 1 ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-2951 (Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0. ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-2950 (Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlaye ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-2949 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-2948 (RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, R ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-2947 (Cross-zone scripting vulnerability in the RealPlayer ActiveX control i ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-2946 (Unspecified vulnerability in an ActiveX control in RealNetworks RealPl ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-2945 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-2944 (SQL injection vulnerability in login.php in MegaLab The Uploader befor ...) NOT-FOR-US: MegaLab The Uploader CVE-2011-2943 (The irc_msg_who function in msgs.c in the IRC protocol plugin in libpu ...) - pidgin 2.10.0-1 (bug #638709) [squeeze] - pidgin (Only affects 2.8 to 2.10) [lenny] - pidgin (Only affects 2.8 to 2.10) CVE-2011-2942 (A certain Red Hat patch to the __br_deliver function in net/bridge/br_ ...) - linux-2.6 (RHEL-specific backport issue) CVE-2011-2941 (Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platfor ...) NOT-FOR-US: JBoss Enterprise Portal Platform CVE-2011-2940 (stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrar ...) - stunnel4 3:4.42-1 (bug #638758) [squeeze] - stunnel4 (Only 4.4x affected) [lenny] - stunnel4 (Only 4.4x affected) CVE-2011-2939 (Off-by-one error in the decode_xs function in Unicode/Unicode.xs in th ...) - perl 5.12.4-4 (low; bug #637376) [squeeze] - perl 5.10.1-17squeeze3 [lenny] - perl (Minor issue) - libencode-perl 2.44-1 (low) CVE-2011-2938 (Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php ...) - mantis 1.2.6-1 (bug #638321) [squeeze] - mantis (Only affects Mantis 1.1) [lenny] - mantis (Only affects Mantis 1.1) CVE-2011-2937 (Cross-site scripting (XSS) vulnerability in the UI messages functional ...) - roundcube 0.5.4+dfsg-1 (low; bug #641996) [squeeze] - roundcube (Minor issue) CVE-2011-2936 (Elgg through 1.7.10 has a SQL injection vulnerability ...) - elgg (bug #526197) CVE-2011-2935 (Elgg through 1.7.10 has XSS ...) - elgg (bug #526197) CVE-2011-2934 (A Cross Site Request Forgery (CSRF) vulnerability exists in the admini ...) NOT-FOR-US: WebsiteBaker CVE-2011-2933 (An Arbitrary File Upload vulnerability exists in admin/media/upload.ph ...) NOT-FOR-US: WebsiteBaker CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in activesupport/lib/active_s ...) {DSA-2655-1} - rails 2.3.14 CVE-2011-2931 (Cross-site scripting (XSS) vulnerability in the strip_tags helper in a ...) {DSA-2301-1} - rails 2.3.14 CVE-2011-2930 (Multiple SQL injection vulnerabilities in the quote_table_name method ...) {DSA-2301-1} - rails 2.3.14 CVE-2011-2929 (The template selection functionality in actionpack/lib/action_view/tem ...) - rails (Only affects RoR 3.0 and above) CVE-2011-2928 (The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kerne ...) {DSA-2310-1 DSA-2303-1} - linux-2.6 3.0.0-2 CVE-2011-2927 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, ...) NOT-FOR-US: Red Hat Network Satellite server CVE-2011-2926 REJECTED CVE-2011-2925 (Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 re ...) NOT-FOR-US: Cumin CVE-2011-2924 (foomatic-rip filter v4.0.12 and prior used insecurely creates temporar ...) - foomatic-filters 4.0.12-1 (low) [squeeze] - foomatic-filters 4.0.5-6+squeeze2 CVE-2011-2923 (foomatic-rip filter, all versions, used insecurely creates temporary f ...) - foomatic-filters (unimportant) NOTE: debug mode-only CVE-2011-2922 (ktsuss versions 1.4 and prior spawns the GTK interface to run as root. ...) - ktsuss CVE-2011-2921 (ktsuss versions 1.4 and prior has the uid set to root and does not dro ...) - ktsuss CVE-2011-2920 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, ...) NOT-FOR-US: Red Hat Network Satellite server CVE-2011-2919 (Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in ...) NOT-FOR-US: Red Hat Network Satellite server CVE-2011-2918 (The Performance Events subsystem in the Linux kernel before 3.1 does n ...) {DSA-2303-1} - linux-2.6 3.0.0-2 [lenny] - linux-2.6 (perf not yet present) CVE-2011-2917 (SQL injection vulnerability in administrator/index2.php in Mambo CMS 4 ...) NOT-FOR-US: Mambo CVE-2011-2916 (qtnx 0.9 stores non-custom SSH keys in a world-readable configuration ...) - qtnx (low; bug #637439) [squeeze] - qtnx (Minor issue) CVE-2011-2915 (Off-by-one error in the CSoundFile::ReadAMS2 function in src/load_ams. ...) {DSA-2415-1} - libmodplug 1:0.8.8.4-1 CVE-2011-2914 (Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.c ...) {DSA-2415-1} - libmodplug 1:0.8.8.4-1 CVE-2011-2913 (Off-by-one error in the CSoundFile::ReadAMS function in src/load_ams.c ...) {DSA-2415-1} - libmodplug 1:0.8.8.4-1 CVE-2011-2912 (Stack-based buffer overflow in the CSoundFile::ReadS3M function in src ...) {DSA-2415-1} - libmodplug 1:0.8.8.4-1 CVE-2011-2911 (Integer overflow in the CSoundFile::ReadWav function in src/load_wav.c ...) {DSA-2415-1} - libmodplug 1:0.8.8.4-1 CVE-2011-2910 (The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check ...) - ax25-tools 0.0.8-13.2 (low; bug #638198) [lenny] - ax25-tools (Minor issue) [squeeze] - ax25-tools (Minor issue) CVE-2011-2909 (The do_devinfo_ioctl function in drivers/staging/comedi/comedi_fops.c ...) {DSA-2303-1} - linux-2.6 3.0.0-2 CVE-2011-2908 (Cross-site request forgery (CSRF) vulnerability in the JMX Console (jm ...) NOT-FOR-US: JBoss Enterprise Application Platform CVE-2011-2907 (Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource ...) - torque 2.4.15+dfsg-1 [squeeze] - torque (Not fixable, would need an update to a release with MUNGE support, clusters typically run in locked down environments) CVE-2011-2906 (** DISPUTED ** Integer signedness error in the pmcraid_ioctl_passthrou ...) NOT-FOR-US: ** REJECT ** CVE-2011-2905 (Untrusted search path vulnerability in the perf_config function in too ...) {DSA-2303-1} - linux-2.6 3.0.0-2 [lenny] - linux-2.6 (perf not yet present) CVE-2011-2904 (Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix befor ...) - zabbix 1:1.8.6-1 [squeeze] - zabbix (Will be handled through point update) CVE-2011-2903 (Heap-based buffer overflow in tcptrack before 1.4.2 might allow attack ...) - tcptrack 1.4.2-1 (unimportant; bug #551092) NOTE: https://bugs.gentoo.org/show_bug.cgi?id=377917 CVE-2011-2902 (zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-1 ...) - xpdf 3.02-19 (low; bug #635849) [lenny] - xpdf (zxpdf script is indeed affected, but it's not associated with pdf handling by default, so not a concern for remote abuse) [squeeze] - xpdf 3.02-12+squeeze1 CVE-2011-2901 (Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows ...) - xen (Only affects Xen <= 3.3) - xen-3 CVE-2011-2900 (Stack-based buffer overflow in the (1) put_dir function in mongoose.c ...) NOT-FOR-US: Mongoose CVE-2011-2899 (pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic ...) - foomatic-gui 0.7.9.5 (low) - system-config-printer (Vulnerable code not present; bug #639243) [squeeze] - system-config-printer (Vulnerable code not present) [lenny] - system-config-printer (Minor issue) CVE-2011-2898 (net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not pr ...) {DSA-2389-1} - linux-2.6 3.0.0-1 [lenny] - linux-2.6 (introduced in 2.6.27) CVE-2011-2897 (gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initiali ...) - gdk-pixbuf (This only applies to the old standalone copy shipped until Lenny) CVE-2011-2896 (The LZW decompressor in the LWZReadByte function in giftoppm.c in the ...) {DSA-2426-1 DSA-2354-1} - cups 1.5.0-8 - gimp 2.6.11-5 (bug #643753) CVE-2011-2895 (The LZW decompressor in (1) the BufCompressedFill function in fontfile ...) {DSA-2293-1} - libxfont 1:1.4.4-1 CVE-2011-2894 (Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3. ...) - libspring-security-2.0-java 2.0.7.RELEASE-1 (bug #670901) [squeeze] - libspring-security-2.0-java (Minor issue) CVE-2011-2893 (The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows user-a ...) NOT-FOR-US: IBM Lotus Symphony CVE-2011-2892 (Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a fr ...) NOT-FOR-US: Joomla! CVE-2011-2891 (Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Joomla! CVE-2011-2890 (The MediaViewMedia class in administrator/components/com_media/views/m ...) NOT-FOR-US: Joomla! CVE-2011-2889 (templates/system/error.php in Joomla! before 1.5.23 might allow remote ...) NOT-FOR-US: Joomla! CVE-2011-2888 (IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a den ...) NOT-FOR-US: IBM Lotus Symphony CVE-2011-2887 (IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to ca ...) NOT-FOR-US: IBM Lotus Symphony CVE-2011-2886 (IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a den ...) NOT-FOR-US: IBM Lotus Symphony CVE-2011-2885 (IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a den ...) NOT-FOR-US: IBM Lotus Symphony CVE-2011-2884 (Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP ...) NOT-FOR-US: IBM Lotus Symphony CVE-2011-2883 (The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Ga ...) NOT-FOR-US: Citrix Access Gateway CVE-2011-2882 (Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control i ...) NOT-FOR-US: Citrix Access Gateway CVE-2011-2881 (Google Chrome before 14.0.835.202 does not properly handle Google V8 h ...) - chromium-browser (chromium uses libv8 system copy) - libv8 3.8.9.20-1 (bug #687574) [squeeze] - libv8 (Unsupported in squeeze-lts) NOTE: http://code.google.com/p/chromium/issues/detail?id=97784 NOTE: access restricted to chrome/libv8 bug log, so uncheckable CVE-2011-2880 (Use-after-free vulnerability in Google Chrome before 14.0.835.202 allo ...) - chromium-browser 14.0.835.202~r103287-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/95667 NOTE: http://trac.webkit.org/changeset/95689 NOTE: http://trac.webkit.org/changeset/95728 CVE-2011-2879 (Google Chrome before 14.0.835.202 does not properly consider object li ...) - chromium-browser 14.0.835.202~r103287-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/94984 CVE-2011-2878 (Google Chrome before 14.0.835.202 does not properly restrict access to ...) - chromium-browser 14.0.835.202~r103287-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/95488 CVE-2011-2877 (Google Chrome before 14.0.835.202 does not properly handle SVG text, w ...) - chromium-browser 14.0.835.202~r103287-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/94508 CVE-2011-2876 (Use-after-free vulnerability in Google Chrome before 14.0.835.202 allo ...) - chromium-browser 14.0.835.202~r103287-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/95600 CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does not prop ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser - webkit (libv8 issue) - libv8 3.8.9.20-1 (bug #687574) [squeeze] - libv8 (Unsupported in squeeze-lts) NOTE: http://code.google.com/p/chromium/issues/detail?id=95920 NOTE: access restricted to chrome/libv8 bug log, so uncheckable CVE-2011-2874 (Google Chrome before 14.0.835.163 does not perform an expected pin ope ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-2873 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple WebKit NOTE: reported by google, likely duplicate CVE-2011-2872 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple WebKit NOTE: reported by google, likely duplicate CVE-2011-2871 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple WebKit NOTE: reported by google, likely duplicate CVE-2011-2870 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple WebKit NOTE: reported by google, likely duplicate CVE-2011-2869 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple WebKit NOTE: reported by google, likely duplicate CVE-2011-2868 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple WebKit NOTE: reported by google, likely duplicate CVE-2011-2867 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple WebKit NOTE: reported by google, likely duplicate CVE-2011-2866 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...) NOT-FOR-US: Apple WebKit NOTE: reported by google, likely duplicate CVE-2011-2865 RESERVED CVE-2011-2864 (Google Chrome before 14.0.835.163 does not properly handle Tibetan cha ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-2863 (Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0 ...) - chromium-browser 14.0.835.163~r101024-1 CVE-2011-2862 (Google V8, as used in Google Chrome before 14.0.835.163, does not prop ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-2861 (Google Chrome before 14.0.835.163 does not properly handle strings in ...) - chromium-browser (pdf plugin) CVE-2011-2860 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 allo ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/93794 CVE-2011-2859 (Google Chrome before 14.0.835.163 uses incorrect permissions for non-g ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-2858 (Google Chrome before 14.0.835.163 does not properly handle triangle ar ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-2857 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 allo ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/93514 CVE-2011-2856 (Google V8, as used in Google Chrome before 14.0.835.163, allows remote ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser (uses libv8 system copy) - webkit - libv8 3.4.14.21-1 [squeeze] - libv8 (Unsupported in squeeze-lts) CVE-2011-2855 (Google Chrome before 14.0.835.163 does not properly handle Cascading S ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/93227 CVE-2011-2854 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 allo ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/94109 NOTE: http://trac.webkit.org/changeset/94543 CVE-2011-2853 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 allo ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-2852 (Off-by-one error in Google V8, as used in Google Chrome before 14.0.83 ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser (uses libv8 system copy) - webkit - libv8 3.4.14.21-1 [squeeze] - libv8 (Unsupported in squeeze-lts) CVE-2011-2851 (Google Chrome before 14.0.835.163 does not properly handle video, whic ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-2850 (Google Chrome before 14.0.835.163 does not properly handle Khmer chara ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-2849 (The WebSockets implementation in Google Chrome before 14.0.835.163 all ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-2848 (Google Chrome before 14.0.835.163 allows user-assisted remote attacker ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-2847 (Use-after-free vulnerability in the document loader in Google Chrome b ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/93521 CVE-2011-2846 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 allo ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser CVE-2011-2845 (Google Chrome before 15.0.874.102 does not properly handle history dat ...) - chromium-browser 15.0.874.106~r107270-1 [squeeze] - chromium-browser CVE-2011-2844 (Google Chrome before 14.0.835.163 does not properly process MP3 files, ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser - webkit CVE-2011-2843 (Google Chrome before 14.0.835.163 does not properly handle media buffe ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-2842 (The installer in Google Chrome before 14.0.835.163 on Mac OS X does no ...) - chromium-browser - webkit CVE-2011-2841 (Google Chrome before 14.0.835.163 does not properly perform garbage co ...) - chromium-browser (pdf plugin) - webkit CVE-2011-2840 (Google Chrome before 14.0.835.163 allows user-assisted remote attacker ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/90164 CVE-2011-2839 (The PDF implementation in Google Chrome before 13.0.782.215 on Linux d ...) - chromium-browser (Pdf plugin) CVE-2011-2838 (Google Chrome before 14.0.835.163 does not properly consider the MIME ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-2837 (Google Chrome before 14.0.835.163 on Linux does not use the PIC and PI ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-2836 (Google Chrome before 14.0.835.163 does not require Infobar interaction ...) - chromium-browser 14.0.835.163~r101024-1 (unimportant) - webkit (chromium specific) CVE-2011-2835 (Race condition in Google Chrome before 14.0.835.163 allows attackers t ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser - webkit CVE-2011-2834 (Double free vulnerability in libxml2, as used in Google Chrome before ...) {DSA-2394-1} - libxml2 2.7.8.dfsg-5 (low; bug #643648) CVE-2011-2833 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-2832 RESERVED CVE-2011-2831 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-2830 (Google V8, as used in Google Chrome before 14.0.835.163, does not prop ...) NOTE: CVE description is wrong, see #656057 CVE-2011-2829 (Integer overflow in Google Chrome before 13.0.782.215 on 32-bit platfo ...) - chromium-browser 13.0.782.215~r97094-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/92413 CVE-2011-2828 (Google V8, as used in Google Chrome before 13.0.782.215, allows remote ...) - chromium-browser 13.0.782.215~r97094-1 [squeeze] - chromium-browser - webkit (Chromium specific) CVE-2011-2827 (Use-after-free vulnerability in Google Chrome before 13.0.782.215 allo ...) - chromium-browser 13.0.782.215~r97094-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/91908 CVE-2011-2826 (Google Chrome before 13.0.782.215 allows remote attackers to bypass th ...) - chromium-browser 13.0.782.215~r97094-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/91957 CVE-2011-2825 (Use-after-free vulnerability in Google Chrome before 13.0.782.215 allo ...) - chromium-browser 13.0.782.215~r97094-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/r91738 NOTE: http://trac.webkit.org/r91739 NOTE: http://trac.webkit.org/changeset/92744 CVE-2011-2824 (Use-after-free vulnerability in Google Chrome before 13.0.782.215 allo ...) - chromium-browser 13.0.782.215~r97094-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/92630 CVE-2011-2823 (Use-after-free vulnerability in Google Chrome before 13.0.782.215 allo ...) - chromium-browser 13.0.782.215~r97094-1 [squeeze] - chromium-browser CVE-2011-2822 (Google Chrome before 13.0.782.215 on Windows does not properly parse U ...) - chromium-browser (windows only) - webkit CVE-2011-2821 (Double free vulnerability in libxml2, as used in Google Chrome before ...) {DSA-2394-1} - chromium-browser 13.0.782.215~r97094-1 [squeeze] - chromium-browser - webkit (chromium specific) - libxml2 2.7.8.dfsg-5 (low; bug #643648) [squeeze] - libxml2 (denial-of-service only issue) CVE-2011-2820 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-2819 (Google Chrome before 13.0.782.107 allows remote attackers to bypass th ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/91611 CVE-2011-2818 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...) {DSA-2307-1} - chromium-browser 13.0.782.107~r94237-1 NOTE: http://trac.webkit.org/changeset/91386 CVE-2011-2817 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-2816 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-2815 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-2814 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-2813 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-2812 RESERVED CVE-2011-2811 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-2810 REJECTED CVE-2011-2809 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-2808 (A stale layout root is set as an input element in WebKit in Google Chr ...) NOTE: Historic webkit/Chromium issues CVE-2011-2807 (Incorrect handling of timer information in Timer.cpp in WebKit in Goog ...) NOTE: Historic webkit/Chromium issues CVE-2011-2806 (Google Chrome before 13.0.782.215 on Windows does not properly handle ...) - chromium-browser (It's in Windows-specific code) CVE-2011-2805 (Google Chrome before 13.0.782.107 allows remote attackers to bypass th ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/91152 CVE-2011-2804 (Google Chrome before 13.0.782.107 does not properly handle nested func ...) - chromium-browser (pdf plugin) CVE-2011-2803 (Google Chrome before 13.0.782.107 does not properly handle Skia paths, ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser - webkit (skia code) CVE-2011-2802 (Google V8, as used in Google Chrome before 13.0.782.107, does not prop ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser - webkit - libv8 3.4 [squeeze] - libv8 NOTE: Bug was introduced in http://code.google.com/p/v8/source/detail?r=8224 CVE-2011-2801 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/90936 CVE-2011-2800 (Google Chrome before 13.0.782.107 allows remote attackers to obtain po ...) {DSA-2307-1} - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/91044 NOTE: http://developer.apple.com/library/safari/#documentation/Tools/Conceptual/SafariExtensionGuide/MessagesandProxies/MessagesandProxies.html#//apple_ref/doc/uid/TP40009977-CH14-SW9 CVE-2011-2799 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/90130 CVE-2011-2798 (Google Chrome before 13.0.782.107 does not properly restrict access to ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-2797 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/90595 CVE-2011-2796 (Use-after-free vulnerability in Skia, as used in Google Chrome before ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser - webkit (skia code) CVE-2011-2795 (Google Chrome before 13.0.782.107 does not prevent calls to functions ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/89782 CVE-2011-2794 (Google Chrome before 13.0.782.107 does not properly perform text itera ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/89831 CVE-2011-2793 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/89595 CVE-2011-2792 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/89836 CVE-2011-2791 (The International Components for Unicode (ICU) functionality in Google ...) - chromium-browser 13.0.782.107~r94237-1 (unimportant) - webkit (icu issue) NOTE: ICU bug only in debug build CVE-2011-2790 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/89165 CVE-2011-2789 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-2788 (Buffer overflow in the inspector serialization functionality in Google ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/88444 CVE-2011-2787 (Google Chrome before 13.0.782.107 does not properly address re-entranc ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-2786 (Google Chrome before 13.0.782.107 does not ensure that the speech-inpu ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-2785 (The extensions implementation in Google Chrome before 13.0.782.107 doe ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-2784 (Google Chrome before 13.0.782.107 allows remote attackers to obtain se ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser - webkit (issue in angleproject) CVE-2011-2783 (Google Chrome before 13.0.782.107 does not ensure that developer-mode ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-2782 (The drag-and-drop implementation in Google Chrome before 13.0.782.107 ...) - chromium-browser 13.0.782.107~r94237-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-2781 RESERVED CVE-2011-2780 (Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 ...) NOT-FOR-US: Chyrp CVE-2011-2779 (Windows Event Log SmartConnector in HP ArcSight Connector Appliance be ...) NOT-FOR-US: HP ArcSight Connector Appliance CVE-2011-2778 (Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remo ...) {DSA-2363-1} - tor 0.2.2.35-1 CVE-2011-2777 (samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier ...) - acpid 1:2.0.14-1 [lenny] - acpid (Vulnerable code not present) [squeeze] - acpid 1:2.0.7-1squeeze3 CVE-2011-2776 (Buffer overflow in the Error function in super.c in Super 3.30.0 might ...) {DSA-2383-1} - super 3.30.0-6 CVE-2011-2775 RESERVED CVE-2011-2774 (The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 ...) - mahara 1.4.1-1 [squeeze] - mahara (Vulnerable code not present) [lenny] - mahara (Vulnerable code not present) CVE-2011-4118 (Mahara before 1.4.1, when MNet (aka the Moodle network feature) is use ...) {DSA-2334-1} - mahara 1.4.1-1 NOTE: http://mahara.org/interaction/forum/topic.php?id=4138 CVE-2011-2773 (Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 ...) {DSA-2334-1} - mahara 1.4.1-1 CVE-2011-2772 (The get_dataroot_image_path function in lib/file.php in Mahara before ...) {DSA-2334-1} - mahara 1.4.1-1 CVE-2011-2771 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1 ...) {DSA-2334-1} - mahara 1.4.1-1 CVE-2011-2770 (Cross-site scripting (XSS) vulnerability in man2html.cgi.c in man2html ...) {DSA-2335-1} - man2html 1.6g-6 CVE-2011-2769 (Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE a ...) {DSA-2331-1} - tor 0.2.2.34-1 CVE-2011-2768 (Tor before 0.2.2.34, when configured as a client or bridge, sends a TL ...) {DSA-2331-1} - tor 0.2.2.34-1 CVE-2011-2767 (mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl ...) {DLA-1507-1} - libapache2-mod-perl2 2.0.10-3 (bug #644169) [stretch] - libapache2-mod-perl2 2.0.10-2+deb9u1 NOTE: https://mail-archives.apache.org/mod_mbox/perl-modperl/201110.mbox/raw/%3C20111004084343.GA21290%40ktnx.net%3E NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=126984 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1623265#c3 CVE-2011-2766 (The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by ...) {DSA-2327-1} - libfcgi-perl 0.73-2 (bug #607479) [lenny] - libfcgi-perl (Introduced in 0.70) CVE-2011-2765 (pyro before 3.15 unsafely handles pid files in temporary directory loc ...) - pyro 1:3.14-1 (low; bug #631912) [lenny] - pyro (Minor issue) [squeeze] - pyro (Minor issue) NOTE: https://github.com/irmen/Pyro3/commit/554e095a62c4412c91f981e72fd34a936ac2bf1e CVE-2011-2764 (The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ...) - openarena 0.8.5-5+exp1 NOTE: Current openarena packages use the share ioquake3 engine [squeeze] - openarena 0.8.5-5+squeeze1 - ioquake3 1.36+svn1946-4 - tremulous 1.1.0-6 (bug #660836) [squeeze] - tremulous 1.1.0-7~squeeze1 CVE-2011-2763 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and ...) NOT-FOR-US: LifeSize Room appliance CVE-2011-2762 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) all ...) NOT-FOR-US: LifeSize Room appliance CVE-2011-2761 (Google Chrome 14.0.794.0 does not properly handle a reload of a page g ...) - chromium-browser 14.0.835.157~r99685-1 [squeeze] - chromium-browser - webkit (chromium issue) CVE-2011-2760 (Brocade BigIron RX switches allow remote attackers to bypass ACL rules ...) NOT-FOR-US: Brocade BigIron RX CVE-2011-2759 (The login page of IDSWebApp in the Web Administration Tool in IBM Tivo ...) NOT-FOR-US: IBM Tivoli Directory Server CVE-2011-2758 (IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Serve ...) NOT-FOR-US: IBM Tivoli Directory Server CVE-2011-2757 (Directory traversal vulnerability in FileDownload.jsp in ManageEngine ...) NOT-FOR-US: ManageEngine ServiceDesk Plus CVE-2011-2756 (FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 801 ...) NOT-FOR-US: ManageEngine ServiceDesk Plus CVE-2011-2755 (Directory traversal vulnerability in FileDownload.jsp in ManageEngine ...) NOT-FOR-US: ManageEngine ServiceDesk Plus CVE-2011-2754 (Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page ...) NOT-FOR-US: IBM WebSphere Portal CVE-2011-2753 (Multiple cross-site request forgery (CSRF) vulnerabilities in Squirrel ...) {DSA-2291-1} - squirrelmail 2:1.4.22-1 (low) NOTE: difficult to exploit CVE-2011-2752 (CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows ...) {DSA-2291-1} - squirrelmail 2:1.4.22-1 (low) NOTE: difficult to exploit CVE-2011-2751 (SQL injection vulnerability in Parodia before 6.809 allows remote atta ...) NOT-FOR-US: Parodia CVE-2011-2750 (NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote ...) NOT-FOR-US: Novell File Reporter CVE-2011-2749 (The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ES ...) {DSA-2292-1} - isc-dhcp 4.2.2-1 (bug #638404) - dhcp3 CVE-2011-2748 (The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ES ...) {DSA-2292-1} - isc-dhcp 4.2.2-1 (bug #638404) - dhcp3 CVE-2011-2747 (Google Picasa before 3.6 Build 105.67 does not properly handle invalid ...) NOT-FOR-US: Google Picasa CVE-2011-2746 (Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in ...) - otrs2 2.4.7-1 (low) [lenny] - otrs2 (Minor issue) CVE-2011-2745 (upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier ...) NOT-FOR-US: Chyrp CVE-2011-2744 (Directory traversal vulnerability in Chyrp 2.1 and earlier allows remo ...) NOT-FOR-US: Chyrp CVE-2011-2743 (Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and e ...) NOT-FOR-US: Chyrp CVE-2011-2742 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, ...) NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise CVE-2011-2741 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, ...) NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise CVE-2011-2740 (EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firef ...) NOT-FOR-US: EMC RSA Key Manager CVE-2011-2739 (The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x befo ...) NOT-FOR-US: EMC Documentum eRoom CVE-2011-2738 (Multiple unspecified vulnerabilities in Cisco Unified Service Monitor ...) NOT-FOR-US: Cisco Unified Service Monitor, CiscoWorks LAN Management Solution CVE-2011-2737 (RSA enVision 3.x and 4.x before 4 SP4 P3 allows remote attackers to re ...) NOT-FOR-US: RSA enVision CVE-2011-2736 (RSA enVision 4.x before 4 SP4 P3 places cleartext administrative crede ...) NOT-FOR-US: RSA enVision CVE-2011-2735 (Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4. ...) NOT-FOR-US: EMC AutoStart CVE-2011-2734 REJECTED CVE-2011-2733 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, ...) NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise CVE-2011-2732 (CRLF injection vulnerability in the logout functionality in VMware Spr ...) - libspring-security-2.0-java 2.0.7.RELEASE-1 (bug #670901) [squeeze] - libspring-security-2.0-java (Minor issue) CVE-2011-2731 (Race condition in the RunAsManager mechanism in VMware SpringSource Sp ...) - libspring-security-2.0-java 2.0.7.RELEASE-1 (bug #670901) [squeeze] - libspring-security-2.0-java (Minor issue) CVE-2011-2730 (VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, ...) {DSA-2504-1} - libspring-2.5-java (bug #677814) CVE-2011-2729 (native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 t ...) - commons-daemon 1.0.7-1 [squeeze] - commons-daemon (Support for libcap was only added in 1.0.6) NOTE: According to http://tomcat.apache.org/security-7.html jsvc needs to be build againt libcap to be exploitable CVE-2011-2728 (The bsd_glob function in the File::Glob module for Perl before 5.14.2 ...) - perl 5.14.2-1 (unimportant) NOTE: requires the attacker to manipulate glob flags CVE-2011-2727 (The (1) templatewrap/templatefoot.php, (2) cmsjs/plugin.js.php, and (3 ...) NOT-FOR-US: Tribiq CMS CVE-2011-2726 (An access bypass issue was found in Drupal 7.x before version 7.5. If ...) - drupal7 7.6-1 CVE-2011-2725 (Directory traversal vulnerability in Ark 4.7.x and earlier allows remo ...) - kdeutils 4:4.6.5-4 (low; bug #635541) [lenny] - kdeutils (Minor issue) [squeeze] - kdeutils 4:4.4.5-1+squeeze1 CVE-2011-2724 (The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs ...) - samba 2:3.4.7~dfsg-2 (low) - cifs-utils 2:5.1-1 (low) [squeeze] - cifs-utils 2:4.5-2+squeeze1 NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed NOTE: http://web.archive.org/web/20111209193822/http://git.samba.org/?p=cifs-utils.git;a=commit;h=1e7a32924b22d1f786b6f490ce8590656f578f91 CVE-2011-2723 (The skb_gro_header_slow function in include/linux/netdevice.h in the L ...) {DSA-2303-1} - linux-2.6 3.0.0-2 CVE-2011-2722 (The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Lin ...) - hplip 3.11.10-1 (bug #635549; low) [squeeze] - hplip 3.10.6-2+squeeze0 [lenny] - hplip (Vulnerable code not present) CVE-2011-2721 (Off-by-one error in the cli_hm_scan function in matcher-hash.c in libc ...) - clamav 0.97.2+dfsg-1 (bug #635599) [squeeze] - clamav 0.97.2+dfsg-1~squeeze1 CVE-2011-2720 (The autocompletion functionality in GLPI before 0.80.2 does not blackl ...) - glpi 0.80.2-1 (bug #635544; unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2011-2719 (libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3 ...) {DSA-2286-1} - phpmyadmin 4:3.4.3.2-1 (low) [lenny] - phpmyadmin (Vulnerable code not present) CVE-2011-2718 (Multiple directory traversal vulnerabilities in the relational schema ...) - phpmyadmin 4:3.4.3.2-1 [squeeze] - phpmyadmin (Vulnerable code not present) [lenny] - phpmyadmin (Vulnerable code not present) CVE-2011-2717 (The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011- ...) NOT-FOR-US: udhcp6c CVE-2011-2716 (The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP s ...) - busybox 1:1.20.0-3 (unimportant; bug #635548) NOTE: the default action script of busybox is not vulnerable to this attack NOTE: fixed in 1.20 (experimental). default script in udeb may be vulnerable. CVE-2011-2715 (An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0 ...) NOT-FOR-US: Drupal data module CVE-2011-2714 (A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6 ...) NOT-FOR-US: Drupal data module CVE-2011-2713 (oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows u ...) {DSA-2315-1} - libreoffice 1:3.4.3-1 - openoffice.org 1:3.3.0-1 NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice CVE-2011-2712 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...) NOT-FOR-US: Apache Wicket CVE-2011-2711 (Cross-site scripting (XSS) vulnerability in the print_fileinfo functio ...) NOT-FOR-US: cgit CVE-2011-2710 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) NOT-FOR-US: Joomla! CVE-2011-2709 (libgssapi and libgssglue before 0.4 do not properly check privileges, ...) - libgssglue 0.4-1 (low; bug #670256) [squeeze] - libgssglue (Minor issue in Squeeze) NOTE: Our mount.nfs does not link against libgssglue, NOTE: so we do not appear to be affected directly. CVE-2011-2708 REJECTED CVE-2011-2707 (The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Lin ...) - linux-2.6 (xtensa arch not used in Debian) CVE-2011-2706 (A Cross-Site Scripting (XSS) vulnerability exists in the reorder admin ...) NOT-FOR-US: sNews CVE-2011-2705 (The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby ...) {DLA-235-1 DLA-88-1} - ruby1.8 1.8.7.352-1 (low; bug #635878) - ruby1.9.1 1.9.3~preview1-1 (low) CVE-2011-2704 (Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before ...) {DSA-2285-1} - mapserver 6.0.1-1 CVE-2011-2703 (Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x ...) {DSA-2285-1} - mapserver 6.0.1-1 CVE-2011-2702 (Integer signedness error in Glibc before 2.13 and eglibc before 2.13, ...) - eglibc 2.13-10 [squeeze] - eglibc (ssse3 optimizations not included in squeeze version) - glibc (ssse3 optimizations not included) NOTE: http://web.archive.org/web/20110824011938/http://www.nodefense.org:80/eglibc.txt NOTE: fixed well before 2.13-10, but that is the present testing version that was available to check CVE-2011-2701 (The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OC ...) - freeradius (Introduced in 2.1.11, even sid ships 2.1.10+dfsg-3+b2) CVE-2011-2700 (Multiple buffer overflows in the si4713_write_econtrol_string function ...) {DSA-2303-1} - linux-2.6 3.0.0-1 [lenny] - linux-2.6 (Driver introduced in 2.6.32) CVE-2011-2699 (The IPv6 implementation in the Linux kernel before 3.1 does not genera ...) - linux-2.6 3.0.0-2 [squeeze] - linux-2.6 2.6.32-40 CVE-2011-2698 (Off-by-one error in the elem_cell_id_aux function in epan/dissectors/p ...) - wireshark 1.6.1-1 (unimportant) NOTE: no code injection, not treated as a security issue, see README.Debian.security CVE-2011-2697 (foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 all ...) {DSA-2380-1} - hplip 3.10.6-2 (bug #635549; medium) NOTE: hplip might have been fixed earlier than stable, current versions use foomatic-rip NOTE: from foomatic-filters: /usr/lib/cups/filter/foomatic-rip - foomatic-filters 4.0 NOTE: There two implementation of the affected filter: the version from foomatic-filters NOTE: 4.0 is written in C and has been assigned CVE-2011-2964 and the version in NOTE: foomatic-filters 3.x is written in Perl and has been assigned CVE-2011-2697 NOTE: hplip includes local copy of the Perl version. It needs to be checked, whether NOTE: it's modified somehow CVE-2011-2696 (Integer overflow in libsndfile before 1.0.25 allows remote attackers t ...) {DSA-2288-1} - libsndfile 1.0.25-1 CVE-2011-2695 (Multiple off-by-one errors in the ext4 subsystem in the Linux kernel b ...) - linux-2.6 3.0.0-1 [squeeze] - linux-2.6 2.6.32-48 CVE-2011-2694 (Cross-site scripting (XSS) vulnerability in the chg_passwd function in ...) {DSA-2290-1} - samba 2:3.5.10~dfsg-1 (low) CVE-2011-2693 (The perf subsystem in the kernel package 2.6.32-122.el6.x86_64 in Red ...) NOTE: Duplicate of CVE-2011-2521 CVE-2011-2692 (The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0. ...) {DSA-2287-1} - libpng 1.2.46-1 (low; bug #633871) CVE-2011-2691 (The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2. ...) {DSA-2287-1} - libpng 1.2.46-1 (low; bug #633871) CVE-2011-2690 (Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1. ...) {DSA-2287-1} - libpng 1.2.46-1 (high; bug #633871) CVE-2011-2689 (The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel befo ...) - linux-2.6 3.0.0-1 [squeeze] - linux-2.6 (gfs didn't have fallocate support until 2.6.37) [lenny] - linux-2.6 (gfs didn't have fallocate support until 2.6.37) CVE-2011-2688 (SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_e ...) {DSA-2279-1} - libapache2-mod-authnz-external 3.2.4-2.1 (medium; bug #633637) CVE-2011-2687 (Drupal 7.x before 7.3 allows remote attackers to bypass intended node_ ...) NOTE: http://drupal.org/node/1168756 - drupal7 7.2-1 (bug #633385) - drupal6 6.22-1 [squeeze] - drupal6 6.18-1squeeze1 CVE-2011-2686 (Ruby before 1.8.7-p352 does not reset the random seed upon forking, wh ...) {DLA-88-1} - ruby1.8 1.8.7.352-1 (low; bug #635878) CVE-2011-2685 (Stack-based buffer overflow in the Lotus Word Pro import filter in Lib ...) {DSA-2275-1} - libreoffice 1:3.3.3-1 - openoffice.org 1:3.3.0-1 [lenny] - openoffice.org (Vulnerable code not present) NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice CVE-2011-2684 (foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722df ...) - foo2zjs 20110722dfsg-1 (low; bug #633870) [lenny] - foo2zjs (Minor issue) [squeeze] - foo2zjs 20090908dfsg-5.1+squeeze0 CVE-2011-2683 (reseed seeds random numbers from an insecure HTTP request to random.or ...) - reseed [lenny] - reseed (Minor issue) CVE-2011-2682 (The Login component in IBM Rational DOORS Web Access 1.4.x before 1.4. ...) NOT-FOR-US: IBM Rational DOORS Web Access CVE-2011-2681 (IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 does not properly h ...) NOT-FOR-US: IBM Rational DOORS Web Access CVE-2011-2680 (Unspecified vulnerability in IBM Rational DOORS Web Access 1.4.x befor ...) NOT-FOR-US: IBM Rational DOORS Web Access CVE-2011-2679 (Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Web Acc ...) NOT-FOR-US: IBM Rational DOORS Web Access CVE-2011-2678 (The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platf ...) NOT-FOR-US: Cisco VPN Client CVE-2011-2677 (Cybozu Office before 8.0.0 allows remote authenticated users to bypass ...) NOT-FOR-US: Cybozu Office CVE-2011-2676 (The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A- ...) NOT-FOR-US: A-Form CVE-2011-2675 (Cross-site scripting (XSS) vulnerability in Enkai-kun before 110916 al ...) NOT-FOR-US: Enkai-kun CVE-2011-2674 (BaserCMS before 1.6.12 does not properly restrict additions to the mem ...) NOT-FOR-US: BaserCMS CVE-2011-2673 (Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 a ...) NOT-FOR-US: BaserCMS CVE-2011-2672 (Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.9 ...) NOT-FOR-US: SemanticScuttle CVE-2011-2671 (Unspecified vulnerability in Megalith 12th edition through 27th editio ...) NOT-FOR-US: Megalith CVE-2011-2670 (Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of C ...) - firefox (Fixed before initial upload renamed as src:firefox) - firefox-esr (Fixed before initial upload renamed as src:firefox-esr) CVE-2011-2669 (Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue i ...) - firefox (Fixed before initial upload renamed as src:firefox) - firefox-esr (Fixed before initial upload renamed as src:firefox-esr) CVE-2011-2668 (Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the ...) - firefox (Fixed before initial upload renamed as src:firefox) - firefox-esr (Fixed before initial upload renamed as src:firefox-esr) CVE-2011-2667 (Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Sec ...) NOT-FOR-US: CA Gateway Security for HTTP CVE-2011-2666 (The default configuration of the SIP channel driver in Asterisk Open S ...) - asterisk 1:1.8.3.3-1 [squeeze] - asterisk (minor issue; can be addressed through configuration) CVE-2011-2665 (reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8 ...) - asterisk 1:1.8.4.3-1 (bug #631445) [squeeze] - asterisk [lenny] - asterisk CVE-2011-2664 (Unspecified vulnerability in Check Point Multi-Domain Management / Pro ...) NOT-FOR-US: Check Point Multi-Domain Management CVE-2011-2663 (Array index error in GroupWise Internet Agent (GWIA) in Novell GroupWi ...) NOT-FOR-US: Novell GroupWise CVE-2011-2662 (Integer signedness error in GroupWise Internet Agent (GWIA) in Novell ...) NOT-FOR-US: Novell GroupWise CVE-2011-2661 (Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in No ...) NOT-FOR-US: Novell GroupWise CVE-2011-2660 (The modify_resolvconf_suse script in the vpnc package before 0.5.1-55. ...) - vpnc NOTE: This only affects the SUSE packaging. CVE-2011-2659 RESERVED CVE-2011-2658 (The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Con ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2011-2657 (Directory traversal vulnerability in the LaunchProcess function in the ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2011-2656 (Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld M ...) NOT-FOR-US: Novell ZENworks CVE-2011-2655 (Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld M ...) NOT-FOR-US: Novell ZENworks CVE-2011-2654 (The RPC implementation in the server in Novell Cloud Manager 1.1.2 bef ...) NOT-FOR-US: Novell Cloud Manager CVE-2011-2653 (Directory traversal vulnerability in the rtrlet component in Novell ZE ...) NOT-FOR-US: Novell ZENworks CVE-2011-2652 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as use ...) NOT-FOR-US: Kiwi, SUSE Studio CVE-2011-2651 (Unspecified vulnerability in the file browser in Kiwi before 3.74.2, a ...) NOT-FOR-US: Kiwi, SUSE Studio CVE-2011-2650 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as use ...) NOT-FOR-US: Kiwi, SUSE Studio CVE-2011-2649 (Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows at ...) NOT-FOR-US: Kiwi, SUSE Studio CVE-2011-2648 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studi ...) NOT-FOR-US: Kiwi, SUSE Studio CVE-2011-2647 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studi ...) NOT-FOR-US: Kiwi, SUSE Studio CVE-2011-2646 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studi ...) NOT-FOR-US: Kiwi, SUSE Studio CVE-2011-2645 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studi ...) NOT-FOR-US: Kiwi, SUSE Studio CVE-2011-2644 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as use ...) NOT-FOR-US: Kiwi, SUSE Studio CVE-2011-2643 (Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x befor ...) - phpmyadmin 4:3.4.3.2-1 [squeeze] - phpmyadmin (Vulnerable code not present) [lenny] - phpmyadmin (Vulnerable code not present) CVE-2011-2642 (Multiple cross-site scripting (XSS) vulnerabilities in the table Print ...) {DSA-2286-1} - phpmyadmin 4:3.4.3.2-1 CVE-2011-XXXX [stardict: minor information disclosure] - stardict 3.0.1-5 (low; bug #632260) [squeeze] - stardict (minor information disclosure) [lenny] - stardict (minor information disclosure) CVE-2011-2641 (Opera 11.11 allows remote attackers to cause a denial of service (appl ...) NOT-FOR-US: Opera CVE-2011-2640 (Opera before 11.10 allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Opera CVE-2011-2639 (Opera before 11.10 does not properly handle hidden animated GIF images ...) NOT-FOR-US: Opera CVE-2011-2638 (Unspecified vulnerability in Opera before 11.10 allows remote attacker ...) NOT-FOR-US: Opera CVE-2011-2637 (Unspecified vulnerability in Opera before 11.10 allows remote attacker ...) NOT-FOR-US: Opera CVE-2011-2636 (Unspecified vulnerability in Opera before 11.10 allows remote attacker ...) NOT-FOR-US: Opera CVE-2011-2635 (The Cascading Style Sheets (CSS) implementation in Opera before 11.10 ...) NOT-FOR-US: Opera CVE-2011-2634 (Opera before 11.10 allows remote attackers to hijack (1) searches and ...) NOT-FOR-US: Opera CVE-2011-2633 (Unspecified vulnerability in Opera before 11.11 allows remote attacker ...) NOT-FOR-US: Opera CVE-2011-2632 (Opera before 11.11 does not properly handle destruction of a Silverlig ...) NOT-FOR-US: Opera CVE-2011-2631 (The Cascading Style Sheets (CSS) implementation in Opera before 11.11 ...) NOT-FOR-US: Opera CVE-2011-2630 (Opera before 11.11 allows user-assisted remote attackers to cause a de ...) NOT-FOR-US: Opera CVE-2011-2629 (Unspecified vulnerability in Opera before 11.11 allows remote attacker ...) NOT-FOR-US: Opera CVE-2011-2628 (Opera before 11.11 does not properly implement FRAMESET elements, whic ...) NOT-FOR-US: Opera CVE-2011-2627 (Unspecified vulnerability in the DOM implementation in Opera before 11 ...) NOT-FOR-US: Opera CVE-2011-2626 (Opera before 11.50 allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Opera CVE-2011-2625 (Opera before 11.50 allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Opera CVE-2011-2624 (Opera before 11.50 allows user-assisted remote attackers to cause a de ...) NOT-FOR-US: Opera CVE-2011-2623 (Unspecified vulnerability in the SVG BiDi implementation in Opera befo ...) NOT-FOR-US: Opera CVE-2011-2622 (Unspecified vulnerability in the Web Workers implementation in Opera b ...) NOT-FOR-US: Opera CVE-2011-2621 (Unspecified vulnerability in Opera before 11.50 allows remote attacker ...) NOT-FOR-US: Opera CVE-2011-2620 (Unspecified vulnerability in Opera before 11.50 allows remote attacker ...) NOT-FOR-US: Opera CVE-2011-2619 (Opera before 11.50 allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Opera CVE-2011-2618 (Opera before 11.50 allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Opera CVE-2011-2617 (Unspecified vulnerability in Opera before 11.50 allows remote attacker ...) NOT-FOR-US: Opera CVE-2011-2616 (Unspecified vulnerability in Opera before 11.50 allows remote attacker ...) NOT-FOR-US: Opera CVE-2011-2615 (Unspecified vulnerability in Opera before 11.50 allows remote attacker ...) NOT-FOR-US: Opera CVE-2011-2614 (The SVG implementation in Opera before 11.50 allows remote attackers t ...) NOT-FOR-US: Opera CVE-2011-2613 (The Array.prototype.join method in Opera before 11.50 allows remote at ...) NOT-FOR-US: Opera CVE-2011-2612 (Unspecified vulnerability in Opera before 11.50 allows remote attacker ...) NOT-FOR-US: Opera CVE-2011-2611 (Unspecified vulnerability in the printing functionality in Opera befor ...) NOT-FOR-US: Opera CVE-2011-2610 (Unspecified vulnerability in Opera before 11.50 has unknown impact and ...) NOT-FOR-US: Opera CVE-2011-2609 (Opera before 11.50 does not properly restrict data: URIs, which makes ...) NOT-FOR-US: Opera CVE-2011-2608 (ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Ag ...) NOT-FOR-US: HP OpenView CVE-2011-2607 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert ...) NOT-FOR-US: IBM Rational Team Concert CVE-2011-2606 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Rational ...) NOT-FOR-US: IBM Rational Team Concert CVE-2011-2605 (CRLF injection vulnerability in the nsCookieService::SetCookieStringIn ...) {DSA-2273-3 DSA-2269-1 DSA-2268-1} - xulrunner (unimportant) [lenny] - xulrunner 1.9.0.19-12 - iceweasel 3.5.19-3 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-3 [lenny] - iceape (Only a stub package) - icedove 3.1.11-1 [lenny] - icedove NOTE: xulrunner in wheezy is not covered by security support CVE-2011-2604 (The Intel G41 driver 6.14.10.5355 on Windows XP SP3 allows remote atta ...) NOT-FOR-US: Windows XP CVE-2011-2603 (The NVIDIA 9400M driver 6.2.6 on Mac OS X 10.6.7 allows remote attacke ...) NOT-FOR-US: Mac OS X CVE-2011-2602 (The NVIDIA Geforce 310 driver 6.14.12.7061 on Windows XP SP3 allows re ...) NOT-FOR-US: Windows XP CVE-2011-2601 (The GPU support functionality in Mac OS X does not properly restrict r ...) NOT-FOR-US: Mac OS X CVE-2011-2600 (The GPU support functionality in Windows XP does not properly restrict ...) NOT-FOR-US: Windows XP CVE-2011-2599 (Google Chrome 11 does not block use of a cross-domain image as a WebGL ...) - chromium-browser (unimportant) [squeeze] - chromium-browser CVE-2011-2598 (The WebGL implementation in Mozilla Firefox 4.x allows remote attacker ...) - xulrunner (Only affects Firefox 4.0, not yet in unstable) - iceweasel (Only affects Firefox 4.0, not yet in unstable) CVE-2011-2597 (The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x ...) - wireshark 1.6.1-1 (unimportant) NOTE: no code injection, not treated as a security issue, see README.Debian.security CVE-2011-2596 RESERVED CVE-2011-2595 (Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build 14 ...) NOT-FOR-US: ACDSee FotoSlate CVE-2011-2594 (Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other ...) NOT-FOR-US: KMPlayer NOTE: This is http://www.kmplayer.com and not our kmplayer package. CVE-2011-2593 (Integer overflow in the StartEpa method in the nsepacom ActiveX contro ...) NOT-FOR-US: Citrix Access Gateway Enterprise Edition Plug-in CVE-2011-2592 (Heap-based buffer overflow in the StartEpa method in the nsepacom Acti ...) NOT-FOR-US: ActiveX control for Citrix Access Gateway CVE-2011-2591 (Multiple buffer overflows in the Provideo ActiveX controls allow remot ...) NOT-FOR-US: Provideo ActiveX CVE-2011-2590 (The Play method in the UUPlayer ActiveX control 6.0.0.1 in UUSee 2010 ...) NOT-FOR-US: UUSee 201 CVE-2011-2589 (Heap-based buffer overflow in the SendLogAction method in the UUPlayer ...) NOT-FOR-US: UUSee 201 CVE-2011-2588 (Heap-based buffer overflow in the AVI_ChunkRead_strf function in libav ...) - vlc 1.1.11-1 (bug #633675) [squeeze] - vlc (Unsupported in squeeze-lts) CVE-2011-2587 (Heap-based buffer overflow in the DemuxAudioSipr function in real.c in ...) - vlc 1.1.11-1 (bug #633674) [squeeze] - vlc (Unsupported in squeeze-lts) CVE-2011-2586 (The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote ...) NOT-FOR-US: Cisco IOS CVE-2011-2585 (Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows r ...) NOT-FOR-US: Cisco Show and Share CVE-2011-2584 (Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows r ...) NOT-FOR-US: Cisco Show and Share CVE-2011-2583 (Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows remo ...) NOT-FOR-US: Cisco CCX CVE-2011-2582 RESERVED CVE-2011-2581 (The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N ...) NOT-FOR-US: Cisco NX-OS CVE-2011-2580 RESERVED CVE-2011-2579 RESERVED CVE-2011-2578 (Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to caus ...) NOT-FOR-US: Cisco IOS CVE-2011-2577 (Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/ ...) NOT-FOR-US: Cisco TelePresence CVE-2011-2576 RESERVED CVE-2011-2575 RESERVED CVE-2011-2574 RESERVED CVE-2011-2573 RESERVED CVE-2011-2572 RESERVED CVE-2011-2571 RESERVED CVE-2011-2570 RESERVED CVE-2011-2569 (Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing Sys ...) NOT-FOR-US: Cisco NX-OS CVE-2011-2568 RESERVED CVE-2011-2567 RESERVED CVE-2011-2566 RESERVED CVE-2011-2565 RESERVED CVE-2011-2564 (Unspecified vulnerability in the Service Advertisement Framework (SAF) ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-2563 (Unspecified vulnerability in the Service Advertisement Framework (SAF) ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-2562 (Unspecified vulnerability in Cisco Unified Communications Manager (aka ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-2561 (The SIP process in Cisco Unified Communications Manager (aka CUCM, for ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-2560 (The Packet Capture Service in Cisco Unified Communications Manager (ak ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-2559 RESERVED CVE-2011-2558 RESERVED CVE-2011-2557 RESERVED CVE-2011-2556 RESERVED CVE-2011-2555 (Cisco TelePresence Recording Server 1.7.2.x before 1.7.2.1 has a defau ...) NOT-FOR-US: Cisco TelePresence Recording Server CVE-2011-2554 RESERVED CVE-2011-2553 RESERVED CVE-2011-2552 RESERVED CVE-2011-2551 RESERVED CVE-2011-2550 RESERVED CVE-2011-2549 (Unspecified vulnerability in Cisco IOS XR 4.1.x before 4.1.1 on Cisco ...) NOT-FOR-US: Cisco IOS XR CVE-2011-2548 RESERVED CVE-2011-2547 (The web-based management interface on Cisco SA 500 series security app ...) NOT-FOR-US: Cisco SA 500 series appliances management interface CVE-2011-2546 (SQL injection vulnerability in the web-based management interface on C ...) NOT-FOR-US: Cisco SA 500 series appliances management interface CVE-2011-2545 (Cross-site scripting (XSS) vulnerability in the SIP implementation on ...) NOT-FOR-US: Cisco SPA CVE-2011-2544 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco ...) NOT-FOR-US: Cisco CVE-2011-2543 (Buffer overflow in the cuil component in Cisco Telepresence System Int ...) NOT-FOR-US: Cisco CVE-2011-2542 RESERVED CVE-2011-2541 RESERVED CVE-2011-2540 RESERVED CVE-2011-2539 RESERVED CVE-2011-2538 (Cisco Video Communications Server (VCS) before X7.0.3 contains a comma ...) - plone3 CVE-2011-2537 RESERVED CVE-2011-XXXX [unspecified security vulnerabilities from 4.3.7] - movabletype-opensource 4.3.7+dfsg-1 (bug #631437) CVE-2011-2536 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x bef ...) {DSA-2276-2 DSA-2276-1} - asterisk 1:1.8.4.4~dfsg-1 (bug #632029) CVE-2011-2534 (Buffer overflow in the clusterip_proc_write function in net/ipv4/netfi ...) - linux-2.6 2.6.32-34 (low) CVE-2011-2533 (The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows lo ...) - dbus 1.3.2~git20100715.821f99c-1 (unimportant) NOTE: Compile-time only CVE-2011-2532 (The json.decode function in util/json.lua in Prosody 0.8.x before 0.8. ...) - prosody 0.8.1-1 [squeeze] - prosody (Minor issue) CVE-2011-2531 (Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect d ...) - prosody 0.8.1-1 [squeeze] - prosody (Minor issue) CVE-2011-2530 (Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware Instal ...) NOT-FOR-US: EDS Hardware Installation tool CVE-2011-2535 (chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x b ...) {DSA-2276-2 DSA-2276-1} - asterisk 1:1.8.4.3-1 (bug #631448) [squeeze] - asterisk [lenny] - asterisk CVE-2011-2529 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x bef ...) {DSA-2276-2 DSA-2276-1} - asterisk 1:1.8.4.3-1 (bug #631446) CVE-2011-2528 (Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x ...) - plone3 CVE-2011-2527 (The change_process_uid function in os-posix.c in Qemu 0.14.0 and earli ...) {DSA-2282-1} - qemu-kvm 0.14.1+dfsg-3 (bug #633669) - kvm (Vulnerable code not present) CVE-2011-2526 (Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7 ...) {DSA-2401-1} - tomcat6 6.0.32-7 (bug #634992) - tomcat7 7.0.19-1 (bug #634992) - tomcat5.5 (bug #634992) CVE-2011-2525 (The qdisc_notify function in net/sched/sch_api.c in the Linux kernel b ...) {DSA-2310-1 DSA-2303-1} - linux-2.6 2.6.35-1 CVE-2011-2524 (Directory traversal vulnerability in soup-uri.c in SoupServer in libso ...) {DSA-2369-1} - libsoup2.4 2.34.3-1 (bug #635837) CVE-2011-2523 (vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backd ...) - vsftpd (backdoored version was never in the Debian archive) CVE-2011-2522 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Samb ...) {DSA-2290-1} - samba 2:3.5.10~dfsg-1 (low) CVE-2011-2521 (The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c i ...) - linux-2.6 2.6.39-1 (low) [squeeze] - linux-2.6 (Vulnerable code not present) [lenny] - linux-2.6 (Vulnerable code not present) CVE-2011-2520 (fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickl ...) NOT-FOR-US: system-config-firewall CVE-2011-2519 (Xen in the Linux kernel, when running a guest on a host without hardwa ...) - xen-3 3.2.1-2 NOTE: Possibly fixed earlier than 3.2.1-2, but that's the version in oldstable, which NOTE: was checked to contain http://xenbits.xen.org/hg/xen-3.1-testing.hg/rev/15644 - xen (Only affects older Xen 3 releases) CVE-2011-2518 (The tomoyo_mount_acl function in security/tomoyo/mount.c in the Linux ...) - linux-2.6 2.6.39-3 (low) [squeeze] - linux-2.6 (Vulnerable code not present) [lenny] - linux-2.6 (Vulnerable code not present) CVE-2011-2517 (Multiple buffer overflows in net/wireless/nl80211.c in the Linux kerne ...) {DSA-2303-1} - linux-2.6 2.6.39-3 (unimportant) [lenny] - linux-2.6 (Vulnerable code not present) NOTE: Requires CAP_NET_ADMIn to exploit CVE-2011-2516 (Off-by-one error in the XML signature feature in Apache XML Security f ...) {DSA-2277-1} - xml-security-c 1.6.1-1 (low; bug #632973) CVE-2011-2515 (PackageKit 0.6.17 allows installation of unsigned RPM packages as thou ...) - packagekit 0.6.17-1 CVE-2011-2514 (The Java Network Launching Protocol (JNLP) implementation in IcedTea6 ...) - openjdk-6 6b21~pre1-1 - icedtea-web 1.1-1 NOTE: Browser plugin was removed in openjdk-6 6b21~pre1-1. CVE-2011-2513 (The Java Network Launching Protocol (JNLP) implementation in IcedTea6 ...) - openjdk-6 6b21~pre1-1 - icedtea-web 1.1.2-1 NOTE: Browser plugin was removed in openjdk-6 6b21~pre1-1. CVE-2011-2512 (The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not proper ...) {DSA-2270-1} - qemu-kvm 0.14.1+dfsg-2 (bug #631975) - kvm [lenny] - kvm (Vulnerability not present) CVE-2011-2511 (Integer overflow in libvirt before 0.9.3 allows remote authenticated u ...) {DSA-2280-1} - libvirt 0.9.2-7 (bug #633630) CVE-2011-2510 (Cross-site scripting (XSS) vulnerability in the RSS embedding feature ...) - dokuwiki 0.0.20110525a-1 (low; bug #631818) [squeeze] - dokuwiki 0.0.20091225c-10+squeeze2 [lenny] - dokuwiki 0.0.20080505-4+lenny3 CVE-2011-2509 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) NOT-FOR-US: Joomla! CVE-2011-2508 (Directory traversal vulnerability in libraries/display_tbl.lib.php in ...) {DSA-2286-1} - phpmyadmin 4:3.4.3.1-1 [lenny] - phpmyadmin (Vulnerable code not present) CVE-2011-2507 (libraries/server_synchronize.lib.php in the Synchronize implementation ...) {DSA-2286-1} - phpmyadmin 4:3.4.3.1-1 (unimportant) [lenny] - phpmyadmin (Vulnerable code not present) NOTE: neutralized by Suhosin patch CVE-2011-2506 (setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 ...) {DSA-2286-1} - phpmyadmin 4:3.4.3.1-1 (low) [lenny] - phpmyadmin (Vulnerable code not present) CVE-2011-2505 (libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication ...) {DSA-2286-1} - phpmyadmin 4:3.4.3.1-1 [lenny] - phpmyadmin (Vulnerable code not present) CVE-2011-2504 (Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf ...) - x11-apps 7.7~1 (low) [squeeze] - x11-apps (Minor issue) CVE-2011-2503 (The insert_module function in runtime/staprun/staprun_funcs.c in the s ...) {DSA-2348-1} - systemtap 1.6-1 (bug #635542) [lenny] - systemtap (Signed modules not yet supported) CVE-2011-2502 (runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun ...) - systemtap 1.6-1 (bug #635542) [lenny] - systemtap (Affected option introduced in 1.4) [squeeze] - systemtap (Affected option introduced in 1.4) CVE-2011-2501 (The png_format_buffer function in pngerror.c in libpng 1.0.x before 1. ...) {DSA-2287-1} - libpng 1.2.44-3 (bug #632786) CVE-2011-2500 (The host_reliable_addrinfo function in support/export/hostname.c in nf ...) - nfs-utils 1:1.2.4-1 (bug #633155) [lenny] - nfs-utils (Introduced in 1.2.3) [squeeze] - nfs-utils (Introduced in 1.2.3) CVE-2011-2499 (Mambo CMS through 4.6.5 has multiple XSS. ...) NOT-FOR-US: Mambo CMS CVE-2011-2498 (The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged ...) - linux-2.6 2.6.39-1 (low) [squeeze] - linux-2.6 (introduced in 2.6.36) [lenny] - linux-2.6 (introduced in 2.6.36) CVE-2011-2497 (Integer underflow in the l2cap_config_req function in net/bluetooth/l2 ...) {DSA-2310-1 DSA-2303-1} - linux-2.6 2.6.39-3 CVE-2011-2496 (Integer overflow in the vma_to_resize function in mm/mremap.c in the L ...) {DSA-2310-1 DSA-2303-1} - linux-2.6 2.6.39-1 (low) CVE-2011-2495 (fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly r ...) {DSA-2310-1 DSA-2303-1} - linux-2.6 3.0.0-1 (low) CVE-2011-2494 (kernel/taskstats.c in the Linux kernel before 3.1 allows local users t ...) - linux-2.6 3.0.0-5 (low) [squeeze] - linux-2.6 2.6.32-40 CVE-2011-2493 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel be ...) - linux-2.6 2.6.39-1 (low) [squeeze] - linux-2.6 (sbi->s_err-report didn't exist yet) [lenny] - linux-2.6 (sbi->s_err-report didn't exist yet) CVE-2011-2492 (The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not pr ...) {DSA-2310-1 DSA-2303-1} - linux-2.6 3.0.0-1 (low) CVE-2011-2491 (The Network Lock Manager (NLM) protocol implementation in the NFS clie ...) {DSA-2310-1 DSA-2303-1} - linux-2.6 3.0.0-1 CVE-2011-2490 (opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not chec ...) {DSA-2281-1} - opie (bug #631345) CVE-2011-2489 (Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 a ...) {DSA-2281-1} - opie (bug #631344) CVE-2011-2488 (Joomla! before 1.5.23 does not properly check for errors, which allows ...) NOT-FOR-US: Joomla! CVE-2011-2487 (The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncr ...) NOT-FOR-US: Apache CXF CVE-2011-2486 (nspluginwrapper before 1.4.4 does not properly provide access to NPNVp ...) - nspluginwrapper (bug #671846) [squeeze] - nspluginwrapper (Contrib not supported) CVE-2011-2485 (The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk- ...) - gdk-pixbuf 2.23.3-3.1 (bug #631524) [squeeze] - gdk-pixbuf (Minor issue) [lenny] - gdk-pixbuf (Minor issue) CVE-2011-2484 (The add_del_listener function in kernel/taskstats.c in the Linux kerne ...) {DSA-2310-1 DSA-2303-1} - linux-2.6 2.6.39-3 (low) CVE-2011-2483 (crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain plat ...) {DSA-2399-1 DSA-2340-1} - libcrypt-eksblowfish-perl (discovered and corrected in initial release in 2007) - php-suhosin (bug #631283; that portion is not used since PHP 5.3) [lenny] - php-suhosin (bug #631283) - postgresql-8.4 8.4.9-1 (bug #631285) - postgresql-9.0 9.0.5-1 (bug #631285) - postgresql-9.1 9.1~rc1-1 - php5 5.3.6-13 (bug #631347) - libxcrypt 1:2.4-1.1 (bug #679628) [squeeze] - libxcrypt (Minor issue) NOTE: http://openwall.com/lists/oss-security/2011/06/20/2 CVE-2011-2482 (A certain Red Hat patch to the sctp_sock_migrate function in net/sctp/ ...) - linux-2.6 (RHEL-specific regression) CVE-2011-2481 (Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace ...) - tomcat7 7.0.19-1 CVE-2011-2480 (Information Disclosure vulnerability in the 802.11 stack, as used in F ...) - kfreebsd-9 9.0~svn223502-1 (bug #631160) - kfreebsd-8 8.2-3 (bug #631161) [squeeze] - kfreebsd-8 8.1+dfsg-8+squeeze1 - kfreebsd-7 CVE-2011-2479 (The Linux kernel before 2.6.39 does not properly create transparent hu ...) - linux-2.6 2.6.39-1 [squeeze] - linux-2.6 (Vulnerable code introduced in 2.6.38) [lenny] - linux-2.6 (Vulnerable code introduced in 2.6.38) CVE-2011-2478 (Google SketchUp before 8 does not properly handle edge geometry in Ske ...) NOT-FOR-US: Google SketchUp CVE-2011-2470 (Cross-site scripting (XSS) vulnerability in chat/base/admin/login.php ...) NOT-FOR-US: A Really Simple Chat CVE-2011-2469 RESERVED CVE-2011-2467 (SQL injection vulnerability in lsassd in Lsass in the Likewise Securit ...) NOT-FOR-US: Likewise CVE-2011-2466 RESERVED CVE-2011-2465 (Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and ...) - bind9 1:9.8.1.dfsg.P1-1 [squeeze] - bind9 (Only affects 9.8) [lenny] - bind9 (Only affects 9.8) CVE-2011-2464 (Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9. ...) {DSA-2272-1} - bind9 1:9.8.1.dfsg-1 (high) CVE-2011-2463 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 throu ...) NOT-FOR-US: Adobe ColdFusion CVE-2011-2462 (Unspecified vulnerability in the U3D component in Adobe Reader and Acr ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2011-2461 (Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and ...) NOT-FOR-US: Adobe Flex CVE-2011-2460 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2459 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2458 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2457 (Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 a ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2456 (Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2455 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2454 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2453 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2452 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2451 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2450 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2449 (The TextXtra module in Adobe Shockwave Player before 11.6.3.633 allows ...) NOT-FOR-US: Adobe Shockwave CVE-2011-2448 (The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows ...) NOT-FOR-US: Adobe Shockwave CVE-2011-2447 (Adobe Shockwave Player before 11.6.3.633 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave CVE-2011-2446 (The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows ...) NOT-FOR-US: Adobe Shockwave CVE-2011-2445 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2444 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2443 (Multiple buffer overflows in Adobe Photoshop Elements 8.0 and earlier ...) NOT-FOR-US: Adobe Photoshop Elements CVE-2011-2442 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2441 (Multiple stack-based buffer overflows in CoolType.dll in Adobe Reader ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2440 (Use-after-free vulnerability in Adobe Reader and Acrobat 8.x before 8. ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2439 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2438 (Multiple stack-based buffer overflows in the image-parsing library in ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2437 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3. ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2436 (Heap-based buffer overflow in the image-parsing library in Adobe Reade ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2435 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x befo ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2434 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3. ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2433 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3. ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2432 (Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8 ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2431 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2430 (Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2429 (Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2428 (Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2427 (Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2426 (Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2425 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2424 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2423 (msvcr90.dll in Adobe Shockwave Player before 11.6.1.629 allows remote ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2422 (Textra.x32 in Adobe Shockwave Player before 11.6.1.629 allows remote a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2421 (Dirapi.dll in Adobe Shockwave Player before 11.6.1.629 allows attacker ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2420 (Adobe Shockwave Player before 11.6.1.629 allows remote attackers to ex ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2419 (IML32.dll in Adobe Shockwave Player before 11.6.1.629 allows remote at ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2418 REJECTED CVE-2011-2417 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2416 (Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, M ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2415 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Ma ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2414 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Ma ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2413 RESERVED CVE-2011-2412 (Unspecified vulnerability in HP Business Service Automation (BSA) Esse ...) NOT-FOR-US: HP Business Service Automation CVE-2011-2411 (Unspecified vulnerability on HP NonStop Servers with software H06.x th ...) NOT-FOR-US: HP NonStop Servers CVE-2011-2410 (Cross-site scripting (XSS) vulnerability in HP OpenView Performance In ...) NOT-FOR-US: HP OpenView CVE-2011-2409 (Cross-site scripting (XSS) vulnerability in the Calendar application i ...) NOT-FOR-US: HP Palm webOS 3.x CVE-2011-2408 (Cross-site scripting (XSS) vulnerability in the Contacts application i ...) NOT-FOR-US: HP Palm webOS 3.x CVE-2011-2407 (Unspecified vulnerability in HP OpenView Performance Insight 5.3, 5.31 ...) NOT-FOR-US: HP OpenView Performance Insight CVE-2011-2406 (Cross-site scripting (XSS) vulnerability in HP OpenView Performance In ...) NOT-FOR-US: HP OpenView Performance Insight CVE-2011-2405 (The HP ProLiant SL Advanced Power Manager (SL-APM) with firmware befor ...) NOT-FOR-US: HP ProLiant SL Advanced Power Manager CVE-2011-2404 (A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care S ...) NOT-FOR-US: HP Easy Printer Care Software CVE-2011-2403 (SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, ...) NOT-FOR-US: HP Network Automation CVE-2011-2402 (Cross-site scripting (XSS) vulnerability in HP Network Automation 7.2x ...) NOT-FOR-US: HP Network Automation CVE-2011-2401 (Session fixation vulnerability in HP SiteScope 9.x, 10.x, and 11.x all ...) NOT-FOR-US: HP SiteScope CVE-2011-2400 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, an ...) NOT-FOR-US: HP SiteScope CVE-2011-2399 (Unspecified vulnerability in the Media Management Daemon (mmd) in HP D ...) NOT-FOR-US: HP Data Protector CVE-2011-2398 (Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B ...) NOT-FOR-US: HP-UX CVE-2011-2397 (The Agent service in Iron Mountain Connected Backup 8.4 allows remote ...) NOT-FOR-US: Iron Mountain Connected Backup CVE-2011-2396 RESERVED CVE-2011-2394 RESERVED CVE-2011-2393 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...) - kfreebsd-7 (low) - kfreebsd-8 (low) [squeeze] - kfreebsd-8 (Minor issue) [wheezy] - kfreebsd-8 (Minor issue) - kfreebsd-9 (low; bug #684072) [squeeze] - kfreebsd-9 (Minor issue) [wheezy] - kfreebsd-9 (Minor issue) - kfreebsd-10 (unimportant) [jessie] - kfreebsd-10 (Minor issue) NOTE: http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt NOTE: Starting with stretch kfreebsd is no longer supported CVE-2011-2392 RESERVED CVE-2011-2391 (The IPv6 implementation in the kernel in Apple iOS before 7 allows rem ...) NOT-FOR-US: Apple iOS CVE-2011-2390 RESERVED CVE-2011-2389 RESERVED CVE-2011-2388 RESERVED CVE-2011-2387 RESERVED CVE-2011-2386 (VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey befo ...) NOT-FOR-US: VisiWave Site Survey CVE-2011-2385 (The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in ...) - otrs2 (does not include iPhoneHandle package) CVE-2011-2384 RESERVED CVE-2011-2381 (CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x ...) {DSA-2322-1} - bugzilla (low) [squeeze] - bugzilla 3.6.2.0-4.4 CVE-2011-2380 (Bugzilla 2.23.3 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4. ...) {DSA-2322-1} - bugzilla (low) [squeeze] - bugzilla 3.6.2.0-4.4 CVE-2011-2379 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22. ...) {DSA-2322-1} - bugzilla (low) [squeeze] - bugzilla 3.6.2.0-4.4 CVE-2011-2378 (The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird ...) {DSA-2297-1 DSA-2296-1 DSA-2295-1} - icedove 3.1.12-1 [lenny] - icedove - xulrunner (unimportant) [lenny] - xulrunner 1.9.0.19-13 - iceweasel 6.0-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-5 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2011-2377 (Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird befor ...) - xulrunner (Was already fixed as CVE-2010-1201 for Firefox < 3.6) - iceweasel (Was already fixed as CVE-2010-1201 for Firefox < 3.6) - iceape (Was already fixed as CVE-2010-1201 for Firefox < 3.6) - icedove (Was already fixed as CVE-2010-1201 for Firefox < 3.6) CVE-2011-2376 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2273-3 DSA-2269-1 DSA-2268-1} - xulrunner (unimportant) [lenny] - xulrunner 1.9.0.19-12 - iceweasel 3.5.19-3 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-3 [lenny] - iceape (Only a stub package) - icedove 3.1.11-1 [lenny] - icedove NOTE: xulrunner in wheezy is not covered by security support CVE-2011-2375 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - xulrunner (Only affects Firefox 5.0, not yet in unstable) - iceweasel (Only affects Firefox 5.0, not yet in unstable) CVE-2011-2374 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2273-3 DSA-2269-1 DSA-2268-1} - xulrunner (unimportant) [lenny] - xulrunner 1.9.0.19-12 - iceweasel 3.5.19-3 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-3 [lenny] - iceape (Only a stub package) - icedove 3.1.11-1 [lenny] - icedove NOTE: xulrunner in wheezy is not covered by security support CVE-2011-2373 (Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x ...) {DSA-2273-3 DSA-2269-1 DSA-2268-1} - xulrunner (unimportant) - iceweasel 3.5.19-3 [lenny] - xulrunner 1.9.0.19-12 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-3 [lenny] - iceape (Only a stub package) - icedove 3.1.11-1 [lenny] - icedove NOTE: xulrunner in wheezy is not covered by security support CVE-2011-2372 (Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7. ...) {DSA-2317-1 DSA-2313-1 DSA-2312-1} - icedove 3.1.15-1 [lenny] - icedove - xulrunner (unimportant) - iceweasel 7.0-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-8 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2011-2371 (Integer overflow in the Array.reduceRight method in Mozilla Firefox be ...) {DSA-2273-3 DSA-2269-1 DSA-2268-1} - xulrunner (unimportant) - iceweasel 3.5.19-3 [lenny] - xulrunner 1.9.0.19-12 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-3 [lenny] - iceape (Only a stub package) - icedove 3.1.11-1 [lenny] - icedove NOTE: xulrunner in wheezy is not covered by security support CVE-2011-2370 (Mozilla Firefox before 5.0 does not properly enforce the whitelist for ...) - xulrunner (Only affects Firefox 4.x and above) - iceweasel 5.0-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) [squeeze] - iceweasel (Only affects Firefox 4.x and above) - iceape (Only affects Firefox 4.x and above) - icedove (Only affects Firefox 4.x and above) CVE-2011-2369 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x throug ...) - xulrunner (Only affects Firefox >= 4.0, not yet in unstable) - iceweasel (Only affects Firefox >= 4.0, not yet in unstable) CVE-2011-2368 (The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not ...) - xulrunner (Only affects Firefox >= 4.0, not yet in unstable) - iceweasel (Only affects Firefox >= 4.0, not yet in unstable) CVE-2011-2367 (The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not ...) - xulrunner (Only affects Firefox >= 4.0, not yet in unstable) - iceweasel (Only affects Firefox >= 4.0, not yet in unstable) CVE-2011-2366 (Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbir ...) - xulrunner (Only affects Firefox >= 4.0, not yet in unstable) - iceweasel (Only affects Firefox >= 4.0, not yet in unstable) CVE-2011-2365 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6 ...) {DSA-2273-3 DSA-2269-1 DSA-2268-1} - xulrunner (Vulnerable code not present) - iceweasel 3.5.19-3 [lenny] - xulrunner 1.9.0.19-12 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-3 [lenny] - iceape (Only a stub package) - icedove 3.1.11-1 [lenny] - icedove CVE-2011-2364 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6 ...) - xulrunner (Only affects Firefox >= 3.6) - iceweasel (Only affects Firefox >= 3.6) - iceape (Only affects Firefox >= 3.6) - icedove (Only affects Firefox >= 3.6) CVE-2011-2363 (Use-after-free vulnerability in the nsSVGPointList::AppendElement func ...) {DSA-2273-3 DSA-2269-1 DSA-2268-1} - iceweasel 3.5.19-3 - xulrunner (unimportant) [lenny] - xulrunner 1.9.0.19-12 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-3 [lenny] - iceape (Only a stub package) - icedove 3.1.11-1 [lenny] - icedove NOTE: xulrunner in wheezy is not covered by security support CVE-2011-2362 (Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonke ...) {DSA-2273-3 DSA-2269-1 DSA-2268-1} - iceweasel 3.5.19-3 - xulrunner (unimportant) [lenny] - xulrunner 1.9.0.19-12 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-3 [lenny] - iceape (Only a stub package) - icedove 3.1.11-1 [lenny] - icedove NOTE: xulrunner in wheezy is not covered by security support CVE-2011-2361 (The Basic Authentication dialog implementation in Google Chrome before ...) - chromium-browser 13.0.782.107~r94237-1 (unimportant) - webkit (chromium specific) CVE-2011-2360 (Google Chrome before 13.0.782.107 does not ensure that the user is pro ...) - chromium-browser 13.0.782.107~r94237-1 (unimportant) - webkit (chromium specific) CVE-2011-2359 (Google Chrome before 13.0.782.107 does not properly track line boxes d ...) {DSA-2307-1} - chromium-browser 13.0.782.107~r94237-1 NOTE: http://trac.webkit.org/changeset/90068 CVE-2011-2358 (Google Chrome before 13.0.782.107 does not ensure that extension insta ...) - chromium-browser 13.0.782.107~r94237-1 (unimportant) - webkit (chromium specific) CVE-2011-2357 (Cross-application scripting vulnerability in the Browser URL loading f ...) NOT-FOR-US: Android CVE-2011-2356 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-2355 RESERVED CVE-2011-2354 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-2353 (Use after free vulnerability in documentloader in WebKit in Google Chr ...) NOTE: Historic webkit/Chromium issues CVE-2011-2352 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-2351 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 allo ...) - chromium-browser 12.0.742.112~r90304-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/88584 NOTE: http://trac.webkit.org/changeset/88549 CVE-2011-2350 (The HTML parser in Google Chrome before 12.0.742.112 does not properly ...) - chromium-browser 12.0.742.112~r90304-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/88411 NOTE: http://trac.webkit.org/changeset/88434 CVE-2011-2349 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 allo ...) - chromium-browser 12.0.742.112~r90304-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/88456 CVE-2011-2348 (Google V8, as used in Google Chrome before 12.0.742.112, performs an i ...) - libv8 3.4.14-1 [squeeze] - libv8 (Unsupported in squeeze-lts) NOTE: Fixed in V8 bleeding edge r8230, 3.2.10.17 and 3.3.10.9. CVE-2011-2347 (Google Chrome before 12.0.742.112 does not properly handle Cascading S ...) - chromium-browser 12.0.742.112~r90304-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/88448 CVE-2011-2346 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 allo ...) - chromium-browser 12.0.742.112~r90304-1 [squeeze] - chromium-browser NOTE: introduced in http://trac.webkit.org/changeset/77740 NOTE: http://trac.webkit.org/changeset/87827 CVE-2011-2345 (The NPAPI implementation in Google Chrome before 12.0.742.112 does not ...) - chromium-browser (linux version is not affected) - webkit CVE-2011-2344 (Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext H ...) NOT-FOR-US: Android SDK CVE-2011-2343 (The Bluetooth stack in Android before 2.3.6 allows a physically proxim ...) NOT-FOR-US: Android CVE-2011-2341 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-2340 RESERVED CVE-2011-2339 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-2338 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-2337 (A wrong type is used for a return value from strlen in WebKit in Googl ...) NOTE: Historic webkit/Chromium issues CVE-2011-2336 (An issue exists in WebKit in Google Chrome before Blink M12. when clea ...) NOTE: Historic webkit/Chromium issues CVE-2011-2335 (A double-free vulnerability exists in WebKit in Google Chrome before B ...) NOTE: Historic webkit/Chromium issues CVE-2011-2334 (Use after free vulnerability exists in WebKit in Google Chrome before ...) NOTE: Historic webkit/Chromium issues CVE-2011-2333 RESERVED CVE-2011-2329 (The rampart_timestamp_token_validate function in util/rampart_timestam ...) - rampart 1.3.0-3 (low; bug #631221) [squeeze] - rampart (Minor issue) CVE-2011-2327 (Unspecified vulnerability in the Oracle Communications Unified compone ...) NOT-FOR-US: Oracle Sun Products Suite CVE-2011-2326 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...) NOT-FOR-US: Oracle JD Edwards Products CVE-2011-2325 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...) NOT-FOR-US: Oracle JD Edwards Products CVE-2011-2324 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...) NOT-FOR-US: Oracle JD Edwards Products CVE-2011-2323 (Unspecified vulnerability in the Health Sciences - Oracle Thesaurus Ma ...) NOT-FOR-US: Oracle Thesaurus Management System CVE-2011-2322 (Unspecified vulnerability in the Database Vault component in Oracle Da ...) NOT-FOR-US: Oracle Database Server CVE-2011-2321 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...) NOT-FOR-US: Oracle JD Edwards Products CVE-2011-2320 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-2319 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-2318 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-2317 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...) NOT-FOR-US: Oracle JD Edwards Products CVE-2011-2316 (Unspecified vulnerability in the Siebel Apps - Marketing component in ...) NOT-FOR-US: Oracle Siebel CVE-2011-2315 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: PeopleSoft Enterprise CVE-2011-2314 (Unspecified vulnerability in the Oracle Containers for J2EE component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-2313 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...) NOT-FOR-US: Oracle Solaris CVE-2011-2312 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...) NOT-FOR-US: Oracle Solaris CVE-2011-2311 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...) NOT-FOR-US: Oracle Solaris CVE-2011-2310 (Unspecified vulnerability in the Oracle Waveset component in Oracle Su ...) NOT-FOR-US: Oracle Sun Products Suite CVE-2011-2309 (Unspecified vulnerability in the Health Sciences - Oracle Clinical, Re ...) NOT-FOR-US: Oracle Industry Applications CVE-2011-2308 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2011-2307 (Unspecified vulnerability in Oracle SysFW 8.1.0.a in various Oracle SP ...) NOT-FOR-US: Oracle SysFW CVE-2011-2306 (Unspecified vulnerability in Oracle Linux 4 and 5 allows remote authen ...) NOT-FOR-US: Oracle Linux-specific feature CVE-2011-2305 (Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local use ...) - virtualbox-ose (Only affects 4.x) - virtualbox 4.0.10-dfsg-1 CVE-2011-2304 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...) NOT-FOR-US: Oracle Solaris CVE-2011-2303 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2011-2302 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2011-2301 (Unspecified vulnerability in the Oracle Text component in Oracle Datab ...) NOT-FOR-US: Oracle Database CVE-2011-2300 (Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4 ...) - virtualbox-guest-additions-iso 4.0.10-1 (bug #635276) [squeeze] - virtualbox-guest-additions (Non-free not supported) CVE-2011-2299 (Unspecified vulnerability in Oracle SPARC Enterprise M3000, M4000, M50 ...) NOT-FOR-US: Oracle SPARC Enterprise CVE-2011-2298 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows r ...) NOT-FOR-US: Oracle Solaris CVE-2011-2297 (Unspecified vulnerability in Oracle Solaris Cluster 3.3 allows local u ...) NOT-FOR-US: Oracle Solaris Cluster CVE-2011-2296 (Unspecified vulnerability in Oracle Solaris 11 Express allows local us ...) NOT-FOR-US: Oracle Solaris CVE-2011-2295 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...) NOT-FOR-US: Oracle Solaris CVE-2011-2294 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows r ...) NOT-FOR-US: Oracle Solaris CVE-2011-2293 (Unspecified vulnerability in Oracle Solaris 11 Express allows local us ...) NOT-FOR-US: Oracle Solaris CVE-2011-2292 (Unspecified vulnerability in Oracle Solaris 9 and 11 Express allows lo ...) NOT-FOR-US: Oracle Solaris CVE-2011-2291 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...) NOT-FOR-US: Oracle Solaris CVE-2011-2290 (Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows ...) NOT-FOR-US: Oracle Solaris CVE-2011-2289 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...) NOT-FOR-US: Oracle Solaris CVE-2011-2288 (Unspecified vulnerability in Sun Integrated Lights Out Manager (ILOM) ...) NOT-FOR-US: Oracle SysFW CVE-2011-2287 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...) NOT-FOR-US: Oracle Solaris CVE-2011-2286 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows r ...) NOT-FOR-US: Oracle Solaris CVE-2011-2285 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...) NOT-FOR-US: Oracle Solaris CVE-2011-2284 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2011-2283 (Unspecified vulnerability in the PeopleSoft Enterprise FMS component i ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2011-2282 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2011-2281 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2011-2280 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2011-2279 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2011-2278 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2011-2277 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component i ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2011-2276 REJECTED CVE-2011-2275 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2011-2274 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2011-2273 (Unspecified vulnerability in the Agile Core Technology component in Or ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2011-2272 (Unspecified vulnerability in the PeopleSoft Enterprise FSCM component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2011-2271 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2011-2270 REJECTED CVE-2011-2269 REJECTED CVE-2011-2268 REJECTED CVE-2011-2267 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-2266 REJECTED CVE-2011-2265 REJECTED CVE-2011-2264 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-2263 (Unspecified vulnerability in Sun Integrated Lights Out Manager in Orac ...) NOT-FOR-US: Oracle SysFW CVE-2011-2262 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2429-1} - mysql-5.1 5.1.61-2 (bug #659687) CVE-2011-2261 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...) NOT-FOR-US: Oracle Secure Backup CVE-2011-2260 (Unspecified vulnerability in the Oracle GlassFish Server component in ...) NOT-FOR-US: Oracle Sun Products Suite CVE-2011-2259 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...) NOT-FOR-US: Oracle Solaris CVE-2011-2258 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...) NOT-FOR-US: Oracle Solaris CVE-2011-2257 (Unspecified vulnerability in the Database Target Type Menus component ...) NOT-FOR-US: Oracle Database Server and Enterprise Manager Grid Control CVE-2011-2256 REJECTED CVE-2011-2255 (Unspecified vulnerability in the Oracle WebLogic Portal component in O ...) NOT-FOR-US: Oracle Fusion CVE-2011-2254 REJECTED CVE-2011-2253 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2011-2252 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...) NOT-FOR-US: Oracle Secure Backup CVE-2011-2251 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...) NOT-FOR-US: Oracle Secure Backup CVE-2011-2250 (Unspecified vulnerability in the PeopleSoft Enterprise FIN component i ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2011-2249 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote ...) NOT-FOR-US: Oracle Solaris CVE-2011-2248 (Unspecified vulnerability in the SQL Performance Advisories/UIs compon ...) NOT-FOR-US: Oracle Database Server and Enterprise Manager Grid Control CVE-2011-2247 REJECTED CVE-2011-2246 (Unspecified vulnerability in the Business Intelligence component in Or ...) NOT-FOR-US: Oracle E-Business Suite CVE-2011-2245 (Unspecified vulnerability in the Solaris component in Oracle Sun Produ ...) NOT-FOR-US: Oracle Sun Products Suite CVE-2011-2244 (Unspecified vulnerability in the Security Framework component in Oracl ...) NOT-FOR-US: Oracle Database Server and Enterprise Manager Grid Control CVE-2011-2243 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2011-2242 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2011-2241 (Unspecified vulnerability in the Oracle Business Intelligence Enterpri ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-2240 (Unspecified vulnerability in the Oracle Universal Installer component ...) NOT-FOR-US: Oracle Database Server CVE-2011-2239 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2011-2238 (Unspecified vulnerability in the Database Vault component in Oracle Da ...) NOT-FOR-US: Oracle Database Server CVE-2011-2237 (Unspecified vulnerability in the Oracle Web Services Manager component ...) NOT-FOR-US: Oracle Fusion CVE-2011-2236 REJECTED CVE-2011-2235 REJECTED CVE-2011-2234 REJECTED CVE-2011-2233 REJECTED CVE-2011-2232 (Unspecified vulnerability in the XML Developer Kit component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2011-2231 (Unspecified vulnerability in the XML Developer Kit component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2011-2230 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2011-2229 REJECTED CVE-2011-2228 REJECTED CVE-2011-2227 (Cross-site scripting (XSS) vulnerability in Novell Identity Manager (a ...) NOT-FOR-US: Novell Identity Manager CVE-2011-2226 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as use ...) NOT-FOR-US: Kiwi, SUSE Studio CVE-2011-2225 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studi ...) NOT-FOR-US: Kiwi, SUSE Studio CVE-2011-2224 (The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1 ...) NOT-FOR-US: Novell Data Synchronizer CVE-2011-2223 (The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1 ...) NOT-FOR-US: Novell Data Synchronizer CVE-2011-2222 (Session fixation vulnerability in WebAdmin in the Mobility Pack before ...) NOT-FOR-US: Novell Data Synchronizer CVE-2011-2221 (The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1 ...) NOT-FOR-US: Novell Data Synchronizer CVE-2011-2220 (Stack-based buffer overflow in NFREngine.exe in Novell File Reporter E ...) NOT-FOR-US: Novell File Reporter CVE-2011-2219 (Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell ...) NOT-FOR-US: Novell GroupWise CVE-2011-2218 (Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell ...) NOT-FOR-US: Novell GroupWise CVE-2011-2217 (Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex5 ...) NOT-FOR-US: VMware CVE-2011-2213 (The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux k ...) {DSA-2389-1 DSA-2310-1} - linux-2.6 2.6.39-3 [squeeze] - linux-2.6 2.6.32-36 CVE-2011-2212 (Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier ...) {DSA-2282-1} - qemu-kvm 0.14.1+dfsg-3 (bug #632987) - kvm CVE-2011-2207 (dirmngr before 2.1.0 improperly handles certain system calls, which al ...) - dirmngr (unimportant; bug #627377) NOTE: Negligible impact CVE-2011-2206 (XMLParser.pm in DJabberd before 0.85 allows remote authenticated users ...) NOT-FOR-US: Djabberd CVE-2011-2205 (Prosody before 0.8.1 does not properly detect recursion during entity ...) - prosody 0.7.0-1 (low; bug #579087) [squeeze] - prosody (Minor issue) [lenny] - prosody (Minor issue) CVE-2011-2204 (Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7 ...) {DSA-2401-1} - tomcat5.5 (low; bug #632882) [lenny] - tomcat5.5 (Minor issue) - tomcat6 6.0.32-5 (low; bug #632882) [lenny] - tomcat6 (Minor issue) [squeeze] - tomcat6 (Minor issue) - tomcat7 7.0.16-3 (low; bug #632882) CVE-2011-2201 (The Data::FormValidator module 4.66 and earlier for Perl, when untaint ...) - libdata-formvalidator-perl 4.66-3 (low; bug #629511) [lenny] - libdata-formvalidator-perl (Minor issue) [squeeze] - libdata-formvalidator-perl 4.66-1+squeeze1 CVE-2011-2200 (The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus ( ...) - dbus 1.4.12-1 (low; bug #629938) [squeeze] - dbus 1.2.24-4+squeeze1 [lenny] - dbus (Minor issue) CVE-2011-2197 (The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x ...) - rails (Affected plugin not installed, see bug #634990) CVE-2011-2196 (jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as dis ...) NOT-FOR-US: JBoss Seam CVE-2011-2195 RESERVED CVE-2011-2193 (Multiple buffer overflows in Terascale Open-Source Resource and Queue ...) {DSA-2329-1} - torque 2.4.15+dfsg-1 (bug #635342) CVE-2011-2192 (The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10. ...) {DSA-2271-1} - curl 7.21.6-2 (high; bug #631615) CVE-2011-2191 (Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in C ...) - cherokee (low; bug #661993) [squeeze] - cherokee (Minor issue) CVE-2011-2189 (net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does n ...) - linux-2.6 2.6.35-1 (low) [lenny] - linux-2.6 (attacker needs elevated CAP_SYS_ADMIN privileges to abuse this) [squeeze] - linux-2.6 (attacker needs elevated CAP_SYS_ADMIN privileges to abuse this) - vsftpd 2.3.4-1 (bug #629373) [squeeze] - vsftpd 2.3.2-3+squeeze2 [lenny] - vsftpd 2.0.7-1+lenny1 NOTE: this is technically a kernel bug. however this has been workarounded specifically NOTE: for vsftpd by adding a kernel check before using this feature, see DSA-2304-1 NOTE: for details CVE-2011-2187 (xscreensaver before 5.14 crashes during activation and leaves the scre ...) - xscreensaver 5.14-1 (bug #627382) [squeeze] - xscreensaver (introduced in 5.13) CVE-2011-2186 REJECTED CVE-2011-2181 (Multiple SQL injection vulnerabilities in A Really Simple Chat (ARSC) ...) NOT-FOR-US: A Really Simple Chat CVE-2011-2180 (Cross-site scripting (XSS) vulnerability in dereferer.php in A Really ...) NOT-FOR-US: A Really Simple Chat CVE-2011-2177 (OpenOffice.org v3.3 allows execution of arbitrary code with the privil ...) NOT-FOR-US: Claimed older OpenOffice vulnerability, which was never disclosed CVE-2011-2176 (GNOME NetworkManager before 0.8.6 does not properly enforce the auth_a ...) - network-manager 0.9.0-1 (low; bug #631520) [squeeze] - network-manager (Minor issue) NOTE: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=id=e7273c1609ac267e1d77ff03c97c8929f15e3737 NOTE: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=id=287fe10c40ae9b90ce703b79f3479b755f0956c0 NOTE: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=id=e5085f950730b1e2e68645231e2042127c29a82e CVE-2011-2167 (script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot ...) - dovecot 1:2.0.13-1 (low) [squeeze] - dovecot (Vulnerable script not present) [lenny] - dovecot (Vulnerable script not present) CVE-2011-2166 (script-login in Dovecot 2.0.x before 2.0.13 does not follow the user a ...) - dovecot 1:2.0.13-1 (low) [squeeze] - dovecot (Vulnerable script not present) [lenny] - dovecot (Vulnerable script not present) CVE-2011-2477 (Multiple cross-site scripting (XSS) vulnerabilities in config.c in con ...) - icinga 1.4.1-1 [squeeze] - icinga (Minor issue) - nagios3 3.4.1-1 [squeeze] - nagios3 (Minor issue) NOTE: Nagios might be fixed earlier than 3.4.1, checked the Wheezy version CVE-2011-2476 (Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery ( ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2011-2208 (Integer signedness error in the osf_getdomainname function in arch/alp ...) {DSA-2310-1} - linux-2.6 2.6.32-1 NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed CVE-2011-2209 (Integer signedness error in the osf_sysinfo function in arch/alpha/ker ...) {DSA-2310-1} - linux-2.6 2.6.32-1 NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed CVE-2011-2210 (The osf_getsysinfo function in arch/alpha/kernel/osf_sys.c in the Linu ...) - linux-2.6 2.6.32-1 NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed CVE-2011-2211 (The osf_wait4 function in arch/alpha/kernel/osf_sys.c in the Linux ker ...) {DSA-2310-1} - linux-2.6 2.6.32-1 NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed CVE-2011-2203 (The hfs_find_init function in the Linux kernel 2.6 allows local users ...) - linux-2.6 3.1.1-1 [squeeze] - linux-2.6 2.6.32-40 CVE-2011-2202 (The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3. ...) {DSA-2266-1} - php5 5.3.6-12 CVE-2011-2199 (Buffer overflow in tftp-hpa before 5.1 allows remote attackers to caus ...) - tftp-hpa 5.1-1 (low) [squeeze] - tftp-hpa (Minor issue) NOTE: http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=commitdiff;h=f3035c45bc50bb5cac87ca01e7ef6a12485184f8 CVE-2011-2198 (The "insert-blank-characters" capability in caps.c in gnome-terminal ( ...) - vte 1:0.28.1-1 (low; bug #629688) [lenny] - vte (Minor issue) [squeeze] - vte 1:0.24.3-3 CVE-2011-2185 (Fabric before 1.1.0 allows local users to overwrite arbitrary files vi ...) - fabric 1.1.2-1 (low; bug #629003) [squeeze] - fabric (Minor issue) CVE-2011-2475 (Format string vulnerability in ECTrace.dll in the iMailGateway service ...) NOT-FOR-US: Sybase OneBridge Mobile Data Suite CVE-2011-2474 (Directory traversal vulnerability in the HTTP Server in Sybase EAServe ...) NOT-FOR-US: Sybase EAServer CVE-2011-2473 (The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and ear ...) - oprofile 0.9.6-1.1+squeeze2 (bug #630084) CVE-2011-2472 (Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 ...) - oprofile 0.9.6-1.1+squeeze2 (bug #630084) CVE-2011-2471 (utils/opcontrol in OProfile 0.9.6 and earlier might allow local users ...) - oprofile 0.9.6-1.1+squeeze2 (bug #630084) CVE-2011-2468 (Directory traversal vulnerability in the web interface in AnyMacro Mai ...) NOT-FOR-US: AnyMacro Mail System G4X CVE-2011-2395 (The Neighbor Discovery (ND) protocol implementation in Cisco IOS on un ...) NOT-FOR-US: Cisco CVE-2011-2383 (Microsoft Internet Explorer 9 and earlier does not properly restrict c ...) NOT-FOR-US: Microsoft CVE-2011-2342 (The DOM implementation in Google Chrome before 12.0.742.91 allows remo ...) - chromium-browser 12.0.742.91~r87961-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/88071 CVE-2011-2382 (Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 bet ...) NOT-FOR-US: Microsoft CVE-2011-2332 (Google V8, as used in Google Chrome before 12.0.742.91, allows remote ...) - chromium-browser 12.0.742.91~r87961-1 [squeeze] - chromium-browser - libv8 3.4.14-1 [squeeze] - libv8 (Unsupported in squeeze-lts) NOTE: execScript removed in libv8 3.2 branch CVE-2011-2194 (Integer overflow in the XSPF playlist parser in VideoLAN VLC media pla ...) {DSA-2257-1} - vlc 1.1.10-1 [lenny] - vlc (Vulnerable code not present) NOTE: https://repo.or.cz/w/vlc.git/commitdiff/cd929923ff49175a501bb3e9553a683bc42ff61c CVE-2011-2190 (The generate_admin_password function in Cherokee before 1.2.99 uses ti ...) - cherokee 1.0.14-1 (low; bug #647205) [squeeze] - cherokee 1.0.8-5+squeeze1 [lenny] - cherokee (Minor issue) NOTE: http://code.google.com/p/cherokee/issues/detail?id=1212 CVE-2011-2188 (LuaExpat before 1.2.0 does not properly detect recursion during entity ...) - lua-expat 1.2.0-1 (low; bug #629225) [squeeze] - lua-expat 1.2.0-0squeeze1 [lenny] - lua-expat (Minor issue) CVE-2011-2184 (The key_replace_session_keyring function in security/keys/process_keys ...) - linux-2.6 2.6.39-2 [lenny] - linux-2.6 (Introduced in 2.6.39) [squeeze] - linux-2.6 (Introduced in 2.6.39) CVE-2011-2183 (Race condition in the scan_get_next_rmap_item function in mm/ksm.c in ...) {DSA-2389-1} - linux-2.6 2.6.39-3 (low) [lenny] - linux-2.6 (Vulnerable code not present) [squeeze] - linux-2.6 2.6.32-36 CVE-2011-2331 (Integer overflow in img.exe in HP Intelligent Management Center (IMC) ...) NOT-FOR-US: HP Intelligent Management Center (IMC) CVE-2011-2330 (Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, ...) NOT-FOR-US: IBM Tivoli Management Framework CVE-2011-2328 (Buffer overflow in HP LoadRunner allows remote attackers to cause a de ...) NOT-FOR-US: HP LoadRunner CVE-2011-2215 (Unspecified vulnerability in WalRack 1.x before 1.1.8 and 2.x before 2 ...) NOT-FOR-US: WalRack CVE-2011-2214 (Unspecified vulnerability in the Open Database Connectivity (ODBC) com ...) NOT-FOR-US: 7T Interactive Graphical SCADA System CVE-2011-2175 (Integer underflow in the visual_read function in wiretap/visual.c in W ...) {DSA-2274-1} - wireshark 1.6.0-1 (unimportant; bug #630159) NOTE: Crashes w/o code injection not treated as security issues, see README.Security CVE-2011-2174 (Double free vulnerability in the tvb_uncompress function in epan/tvbuf ...) {DSA-2274-1} - wireshark 1.6.0-1 (bug #630159) CVE-2011-2173 (The implementation of OutputMediator objects in IBM WebSphere Portal 6 ...) NOT-FOR-US: IBM WebSphere Portal CVE-2011-2172 (Cross-site scripting (XSS) vulnerability in the search center in IBM W ...) NOT-FOR-US: IBM WebSphere Portal CVE-2011-2171 (Unspecified vulnerability in the dbugs package in Google Chrome OS bef ...) NOT-FOR-US: Google Chrome OS CVE-2011-2170 (Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is enabl ...) NOT-FOR-US: Google Chrome OS CVE-2011-2169 (Google Chrome OS before R12 0.12.433.38 Beta allows local users to gai ...) NOT-FOR-US: Google Chrome OS CVE-2011-2168 (Multiple integer overflows in the glob implementation in libc in OpenB ...) NOT-FOR-US: OpenBSD CVE-2011-2165 (The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not pro ...) NOT-FOR-US: WatchGuard XCS CVE-2011-2182 (The ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel b ...) {DSA-2264-1} - linux-2.6 2.6.39-2 [squeeze] - linux-2.6 2.6.32-35 CVE-2011-2179 (Multiple cross-site scripting (XSS) vulnerabilities in config.c in con ...) - nagios3 3.2.3-3 (bug #629127) [lenny] - nagios3 (Affected feature got introduced in 3.2.2) [squeeze] - nagios3 (Affected feature got introduced in 3.2.2) - icinga 1.4.1-1 (bug #629131) [squeeze] - icinga (Affected feature got introduced in 1.3.1) [lenny] - icinga (Affected feature got introduced in 1.3.1) NOTE: http://tracker.nagios.org/view.php?id=224 CVE-2011-2178 (The virSecurityManagerGetPrivateData function in security/security_man ...) - libvirt 0.9.1-2 (bug #629128) [squeeze] - libvirt (Introduced in 0.8.8) [lenny] - libvirt (Introduced in 0.8.8) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=709769 NOTE: https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html CVE-2011-2216 (reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8 ...) - asterisk 1:1.8.4.2-1 (bug #629130) [lenny] - asterisk (Only affects 1.8) [squeeze] - asterisk (Only affects 1.8) NOTE: http://downloads.digium.com/pub/security/AST-2011-007.html CVE-2011-XXXX [unspecified security vulnerabilities] - movabletype-opensource 4.3.6+dfsg-1 (bug #627936) [squeeze] - movabletype-opensource 4.3.5+dfsg-2+squeeze2 [lenny] - movabletype-opensource 4.2.3-1+lenny3 CVE-2011-2164 (Multiple unspecified vulnerabilities in Adobe Photoshop before 12.0.4 ...) NOT-FOR-US: Photoshop CVE-2011-2163 (Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Syste ...) NOT-FOR-US: IBM Systems Director CVE-2011-2162 (Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as ...) {DSA-2306-1} - libav 4:0.6-1 (bug #628448) - ffmpeg 7:2.4.1-1 - ffmpeg-debian NOTE: duplicate of CVE-2011-1198 CVE-2011-2161 (The ape_read_header function in ape.c in libavformat in FFmpeg before ...) {DSA-2306-1} - libav 4:0.6-1 (bug #628448) - ffmpeg 7:2.4.1-1 - ffmpeg-debian NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1c31b26b CVE-2011-2160 (The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPl ...) {DSA-2306-1} - libav 4:0.6-1 (bug #628448) - ffmpeg 7:2.4.1-1 - ffmpeg-debian NOTE: duplicate of CVE-2011-0723 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8069e2f6 CVE-2011-2159 (The SmarterTools SmarterStats 6.0 web server omits the Content-Type he ...) NOT-FOR-US: SmarterStats CVE-2011-2158 (The SmarterTools SmarterStats 6.0 web server sends incorrect Content-T ...) NOT-FOR-US: SmarterStats CVE-2011-2157 (The (1) Admin/frmEmailReportSettings.aspx and (2) Admin/frmGeneralSett ...) NOT-FOR-US: SmarterStats CVE-2011-2156 (The SmarterTools SmarterStats 6.0 web server allows remote attackers t ...) NOT-FOR-US: SmarterStats CVE-2011-2155 (Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ...) NOT-FOR-US: SmarterStats CVE-2011-2154 (login.aspx in the SmarterTools SmarterStats 6.0 web server does not in ...) NOT-FOR-US: SmarterStats CVE-2011-2153 (Login.aspx in the SmarterTools SmarterStats 6.0 web server supports UR ...) NOT-FOR-US: SmarterStats CVE-2011-2152 (The SmarterTools SmarterStats 6.0 web server generates web pages conta ...) NOT-FOR-US: SmarterStats CVE-2011-2151 (The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSetting ...) NOT-FOR-US: SmarterStats CVE-2011-2150 (The SmarterTools SmarterStats 6.0 web server does not properly validat ...) NOT-FOR-US: SmarterStats CVE-2011-2149 (Multiple SQL injection vulnerabilities in the SmarterTools SmarterStat ...) NOT-FOR-US: SmarterStats CVE-2011-2148 (Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server all ...) NOT-FOR-US: SmarterStats CVE-2011-2147 (Openswan 2.2.x does not properly restrict permissions for (1) /var/run ...) - openswan (In Debian no starter.pid is ever written and the subsys entry gets created with -rw-r--r-- permissions, bug #628449) CVE-2011-2146 (mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Wor ...) - open-vm-tools 2:8.4.2+2011.08.21-471295-1 (bug #631507) [lenny] - open-vm-tools (Contrib not supported) [squeeze] - open-vm-tools (Contrib not supported) CVE-2011-2145 (mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Wor ...) - open-vm-tools 2:8.4.2+2011.08.21-471295-1 (bug #631508) [lenny] - open-vm-tools (Contrib not supported) [squeeze] - open-vm-tools (Contrib not supported) CVE-2011-2144 (The eDocument Conversion Actions implementation in IBM Datacap Taskmas ...) NOT-FOR-US: IBM Datacap Taskmaster Capture CVE-2011-2143 (IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authenti ...) NOT-FOR-US: IBM Datacap Taskmaster Capture CVE-2011-2142 (The Web Client Service in IBM Datacap Taskmaster Capture 8.0.1 before ...) NOT-FOR-US: IBM Datacap Taskmaster Capture CVE-2011-2141 (SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture ...) NOT-FOR-US: IBM Datacap Taskmaster Capture CVE-2011-2140 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2139 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2138 (Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, M ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2137 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Ma ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2136 (Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, M ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2135 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2134 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Ma ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2133 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 8 and 9 bef ...) NOT-FOR-US: Adobe RoboHelp CVE-2011-2132 (Adobe Flash Media Server (FMS) before 3.5.7, and 4.x before 4.0.3, all ...) NOT-FOR-US: Adobe Flash Media Server CVE-2011-2131 (Adobe Photoshop 12.0 in Creative Suite 5 (CS5) and 12.1 in Creative Su ...) NOT-FOR-US: Adobe Photoshop CVE-2011-2130 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Ma ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2129 REJECTED CVE-2011-2128 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2127 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2126 (Buffer overflow in Adobe Shockwave Player before 11.6.0.626 allows att ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2125 (Buffer overflow in Dirapix.dll in Adobe Shockwave Player before 11.6.0 ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2124 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2123 (Integer overflow in the Shockwave 3D Asset x32 component in Adobe Shoc ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2122 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attacker ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2121 (Integer overflow in Adobe Shockwave Player before 11.6.0.626 allows at ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2120 (Integer overflow in the CursorAsset x32 component in Adobe Shockwave P ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2119 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attacker ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2118 (The FLV ASSET Xtra component in Adobe Shockwave Player before 11.6.0.6 ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2117 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2116 (IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2115 (IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows remote at ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2114 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2113 (Multiple buffer overflows in the Shockwave3DAsset component in Adobe S ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2112 (Multiple buffer overflows in IML32.dll in Adobe Shockwave Player befor ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2111 (IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2110 (Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2109 (Multiple integer overflows in Dirapi.dll in Adobe Shockwave Player bef ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2108 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2107 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2106 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x be ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2105 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x be ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2104 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x be ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2103 (Adobe Reader and Acrobat 8.x before 8.3 on Windows and Mac OS X allow ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2102 (Unspecified vulnerability in Adobe Reader and Acrobat before 10.1 on W ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2101 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x be ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2100 (Untrusted search path vulnerability in Adobe Reader and Acrobat 8.x be ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2099 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x be ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2098 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x be ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2097 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2096 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2095 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2094 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2093 (Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and e ...) NOT-FOR-US: Adobe LiveCycle Data Services CVE-2011-2092 (Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and e ...) NOT-FOR-US: Adobe LiveCycle Data Services CVE-2011-2091 (Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0 ...) NOT-FOR-US: Adobe ColdFusion CVE-2011-2090 RESERVED CVE-2011-2089 (Stack-based buffer overflow in the SetActiveXGUID method in the Versio ...) NOT-FOR-US: ICONICS BizViz, GENESIS32 CVE-2011-2088 (XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymp ...) - libstruts1.2-java (struts 2 issue) CVE-2011-2087 (Multiple cross-site scripting (XSS) vulnerabilities in component handl ...) - libstruts1.2-java (struts 2 issue) CVE-2011-2086 RESERVED CVE-2011-2085 (Multiple cross-site request forgery (CSRF) vulnerabilities in Best Pra ...) {DSA-2480-1} - request-tracker4 4.0.5-3 CVE-2011-2084 (Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 all ...) {DSA-2480-1} - request-tracker4 4.0.5-3 CVE-2011-2083 (Multiple cross-site scripting (XSS) vulnerabilities in Best Practical ...) {DSA-2480-1} - request-tracker4 4.0.5-3 CVE-2011-2082 (The vulnerable-passwords script in Best Practical Solutions RT 3.x bef ...) {DSA-2480-1} - request-tracker4 4.0.5-3 CVE-2011-2081 (MediaCAST 8 and earlier does not properly handle requests for inventiv ...) NOT-FOR-US: MediaCAST CVE-2011-2080 (Multiple SQL injection vulnerabilities in MediaCAST 8 and earlier allo ...) NOT-FOR-US: MediaCAST CVE-2011-2079 (MediaCAST 8 and earlier allows remote attackers to have an unspecified ...) NOT-FOR-US: MediaCAST CVE-2011-2078 (Multiple cross-site scripting (XSS) vulnerabilities in the New Atlanta ...) NOT-FOR-US: New Atlanta BlueDragon CVE-2011-2077 (The default configuration of the New Atlanta BlueDragon administrative ...) NOT-FOR-US: New Atlanta BlueDragon CVE-2011-2076 (MediaCAST 8 and earlier stores passwords in cleartext, which makes it ...) NOT-FOR-US: MediaCAST CVE-2011-2075 (Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP ...) NOT-FOR-US: Historical Chrome issue on Windows CVE-2011-2074 (Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 ...) NOT-FOR-US: Skype CVE-2011-2073 RESERVED CVE-2011-2072 (Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x thro ...) NOT-FOR-US: Cisco CVE-2011-2071 RESERVED CVE-2011-2070 RESERVED CVE-2011-2069 RESERVED CVE-2011-2068 RESERVED CVE-2011-2067 RESERVED CVE-2011-2066 RESERVED CVE-2011-2065 RESERVED CVE-2011-2064 (Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services Ga ...) NOT-FOR-US: Cisco IOS CVE-2011-2063 RESERVED CVE-2011-2062 RESERVED CVE-2011-2061 RESERVED CVE-2011-2060 (The platform-sw component on Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2011-2059 (The ipv6 component in Cisco IOS before 15.1(4)M1.3 allows remote attac ...) NOT-FOR-US: Cisco IOS CVE-2011-2058 (The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does ...) NOT-FOR-US: Cisco IOS CVE-2011-2057 (The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does ...) NOT-FOR-US: Cisco IOS CVE-2011-2056 RESERVED CVE-2011-2055 RESERVED CVE-2011-2054 (A vulnerability in the Cisco ASA that could allow a remote attacker to ...) NOT-FOR-US: Cisco CVE-2011-2053 RESERVED CVE-2011-2052 RESERVED CVE-2011-2051 RESERVED CVE-2011-2050 RESERVED CVE-2011-2049 RESERVED CVE-2011-2048 RESERVED CVE-2011-2047 RESERVED CVE-2011-2046 RESERVED CVE-2011-2045 RESERVED CVE-2011-2044 RESERVED CVE-2011-2043 RESERVED CVE-2011-2042 (The Sybase SQL Anywhere database component in Cisco CiscoWorks Common ...) NOT-FOR-US: Cisco CiscoWorks CVE-2011-2041 (The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure ...) NOT-FOR-US: Cisco CVE-2011-2040 (The helper application in Cisco AnyConnect Secure Mobility Client (for ...) NOT-FOR-US: Cisco CVE-2011-2039 (The helper application in Cisco AnyConnect Secure Mobility Client (for ...) NOT-FOR-US: Cisco CVE-2011-2038 RESERVED CVE-2011-2037 RESERVED CVE-2011-2036 RESERVED CVE-2011-2035 RESERVED CVE-2011-2034 RESERVED CVE-2011-2033 RESERVED CVE-2011-2032 RESERVED CVE-2011-2031 RESERVED CVE-2011-2030 RESERVED CVE-2011-2029 RESERVED CVE-2011-2028 RESERVED CVE-2011-2027 RESERVED CVE-2011-2026 RESERVED CVE-2011-2025 RESERVED CVE-2011-2024 (Cisco Network Registrar before 7.2 has a default administrative passwo ...) NOT-FOR-US: Cisco CVE-2011-2023 (Cross-site scripting (XSS) vulnerability in functions/mime.php in Squi ...) {DSA-2291-1} - squirrelmail 2:1.4.22-1 CVE-2011-2022 (The agp_generic_remove_memory function in drivers/char/agp/generic.c i ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-5 CVE-2011-2021 (Session fixation vulnerability in TIBCO iProcess Engine before 11.1.3 ...) NOT-FOR-US: TIBCO iProcess Engine CVE-2011-2020 (Cross-site scripting (XSS) vulnerability in TIBCO iProcess Engine befo ...) NOT-FOR-US: TIBCO iProcess Engine CVE-2011-2019 (Untrusted search path vulnerability in Microsoft Internet Explorer 9 o ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-2018 (The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP ...) NOT-FOR-US: Microsoft Windows XP CVE-2011-2017 REJECTED CVE-2011-2016 (Untrusted search path vulnerability in Windows Mail and Windows Meetin ...) NOT-FOR-US: Microsoft Windows CVE-2011-2015 REJECTED CVE-2011-2014 (The LDAP over SSL (aka LDAPS) implementation in Active Directory, Acti ...) NOT-FOR-US: Microsoft Windows CVE-2011-2013 (Integer overflow in the TCP/IP implementation in Microsoft Windows Vis ...) NOT-FOR-US: Microsoft Windows CVE-2011-2012 (Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, ...) NOT-FOR-US: Microsoft Forefront CVE-2011-2011 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2011-2010 (The Microsoft Office Input Method Editor (IME) for Simplified Chinese ...) NOT-FOR-US: Microsoft Office CVE-2011-2009 (Untrusted search path vulnerability in Windows Media Center in Microso ...) NOT-FOR-US: Microsoft Windows CVE-2011-2008 (Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and ...) NOT-FOR-US: Microsoft Host Integration Server CVE-2011-2007 (Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and ...) NOT-FOR-US: Microsoft Host Integration Server CVE-2011-2006 REJECTED CVE-2011-2005 (afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 a ...) NOT-FOR-US: Microsoft Windows CVE-2011-2004 (Array index error in win32k.sys in the kernel-mode drivers in Microsof ...) NOT-FOR-US: Microsoft Windows CVE-2011-2003 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2011-2002 (win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, ...) NOT-FOR-US: Microsoft Windows CVE-2011-2001 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-2000 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1999 (Microsoft Internet Explorer 8 does not properly allocate and access me ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1998 (Microsoft Internet Explorer 9 does not properly handle objects in memo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1997 (Microsoft Internet Explorer 6 does not properly handle objects in memo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1996 (Microsoft Internet Explorer 6 through 8 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1995 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1994 REJECTED CVE-2011-1993 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1992 (The XSS Filter in Microsoft Internet Explorer 8 allows remote attacker ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1991 (Multiple untrusted search path vulnerabilities in Microsoft Windows XP ...) NOT-FOR-US: Microsoft Windows CVE-2011-1990 (Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; ...) NOT-FOR-US: Microsoft Excel CVE-2011-1989 (Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel ...) NOT-FOR-US: Microsoft Excel CVE-2011-1988 (Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Offic ...) NOT-FOR-US: Microsoft Excel CVE-2011-1987 (Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in O ...) NOT-FOR-US: Microsoft Excel CVE-2011-1986 (Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote ...) NOT-FOR-US: Microsoft Excel CVE-2011-1985 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2011-1984 (WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and ...) NOT-FOR-US: Microsoft Windows CVE-2011-1983 (Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Off ...) NOT-FOR-US: Microsoft Office CVE-2011-1982 (Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize ...) NOT-FOR-US: Microsoft Office CVE-2011-1981 REJECTED CVE-2011-1980 (Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2 ...) NOT-FOR-US: Microsoft Office CVE-2011-1979 (Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objec ...) NOT-FOR-US: Microsoft Visio CVE-2011-1978 (Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly valid ...) NOT-FOR-US: Microsoft .NET CVE-2011-1977 (The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Co ...) NOT-FOR-US: Microsoft .NET CVE-2011-1976 (Cross-site scripting (XSS) vulnerability in the Report Viewer Control ...) NOT-FOR-US: Microsoft Visual Studio CVE-2011-1975 (Untrusted search path vulnerability in the Data Access Tracing compone ...) NOT-FOR-US: Microsoft CVE-2011-1974 (NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in ...) NOT-FOR-US: Microsoft Windows CVE-2011-1973 REJECTED CVE-2011-1972 (Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not pro ...) NOT-FOR-US: Microsoft Visio CVE-2011-1971 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2 ...) NOT-FOR-US: Microsoft Windows CVE-2011-1970 (The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server ...) NOT-FOR-US: Microsoft Windows CVE-2011-1969 (Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, ...) NOT-FOR-US: Microsoft Forefront CVE-2011-1968 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...) NOT-FOR-US: Microsoft Windows CVE-2011-1967 (Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the ...) NOT-FOR-US: Microsoft Windows CVE-2011-1966 (The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 do ...) NOT-FOR-US: Microsoft Windows CVE-2011-1965 (Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and ...) NOT-FOR-US: Microsoft Windows CVE-2011-1964 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1963 (Microsoft Internet Explorer 7 through 9 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1962 (Microsoft Internet Explorer 6 through 9 does not properly handle unspe ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1961 (The telnet URI handler in Microsoft Internet Explorer 6 through 9 does ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1960 (Microsoft Internet Explorer 6 through 9 does not properly implement Ja ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1959 (The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1 ...) {DSA-2274-1} - wireshark 1.6.0-1 (unimportant; bug #630159) NOTE: Crashes w/o code injection not treated as security issues, see README.Security CVE-2011-1958 (Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assis ...) {DSA-2274-1} - wireshark 1.6.0-1 (unimportant) NOTE: Crashes w/o code injection not treated as security issues, see README.Security CVE-2011-1957 (The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the D ...) {DSA-2274-1} - wireshark 1.6.0-1 (unimportant) NOTE: Crashes w/o code injection not treated as security issues, see README.Security CVE-2011-1956 (The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect point ...) - wireshark 1.4.6-1 (unimportant) [lenny] - wireshark (Affects 1.4.5 only) [squeeze] - wireshark (Affects 1.4.5 only) NOTE: Crashes w/o code injection not treated as security issues, see README.Security CVE-2011-1955 REJECTED CVE-2011-1954 (Multiple cross-site request forgery (CSRF) vulnerabilities in Post Rev ...) NOT-FOR-US: Post Revolution CVE-2011-1953 (Multiple cross-site scripting (XSS) vulnerabilities in common.php in P ...) NOT-FOR-US: Post Revolution CVE-2011-1952 (common.php in Post Revolution before 0.8.0c-2 allows remote attackers ...) NOT-FOR-US: Post Revolution CVE-2011-1951 (lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global fl ...) - syslog-ng 3.2.4-1 (low) [squeeze] - syslog-ng (Only affects PCRE >= 8.12) [lenny] - syslog-ng (Only affects PCRE >= 8.12) NOTE: http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=09710c0b105e579d35c7b5f6c66d1ea5e3a3d3ff CVE-2011-1950 (plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users ...) - plone3 CVE-2011-1949 (Cross-site scripting (XSS) vulnerability in the safe_html filter in Pr ...) - plone3 CVE-2011-1948 (Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allo ...) - plone3 CVE-2011-1947 (fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time a ...) - fetchmail 6.3.22-1 (unimportant) NOTE: http://www.fetchmail.info/fetchmail-SA-2011-01.txt CVE-2011-1946 (gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but pr ...) NOT-FOR-US: libgnomesu CVE-2011-1945 (The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and ...) {DSA-2309-1} - openssl 1.0.0e-1 (low) CVE-2011-1944 (Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x ...) {DSA-2255-1} - libxml2 2.7.8.dfsg-3 (bug #628537) CVE-2011-1943 (The destroy_one_secret function in nm-setting-vpn.c in libnm-util in t ...) - network-manager-openvpn (Affected code was only in experimental, see bug #628730) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=708876 CVE-2011-1942 REJECTED CVE-2011-1941 (Open redirect vulnerability in the redirector feature in phpMyAdmin 3. ...) - phpmyadmin 4:3.4.1-1 [lenny] - phpmyadmin (3.4.x only) [squeeze] - phpmyadmin (3.4.x only) CVE-2011-1940 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3. ...) {DSA-2391-1} - phpmyadmin 4:3.4.1-1 [lenny] - phpmyadmin (3.3.x+ only) [squeeze] - phpmyadmin (may be bundled with future issues) CVE-2011-1939 (SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and ...) - zendframework 1.11.6-1 (low) [squeeze] - zendframework (Minor issue) CVE-2011-1938 (Stack-based buffer overflow in the socket_connect function in ext/sock ...) {DSA-2399-1} - php5 5.3.6-13 (low) [lenny] - php5 (The Lenny version doesn't use memcpy) CVE-2011-1937 (Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier a ...) - webmin CVE-2011-1936 (Xen, when using x86 Intel processors and the VMX virtualization extens ...) - linux-2.6 (Only affected the old Xen kernel patch from 2.6.18/2.6.26) CVE-2011-1935 (pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d94372 ...) - libpcap 1.1.1-4 (low; bug #623868) [squeeze] - libpcap 1.1.1-2+squeeze1 [lenny] - libpcap NOTE: <878vsbyviu.fsf@silenus.orebokech.com> CVE-2011-1934 (lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1. ...) - lilo 23.1-2 (low; bug #615103) [squeeze] - lilo (Introduced in 23.1) [lenny] - lilo (Introduced in 23.1) CVE-2011-1933 (SQL injection vulnerability in Jifty::DBI before 0.68. ...) - libjifty-dbi-perl 0.68-1 (low; bug #622919) [squeeze] - libjifty-dbi-perl 0.60-1+squeeze1 CVE-2011-1932 (Directory traversal vulnerability in io/filesystem/filesystem.cc in Wi ...) - widelands 1:15-3 (low; bug #617960) [lenny] - widelands (Minor issue) CVE-2011-1931 (sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg bef ...) - libav 4:0.6.2-3 (bug #624339) - ffmpeg (vulnerability introduced in 0.6) - ffmpeg-debian (vulnerability introduced in 0.6) CVE-2011-1930 (In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /t ...) - klibc 1.5.22-1 (low) [squeeze] - klibc 1.5.20-1+squeeze1 [lenny] - klibc 1.5.12-2lenny1 CVE-2011-1929 (lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2. ...) {DSA-2252-1} - dovecot 1:2.0.13-1 (bug #627443) NOTE: [lenny] - dovecot (Vulnerability introduced in 1.1) NOTE: claims lenny is affected CVE-2011-1928 (The fnmatch implementation in apr_fnmatch.c in the Apache Portable Run ...) {DSA-2237-2} - apr 1.4.5-1 (bug #627182) CVE-2011-1927 (The ip_expire function in net/ipv4/ip_fragment.c in the Linux kernel b ...) - linux-2.6 2.6.39-1 (high) [squeeze] - linux-2.6 (Vulnerable code not present) [lenny] - linux-2.6 (Vulnerable code not present) CVE-2011-1926 (The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not ...) {DSA-2258-1 DSA-2242-1} - cyrus-imapd-2.2 2.2.13p1-11 (bug #627081) - cyrus-imapd-2.4 2.4.7-1 - kolab-cyrus-imapd 2.2.13p1-0.1 (bug #629350) CVE-2011-1925 (nbd-server.c in Network Block Device (nbd-server) 2.9.21 allows remote ...) - nbd 1:2.9.22-1 (bug #627042) [wheezy] - nbd [squeeze] - nbd [lenny] - nbd CVE-2011-1924 (Buffer overflow in the policy_summarize function in or/policies.c in T ...) - tor 0.2.1.30-1 [squeeze] - tor (Only affects the central Tor directory servers) [lenny] - tor (Only affects the central Tor directory servers) CVE-2011-1923 (The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL be ...) - polarssl 0.14.3-1 (low; bug #616114) [squeeze] - polarssl (Minor issue) CVE-2011-1922 (daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functiona ...) - unbound 1.4.10-1 (unimportant) [lenny] - unbound 1.4.6-1~lenny2 (unimportant) [squeeze] - unbound 1.4.6-1+squeeze2 (unimportant) NOTE: http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt NOTE: asserts not enabled in Debian build CVE-2011-1921 (The mod_dav_svn module for the Apache HTTP Server, as distributed in A ...) {DSA-2251-1} - subversion 1.6.17dfsg-1 CVE-2011-1920 (The make include files in NetBSD before 1.6.2, as used in pmake 1.111 ...) - pmake 1.111-3 (low; bug #626673) [squeeze] - pmake 1.111-2+squeeze1 [lenny] - pmake 1.111-1+lenny1 CVE-2011-1919 (Multiple stack-based buffer overflows in GE Intelligent Platforms Prof ...) NOT-FOR-US: GE Intelligent Platforms CVE-2011-1918 (Stack-based buffer overflow in the Data Archiver service in GE Intelli ...) NOT-FOR-US: GE Intelligent Platforms CVE-2011-1917 RESERVED CVE-2011-1916 RESERVED CVE-2011-1915 (SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution ...) NOT-FOR-US: Enspire Distribution Management Solution CVE-2011-1914 (Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Se ...) NOT-FOR-US: ActiveX CVE-2011-1913 (SQL injection vulnerability in the login form in the web interface in ...) NOT-FOR-US: Mercator SENTINEL CVE-2011-1912 RESERVED CVE-2011-1911 (JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 ...) NOT-FOR-US: JasperReports Server CVE-2011-1910 (Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x befor ...) {DSA-2244-1} - bind9 1:9.8.1.dfsg-1 (high) NOTE: https://lists.isc.org/pipermail/bind-users/2011-May/083819.html CVE-2011-1909 RESERVED CVE-2011-1908 (Integer overflow in the Type 1 font decoder in the FreeType engine in ...) NOT-FOR-US: Foxit Reader CVE-2011-1906 (Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific ...) NOT-FOR-US: Trustwave WebDefend Enterprise CVE-2011-1905 (Multiple cross-site request forgery (CSRF) vulnerabilities in unspecif ...) NOT-FOR-US: Proofpoint Messaging Security Gateway CVE-2011-1904 (An unspecified function in the web interface in Proofpoint Messaging S ...) NOT-FOR-US: Proofpoint Messaging Security Gateway CVE-2011-1903 (SQL injection vulnerability in an unspecified function in Proofpoint M ...) NOT-FOR-US: Proofpoint Messaging Security Gateway CVE-2011-1902 (Directory traversal vulnerability in the web interface in Proofpoint M ...) NOT-FOR-US: Proofpoint Messaging Security Gateway CVE-2011-1901 (The mail-filter web interface in Proofpoint Messaging Security Gateway ...) NOT-FOR-US: Proofpoint Messaging Security Gateway CVE-2011-1900 (Directory traversal vulnerability in NTWebServer in InduSoft Web Studi ...) NOT-FOR-US: InduSoft Web Studio CVE-2011-1899 (Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth 6.0. ...) NOT-FOR-US: CA eHealth CVE-2011-1898 (Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough ...) {DSA-2337-1} - xen 4.1.1-1 [lenny] - xen-3 CVE-2011-1897 (Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unifie ...) NOT-FOR-US: Microsoft Forefront CVE-2011-1896 (Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unifie ...) NOT-FOR-US: Microsoft Forefront CVE-2011-1895 (CRLF injection vulnerability in Microsoft Forefront Unified Access Gat ...) NOT-FOR-US: Microsoft Forefront CVE-2011-1894 (The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Window ...) NOT-FOR-US: Microsoft Windows CVE-2011-1893 (Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoin ...) NOT-FOR-US: Microsoft SharePoint CVE-2011-1892 (Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and S ...) NOT-FOR-US: Microsoft Office CVE-2011-1891 (Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoi ...) NOT-FOR-US: Microsoft SharePoint CVE-2011-1890 (Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft ...) NOT-FOR-US: Microsoft SharePoint CVE-2011-1889 (The NSPLookupServiceNext function in the client in Microsoft Forefront ...) NOT-FOR-US: Microsoft Forefront Threat Management Gateway CVE-2011-1888 (win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 a ...) NOT-FOR-US: MS Windows CVE-2011-1887 (win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 a ...) NOT-FOR-US: MS Windows CVE-2011-1886 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does ...) NOT-FOR-US: MS Windows CVE-2011-1885 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: MS Windows CVE-2011-1884 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: MS Windows CVE-2011-1883 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: MS Windows CVE-2011-1882 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: MS Windows CVE-2011-1881 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: MS Windows CVE-2011-1880 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: MS Windows CVE-2011-1879 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: MS Windows CVE-2011-1878 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: MS Windows CVE-2011-1877 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: MS Windows CVE-2011-1876 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: MS Windows CVE-2011-1875 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: MS Windows CVE-2011-1874 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: MS Windows CVE-2011-1873 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Win ...) NOT-FOR-US: Microsoft Windows CVE-2011-1872 (Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 all ...) NOT-FOR-US: Microsoft Windows CVE-2011-1871 (Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows ...) NOT-FOR-US: Microsoft Windows Vista CVE-2011-1870 (Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) i ...) NOT-FOR-US: MS Windows CVE-2011-1869 (The Distributed File System (DFS) implementation in Microsoft Windows ...) NOT-FOR-US: Microsoft Windows CVE-2011-1868 (The Distributed File System (DFS) implementation in Microsoft Windows ...) NOT-FOR-US: Microsoft Windows CVE-2011-XXXX [fglrx-driver xauth cookie leak] - fglrx-driver 1:11-6-3 (low; bug #625868) [squeeze] - fglrx-driver (Non-free not supported) [lenny] - fglrx-driver (Non-free not supported) CVE-2011-1907 (ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset ...) - bind9 1:9.8.1.dfsg.P1-1 [squeeze] - bind9 (Only affects 9.8.0) [lenny] - bind9 (Only affects 9.8.0) CVE-2011-1765 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, w ...) - mediawiki (Incomplete fix was never released for Debian, neither in sid, nor oldstable/stable) NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=28534 CVE-2011-1766 (includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogi ...) - mediawiki (Vulnerable code not present, planned next upload will skip it) [lenny] - mediawiki (Vulnerable code not present, introduced in 1.16.0) [squeeze] - mediawiki (Vulnerable code not present, introduced in 1.16.0) NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=28534 CVE-2011-1867 (Stack-based buffer overflow in iNodeMngChecker.exe in the User Access ...) NOT-FOR-US: iNodeMngChecker.exe of HP Intelligent Management Center CVE-2011-1866 (Buffer overflow in omniinet.exe in the inet service in HP OpenView Sto ...) NOT-FOR-US: HP OpenView CVE-2011-1865 (Multiple stack-based buffer overflows in the inet service in HP OpenVi ...) NOT-FOR-US: HP OpenView CVE-2011-1864 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6 ...) NOT-FOR-US: HP OpenView Storage Data Protector CVE-2011-1863 (HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 ...) NOT-FOR-US: HP Service Manager CVE-2011-1862 (Cross-site scripting (XSS) vulnerability in HP Service Manager 7.02, 7 ...) NOT-FOR-US: HP Service Manager CVE-2011-1861 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and ...) NOT-FOR-US: HP Service Manager CVE-2011-1860 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and ...) NOT-FOR-US: HP Service Manager CVE-2011-1859 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and ...) NOT-FOR-US: HP Service Manager CVE-2011-1858 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and ...) NOT-FOR-US: HP Service Manager CVE-2011-1857 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and ...) NOT-FOR-US: HP Service Manager CVE-2011-1856 (Cross-site scripting (XSS) vulnerability in HP Business Availability C ...) NOT-FOR-US: HP Business Availability CVE-2011-1855 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x all ...) NOT-FOR-US: HP Network Node Manager CVE-2011-1854 (Use-after-free vulnerability in HP Intelligent Management Center (IMC) ...) NOT-FOR-US: HP Intelligent Management Center CVE-2011-1853 (tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0 ...) NOT-FOR-US: HP Intelligent Management Center CVE-2011-1852 (Multiple stack-based buffer overflows in tftpserver.exe in HP Intellig ...) NOT-FOR-US: HP Intelligent Management Center CVE-2011-1851 (Stack-based buffer overflow in tftpserver.exe in HP Intelligent Manage ...) NOT-FOR-US: HP Intelligent Management Center CVE-2011-1850 (Stack-based buffer overflow in the logging functionality in dbman.exe ...) NOT-FOR-US: HP Intelligent Management Center CVE-2011-1849 (tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0 ...) NOT-FOR-US: HP Intelligent Management Center CVE-2011-1848 (Stack-based buffer overflow in img.exe in HP Intelligent Management Ce ...) NOT-FOR-US: HP Intelligent Management Center CVE-2011-1847 (IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows ...) NOT-FOR-US: IBM DB2 9.5 CVE-2011-1846 (IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows ...) NOT-FOR-US: IBM DB2 9.5 CVE-2011-1845 (Multiple memory leaks in the DataGrid control implementation in Micros ...) NOT-FOR-US: Silverlight CVE-2011-1844 (Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows remot ...) NOT-FOR-US: Silverlight CVE-2011-1843 (Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remot ...) - tinyproxy 1.8.2-2 (unimportant; bug #627503) [squeeze] - tinyproxy 1.8.2-1squeeze2 (unimportant) NOTE: Only exploitable through config files, which are under admin control CVE-2011-1842 (dbus_backend/lsd.py in the D-Bus backend in language-selector before 0 ...) NOT-FOR-US: Ubuntu-specific language-selector package CVE-2011-1841 (Cross-site scripting (XSS) vulnerability in the link_to helper in Mojo ...) {DSA-2239-1} - libmojolicious-perl 1.12-1 CVE-2011-1840 (The MartiniCreations PassmanLite Password Manager application before 1 ...) NOT-FOR-US: MartiniCreations PassmanLite Password Manager for Android CVE-2011-1839 (IBM Rational Build Forge 7.1.0 uses the HTTP GET method during redirec ...) NOT-FOR-US: IBM Rational Build Forge 7.1.0 CVE-2011-1838 (Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.p ...) - twiki CVE-2011-1837 (The lock-counter implementation in utils/mount.ecryptfs_private.c in e ...) {DSA-2382-1} - ecryptfs-utils 92-1 CVE-2011-1836 (utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not es ...) - ecryptfs-utils 92-1 [squeeze] - ecryptfs-utils (Vulnerable code not present) [lenny] - ecryptfs-utils (Vulnerable code not present) CVE-2011-1835 (The encrypted private-directory setup process in utils/ecryptfs-setup- ...) {DSA-2382-1} - ecryptfs-utils 92-1 CVE-2011-1834 (utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not pr ...) {DSA-2382-1} - ecryptfs-utils 92-1 CVE-2011-1833 (Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in ...) {DSA-2443-1} - ecryptfs-utils 92-1 [squeeze] - ecryptfs-utils (Minor issue) - linux-2.6 3.1.1-1 NOTE: cannot be fixed in ecryptfs-utils (squeeze, lenny) until kernel fix is in place CVE-2011-1832 (utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not pr ...) {DSA-2382-1} - ecryptfs-utils 92-1 CVE-2011-1831 (utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not pr ...) {DSA-2382-1} - ecryptfs-utils 92-1 CVE-2011-1830 (Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga ...) - ekiga (Vulnerable code not in a released version) NOTE: Fixed by: https://gitlab.gnome.org/GNOME/ekiga/commit/02654fc949722a78d41fcffac8687d73d8574647 (EKIGA_3_3_0) NOTE: Introduced by: https://gitlab.gnome.org/GNOME/ekiga/commit/87d3a0824b373a3d16e9198540174ce16e4ab3db (EKIGA_3_3_0) CVE-2011-1829 (APT before 0.8.15.2 does not properly validate inline GPG signatures, ...) - apt 0.8.15.2 [squeeze] - apt (Vulnerable code not present) [lenny] - apt (Vulnerable code not present) CVE-2011-1828 (usb-creator-helper in usb-creator before 0.2.28.3 does not enforce int ...) NOT-FOR-US: usb-creator, Ubuntu-specific package CVE-2011-XXXX [spip DoS] - spip 2.1.11-0.1 [squeeze] - spip 2.1.1-3squeeze1 CVE-2011-1827 (Multiple unspecified vulnerabilities in Check Point SSL Network Extend ...) NOT-FOR-US: Check Point CVE-2011-1826 (Open redirect vulnerability in the Administrative Console in CA Arcot ...) NOT-FOR-US: CA Arcot WebFort Versatile Authentication Server CVE-2011-1825 (Multiple cross-site scripting (XSS) vulnerabilities in the Administrat ...) NOT-FOR-US: CA Arcot WebFort Versatile Authentication Server CVE-2011-1824 (The VEGAOpBitmap::AddLine function in Opera before 10.61 does not prop ...) NOT-FOR-US: Opera CVE-2011-1823 (The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 tru ...) NOT-FOR-US: Android CVE-2011-1822 (The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 b ...) NOT-FOR-US: Tivoli CVE-2011-1821 (IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 o ...) NOT-FOR-US: Tivoli CVE-2011-1820 (IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, ...) NOT-FOR-US: Tivoli CVE-2011-1819 (Google Chrome before 12.0.742.91 allows remote attackers to perform un ...) - chromium-browser 12.0.742.91~r87961-1 (unimportant) - webkit (chromium extensions) CVE-2011-1818 (Use-after-free vulnerability in the image loader in Google Chrome befo ...) - chromium-browser 12.0.742.91~r87961-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/86725 CVE-2011-1817 (Google Chrome before 12.0.742.91 does not properly implement history d ...) - chromium-browser 12.0.742.91~r87961-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-1816 (Use-after-free vulnerability in the developer tools in Google Chrome b ...) - chromium-browser 12.0.742.91~r87961-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/86507 CVE-2011-1815 (Google Chrome before 12.0.742.91 allows remote attackers to inject scr ...) - chromium-browser 12.0.742.91~r87961-1 (unimportant) - webkit (chromium extensions specific) CVE-2011-1814 (Google Chrome before 12.0.742.91 attempts to read data from an uniniti ...) - chromium-browser (chromium pdiflugin) - webkit (chromium pdf plugin) CVE-2011-1813 (Google Chrome before 12.0.742.91 does not properly implement the frame ...) - chromium-browser 12.0.742.91~r87961-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-1812 (Google Chrome before 12.0.742.91 allows remote attackers to bypass int ...) - chromium-browser 12.0.742.91~r87961-1 (unimportant) - webkit (chromium extensions) CVE-2011-1811 (Google Chrome before 12.0.742.91 does not properly handle a large numb ...) - chromium-browser 12.0.742.91~r87961-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-1810 (The Cascading Style Sheets (CSS) implementation in Google Chrome befor ...) - chromium-browser 12.0.742.91~r87961-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/83345 CVE-2011-1809 (Use-after-free vulnerability in the accessibility feature in Google Ch ...) - chromium-browser 12.0.742.91~r87961-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/80890 CVE-2011-1808 (Use-after-free vulnerability in Google Chrome before 12.0.742.91 allow ...) - chromium-browser 12.0.742.91~r87961-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/84096 NOTE: http://trac.webkit.org/changeset/84098 NOTE: http://trac.webkit.org/changeset/84119 CVE-2011-1807 (Google Chrome before 11.0.696.71 does not properly handle blobs, which ...) - chromium-browser 11.0.696.71~r86024-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-1806 (Google Chrome before 11.0.696.71 does not properly implement the GPU c ...) - chromium-browser 11.0.696.71~r86024-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-1805 (Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote at ...) - chromium-browser 11.0.696.65~r84435-1 CVE-2011-1804 (rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in ...) - chromium-browser 11.0.696.71~r86024-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/86448 CVE-2011-1803 (An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVG ...) NOTE: Historic webkit/Chromium issues CVE-2011-1802 (WebKit in Google Chrome before Blink M11 and M12 does not properly han ...) NOTE: Historic webkit/Chromium issues CVE-2011-1801 (Unspecified vulnerability in Google Chrome before 11.0.696.71 allows r ...) - chromium-browser 11.0.696.71~r86024-1 (unimportant) NOTE: http://trac.webkit.org/changeset/85977 CVE-2011-1800 (Multiple integer overflows in the SVG Filters implementation in WebCor ...) - chromium-browser 11.0.696.68~r84545-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/85926 CVE-2011-1799 (Google Chrome before 11.0.696.68 does not properly perform casts of va ...) {DSA-2245-1} - chromium-browser 11.0.696.68~r84545-1 CVE-2011-1798 (rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/84085 CVE-2011-1797 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) {DSA-2245-1} - chromium-browser 12.0.742.91~r87961-1 CVE-2011-1796 (Use-after-free vulnerability in the FrameView::calculateScrollbarModes ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/84300 CVE-2011-1795 (Integer underflow in the HTMLFormElement::removeFormElement function i ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/83690 CVE-2011-1794 (Integer overflow in the FilterEffect::copyImageBytes function in platf ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/84422 CVE-2011-1793 (rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Goog ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/85406 CVE-2011-1792 RESERVED CVE-2011-1791 RESERVED CVE-2011-1790 RESERVED CVE-2011-1789 (The self-extracting installer in the vSphere Client Installer package ...) NOT-FOR-US: vSphere CVE-2011-1788 (vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Up ...) NOT-FOR-US: vCenter CVE-2011-1787 (Race condition in mount.vmhgfs in the VMware Host Guest File System (H ...) - open-vm-tools 2:8.4.2+2011.08.21-471295-1 (bug #631506) [lenny] - open-vm-tools (Contrib not supported) [squeeze] - open-vm-tools (Contrib not supported) CVE-2011-1786 (lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 be ...) NOT-FOR-US: Likewise CVE-2011-1785 (VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to ...) NOT-FOR-US: VMware CVE-2011-1784 (The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and e ...) - keepalived 1:1.2.2-2 (low; bug #626281) [lenny] - keepalived (Minor issue) [squeeze] - keepalived 1:1.1.20-1+squeeze1 CVE-2011-1783 (The mod_dav_svn module for the Apache HTTP Server, as distributed in A ...) {DSA-2251-1} - subversion 1.6.17dfsg-1 CVE-2011-1782 (Heap-based buffer overflow in the read_channel_data function in file-p ...) {DSA-2426-1} - gimp 2.6.11-3 (bug #629830) CVE-2011-1781 (SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows ...) - systemtap 1.6-1 (bug #628819) [squeeze] - systemtap (Only affects version 1.4.x) [lenny] - systemtap (Only affects version 1.4.x) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=702687#c29 CVE-2011-1780 (The instruction emulation in Xen 3.0.3 allows local SMP guest users to ...) - linux-2.6 (Only affected the old Xen kernel patch from 2.6.18/2.6.26) CVE-2011-1779 (Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 ...) - libarchive 3.0.4-2 (bug #669197) [squeeze] - libarchive (vulnerable code not present in 2.x series) NOTE: http://code.google.com/p/libarchive/source/detail?r=0736e0890a8fce59e96d57340405c56f084407e7 NOTE: Might be fixed earlier than 3.0.4-2, but was tested against the Wheezy version CVE-2011-1778 (Buffer overflow in libarchive through 2.8.5 allows remote attackers to ...) {DSA-2413-1} - libarchive 2.8.5-5 (bug #651844) CVE-2011-1777 (Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_d ...) {DSA-2413-1} - libarchive 2.8.5-5 (bug #651844) CVE-2011-1776 (The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel b ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.39-1 (low) CVE-2011-1775 (The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx i ...) - tigervnc (Fixed before initial release in Debian) NOTE: https://github.com/TigerVNC/tigervnc/commit/ce6c8b097f0d5b161039dc8c8208aff078d433ff CVE-2011-1774 (WebKit in Apple Safari before 5.0.6 has improper libxslt security sett ...) NOTE: CVE-2011-1774 is about webkit's interface to xmlsec, CVE-2011-1425 is the actual issue NOTE: https://www.openwall.com/lists/oss-security/2011/05/09/4 CVE-2011-1773 (virt-v2v before 0.8.4 does not preserve the VNC console password when ...) NOT-FOR-US: virt-v2v CVE-2011-1772 (Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache ...) - libstruts1.2-java (xwork introduced in 2.x) CVE-2011-1771 (The cifs_close function in fs/cifs/file.c in the Linux kernel before 2 ...) - linux-2.6 2.6.38-4 [squeeze] - linux-2.6 (Introduced in 2.6.37) [lenny] - linux-2.6 (Introduced in 2.6.37) CVE-2011-1770 (Integer underflow in the dccp_parse_options function (net/dccp/options ...) {DSA-2240-1} - linux-2.6 2.6.39-1 [squeeze] - linux-2.6 2.6.32-34squeeze1 [lenny] - linux-2.6 (Introduced in 2.6.29 with commit e77b8363b2ea7c0d89919547c1a8b0562f298b57) CVE-2011-1769 (SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is ena ...) - systemtap 1.6-1 (unimportant; bug #628819) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=702687#c29 NOTE: http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9 NOTE: a DoS with a very limited exploitation possibility CVE-2011-1768 (The tunnels implementation in the Linux kernel before 2.6.34, when tun ...) {DSA-2264-1} - linux-2.6 2.6.34-1 [squeeze] - linux-2.6 2.6.32-35 CVE-2011-1767 (net/ipv4/ip_gre.c in the Linux kernel before 2.6.34, when ip_gre is co ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.34-1 [squeeze] - linux-2.6 2.6.32-34squeeze1 CVE-2011-1764 (Format string vulnerability in the dkim_exim_verify_finish function in ...) {DSA-2232-1} - exim4 4.75-3 (high; bug #624670) [lenny] - exim4 (vulnerable code not present) CVE-2011-1763 (The get_free_port function in Xen allows local authenticated DomU user ...) - linux-2.6 (Only affected the old Xen kernel patch from 2.6.18/2.6.26) CVE-2011-1762 RESERVED CVE-2011-1761 (Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) ...) {DSA-2415-1} - libmodplug 1:0.8.8.4-1 (low; bug #625966) CVE-2011-1760 (utils/opcontrol in OProfile 0.9.6 and earlier might allow local users ...) {DSA-2254-2 DSA-2254-1} - oprofile 0.9.6-1.2 (medium; bug #624212) CVE-2011-1759 (Integer overflow in the sys_oabi_semtimedop function in arch/arm/kerne ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.39-1 CVE-2011-1758 (The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in Sy ...) - sssd (Only affects version 1.5+) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=700867 NOTE: http://git.fedorahosted.org/git/?p=sssd.git;a=commitdiff;h=fffdae81651b460f3d2c119c56d5caa09b4de42a CVE-2011-1757 (DJabberd 0.84 and earlier does not properly detect recursion during en ...) NOTE: DJabberd CVE-2011-1756 (modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly ...) {DSA-2250-1} - citadel 8.04-1 (medium) CVE-2011-1755 (jabberd2 before 2.2.14 does not properly detect recursion during entit ...) - jabberd2 2.2.8-2.1 (medium) CVE-2011-1754 (jabberd14 1.6.1.1 and earlier does not properly detect recursion durin ...) {DSA-2249-1} - jabberd14 1.6.1.1-5.1 CVE-2011-1753 (expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and ...) {DSA-2248-1} - ejabberd 2.1.6-2.1 (medium) CVE-2011-1752 (The mod_dav_svn module for the Apache HTTP Server, as distributed in A ...) {DSA-2251-1} - subversion 1.6.17dfsg-1 CVE-2011-1751 (The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Managem ...) {DSA-2241-1} - qemu-kvm 0.14.1+dfsg-1 - kvm CVE-2011-1750 (Multiple heap-based buffer overflows in the virtio-blk driver (hw/virt ...) {DSA-2230-1} - qemu-kvm 0.14.1+dfsg-1 (bug #624177) - kvm (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=698906 CVE-2011-1749 (The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.ns ...) - nfs-utils 1:1.2.3-3 (low; bug #629420) [squeeze] - nfs-utils 1:1.2.2-4squeeze2 [lenny] - nfs-utils (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=697975 CVE-2011-1748 (The raw_release function in net/can/raw.c in the Linux kernel before 2 ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.39-1 CVE-2011-1747 (The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not pr ...) - linux-2.6 (unimportant) NOTE: Can only be triggered with root equivalent privs -> non-issue CVE-2011-1746 (Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_ ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-5 CVE-2011-1745 (Integer overflow in the agp_generic_insert_memory function in drivers/ ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-5 CVE-2011-1744 (EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin ...) NOT-FOR-US: EMC CVE-2011-1743 (Cross-site scripting (XSS) vulnerability in EMC Captiva eInput 2.1.1 b ...) NOT-FOR-US: EMC CVE-2011-1742 (EMC Data Protection Advisor before 5.8.1 places cleartext account cred ...) NOT-FOR-US: EMC CVE-2011-1741 (Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbir ...) NOT-FOR-US: OpenText Hummingbird Client Connector CVE-2011-1740 (EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authen ...) NOT-FOR-US: EMC Avamar CVE-2011-1739 (The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 ...) NOT-FOR-US: FreeBSD mountd CVE-2011-1738 (HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict Plug-in Dev ...) NOT-FOR-US: HP Palm webOS CVE-2011-1737 (Multiple cross-site scripting (XSS) vulnerabilities in the Email appli ...) NOT-FOR-US: HP Palm webOS CVE-2011-1736 (Directory traversal vulnerability in OmniInet.exe in the Backup Client ...) NOT-FOR-US: HP OpenView Storage Data Protector CVE-2011-1735 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...) NOT-FOR-US: HP OpenView Storage Data Protector CVE-2011-1734 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...) NOT-FOR-US: HP OpenView Storage Data Protector CVE-2011-1733 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...) NOT-FOR-US: HP OpenView Storage Data Protector CVE-2011-1732 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...) NOT-FOR-US: HP OpenView Storage Data Protector CVE-2011-1731 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...) NOT-FOR-US: HP OpenView Storage Data Protector CVE-2011-1730 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...) NOT-FOR-US: HP OpenView Storage Data Protector CVE-2011-1729 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...) NOT-FOR-US: HP OpenView Storage Data Protector CVE-2011-1728 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...) NOT-FOR-US: HP OpenView Storage Data Protector CVE-2011-1727 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, ...) NOT-FOR-US: HP SiteScope CVE-2011-1726 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, ...) NOT-FOR-US: HP SiteScope CVE-2011-1725 (Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9 ...) NOT-FOR-US: HP Network Automation CVE-2011-1724 (Unspecified vulnerability in HP Virtual Server Environment before 6.3 ...) NOT-FOR-US: HP Virtual Server Environment CVE-2011-1723 (Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rht ...) NOT-FOR-US: WEC Discussion Forum CVE-2011-1722 (Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_di ...) NOT-FOR-US: WEC Discussion Forum CVE-2011-1721 (Cross-site request forgery (CSRF) vulnerability in php/partie_administ ...) NOT-FOR-US: WebJaxe CVE-2011-1720 (The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x b ...) {DSA-2233-1} - postfix 2.8.3-1 NOTE: http://www.postfix.org/CVE-2011-1720.html CVE-2011-1719 (Multiple stack-based buffer overflows in the Web Viewer ActiveX contro ...) NOT-FOR-US: ActiveX CVE-2011-1718 (The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 be ...) NOT-FOR-US: CA SiteMinder CVE-2011-1716 (Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in X ...) - xymon 4.3.7-1 [wheezy] - xymon (Minor issue) [squeeze] - xymon (Minor issue) CVE-2011-1717 (Skype for Android stores sensitive user data without encryption in sql ...) NOT-FOR-US: Skype for Android CVE-2011-1715 (Directory traversal vulnerability in framework/source/resource/qx/test ...) NOT-FOR-US: QooxDoo CVE-2011-1714 (Cross-site scripting (XSS) vulnerability in framework/source/resource/ ...) NOT-FOR-US: QooxDoo CVE-2011-1713 (Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allo ...) NOT-FOR-US: Microsoft CVE-2011-1712 (The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.c ...) - iceweasel 4.0.1-1 (unimportant) CVE-2011-1711 (Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in No ...) NOT-FOR-US: Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer CVE-2011-1710 (Multiple integer overflows in the HTTP server in the Novell XTier fram ...) NOT-FOR-US: Novell XTier CVE-2011-1709 (GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, ena ...) - gdm3 (Vulnerable code patched out in Debian package in sid, patched in 3.0.4 experimental) - gdm (Vulnerable code not present) CVE-2011-1708 (Stack-based buffer overflow in nipplib.dll in Novell iPrint Client bef ...) NOT-FOR-US: Novell iPrint Client CVE-2011-1707 (Stack-based buffer overflow in nipplib.dll in Novell iPrint Client bef ...) NOT-FOR-US: Novell iPrint Client CVE-2011-1706 (Stack-based buffer overflow in nipplib.dll in Novell iPrint Client bef ...) NOT-FOR-US: Novell iPrint Client CVE-2011-1705 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...) NOT-FOR-US: Novell iPrint Client CVE-2011-1704 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...) NOT-FOR-US: Novell iPrint Client CVE-2011-1703 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...) NOT-FOR-US: Novell iPrint Client CVE-2011-1702 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...) NOT-FOR-US: Novell iPrint Client CVE-2011-1701 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...) NOT-FOR-US: Novell iPrint Client CVE-2011-1700 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...) NOT-FOR-US: Novell iPrint Client CVE-2011-1699 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...) NOT-FOR-US: Novell iPrint Client CVE-2011-1698 RESERVED CVE-2011-1697 RESERVED CVE-2011-1696 (Cross-site scripting (XSS) vulnerability in Novell Identity Manager (a ...) NOT-FOR-US: Novell Identity Manager CVE-2011-1695 RESERVED CVE-2011-1694 RESERVED CVE-2011-1693 RESERVED CVE-2011-1692 RESERVED CVE-2011-1691 (The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in t ...) - chromium-browser 12.0.742.91~r87961-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/82222 CVE-2011-1690 (Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8 ...) {DSA-2220-1} - request-tracker3.8 3.8.10-1 (bug #622774) - request-tracker3.6 CVE-2011-1689 (Multiple cross-site scripting (XSS) vulnerabilities in Best Practical ...) {DSA-2220-1} - request-tracker3.8 3.8.10-1 (bug #622774) - request-tracker3.6 CVE-2011-1688 (Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 ...) {DSA-2220-1} - request-tracker3.8 3.8.10-1 (bug #622774) - request-tracker3.6 CVE-2011-1687 (Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, ...) {DSA-2220-1} - request-tracker3.8 3.8.10-1 (bug #622774) - request-tracker3.6 CVE-2011-1686 (Multiple SQL injection vulnerabilities in Best Practical Solutions RT ...) {DSA-2220-1} - request-tracker3.8 3.8.10-1 (bug #622774) - request-tracker3.6 CVE-2011-1685 (Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4. ...) {DSA-2220-1} - request-tracker3.8 3.8.10-1 (bug #622774) CVE-2011-1683 (IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x b ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2011-1682 (Multiple cross-site request forgery (CSRF) vulnerabilities in phpList ...) - phplist (bug #612288) CVE-2011-1684 (Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4. ...) {DSA-2218-1} - vlc 1.1.8-3 (medium) [lenny] - vlc (Vulnerable code not present) [squeeze] - vlc 1.1.3-1squeeze5 NOTE: CVE id requested CVE-2011-1681 (vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-t ...) - open-vm-tools 2:8.4.2+2011.08.21-471295-1 (low; bug #623968) [squeeze] - open-vm-tools (Contrib not supported) [lenny] - open-vm-tools (Contrib not supported) CVE-2011-1680 (ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ loc ...) - ncpfs 2.2.6-9 (low; bug #660545) [squeeze] - ncpfs (Minor issue) CVE-2011-1679 (ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to the ...) - ncpfs 2.2.6-9 (low; bug #660545) [squeeze] - ncpfs (Minor issue) CVE-2011-1678 (smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to app ...) - samba 2:3.4.7~dfsg-2 (low) - cifs-utils 2:5.1-1 (low) [squeeze] - cifs-utils 2:4.5-2+squeeze1 NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed NOTE: http://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=f6eae44a3d05b6515a59651e6bed8b6dde689aec CVE-2011-1677 (mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lo ...) - util-linux 2.20.1-1 (low) [squeeze] - util-linux (Minor issue) CVE-2011-1676 (mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp ...) NOTE: This was found to be a non-issue, see http://thread.gmane.org/gmane.comp.security.oss.general/4374/focus=4983 CVE-2011-1675 (mount in util-linux 2.19 and earlier attempts to append to the /etc/mt ...) - util-linux 2.20.1-1 (low) [squeeze] - util-linux (Minor issue) CVE-2011-1674 (The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attacke ...) NOT-FOR-US: NetGear ProSafe WNAP210 CVE-2011-1673 (BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attacker ...) NOT-FOR-US: NetGear ProSafe WNAP210 CVE-2011-1672 (The Dell KACE K2000 Systems Deployment Appliance 3.3.36822 and earlier ...) NOT-FOR-US: Dell KACE K2000 Systems Deployment Appliance CVE-2011-1671 (Cross-site scripting (XSS) vulnerability in app/controllers/todos_cont ...) NOT-FOR-US: Tracks CVE-2011-1670 (Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra ...) NOT-FOR-US: InTerra CVE-2011-1669 (Directory traversal vulnerability in wp-download.php in the WP Custom ...) NOT-FOR-US: WP Custom Pages module for WordPress CVE-2011-1668 (Cross-site scripting (XSS) vulnerability in search.php in AR Web Conte ...) NOT-FOR-US: AR Web Content Manager CVE-2011-1667 (SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows ...) NOT-FOR-US: Anzeigenmarkt CVE-2011-1666 (Metaways Tine 2.0 allows remote attackers to obtain sensitive informat ...) NOT-FOR-US: Metaways Tine CVE-2011-1665 (PHPBoost 3.0 stores sensitive information under the web root with insu ...) NOT-FOR-US: PHPBoost CVE-2011-1664 (Cross-site request forgery (CSRF) vulnerability in the Translation Man ...) NOT-FOR-US: Translation Management module for Drupal CVE-2011-1663 (SQL injection vulnerability in the Translation Management module 6.x b ...) NOT-FOR-US: Translation Management module for Drupal CVE-2011-1662 (Cross-site scripting (XSS) vulnerability in Translation Management mod ...) NOT-FOR-US: Translation Management module for Drupal CVE-2011-1661 (The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_ ...) NOT-FOR-US: Node Quick Find module for Drupal CVE-2011-1660 (Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamic ...) NOT-FOR-US: GrapeCity Data Dynamics Reports CVE-2011-1659 (Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or ...) - eglibc 2.13-8 [squeeze] - eglibc 2.11.3-2 - glibc 2.13-8 [lenny] - glibc (Minor issue) NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=8126d90480fa CVE-2011-1658 (ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expan ...) - eglibc 2.13-33 (low; bug #672119) [squeeze] - eglibc CVE-2011-1657 (The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions i ...) {DSA-2408-1} - php5 5.3.7-1 (unimportant) NOTE: safe mode not supported CVE-2011-1656 RESERVED CVE-2011-1655 (The management.asmx module in the Management Web Service in the Unifie ...) NOT-FOR-US: CA Total Defense CVE-2011-1654 (Directory traversal vulnerability in the Heartbeat Web Service in CA.I ...) NOT-FOR-US: CA Total Defense CVE-2011-1653 (Multiple SQL injection vulnerabilities in the Unified Network Control ...) NOT-FOR-US: CA Total Defense CVE-2011-1652 (** DISPUTED ** The default configuration of Microsoft Windows 7 immedi ...) NOT-FOR-US: Microsoft Windows 7 CVE-2011-1651 (Cisco IOS XR 3.9.x and 4.0.x before 4.0.3 and 4.1.x before 4.1.1, when ...) NOT-FOR-US: Cisco CVE-2011-1650 RESERVED CVE-2011-1649 (The Internet Streamer application in Cisco Content Delivery System (CD ...) NOT-FOR-US: Cisco CVE-2011-1648 RESERVED CVE-2011-1647 (The web management interface on the Cisco RVS4000 Gigabit Security Rou ...) NOT-FOR-US: Cisco CVE-2011-1646 (The web management interface on the Cisco RVS4000 Gigabit Security Rou ...) NOT-FOR-US: Cisco CVE-2011-1645 (The web management interface on the Cisco RVS4000 Gigabit Security Rou ...) NOT-FOR-US: Cisco CVE-2011-1644 RESERVED CVE-2011-1643 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-1642 RESERVED CVE-2011-1641 RESERVED CVE-2011-1640 (The ethernet-lldp component in Cisco IOS 12.2 before 12.2(33)SXJ1 does ...) NOT-FOR-US: Cisco IOS CVE-2011-1639 RESERVED CVE-2011-1638 RESERVED CVE-2011-1637 (Cisco Unified IP Phones 7900 devices (aka TNP phones) with software be ...) NOT-FOR-US: Cisco CVE-2011-1636 RESERVED CVE-2011-1635 RESERVED CVE-2011-1634 RESERVED CVE-2011-1633 RESERVED CVE-2011-1632 RESERVED CVE-2011-1631 RESERVED CVE-2011-1630 RESERVED CVE-2011-1629 RESERVED CVE-2011-1628 RESERVED CVE-2011-1627 RESERVED CVE-2011-1626 RESERVED CVE-2011-1625 (Cisco IOS 12.2, 12.3, 12.4, 15.0, and 15.1, when the data-link switchi ...) NOT-FOR-US: Cisco IOS CVE-2011-1624 (Cisco IOS 12.2(58)SE, when a login banner is configured, allows remote ...) NOT-FOR-US: Cisco IOS CVE-2011-1623 (Cisco Media Processing Software before 1.2 on Media Experience Engine ...) NOT-FOR-US: Cisco CVE-2011-1622 RESERVED CVE-2011-1621 RESERVED CVE-2011-1620 RESERVED CVE-2011-1619 RESERVED CVE-2011-1618 RESERVED CVE-2011-1617 RESERVED CVE-2011-1616 RESERVED CVE-2011-1615 RESERVED CVE-2011-1614 RESERVED CVE-2011-1613 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) softw ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2011-1612 RESERVED CVE-2011-1611 RESERVED CVE-2011-1610 (Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-1609 (SQL injection vulnerability in Cisco Unified Communications Manager (a ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-1608 RESERVED CVE-2011-1607 (Directory traversal vulnerability in Cisco Unified Communications Mana ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-1606 (Unspecified vulnerability in Cisco Unified Communications Manager (aka ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-1605 (Unspecified vulnerability in Cisco Unified Communications Manager (aka ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-1604 (Memory leak in Cisco Unified Communications Manager (aka CUCM, formerl ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-1603 (Cisco Unified IP Phones 7900 devices (aka TNP phones) with software be ...) NOT-FOR-US: Cisco CVE-2011-1602 (The su utility on Cisco Unified IP Phones 7900 devices (aka TNP phones ...) NOT-FOR-US: Cisco CVE-2011-1601 RESERVED CVE-2011-1600 RESERVED CVE-2011-1599 (manager.c in the Manager Interface in Asterisk Open Source 1.4.x befor ...) {DSA-2225-1} - asterisk 1:1.8.3.3-1 [lenny] - asterisk (Vulnerable code not present) CVE-2011-1598 (The bcm_release function in net/can/bcm.c in the Linux kernel before 2 ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-5 CVE-2011-1597 (OpenVAS Manager v2.0.3 allows plugin remote code execution. ...) NOT-FOR-US: OpenVAS Manager CVE-2011-1596 REJECTED CVE-2011-1595 (Directory traversal vulnerability in the disk_create function in disk. ...) - rdesktop 1.7.0-1 (low; bug #623552) [squeeze] - rdesktop (Minor issue) [lenny] - rdesktop (Minor issue) CVE-2011-1594 (Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Netwo ...) NOT-FOR-US: Red Hat Network Satellite server CVE-2011-1593 (Multiple integer overflows in the next_pidmap function in kernel/pid.c ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-4 CVE-2011-1592 (The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x b ...) - wireshark (Windows-specific) CVE-2011-1591 (Stack-based buffer overflow in the DECT dissector in epan/dissectors/p ...) - wireshark 1.4.5-1 [squeeze] - wireshark (Only affects 1.4.x) [lenny] - wireshark (Only affects 1.4.x) CVE-2011-1590 (The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x befor ...) {DSA-2274-1} - wireshark 1.4.5-1 (unimportant) CVE-2011-1589 (Directory traversal vulnerability in Path.pm in Mojolicious before 1.1 ...) {DSA-2221-1} - libmojolicious-perl 1.16-1 CVE-2011-1588 (Thunar before 1.3.1 could crash when copy and pasting a file name with ...) - thunar (Introduced in 1.2, only in experimental) NOTE: http://git.xfce.org/xfce/thunar/diff/?id=03dd312e157d4fa8a11d5fa402706ae5b05806fa CVE-2011-1587 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, w ...) {DSA-2366-1} - mediawiki 1:1.15.5-5 CVE-2011-1586 (Directory traversal vulnerability in the KGetMetalink::File::isValidNa ...) - kdenetwork 4:4.6.3-1 [squeeze] - kdenetwork 4:4.4.5-2+squeeze1 [lenny] - kdenetwork (Metalink plugin not yet present) CVE-2011-1585 (The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kerne ...) {DSA-2240-1} - linux-2.6 (unimportant) NOTE: an exploitation requires the ability to run mount.cifs w/ root privs CVE-2011-1584 (The updateFile function in inc/core/class.dc.media.php in the Media Ma ...) - dotclear (Fixed before initial upload to archive) CVE-2011-1583 (Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xe ...) {DSA-2337-1} - xen 4.1.1-1 - xen-3 [lenny] - xen-3 (Minor issue; only marginally affected) CVE-2011-1582 (Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servl ...) - tomcat6 (Only affects Tomcat 7) CVE-2011-1581 (The bond_select_queue function in drivers/net/bonding/bond_main.c in t ...) - linux-2.6 2.6.39-1 (low) [squeeze] - linux-2.6 (Introduced in 2.6.36) [lenny] - linux-2.6 (Introduced in 2.6.36) CVE-2011-1580 (The transwiki import functionality in MediaWiki before 1.16.3 does not ...) {DSA-2366-1} - mediawiki 1:1.15.5-5 CVE-2011-1579 (The checkCss function in includes/Sanitizer.php in the wikitext parser ...) {DSA-2366-1} - mediawiki 1:1.15.5-5 CVE-2011-1578 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, w ...) {DSA-2366-1} - mediawiki 1:1.15.5-5 CVE-2011-1577 (Heap-based buffer overflow in the is_gpt_valid function in fs/partitio ...) {DSA-2264-1} - linux-2.6 2.6.39-3 (low) [squeeze] - linux-2.6 2.6.32-35 CVE-2011-1576 (The Generic Receive Offload (GRO) implementation in the Linux kernel 2 ...) {DSA-2303-1} - linux-2.6 3.0.0-5 [lenny] - linux-2.6 (Code not present) NOTE: "...code path in question is no longer reachable..." not sure when this was fixed CVE-2011-1575 (The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 ...) - pure-ftpd 1.0.30-1 (low) [squeeze] - pure-ftpd 1.0.28-3+squeeze1 [lenny] - pure-ftpd (Minor issue) CVE-2011-1574 (Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in l ...) {DSA-2226-1} - libmodplug 1:0.8.8.2-1 (low; bug #622091) CVE-2011-1573 (net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip ...) - linux-2.6 2.6.34-1 [squeeze] - linux-2.6 2.6.32-34 NOTE: http://xorl.wordpress.com/2011/05/08/cve-2011-1573-linux-kernel-sctp-initinit-ack-length-miscalculation/ NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a8170c35e738d62e9919ce5b109cf4ed66e9 CVE-2011-1572 (Directory traversal vulnerability in the Admin Defined Commands (ADC) ...) {DSA-2215-1} - gitolite 1.5.7-2 NOTE: https://github.com/sitaramc/gitolite/commit/a33f0f85047834212ff4baf5b479c6cf3d2a6075 NOTE: https://github.com/sitaramc/gitolite/commit/4ce00aef84d1ff7c35f7adbbb99a6241cfda00cc [squeeze] - gitolite 1.5.4-2+squeeze1 CVE-2011-1571 (Unspecified vulnerability in the XSL Content portlet in Liferay Portal ...) - liferay-portal (bug #569819) CVE-2011-1570 (Cross-site scripting (XSS) vulnerability in Liferay Portal Community E ...) - liferay-portal (bug #569819) CVE-2011-1569 (download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obta ...) NOT-FOR-US: Douran Portal CVE-2011-1568 (Format string vulnerability in the logText function in shmemmgr9.dll i ...) NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System CVE-2011-1567 (Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11 ...) NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System CVE-2011-1566 (Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier ...) NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System CVE-2011-1565 (Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 ...) NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System CVE-2011-1564 (Multiple integer overflows in the HMI application in DATAC RealFlex Re ...) NOT-FOR-US: DATAC RealFlex RealWin CVE-2011-1563 (Multiple stack-based buffer overflows in the HMI application in DATAC ...) NOT-FOR-US: DATAC RealFlex RealWin CVE-2011-1562 (Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attacker ...) NOT-FOR-US: Ecava IntegraXor HMI CVE-2011-1561 (The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, whe ...) NOT-FOR-US: IBM AIX 6.1 CVE-2011-1560 (solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x ...) NOT-FOR-US: IBM solidDB CVE-2011-1559 (Unspecified vulnerability in the IBM Web Interface for Content Managem ...) NOT-FOR-US: IBM WEBi CVE-2011-1558 (Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Int ...) NOT-FOR-US: IBM WEBi CVE-2011-XXXX [drupal6-mod-tagadelic XSS] - drupal6-mod-tagadelic 1.3-1 (low) NOTE: DRUPAL-SA-CONTRIB-2011-013 CVE-2011-1557 (SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows remot ...) NOT-FOR-US: ICloudCenter ICJobSite CVE-2011-1556 (SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's ...) NOT-FOR-US: Aphpkb CVE-2011-1555 (SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase (Ap ...) NOT-FOR-US: Aphpkb CVE-2011-1554 (Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3. ...) {DSA-2388-1} - t1lib 5.1.2-3.5 [lenny] - t1lib 5.1.2-3+lenny1 [squeeze] - t1lib 5.1.2-3+squeeze1 NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=692909#c23 - xpdf 3.02-9 - poppler (never used t1lib) CVE-2011-1553 (Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xp ...) {DSA-2388-1} - t1lib 5.1.2-3.5 [lenny] - t1lib 5.1.2-3+lenny1 [squeeze] - t1lib 5.1.2-3+squeeze1 NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=692909#c23 - xpdf 3.02-9 - poppler (never used t1lib) CVE-2011-1552 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and ot ...) {DSA-2388-1} - t1lib 5.1.2-3.5 [lenny] - t1lib 5.1.2-3+lenny1 [squeeze] - t1lib 5.1.2-3+squeeze1 NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=692909#c23 - xpdf 3.02-9 - poppler (never used t1lib) CVE-2011-1551 (SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ direc ...) - cobbler (bug #796151; perms different on Debian) NOTE: /var/log/cobbler is set to cobbler:cobbler and daemon runs as root CVE-2011-1550 (The default configuration of logrotate on SUSE openSUSE Factory uses r ...) - logrotate (SuSE-specific, see CVE-2011-1548 for Debian) CVE-2011-1549 (The default configuration of logrotate on Gentoo Linux uses root privi ...) - logrotate (Gentoo-specific, see CVE-2011-1548 for Debian) CVE-2011-1548 (The default configuration of logrotate on Debian GNU/Linux uses root p ...) - logrotate 3.7.8-6 CVE-2011-1547 (Multiple stack consumption vulnerabilities in the kernel in NetBSD 4.0 ...) NOT-FOR-US: NetBSD CVE-2011-1546 (Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Ap ...) NOT-FOR-US: Aphpkb CVE-2011-1545 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...) NOT-FOR-US: HP Insight Control Performance Management CVE-2011-1544 (Unspecified vulnerability in HP Insight Control Performance Management ...) NOT-FOR-US: HP Insight Control Performance Management CVE-2011-1543 (Cross-site request forgery (CSRF) vulnerability in HP Systems Insight ...) NOT-FOR-US: HP Systems Insight Manager CVE-2011-1542 (Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager ...) NOT-FOR-US: HP Systems Insight Manager CVE-2011-1541 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...) NOT-FOR-US: HP System Management Homepage CVE-2011-1540 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...) NOT-FOR-US: HP System Management Homepage CVE-2011-1539 (Unspecified vulnerability in HP Proliant Support Pack (PSP) before 8.7 ...) NOT-FOR-US: HP Proliant Support Pack CVE-2011-1538 (Open redirect vulnerability in HP Proliant Support Pack (PSP) before 8 ...) NOT-FOR-US: HP Proliant Support Pack CVE-2011-1537 (Cross-site scripting (XSS) vulnerability in HP Proliant Support Pack ( ...) NOT-FOR-US: HP Proliant Support Pack CVE-2011-1536 (Unspecified vulnerability in HP Performance Insight 5.0, 5.1x. 5.2x, 5 ...) NOT-FOR-US: HP Performance Insight CVE-2011-1535 (Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linu ...) NOT-FOR-US: HP Insight Control CVE-2011-1534 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x all ...) NOT-FOR-US: HP Network Node Manager CVE-2011-1533 (Cross-site scripting (XSS) vulnerability on the HP Photosmart D110 and ...) NOT-FOR-US: HP Photosmart CVE-2011-1532 (Unspecified vulnerability in the SNMP component on the HP Photosmart D ...) NOT-FOR-US: HP Photosmart CVE-2011-1531 (The webscan component in the Embedded Web Server (EWS) on the HP Photo ...) NOT-FOR-US: HP Photosmart CVE-2011-1530 (The process_tgs_req function in do_tgs_req.c in the Key Distribution C ...) - krb5 1.10+dfsg~alpha1-7 [squeeze] - krb5 (Only affecs 1.9 and higher) [lenny] - krb5 (Only affecs 1.9 and higher) CVE-2011-1529 (The lookup_lockout_policy function in the Key Distribution Center (KDC ...) {DSA-2379-1} - krb5 1.10+dfsg~alpha1-1 (low; bug #646367) [lenny] - krb5 (Introduced in 1.8) CVE-2011-1528 (The krb5_ldap_lockout_audit function in the Key Distribution Center (K ...) {DSA-2379-1} - krb5 1.10+dfsg~alpha1-1 (low; bug #646367) [lenny] - krb5 (Introduced in 1.8) CVE-2011-1527 (The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerber ...) - krb5 1.10+dfsg~alpha1-1 (low; bug #646367) [squeeze] - krb5 (Introduced in 1.9) [lenny] - krb5 (Introduced in 1.9) CVE-2011-1526 (ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Application ...) {DSA-2283-1} - krb5-appl 1:1.0.1-1.1 CVE-2011-1525 (Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer ...) NOT-FOR-US: RealPlayer CVE-2011-1524 (Cross-site scripting (XSS) vulnerability in the management login GUI p ...) NOT-FOR-US: Symantec LiveUpdate Administrator CVE-2011-1523 (Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.c ...) - nagios3 3.2.3-3 (bug #629127) - icinga 1.4.1-1 (bug #629131) [squeeze] - nagios3 (Minor issue) [lenny] - nagios3 (Minor issue) [squeeze] - icinga (Minor issue) [lenny] - icinga (Minor issue) NOTE: http://tracker.nagios.org/view.php?id=207 CVE-2011-1522 (Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\ ...) {DSA-2223-1} - doctrine 1.2.4-1 (bug #622674) CVE-2011-1520 (The default configuration of the server console in IBM Lotus Domino do ...) NOT-FOR-US: Lotus Domino CVE-2011-1519 (The remote console in the Server Controller in IBM Lotus Domino 7.x an ...) NOT-FOR-US: Lotus Domino CVE-2011-1518 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Req ...) {DSA-2231-1} - otrs2 2.4.10+dfsg1-1 CVE-2011-1521 (The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x befo ...) {DLA-25-1} - python3.1 (bug #628453) [squeeze] - python3.1 (Minor issue) - python3.2 3.2-3 - python2.7 2.7.1-7 - python2.6 2.6.7-1 (bug #628455) - python2.5 [squeeze] - python2.5 (Minor issue) NOTE: http://bugs.python.org/issue11662 CVE-2011-XXXX [htmlpurifier various] - php-htmlpurifier 4.3.0+dfsg1-1 (unimportant) - mahara 1.2.5-1 [lenny] - mahara 1.0.4-4+lenny10 NOTE: http://web.archive.org/web/20120515064303/http://htmlpurifier.org/news/2011/0327-4.3.0-released NOTE: htmlpurifier only provides library functions, it's not vulnerable by itself NOTE: If apps are vulnerable, this must be addressed there (as done for Mahara) CVE-2011-1517 (SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service c ...) NOT-FOR-US: SAP CVE-2011-1516 (The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in ...) NOT-FOR-US: Apple Mac OS X CVE-2011-1515 (The inet service in HP OpenView Storage Data Protector 6.00 through 6. ...) NOT-FOR-US: HP OpenView CVE-2011-1514 (The inet service in HP OpenView Storage Data Protector 6.00 through 6. ...) NOT-FOR-US: HP OpenView CVE-2011-1513 (Static code injection vulnerability in install_.php in e107 CMS 0.7.24 ...) NOT-FOR-US: e107 CVE-2011-1512 (Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used i ...) NOT-FOR-US: Autonomy KeyView CVE-2011-1511 (Unspecified vulnerability in the Oracle GlassFish Server component in ...) NOT-FOR-US: Oracle Sun Products Suite CVE-2011-1510 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in Manag ...) NOT-FOR-US: ManageEngine ServiceDesk Plus CVE-2011-1509 (The encryptPassword function in Login.js in ManageEngine ServiceDesk P ...) NOT-FOR-US: ManageEngine ServiceDesk Plus CVE-2011-1508 (Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly ...) NOT-FOR-US: Microsoft Publisher CVE-2011-1507 (Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1 ...) {DSA-2225-1} - asterisk 1:1.8.3.3-1 CVE-2011-1506 (The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and Mail ...) NOT-FOR-US: Kerio CVE-2011-1505 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.27 serv ...) NOT-FOR-US: IBM Lotus Quickr CVE-2011-1504 (Cross-site scripting (XSS) vulnerability in Liferay Portal Community E ...) - liferay-portal (bug #569819) CVE-2011-1503 (The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x a ...) - liferay-portal (bug #569819) CVE-2011-1502 (Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache ...) - liferay-portal (bug #569819) CVE-2011-1501 REJECTED CVE-2011-1500 (PreferencesPithosDialog.py in Pithos 0.3.7 does not properly restrict ...) - pithos 0.3.8-1 (low) CVE-2011-1499 (acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting s ...) {DSA-2222-1} - tinyproxy 1.8.2-2 (bug #621493) [lenny] - tinyproxy (Vulnerable code not present) CVE-2011-1498 (Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used ...) - httpcomponents-client 4.1.1-1 (bug #628727) [squeeze] - httpcomponents-client 4.0.1-1squeeze1 NOTE: http://seclists.org/oss-sec/2011/q2/188 NOTE: http://web.archive.org/web/20130102213624/http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt CVE-2011-1497 RESERVED CVE-2011-1496 (tmux 1.3 and 1.4 does not properly drop group privileges, which allows ...) {DSA-2212-1} - tmux 1.4-6 (bug #620304) NOTE: CVE id requested CVE-2011-1495 (drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earl ...) {DSA-2240-1} - linux-2.6 2.6.38-5 (unimportant) CVE-2011-1494 (Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/m ...) {DSA-2240-1} - linux-2.6 2.6.38-5 (unimportant) CVE-2011-1493 (Array index error in the rose_parse_national function in net/rose/rose ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-4 CVE-2011-1492 (steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not prop ...) - roundcube 0.5.1-1 [squeeze] - roundcube (Minor issue) CVE-2011-1491 (The login form in Roundcube Webmail before 0.5.1 does not properly han ...) - roundcube 0.5.1-1 (low) [squeeze] - roundcube (Minor issue) CVE-2011-1490 (A memory leak in rsyslog before 5.7.6 was found in the way deamon proc ...) - rsyslog 5.7.6-1 (low) [squeeze] - rsyslog (Minor issue) [lenny] - rsyslog (Minor issue) CVE-2011-1489 (A memory leak in rsyslog before 5.7.6 was found in the way deamon proc ...) - rsyslog 5.7.6-1 (low) [squeeze] - rsyslog (Minor issue) [lenny] - rsyslog (Minor issue) CVE-2011-1488 (A memory leak in rsyslog before 5.7.6 was found in the way deamon proc ...) - rsyslog 5.7.6-1 (low) [squeeze] - rsyslog (Minor issue) [lenny] - rsyslog (Minor issue) CVE-2011-1487 (The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.1 ...) {DSA-2265-1} - perl 5.10.1-20 (unimportant; bug #622817) NOTE: http://nntp.perl.org/group/perl.perl5.porters/171010 CVE-2011-1486 (libvirtd in libvirt before 0.9.0 does not use thread-safe error report ...) {DSA-2280-1} - libvirt 0.9.0-1 (low; bug #623222) [lenny] - libvirt (Minor issue) CVE-2011-1485 (Race condition in the pkexec utility and polkitd daemon in PolicyKit ( ...) {DSA-2319-1} - policykit-1 0.101-4 (bug #644500) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=692922 CVE-2011-1484 (jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as dis ...) NOT-FOR-US: JBoss Seam CVE-2011-1483 (wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise ...) NOT-FOR-US: JBoss Enterprise Web Platform CVE-2011-1482 (Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile ...) NOT-FOR-US: PHP-Nuke CVE-2011-1481 (Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi ...) NOT-FOR-US: PHP-Nuke CVE-2011-1480 (SQL injection vulnerability in admin.php in the administration backend ...) NOT-FOR-US: PHP-Nuke CVE-2011-1479 (Double free vulnerability in the inotify subsystem in the Linux kernel ...) - linux-2.6 2.6.38-4 [lenny] - linux-2.6 (Only affected 2.6.37 and 2.6.38) [squeeze] - linux-2.6 (Only affected 2.6.37 and 2.6.38) CVE-2011-1478 (The napi_reuse_skb function in net/core/dev.c in the Generic Receive O ...) {DSA-2240-1} - linux-2.6 2.6.38-1 [lenny] - linux-2.6 (Vulnerable code not present) CVE-2011-1477 (Multiple array index errors in sound/oss/opl3.c in the Linux kernel be ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-4 CVE-2011-1476 (Integer underflow in the Open Sound System (OSS) subsystem in the Linu ...) {DSA-2240-1} - linux-2.6 2.6.38-4 CVE-2011-1475 (The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not p ...) - tomcat6 (Only affects Tomcat 7) CVE-2011-1474 (A locally locally exploitable DOS vulnerability was found in pax-linux ...) NOT-FOR-US: PaX hardening patch NOTE: http://seclists.org/oss-sec/2011/q1/579 CVE-2011-1473 (** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not ...) NOTE: Generic protocol issue, no code fix. Workarounds exist, see bug #672456 NOTE: and http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html CVE-2011-1472 (The Nokia E75 phone with firmware before 211.12.01 allows physically p ...) NOT-FOR-US: Nokia E75 phone CVE-2011-1471 (Integer signedness error in zip_stream.c in the Zip extension in PHP b ...) {DSA-2266-1} - php5 5.3.6-1 CVE-2011-1470 (The Zip extension in PHP before 5.3.6 allows context-dependent attacke ...) {DSA-2408-1} - php5 5.3.6-1 (unimportant) NOTE: exploitable by malicious scripts only CVE-2011-1469 (Unspecified vulnerability in the Streams component in PHP before 5.3.6 ...) {DSA-2408-1} - php5 5.3.6-1 (unimportant) NOTE: exploitable by malicious scripts only CVE-2011-1468 (Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 mig ...) {DSA-2408-1} - php5 5.3.6-1 (unimportant) NOTE: under normal conditions the amount of memory leaked is insignificant CVE-2011-1467 (Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfm ...) {DSA-2408-1} - php5 5.3.6-1 (unimportant) [lenny] - php5 (intl extension included since 5.3) NOTE: Only triggerable with malicious script CVE-2011-1466 (Integer overflow in the SdnToJulian function in the Calendar extension ...) {DSA-2266-1} - php5 5.3.6-1 NOTE: null pointer deref because of int overflow. Fix has a bug CVE-2011-1465 (The SPDY implementation in net/http/http_network_transaction.cc in Goo ...) - chromium-browser (only the dev version was affected) - webkit (chromium specific) CVE-2011-1464 (Buffer overflow in the strval function in PHP before 5.3.6, when the p ...) {DSA-2408-1} - php5 5.3.6-1 (unimportant) NOTE: ini setting needs to be modified. CVE-2011-1463 RESERVED CVE-2011-1462 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-1461 RESERVED CVE-2011-1460 (WebKit in Google Chrome before Blink M11 contains a bad cast to Render ...) NOTE: Historic webkit/Chromium issues CVE-2011-1459 (The WebKit::WebPluginContainerImpl::handleEvent function in Google Chr ...) NOTE: Historic webkit/Chromium issues CVE-2011-1458 RESERVED CVE-2011-1457 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-1456 (Google Chrome before 11.0.696.57 does not properly handle PDF forms, w ...) - chromium-browser (chrome pdf plugin) CVE-2011-1455 (Google Chrome before 11.0.696.57 does not properly handle PDF document ...) - chromium-browser (chrome pdf plugin) CVE-2011-1454 (Use-after-free vulnerability in the DOM id handling functionality in G ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/84015 CVE-2011-1453 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-1452 (Google Chrome before 11.0.696.57 allows user-assisted remote attackers ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-1451 (Google Chrome before 11.0.696.57 does not properly handle DOM id maps, ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/83209 CVE-2011-1450 (Google Chrome before 11.0.696.57 does not properly present file dialog ...) - chromium-browser 11.0.696.65~r84435-1 (unimportant) - webkit (chromium specific) CVE-2011-1449 (Use-after-free vulnerability in the WebSockets implementation in Googl ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/82088 CVE-2011-1448 (Google Chrome before 11.0.696.57 does not properly perform height calc ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/81786 CVE-2011-1447 (Google Chrome before 11.0.696.57 does not properly handle drop-down li ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/81851 CVE-2011-1446 (Google Chrome before 11.0.696.57 allows remote attackers to spoof the ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-1445 (Google Chrome before 11.0.696.57 does not properly handle SVG document ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/81689 CVE-2011-1444 (Race condition in the sandbox launcher implementation in Google Chrome ...) {DSA-2245-1} - chromium-browser 11.0.696.65~r84435-1 - webkit (chromium sandbox) CVE-2011-1443 (Google Chrome before 11.0.696.57 does not properly implement layering, ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/82624 CVE-2011-1442 (Google Chrome before 11.0.696.57 does not properly handle mutation eve ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/81611 CVE-2011-1441 (Google Chrome before 11.0.696.57 does not properly perform a cast of a ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/80773 NOTE: http://trac.webkit.org/changeset/81088 CVE-2011-1440 (Use-after-free vulnerability in Google Chrome before 11.0.696.57 allow ...) {DSA-2245-1} - chromium-browser 11.0.696.65~r84435-1 NOTE: http://trac.webkit.org/changeset/84009 CVE-2011-1439 (Google Chrome before 11.0.696.57 on Linux does not properly isolate re ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-1438 (Google Chrome before 11.0.696.57 allows remote attackers to bypass the ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/81399 CVE-2011-1437 (Multiple integer overflows in Google Chrome before 11.0.696.57 allow r ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/79462 CVE-2011-1436 (Google Chrome before 11.0.696.57 on Linux does not properly interact w ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-1435 (Google Chrome before 11.0.696.57 does not properly implement the tabs ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-1434 (Google Chrome before 11.0.696.57 does not ensure thread safety during ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-1433 (The (1) AgentInterface and (2) CustomerInterface components in Open Ti ...) - otrs2 3.0.8+dfsg1-1 (unimportant) NOTE: Negligible security impact CVE-2011-1432 (The STARTTLS implementation in SCO SCOoffice Server does not properly ...) NOT-FOR-US: SCO SCOoffice Server CVE-2011-1431 (The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the net ...) - qmail (unimportant; bug #652378) NOTE: The TLS patch is shipped in the source package, but it's not applied - netqmail (Doesn't include the TLS patch) CVE-2011-1430 (The STARTTLS implementation in the server in Ipswitch IMail 11.03 and ...) NOT-FOR-US: Ipswitch IMail CVE-2011-1429 (Mutt does not verify that the smtps server hostname matches the domain ...) - mutt 1.5.21-5 (low; bug #619216) [squeeze] - mutt 1.5.20-9+squeeze2 [lenny] - mutt (Minor issue) NOTE: http://dev.mutt.org/trac/ticket/3506 CVE-2011-1428 (Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does ...) {DSA-2598-1} - weechat 0.3.5-1 CVE-2011-1427 (Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 5. ...) NOT-FOR-US: Kodak InSite CVE-2011-1426 (The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 thr ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-1425 (xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in ...) {DSA-2219-1} - xmlsec1 1.2.14-1.1 (bug #620560) NOTE: http://www.aleksey.com/xmlsec/news.html CVE-2011-1424 (The default configuration of ExShortcut\Web.config in EMC SourceOne Em ...) NOT-FOR-US: EMC SourceOne Email Management CVE-2011-1423 (Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention ( ...) NOT-FOR-US: RSA Data Loss Prevention Enterprise Manager CVE-2011-1422 (Cross-site scripting (XSS) vulnerability in an unspecified Shockwave F ...) NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise CVE-2011-1421 (EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the ...) NOT-FOR-US: EMC NetWorker CVE-2011-1420 (EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC p ...) NOT-FOR-US: EMC Data Protection Advisor Collector CVE-2011-1419 (Apache Tomcat 7.x before 7.0.11, when web.xml has no security constrai ...) - tomcat6 (Only affects Tomcat 7) CVE-2011-1418 (The stateless address autoconfiguration (aka SLAAC) functionality in t ...) NOT-FOR-US: Apple iOS CVE-2011-1417 (Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 ...) NOT-FOR-US: QuickLook, CVE-2011-1416 (The Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0 ...) NOT-FOR-US: BlackBerry CVE-2011-1415 REJECTED CVE-2011-1414 (Cross-site scripting (XSS) vulnerability in the tibbr web server, as u ...) NOT-FOR-US: TIBCO tibbr CVE-2011-1413 (Google Chrome before 10.0.648.127 on Linux does not properly mitigate ...) - chromium-browser 10.0.648.127~r76697-1 [squeeze] - chromium-browser [wheezy] - chromium-browser - webkit (chromium specific) CVE-2011-1412 (sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in Wo ...) - openarena (Vulnerable code not present, the version in sid uses ioquake3) - ioquake3 1.36+svn1946-4 CVE-2011-1411 (Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, ...) {DSA-2284-1} - opensaml2 2.4.3-1 CVE-2011-1410 RESERVED CVE-2011-1409 (Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly othe ...) {DSA-2259-1} - fex 20110610-1 CVE-2011-1408 (ikiwiki before 3.20110608 allows remote attackers to hijack root's tty ...) - ikiwiki 3.20110608 (low) [squeeze] - ikiwiki (Minor issue) CVE-2011-1407 (The DKIM implementation in Exim 4.7x before 4.76 permits matching for ...) {DSA-2236-1} - exim4 4.76-1 [lenny] - exim4 (Vulnerable code not present) CVE-2011-1406 (Mahara before 1.3.6 does not properly handle an https URL in the wwwro ...) {DSA-2246-1} - mahara 1.3.6-1 CVE-2011-1405 (Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows ...) {DSA-2246-1} - mahara 1.3.6-1 CVE-2011-1404 (Mahara before 1.3.6 does not properly restrict the data in responses t ...) {DSA-2246-1} - mahara 1.3.6-1 CVE-2011-1403 (Cross-site request forgery (CSRF) vulnerability in the pieforms implem ...) {DSA-2246-1} - mahara 1.3.6-1 CVE-2011-1402 (Mahara before 1.3.6 allows remote authenticated users to bypass intend ...) {DSA-2246-1} - mahara 1.3.6-1 CVE-2011-1401 (ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber ...) {DSA-2214-1} - ikiwiki 3.20110328 CVE-2011-1400 (The default configuration of the shell_escape_commands directive in co ...) {DSA-2198-1} - tex-common 2.09 CVE-2011-1399 RESERVED CVE-2011-1398 (The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5. ...) - php5 5.4.0~rc5-1 (low) [squeeze] - php5 (Minor issue) CVE-2011-1397 (Cross-site request forgery (CSRF) vulnerability in the Labor Reporting ...) NOT-FOR-US: IBM Tivoli CVE-2011-1396 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2011-1395 (Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo A ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2011-1394 (IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2011-1393 (Unspecified vulnerability in the authentication functionality in the s ...) NOT-FOR-US: IBM Lotus Domino CVE-2011-1392 (The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll i ...) NOT-FOR-US: IBM Rational Rhapsody CVE-2011-1391 (The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll i ...) NOT-FOR-US: IBM Rational Rhapsody CVE-2011-1390 (SQL injection vulnerability in the Maintenance tool in IBM Rational Cl ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2011-1389 (Multiple directory traversal vulnerabilities in the vendor daemon in R ...) NOT-FOR-US: Telelogic License Server CVE-2011-1388 (The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll i ...) NOT-FOR-US: IBM Rational Rhapsody CVE-2011-1387 RESERVED CVE-2011-1386 (IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Iden ...) NOT-FOR-US: IBM Tivoli Federated Identity Manager CVE-2011-1385 (IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote att ...) NOT-FOR-US: IBM AIX CVE-2011-1384 (The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd prog ...) NOT-FOR-US: IBM AIX CVE-2011-1383 RESERVED CVE-2011-1382 RESERVED CVE-2011-1381 (Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before ...) NOT-FOR-US: IBM OpenPages GRC Platform CVE-2011-1380 RESERVED CVE-2011-1379 RESERVED CVE-2011-1378 (IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM gr ...) NOT-FOR-US: IBM WebSphere CVE-2011-1377 (The Web Services Security component in the Web Services Feature Pack b ...) NOT-FOR-US: IBM WebSphere CVE-2011-1376 (iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.4 ...) NOT-FOR-US: IBM WebSphere CVE-2011-1375 (IBM AIX 6.1 and 7.1 does not restrict the wpar_limits_config and wpar_ ...) NOT-FOR-US: IBM AIX CVE-2011-1374 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote attacker ...) NOT-FOR-US: Appe QuickTime CVE-2011-1373 (Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the ...) NOT-FOR-US: IBM DB2 CVE-2011-1372 (The Web User Interface on the IBM TS3100 and TS3200 tape libraries wit ...) NOT-FOR-US: IBM web interface to tape libraries CVE-2011-1371 (Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM W ...) NOT-FOR-US: IBM WebSphere CVE-2011-1370 (The default configuration of the Sametime configuration servlet (SCS) ...) NOT-FOR-US: IBM Lotus Sametime CVE-2011-1369 RESERVED CVE-2011-1368 (The JavaServer Faces (JSF) application functionality in IBM WebSphere ...) NOT-FOR-US: IBM WebSphere CVE-2011-1367 (Unspecified vulnerability in the File Load feature in IBM Rational App ...) NOT-FOR-US: IBM Rational AppScan CVE-2011-1366 (Unspecified vulnerability in the Import feature in IBM Rational AppSca ...) NOT-FOR-US: IBM Rational AppScan CVE-2011-1365 RESERVED CVE-2011-1364 (Cross-site request forgery (CSRF) vulnerability in _ah/admin/interacti ...) NOT-FOR-US: Goole App Engine Python SDK CVE-2011-1363 RESERVED CVE-2011-1362 (Cross-site scripting (XSS) vulnerability in the Installation Verificat ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2011-1361 RESERVED CVE-2011-1360 (Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server ...) NOT-FOR-US: IBM HTTP Server CVE-2011-1359 (Directory traversal vulnerability in the administration console in IBM ...) NOT-FOR-US: IBM WebSphere CVE-2011-1358 RESERVED CVE-2011-1357 (Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web ...) NOT-FOR-US: IBM WebSphere Service Registry and Repository CVE-2011-1356 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 bef ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2011-1355 (Open redirect vulnerability in IBM WebSphere Application Server (WAS) ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2011-1354 RESERVED CVE-2011-1353 (Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Window ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-1352 (The PowerVR SGX driver in Android before 2.3.6 allows attackers to gai ...) NOT-FOR-US: Anroid CVE-2011-1351 RESERVED CVE-2011-1350 (The PowerVR SGX driver in Android before 2.3.6 allows attackers to obt ...) NOT-FOR-US: Android CVE-2011-1349 RESERVED CVE-2011-1348 RESERVED CVE-2011-1347 (Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows ...) NOT-FOR-US: Internet Explorer CVE-2011-1346 (Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows ...) NOT-FOR-US: Internet Explorer CVE-2011-1345 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objec ...) NOT-FOR-US: Internet Explorer CVE-2011-1344 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-1343 (SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIb ...) NOT-FOR-US: Tivoli CVE-2011-1342 (SQL injection vulnerability in Aimluck Aipo before 5.1.1, and Aipo for ...) NOT-FOR-US: Aimluck Aipo CVE-2011-1341 (Cross-site request forgery (CSRF) vulnerability in Aimluck Aipo before ...) NOT-FOR-US: Aimluck Aipo CVE-2011-1340 (Cross-site scripting (XSS) vulnerability in skins/plone_templates/defa ...) - plone3 CVE-2011-1339 (Cross-site scripting (XSS) vulnerability in Google Search Appliance be ...) NOT-FOR-US: Google Search Appliance CVE-2011-1338 (Untrusted search path vulnerability in XnView before 1.98.1 allows loc ...) NOT-FOR-US: XnView CVE-2011-1337 (Opera before 11.50 allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Opera CVE-2011-1336 (Buffer overflow in ALZip 8.21 and earlier allows remote attackers to e ...) NOT-FOR-US: ALZip CVE-2011-1335 (Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 ...) NOT-FOR-US: Cybozu Office CVE-2011-1334 (Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Ga ...) NOT-FOR-US: Cybozu CVE-2011-1333 (Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu ...) NOT-FOR-US: Cybozu CVE-2011-1332 (Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 throug ...) NOT-FOR-US: Cybozu Garoon CVE-2011-1331 (JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitar ...) NOT-FOR-US: JustSystems Ichitaro Products CVE-2011-1330 (Cross-site scripting (XSS) vulnerability in WeblyGo 5.0 Pro/LE, 5.02 P ...) NOT-FOR-US: WeblyGo CVE-2011-1329 (WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restri ...) NOT-FOR-US: WalRack CVE-2011-1328 (SQL injection vulnerability in RADVISION iVIEW Suite before 7.5 allows ...) NOT-FOR-US: RADVISION iVIEW Suite CVE-2011-1327 (The Keystroke Encryption feature in Trend Micro Internet Security 2009 ...) NOT-FOR-US: Trend Micro Internet Security CVE-2011-1326 (Unspecified vulnerability on the La Fonera+ router with firmware befor ...) NOT-FOR-US: La Fonera+ router CVE-2011-1325 (Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11 ...) NOT-FOR-US: EC-CUBE CVE-2011-1324 (Multiple cross-site request forgery (CSRF) vulnerabilities in the mana ...) NOT-FOR-US: Buffalo routers CVE-2011-1323 (Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6. ...) NOT-FOR-US: Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers CVE-2011-1322 (The SOAP with Attachments API for Java (SAAJ) implementation in the We ...) NOT-FOR-US: WebSphere CVE-2011-1321 (The AuthCache purge implementation in the Security component in IBM We ...) NOT-FOR-US: WebSphere CVE-2011-1320 (The Security component in IBM WebSphere Application Server (WAS) 6.1.0 ...) NOT-FOR-US: WebSphere CVE-2011-1319 (The Security component in IBM WebSphere Application Server (WAS) 6.1.0 ...) NOT-FOR-US: WebSphere CVE-2011-1318 (Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the ...) NOT-FOR-US: WebSphere CVE-2011-1317 (Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaS ...) NOT-FOR-US: WebSphere CVE-2011-1316 (The Session Initiation Protocol (SIP) Proxy in the HTTP Transport comp ...) NOT-FOR-US: WebSphere CVE-2011-1315 (Memory leak in the messaging engine in IBM WebSphere Application Serve ...) NOT-FOR-US: WebSphere CVE-2011-1314 (The Service Integration Bus (SIB) messaging engine in IBM WebSphere Ap ...) NOT-FOR-US: WebSphere CVE-2011-1313 (Double free vulnerability in IBM WebSphere Application Server (WAS) 6. ...) NOT-FOR-US: WebSphere CVE-2011-1312 (The Administrative Console component in IBM WebSphere Application Serv ...) NOT-FOR-US: WebSphere CVE-2011-1311 (The Security component in IBM WebSphere Application Server (WAS) befor ...) NOT-FOR-US: WebSphere CVE-2011-1310 (The Administrative Scripting Tools component in IBM WebSphere Applicat ...) NOT-FOR-US: WebSphere CVE-2011-1309 (The Plug-in component in IBM WebSphere Application Server (WAS) before ...) NOT-FOR-US: WebSphere CVE-2011-1308 (Cross-site scripting (XSS) vulnerability in the Installation Verificat ...) NOT-FOR-US: WebSphere CVE-2011-1307 (The installer in IBM WebSphere Application Server (WAS) before 7.0.0.1 ...) NOT-FOR-US: WebSphere CVE-2011-1306 (Unspecified vulnerability in the Scratchpad application in Google Chro ...) NOT-FOR-US: Google ChromeOS CVE-2011-1305 (Race condition in Google Chrome before 11.0.696.57 on Linux and Mac OS ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/76713 CVE-2011-1304 (Unspecified vulnerability in Google Chrome before 11.0.696.57 allows r ...) - chromium-browser 11.0.696.65~r84435-1 (unimportant) CVE-2011-1303 (Google Chrome before 11.0.696.57 does not properly handle floating obj ...) - chromium-browser 11.0.696.65~r84435-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/80682 CVE-2011-1302 (Heap-based buffer overflow in the GPU process in Google Chrome before ...) - chromium-browser 10.0.648.205~r81283-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-1301 (Use-after-free vulnerability in the GPU process in Google Chrome befor ...) - chromium-browser 10.0.648.205~r81283-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-1300 (The Program::getActiveUniformMaxLength function in libGLESv2/Program.c ...) NOT-FOR-US: Mozilla Firefox on Windows, Google Chrome on Windows CVE-2011-1299 RESERVED CVE-2011-1298 (An Integer Overflow exists in WebKit in Google Chrome before Blink M11 ...) NOTE: Historic webkit/Chromium issues CVE-2011-1297 RESERVED CVE-2011-1296 (Google Chrome before 10.0.648.204 does not properly handle SVG text, w ...) - chromium-browser 10.0.648.204~r79063-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/80520 CVE-2011-1295 (WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari ...) - chromium-browser 10.0.648.204~r79063-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/80487 CVE-2011-1294 (Google Chrome before 10.0.648.204 does not properly handle Cascading S ...) - chromium-browser 10.0.648.204~r79063-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/80144 CVE-2011-1293 (Use-after-free vulnerability in the HTMLCollection implementation in G ...) {DSA-2245-1} - chromium-browser 10.0.648.204~r79063-1 NOTE: http://trac.webkit.org/changeset/80797 CVE-2011-1292 (Use-after-free vulnerability in the frame-loader implementation in Goo ...) {DSA-2245-1} - chromium-browser 10.0.648.204~r79063-1 NOTE: http://trac.webkit.org/changeset/79808 CVE-2011-1291 (Google Chrome before 10.0.648.204 does not properly handle base string ...) - chromium-browser 10.0.648.204~r79063-1 [squeeze] - chromium-browser - webkit (chromium specific) CVE-2011-1290 (Integer overflow in WebKit, as used on the Research In Motion (RIM) Bl ...) {DSA-2192-1} - chromium-browser 10.0.648.133~r77742-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 NOTE: needs port NOTE: http://trac.webkit.org/changeset/80787 CVE-2011-1289 RESERVED CVE-2011-1288 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-1287 RESERVED CVE-2011-1286 (Google V8, as used in Google Chrome before 10.0.648.127, allows remote ...) - libv8 3.1.8.10-1 (bug #617418) [squeeze] - libv8 (Unsupported in squeeze-lts) CVE-2011-1285 (The regular-expression functionality in Google Chrome before 10.0.648. ...) - libv8 3.1.8.10-1 (bug #617418) [squeeze] - libv8 (Unsupported in squeeze-lts) CVE-2011-1284 (Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) i ...) NOT-FOR-US: MS Windows CVE-2011-1283 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsyste ...) NOT-FOR-US: MS Windows CVE-2011-1282 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsyste ...) NOT-FOR-US: MS Windows CVE-2011-1281 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsyste ...) NOT-FOR-US: MS Windows CVE-2011-1280 (The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 200 ...) NOT-FOR-US: Microsoft InfoPath, SQL Server, SQL Server Management Studio Express, Visual Studio CVE-2011-1279 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, a ...) NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter CVE-2011-1278 (Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly valid ...) NOT-FOR-US: Microsoft Excel, Office CVE-2011-1277 (Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Forma ...) NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter CVE-2011-1276 (Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; O ...) NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel Viewer, Office Compatibility Pack CVE-2011-1275 (Microsoft Excel 2002 SP3; Office 2004, 2008, and 2011 for Mac; and Ope ...) NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter CVE-2011-1274 (Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 ...) NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel Viewer, Office Compatibility Pack CVE-2011-1273 (Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2 ...) NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel Viewer, Office Compatibility Pack CVE-2011-1272 (Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 ...) NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel Viewer, Office Compatibility Pack CVE-2011-1271 (The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, ...) NOT-FOR-US: Microsoft .NET Framework CVE-2011-1270 (Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows r ...) NOT-FOR-US: Microsoft PowerPoint 2002 SP3 and 2003 SP3 CVE-2011-1269 (Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and ...) NOT-FOR-US: Microsoft CVE-2011-1268 (The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 200 ...) NOT-FOR-US: Microsoft Windows CVE-2011-1267 (The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server ...) NOT-FOR-US: Microsoft Windows CVE-2011-1266 (The Vector Markup Language (VML) implementation in vgx.dll in Microsof ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1265 (The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Win ...) NOT-FOR-US: MS Windows CVE-2011-1264 (Cross-site scripting (XSS) vulnerability in Active Directory Certifica ...) NOT-FOR-US: Microsoft Windows CVE-2011-1263 (Cross-site scripting (XSS) vulnerability in the logon page in Remote D ...) NOT-FOR-US: Microsoft Windows CVE-2011-1262 (Microsoft Internet Explorer 7 through 9 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1261 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1260 (Microsoft Internet Explorer 8 and 9 does not properly handle objects i ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1259 REJECTED CVE-2011-1258 (Microsoft Internet Explorer 6 through 8 does not properly restrict web ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1257 (Race condition in Microsoft Internet Explorer 6 through 8 allows remot ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1256 (Microsoft Internet Explorer 6 through 8 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1255 (The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementa ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1254 (Microsoft Internet Explorer 6 through 8 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1253 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and ...) NOT-FOR-US: Microsoft .NET Framework, Silverlight CVE-2011-1252 (Cross-site scripting (XSS) vulnerability in the SafeHTML function in t ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1251 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1250 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1249 (The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP ...) NOT-FOR-US: Microsoft Windows CVE-2011-1248 (WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R ...) NOT-FOR-US: Microsoft Windows CVE-2011-1247 (Untrusted search path vulnerability in the Microsoft Active Accessibil ...) NOT-FOR-US: Microsoft Windows CVE-2011-1246 (Microsoft Internet Explorer 8 does not properly handle content setting ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1245 (Microsoft Internet Explorer 6 and 7 does not properly restrict script ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1244 (Microsoft Internet Explorer 6, 7, and 8 does not enforce intended doma ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1243 (The Windows Messenger ActiveX control in msgsc.dll in Microsoft Window ...) NOT-FOR-US: Microsoft Windows CVE-2011-1242 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2011-1241 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2011-1240 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2011-1239 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2011-1238 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2011-1237 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2011-1236 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2011-1235 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2011-1234 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2011-1233 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2011-1232 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2011-1231 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2011-1230 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2011-1229 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2011-1228 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2011-1227 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2011-1226 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2011-1225 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2011-XXXX [dokuwiki ACL bypass] - dokuwiki 0.0.20101107a-1 (low) [squeeze] - dokuwiki (Minor issue) [lenny] - dokuwiki (Minor issue) CVE-2011-1224 (IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not u ...) NOT-FOR-US: IBM WebSphere MQ CVE-2011-1223 (Buffer overflow in the Alternate Data Stream (aka ADS or named stream) ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2011-1222 (Buffer overflow in the Journal Based Backup (JBB) feature in the backu ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2011-1221 (Cross-zone scripting vulnerability in the RealPlayer ActiveX control i ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2011-1220 (Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivo ...) NOT-FOR-US: IBM Tivoli Management Framework CVE-2011-1219 RESERVED CVE-2011-1218 (Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lot ...) NOT-FOR-US: Autonomy KeyView CVE-2011-1217 (Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lo ...) NOT-FOR-US: Autonomy KeyView CVE-2011-1216 (Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used i ...) NOT-FOR-US: Autonomy KeyView CVE-2011-1215 (Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used ...) NOT-FOR-US: Autonomy KeyView CVE-2011-1214 (Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used ...) NOT-FOR-US: Autonomy KeyView CVE-2011-1213 (Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lot ...) NOT-FOR-US: Autonomy KeyView CVE-2011-1212 RESERVED CVE-2011-1211 RESERVED CVE-2011-1210 RESERVED CVE-2011-1209 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 bef ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2011-1208 (IBM solidDB 4.5.x before 4.5.182, 6.0.x before 6.0.1069, 6.1.x and 6.3 ...) NOT-FOR-US: IBM solidDB CVE-2011-1207 (The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX ...) NOT-FOR-US: IBM Rational System CVE-2011-1206 (Stack-based buffer overflow in the server process in ibmslapd.exe in I ...) NOT-FOR-US: IBM Tivoli Directory Server CVE-2011-1205 (Multiple buffer overflows in unspecified COM objects in Rational Commo ...) NOT-FOR-US: IBM Rational ClearCase, ClearQuest CVE-2011-1204 (Google Chrome before 10.0.648.127 does not properly handle attributes, ...) - chromium-browser 10.0.648.127~r76697-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/79810 NOTE: very hard to merge: needs introduction of ScopedEventQueue.cpp CVE-2011-1203 (Google Chrome before 10.0.648.127 does not properly handle SVG cursors ...) {DSA-2189-1} - chromium-browser 10.0.648.127~r76697-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 NOTE: http://trac.webkit.org/changeset/79476 CVE-2011-1202 (The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 a ...) - libxslt 1.1.26-7 (low; bug #617413) - xulrunner (unimportant) [lenny] - xulrunner (minor issue) - iceweasel 3.5.19-1 [squeeze] - iceweasel (minor issue) [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-1 [squeeze] - iceape (minor issue) [lenny] - iceape (Only a stub package) NOTE: http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html [squeeze] - libxslt 1.1.26-6+squeeze1 [lenny] - libxslt (minor issue) NOTE: xulrunner in wheezy is not covered by security support CVE-2011-1201 (The context implementation in WebKit, as used in Google Chrome before ...) - chromium-browser 10.0.648.127~r76697-1 [squeeze] - chromium-browser [wheezy] - chromium-browser - webkit (losecontext not present in 1.2) NOTE: http://trac.webkit.org/changeset/78921 CVE-2011-1200 (Google Chrome before 10.0.648.127 does not properly perform a cast of ...) - chromium-browser 10.0.648.127~r76697-1 [squeeze] - chromium-browser [wheezy] - chromium-browser - webkit (vulnerable code not present) NOTE: http://trac.webkit.org/changeset/78744 CVE-2011-1199 (Google Chrome before 10.0.648.127 does not properly handle DataView ob ...) - chromium-browser 10.0.648.127~r76697-1 [squeeze] - chromium-browser [wheezy] - chromium-browser - webkit (issue in libv8 bindings) NOTE: https://trac.webkit.org/changeset/78738 CVE-2011-1198 (The video functionality in Google Chrome before 10.0.648.127 allows re ...) - chromium-browser 10.0.648.127~r76697-1 [squeeze] - chromium-browser [wheezy] - chromium-browser - libav (Specific to ffmpeg-mt) CVE-2011-1197 (Google Chrome before 10.0.648.127 does not properly perform table pain ...) {DSA-2189-1} - chromium-browser 10.0.648.127~r76697-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 NOTE: http://trac.webkit.org/changeset/79734 CVE-2011-1196 (The OGG container implementation in Google Chrome before 10.0.648.127 ...) - chromium-browser 10.0.648.127~r76697-1 [squeeze] - chromium-browser [wheezy] - chromium-browser - libav 4:0.7.1-1 - ffmpeg-debian (Info from maintainer: the patch does not apply 0.5, and I failed to reproduce) - ffmpeg (Info from maintainer: the patch does not apply 0.5, and I failed to reproduce) CVE-2011-1195 (Use-after-free vulnerability in Google Chrome before 10.0.648.127 allo ...) - chromium-browser 10.0.648.127~r76697-1 [squeeze] - chromium-browser [wheezy] - chromium-browser - webkit (vulnerable code not present) NOTE: http://trac.webkit.org/changeset/78147 CVE-2011-1194 (Multiple unspecified vulnerabilities in Google Chrome before 10.0.648. ...) - chromium-browser 10.0.648.127~r76697-1 (unimportant) NOTE: http://trac.webkit.org/changeset/77049 NOTE: http://trac.webkit.org/changeset/77329 NOTE: popup blocker bypass not treated as a security issue CVE-2011-1193 (Google V8, as used in Google Chrome before 10.0.648.127, allows remote ...) - libv8 3.1.8.10-1 (bug #617418) [squeeze] - libv8 (Unsupported in squeeze-lts) CVE-2011-1192 (Google Chrome before 10.0.648.127 on Linux does not properly handle Un ...) - chromium-browser 10.0.648.127~r76697-1 [squeeze] - chromium-browser [wheezy] - chromium-browser - webkit (issue in chromium-specific code) NOTE: http://trac.webkit.org/changeset/76732 CVE-2011-1191 (Use-after-free vulnerability in Google Chrome before 10.0.648.127 allo ...) - chromium-browser 10.0.648.127~r76697-1 [squeeze] - chromium-browser [wheezy] - chromium-browser - webkit (vulnerable code not yet present) NOTE: http://trac.webkit.org/changeset/76652 CVE-2011-1190 (The Web Workers implementation in Google Chrome before 10.0.648.127 al ...) {DSA-2189-1} - chromium-browser 10.0.648.127~r76697-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 NOTE: http://trac.webkit.org/changeset/77563 CVE-2011-1189 (Google Chrome before 10.0.648.127 does not properly perform box layout ...) {DSA-2189-1} - chromium-browser 10.0.648.127~r76697-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 NOTE: http://trac.webkit.org/changeset/79689 CVE-2011-1188 (Google Chrome before 10.0.648.127 does not properly handle counter nod ...) {DSA-2189-1} - chromium-browser 10.0.648.127~r76697-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 NOTE: http://trac.webkit.org/changeset/77142 CVE-2011-1187 (Google Chrome before 10.0.648.127 allows remote attackers to bypass th ...) - libv8 3.1.8.10-1 (bug #617418) [squeeze] - libv8 (Unsupported in squeeze-lts) - icedove 17.0.2-1 (low) [wheezy] - icedove (Minor issue, also not fixed in ESV branch) [squeeze] - icedove (Minor issue, also not fixed in ESV branch) - iceweasel 12.0-1 (bug #703071) [wheezy] - iceweasel (Minor issue, also not fixed in ESV branch) [squeeze] - iceweasel (Minor issue, also not fixed in ESV branch) - iceape (low) [wheezy] - iceape (Minor issue, also not fixed in ESV branch) [squeeze] - iceape (Minor issue, also not fixed in ESV branch) NOTE: Fixed in Thunderbird 12 and Seamonkey 2.9 CVE-2011-1186 (Google Chrome before 10.0.648.127 on Linux does not properly handle pa ...) - chromium-browser 10.0.648.127~r76697-1 [squeeze] - chromium-browser [wheezy] - chromium-browser - webkit (chromium specific) CVE-2011-1185 (Google Chrome before 10.0.648.127 does not prevent (1) navigation and ...) - chromium-browser 10.0.648.127~r76697-1 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/74853 CVE-2011-1184 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...) {DSA-2401-1} - tomcat6 6.0.32-7 - tomcat7 7.0.12 - tomcat5.5 CVE-2011-1183 (Apache Tomcat 7.0.11, when web.xml has no login configuration, does no ...) - tomcat6 (Only affects Tomcat 7) CVE-2011-1182 (kernel/signal.c in the Linux kernel before 2.6.39 allows local users t ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-2 CVE-2011-1181 [missing error handling in linux netdev] REJECTED CVE-2011-1180 (Multiple stack-based buffer overflows in the iriap_getvaluebyclass_ind ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-4 CVE-2011-1179 (The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly othe ...) - spice-xpi [jessie] - spice-xpi (Broken with newer Firefox versions) CVE-2011-1178 (Multiple integer overflows in the load_image function in file-pcx.c in ...) - gimp 2.6.10-1 NOTE: Likely fixed earlier, but only the squeeze version was checked CVE-2011-1177 REJECTED CVE-2011-1176 (The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk ...) {DSA-2202-1} - apache2 2.2.17-2 (bug #618857; medium) [lenny] - apache2 (different source package in lenny: apache2-mpm-itk) - apache2-mpm-itk [lenny] - apache2-mpm-itk (bug was introduced later, in 2.2.11-01) CVE-2011-1175 (tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before ...) {DSA-2225-1} - asterisk 1:1.8.3.3-1 [lenny] - asterisk (Vulnerable code not present) CVE-2011-1174 (manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x bef ...) {DSA-2225-1} - asterisk 1:1.8.3.3-1 [lenny] - asterisk (Vulnerable code not present) CVE-2011-1173 (The econet_sendmsg function in net/econet/af_econet.c in the Linux ker ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-4 (low) CVE-2011-1172 (net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linu ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-4 (low) CVE-2011-1171 (net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-4 (low) CVE-2011-1170 (net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linu ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-4 (low) CVE-2011-1169 (Array index error in the asihpi_hpi_ioctl function in sound/pci/asihpi ...) - linux-2.6 2.6.38-2 [lenny] - linux-2.6 (Introduced in 2.6.35) [squeeze] - linux-2.6 (Introduced in 2.6.35) CVE-2011-1168 (Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError f ...) - kde4libs 4:4.4.5-4 (low) [squeeze] - kde4libs 4:4.4.5-2+squeeze2 [lenny] - kde4libs (Minor issue) CVE-2011-1167 (Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in ...) {DSA-2210-1} - tiff 3.9.4-9 (bug #619614) - tiff3 (fixed before initial upload) CVE-2011-1166 (Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a d ...) {DSA-2337-1} - xen 4.1.0-1 - xen-3 CVE-2011-1165 (Vino, possibly before 3.2, does not properly document that it opens po ...) - vino (unimportant) NOTE: Mostly interface glitches CVE-2011-1164 (Vino before 2.99.4 can connect external networks contrary to the state ...) - vino (unimportant) NOTE: Mostly interface glitches CVE-2011-1163 (The osf_partition function in fs/partitions/osf.c in the Linux kernel ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-1 CVE-2011-1162 (The tpm_read function in the Linux kernel 2.6 does not properly clear ...) - linux-2.6 3.0.0-5 (low) [squeeze] - linux-2.6 2.6.32-40 CVE-2011-1161 REJECTED CVE-2011-1160 (The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel be ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-4 (low) CVE-2011-1159 (acpid.c in acpid before 2.0.9 does not properly handle a situation in ...) {DSA-2362-1} - acpid 1:2.0.9-1 [lenny] - acpid (Minor issue) CVE-2011-1158 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal ...) - feedparser 5.0.1-1 (low; bug #617998) [squeeze] - feedparser (Minor issue) [lenny] - feedparser (Minor issue) - planet-venus 0~git9de2109-2 (low; bug #684246) [wheezy] - planet-venus (Minor issue) [squeeze] - planet-venus (Minor issue) [lenny] - planet-venus (Minor issue) NOTE: http://web.archive.org/web/20120304003020/https://code.google.com/p/feedparser/issues/detail?id=255 CVE-2011-1157 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal ...) - feedparser 5.0.1-1 (low; bug #617998) [squeeze] - feedparser (Minor issue) [lenny] - feedparser (Minor issue) - planet-venus 0~git9de2109-2 (low; bug #684246) [wheezy] - planet-venus (Minor issue) [squeeze] - planet-venus (Minor issue) [lenny] - planet-venus (Minor issue) NOTE: http://web.archive.org/web/20120211010803/https://code.google.com/p/feedparser/issues/detail?id=254 CVE-2011-1156 (feedparser.py in Universal Feed Parser (aka feedparser or python-feedp ...) - feedparser 5.0.1-1 (low; bug #617998) [squeeze] - feedparser (Minor issue) [lenny] - feedparser (Minor issue) - planet-venus 0~git9de2109-2 (low; bug #684246) [wheezy] - planet-venus (Minor issue) [squeeze] - planet-venus (Minor issue) [lenny] - planet-venus (Minor issue) NOTE: http://web.archive.org/web/20130326201801/http://code.google.com/p/feedparser/issues/detail?id=91 CVE-2011-1155 (The writeState function in logrotate.c in logrotate 3.7.9 and earlier ...) - logrotate 3.8.0-1 [squeeze] - logrotate (Minor issue) CVE-2011-1154 (The shred_file function in logrotate.c in logrotate 3.7.9 and earlier ...) - logrotate 3.8.0-1 [squeeze] - logrotate (Minor issue) CVE-2011-1153 (Multiple format string vulnerabilities in phar_object.c in the phar ex ...) {DSA-2266-1} - php5 5.3.6-1 (unimportant) NOTE: only exploitable by malicious scripts CVE-2011-1152 REJECTED CVE-2011-1151 (Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and ...) NOT-FOR-US: Joomla! CVE-2011-1150 (bbPress through 1.0.2 has XSS in /bb-login.php url via the re paramete ...) NOT-FOR-US: bbPress CVE-2011-1149 (Android before 2.3 does not properly restrict access to the system pro ...) NOT-FOR-US: Android CVE-2011-1148 (Use-after-free vulnerability in the substr_replace function in PHP 5.3 ...) {DSA-2408-1} - php5 5.4.0-1 (unimportant) NOTE: only exploitable by malicious scripts CVE-2011-1147 (Multiple stack-based and heap-based buffer overflows in the (1) decode ...) {DSA-2225-1} - asterisk 1:1.8.3.3-1 (bug #614580) CVE-2011-1146 (libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restri ...) {DSA-2194-1} - libvirt 0.8.8-3 (low; bug #617773) [lenny] - libvirt (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=683650 CVE-2011-1145 (The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a pos ...) - unixodbc 2.2.14p2-3 (low; bug #617655) [squeeze] - unixodbc (Only exploitable through a malicious server) [lenny] - unixodbc (Only exploitable through a malicious server) NOTE: http://seclists.org/oss-sec/2011/q1/446 CVE-2011-1144 (The installer in PEAR 1.9.2 and earlier allows local users to overwrit ...) - php5 (incomplete fix never used in Debian packages) CVE-2011-1143 (epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark ...) - wireshark 1.4.4-1 (unimportant) CVE-2011-1142 (Stack consumption vulnerability in the dissect_ber_choice function in ...) - wireshark 1.4.4-1 (unimportant) CVE-2011-1141 (epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14 ...) {DSA-2201-1} - wireshark 1.4.4-1 (unimportant) CVE-2011-1140 (Multiple stack consumption vulnerabilities in the dissect_ms_compresse ...) {DSA-2201-1} - wireshark 1.4.4-1 (unimportant) CVE-2011-1139 (wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1 ...) {DSA-2201-1} - wireshark 1.4.4-1 (unimportant) CVE-2011-1138 (Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpa ...) - wireshark 1.4.4-1 [lenny] - wireshark (Vulnerable code not present) [squeeze] - wireshark (Vulnerable code not present) CVE-2011-1131 (The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) ...) NOT-FOR-US: Simple Machines Forum CVE-2011-1130 (Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, doe ...) NOT-FOR-US: Simple Machines Forum CVE-2011-1129 (Cross-site scripting (XSS) vulnerability in the EditNews function in M ...) NOT-FOR-US: Simple Machines Forum CVE-2011-1128 (The loadUserSettings function in Load.php in Simple Machines Forum (SM ...) NOT-FOR-US: Simple Machines Forum CVE-2011-1127 (SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2 ...) NOT-FOR-US: Simple Machines Forum CVE-2011-1126 (VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstat ...) NOT-FOR-US: VMware Workstation CVE-2011-1125 (Google Chrome before 9.0.597.107 does not properly perform layout, whi ...) - chromium-browser 9.0.597.107~r75357-1 [squeeze] - chromium-browser [wheezy] - chromium-browser - webkit (vulnerable code introduced in commit 75823) NOTE: http://trac.webkit.org/changeset/78775 CVE-2011-1124 (Use-after-free vulnerability in Google Chrome before 9.0.597.107 allow ...) - chromium-browser 9.0.597.107~r75357-1 [squeeze] - chromium-browser [wheezy] - chromium-browser - webkit (Chromium specific) CVE-2011-1123 (Google Chrome before 9.0.597.107 does not properly restrict access to ...) - chromium-browser 9.0.597.107~r75357-1 [squeeze] - chromium-browser [wheezy] - chromium-browser - webkit (chromium specific) CVE-2011-1122 (The WebGL implementation in Google Chrome before 9.0.597.107 allows re ...) {DSA-2189-1} - chromium-browser 9.0.597.107~r75357-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 NOTE: https://bugs.webkit.org/show_bug.cgi?id=53782 CVE-2011-1121 (Integer overflow in Google Chrome before 9.0.597.107 allows remote att ...) {DSA-2189-1} - chromium-browser 9.0.597.107~r75357-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 NOTE: needs port (s/logicalBottom/bottom) NOTE: http://trac.webkit.org/changeset/77565 CVE-2011-1120 (The WebGL implementation in Google Chrome before 9.0.597.107 allows re ...) - chromium-browser 9.0.597.107~r75357-1 [squeeze] - chromium-browser [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - webkit (webgl support not present in 1.2) NOTE: http://trac.webkit.org/changeset/77956 CVE-2011-1119 (Google Chrome before 9.0.597.107 does not properly determine device or ...) - chromium-browser 9.0.597.107~r75357-1 [squeeze] - chromium-browser [wheezy] - chromium-browser - webkit (device orientation code/support not present in 1.2) NOTE: http://trac.webkit.org/changeset/77418 CVE-2011-1118 (Google Chrome before 9.0.597.107 does not properly handle TEXTAREA ele ...) - chromium-browser 9.0.597.107~r75357-1 [squeeze] - chromium-browser [wheezy] - chromium-browser NOTE: http://trac.webkit.org/changeset/77144 CVE-2011-1117 (Google Chrome before 9.0.597.107 does not properly handle XHTML docume ...) - chromium-browser 9.0.597.107~r75357-1 [squeeze] - chromium-browser [wheezy] - chromium-browser NOTE: http://trac.webkit.org/changeset/77262 CVE-2011-1116 (Google Chrome before 9.0.597.107 does not properly handle SVG animatio ...) - chromium-browser 9.0.597.107~r75357-1 [squeeze] - chromium-browser [wheezy] - chromium-browser NOTE: http://trac.webkit.org/changeset/77548 CVE-2011-1115 (Google Chrome before 9.0.597.107 does not properly render tables, whic ...) {DSA-2189-1} - chromium-browser 9.0.597.107~r75357-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 NOTE: http://trac.webkit.org/changeset/76915 CVE-2011-1114 (Google Chrome before 9.0.597.107 does not properly handle tables, whic ...) {DSA-2189-1} - chromium-browser 9.0.597.107~r75357-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - webkit (vulnerable code introduced after 1.2, and the fix restores this code to its 1.2 state) NOTE: http://trac.webkit.org/changeset/77141 CVE-2011-1113 (Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not pr ...) {DSA-2189-1} - chromium-browser 9.0.597.107~r75357-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - webkit (chromium specific) CVE-2011-1112 (Google Chrome before 9.0.597.107 does not properly perform SVG renderi ...) - chromium-browser 9.0.597.107~r75357-1 [squeeze] - chromium-browser [wheezy] - chromium-browser - webkit (Chromium specific) CVE-2011-1111 (Google Chrome before 9.0.597.107 does not properly implement forms con ...) - chromium-browser 9.0.597.107~r75357-1 [squeeze] - chromium-browser [wheezy] - chromium-browser NOTE: needs port (s/FormAssociatedElement/HTMLFormElement) NOTE: http://trac.webkit.org/changeset/77114 CVE-2011-1110 (Google Chrome before 9.0.597.107 does not properly implement key frame ...) - chromium-browser 9.0.597.107~r75357-1 [squeeze] - chromium-browser [wheezy] - chromium-browser - webkit (vulnerable code not present in 1.2) NOTE: http://trac.webkit.org/changeset/76828 CVE-2011-1109 (Google Chrome before 9.0.597.107 does not properly process nodes in Ca ...) {DSA-2189-1} - chromium-browser 9.0.597.107~r75357-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 NOTE: http://trac.webkit.org/changeset/76728 CVE-2011-1108 (Google Chrome before 9.0.597.107 does not properly implement JavaScrip ...) {DSA-2189-1} - chromium-browser 9.0.597.107~r75357-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - webkit (Chromium specific) CVE-2011-1107 (Unspecified vulnerability in Google Chrome before 9.0.597.107 allows r ...) - chromium-browser 9.0.597.107~r75357-1 [squeeze] - chromium-browser - webkit (history controller code not present in 1.2) NOTE: http://trac.webkit.org/changeset/76205 CVE-2011-1106 (Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server ...) NOT-FOR-US: IBM Lotus Sametime CVE-2011-1105 (Multiple cross-site scripting (XSS) vulnerabilities in Mutare EVM allo ...) NOT-FOR-US: Mutare EVM CVE-2011-1104 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mutare E ...) NOT-FOR-US: Mutare EVM CVE-2011-1103 (The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before ho ...) NOT-FOR-US: F-Secure Policy Manager CVE-2011-1102 (Cross-site scripting (XSS) vulnerability in the WebReporting module in ...) NOT-FOR-US: F-Secure Policy Manager CVE-2011-1101 (Multiple unspecified vulnerabilities in a third-party component of the ...) NOT-FOR-US: Citrix License Management Console CVE-2011-1100 (Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost ...) - pixelpost CVE-2011-1099 (Multiple directory traversal vulnerabilities in FocalMedia.Net Quick P ...) NOT-FOR-US: FocalMedia.Net Quick Polls CVE-2011-1098 (Race condition in the createOutputFile function in logrotate.c in logr ...) - logrotate 3.8.0-1 (low) [squeeze] - logrotate (Minor issue) CVE-2011-1097 (rsync 3.x before 3.0.8, when certain recursion, deletion, and ownershi ...) - rsync 3.0.8 (low; bug #621866) [squeeze] - rsync (Minor issue) CVE-2011-1096 (The W3C XML Encryption Standard, as used in the JBoss Web Services (JB ...) NOT-FOR-US: alleged flaw in W3C XML Encryption standard. Nothing specific to fix CVE-2011-1095 (locale/programs/locale.c in locale in the GNU C Library (aka glibc or ...) - glibc 2.13-16 [lenny] - glibc (Minor issue) - eglibc 2.13-16 [squeeze] - eglibc 2.11.3-2 NOTE: http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904 NOTE: http://bugs.gentoo.org/show_bug.cgi?id=330923 CVE-2011-1094 (kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not ...) - kde4libs 4:4.4.5-4 (low) [squeeze] - kde4libs 4:4.4.5-2+squeeze2 [lenny] - kde4libs (Minor issue) - kdelibs (vulnerable code not present) NOTE: http://seclists.org/oss-sec/2011/q1/434 CVE-2011-1093 (The dccp_rcv_state_process function in net/dccp/input.c in the Datagra ...) {DSA-2264-1} - linux-2.6 2.6.38-1 (low) [squeeze] - linux-2.6 2.6.32-31 CVE-2011-1092 (Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows conte ...) {DSA-2408-1} - php5 5.4.0-1 (unimportant) NOTE: only exploitable by malicious scripts NOTE: http://seclists.org/oss-sec/2011/q1/430 CVE-2011-1091 (libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 t ...) - pidgin 2.7.11-1 (low) [lenny] - pidgin (Minor issue) [squeeze] - pidgin (Minor issue) CVE-2011-1090 (The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux ker ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-1 (low) CVE-2011-1089 (The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 ...) - glibc 2.13-8 - eglibc 2.13-8 [squeeze] - eglibc 2.11.3-1 NOTE: http://seclists.org/oss-sec/2011/q1/368 NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=e1fb097f447a89aa69a926e45e673a52d86a6c57 CVE-2011-1088 (Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annota ...) - tomcat6 (Only affects Tomcat 7) CVE-2011-1087 (Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assiste ...) - vlc 1.1.10-1 (low; bug #616156) [squeeze] - vlc (Minor issue) [lenny] - vlc (Minor issue) NOTE: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php NOTE: obscure exploit scenario CVE-2011-1086 (Cross-site scripting (XSS) vulnerability in admin/system.html in Openf ...) NOT-FOR-US: openfiler CVE-2011-1085 (CSRF vulnerability in Smoothwall Express 3. ...) NOT-FOR-US: smoothwall CVE-2011-1084 (A cross-site scripting (XSS) vulnerability in Smoothwall Express 3. ...) NOT-FOR-US: smoothwall CVE-2011-1083 (The epoll implementation in the Linux kernel 2.6.37.2 and earlier does ...) - linux-2.6 3.2.9-1 (low) [squeeze] - linux-2.6 2.6.32-47 CVE-2011-1082 (fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file des ...) - linux-2.6 2.6.38-1 (low) [squeeze] - linux-2.6 2.6.32-31 CVE-2011-1081 (modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attack ...) - openldap 2.4.25-1 (low; bug #617606) [lenny] - openldap 2.4.11-1+lenny2.1 [squeeze] - openldap 2.4.23-7.1 CVE-2011-1080 (The do_replace function in net/bridge/netfilter/ebtables.c in the Linu ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-4 (low) CVE-2011-1079 (The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-4 (low) CVE-2011-1078 (The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the Lin ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-4 (low) CVE-2011-1077 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva ...) NOT-FOR-US: Apache Archiva CVE-2011-1076 (net/dns_resolver/dns_key.c in the Linux kernel before 2.6.38 allows re ...) - linux-2.6 2.6.38-1 [lenny] - linux-2.6 (Introduced in 2.6.36) [squeeze] - linux-2.6 (Introduced in 2.6.36) [wheezy] - linux-2.6 (Introduced in 2.6.36) CVE-2011-1075 RESERVED CVE-2011-1074 (crontab.c in crontab in FreeBSD allows local users to determine the ex ...) - cron (Debian's cron not affected) CVE-2011-1073 (crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users ...) - cron (Debian's cron not affected) CVE-2011-1071 (The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIB ...) - glibc 2.11.2-12 - eglibc 2.11.2-12 (bug #615120) [squeeze] - eglibc 2.11.3-2 CVE-2011-1070 (v86d before 0.1.10 do not verify if received netlink messages are sent ...) - v86d 0.1.10-1 (low; bug #619404) [squeeze] - v86d 0.1.9-1+squeeze1 [lenny] - v86d 0.1.5.2-1+lenny1 CVE-2011-1069 (PHPShop through 0.8.1 has XSS. ...) NOT-FOR-US: PHPShop CVE-2011-1068 (Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1. ...) NOT-FOR-US: Microsoft Windows Azure SDK CVE-2011-1067 (slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not ...) NOT-FOR-US: s389 LDAP server CVE-2011-1066 (Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2 ...) NOT-FOR-US: Messaging module for Drupal CVE-2011-1065 (Multiple stack-based buffer overflows in the PIPIWebPlayer ActiveX con ...) NOT-FOR-US: PIPI Player CVE-2011-1064 (SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 ...) NOT-FOR-US: Qi Bo CMS CVE-2011-1063 (Multiple cross-site scripting (XSS) vulnerabilities in Cherry-Design P ...) NOT-FOR-US: Cherry-Design Photopad CVE-2011-1062 (Multiple cross-site scripting (XSS) vulnerabilities in include/html/he ...) NOT-FOR-US: TaskFreak! CVE-2011-1061 (SQL injection vulnerability in memberlist.php in WSN Guest 1.24 allows ...) NOT-FOR-US: WSN Guest CVE-2011-1060 (SQL injection vulnerability in the member function in classes/member.p ...) NOT-FOR-US: WSN Guest CVE-2011-1059 (Use-after-free vulnerability in WebCore in WebKit before r77705, as us ...) - webkit (history controller code not present in 1.2) NOTE: http://trac.webkit.org/changeset/77705 CVE-2011-1058 (Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) ...) {DSA-2321-1} - moin 1.9.3-3 CVE-2011-1057 REJECTED CVE-2011-1056 (The installer for Metasploit Framework 3.5.1, when running on Windows, ...) NOT-FOR-US: Metasploit Framework CVE-2011-1055 (SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS ...) NOT-FOR-US: Lingxia I.C.E CMS CVE-2011-1054 (Unspecified vulnerability in the PEF input file loader in Hex-Rays IDA ...) NOT-FOR-US: IDA Pro CVE-2011-1053 (Unspecified vulnerability in the Mach-O input file loader in Hex-Rays ...) NOT-FOR-US: IDA Pro CVE-2011-1052 (Integer overflow in the PSX/GEOS input file loaders in Hex-Rays IDA Pr ...) NOT-FOR-US: IDA Pro CVE-2011-1051 (Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Ra ...) NOT-FOR-US: IDA Pro CVE-2011-1050 (Unspecified vulnerability in Hex-Rays IDA Pro 5.7 and 6.0 has unknown ...) NOT-FOR-US: IDA Pro CVE-2011-1049 (Buffer overflow in the Mach-O input file loader in Hex-Rays IDA Pro 5. ...) NOT-FOR-US: IDA Pro CVE-2011-1048 (SQL injection vulnerability in product.php in MihanTools 1.33 allows r ...) NOT-FOR-US: MihanTools CVE-2011-1047 (Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka F ...) NOT-FOR-US: VastHTML Forum Server CVE-2011-1046 (IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used ...) NOT-FOR-US: FileNet P8 Content Engine CVE-2011-1045 (Unspecified vulnerability in the Rendition Engine (aka P8RE) 4.0.1 thr ...) NOT-FOR-US: Rendition Engine CVE-2011-XXXX [pam_pgsql overflow] - pam-pgsql 0.7.1-5 (bug #603436) [lenny] - pam-pgsql 0.6.3-2+lenny1 [squeeze] - pam-pgsql 0.7.1-4+squeeze1 CVE-2011-1044 (The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c ...) - linux-2.6 2.6.32-30 [lenny] - linux-2.6 2.6.26-26lenny2 CVE-2011-1043 RESERVED CVE-2011-1042 (Use-after-free vulnerability in flimflamd in flimflam in Google Chrome ...) NOT-FOR-US: flimflam in Google Chrome OS CVE-2011-1041 RESERVED CVE-2011-1040 RESERVED CVE-2011-1039 RESERVED CVE-2011-1038 (Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in t ...) NOT-FOR-US: Lotus Sametime CVE-2011-1037 RESERVED CVE-2011-1036 (The XML Security Database Parser class in the XMLSecDB ActiveX control ...) NOT-FOR-US: CA Internet Security Suite CVE-2011-1035 (The password reset in PivotX before 2.2.4 allows remote attackers to m ...) NOT-FOR-US: PivotX CVE-2011-1034 (Cross-site scripting (XSS) vulnerability in the UI in IBM Rational Bui ...) NOT-FOR-US: IBM Rational Build Forge CVE-2011-1033 (Stack-based buffer overflow in oninit in IBM Informix Dynamic Server ( ...) NOT-FOR-US: IBM CVE-2011-1032 (IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0 ...) NOT-FOR-US: IBM CVE-2011-1031 (The feh_unique_filename function in utils.c in feh 1.11.2 and earlier ...) - feh 1.12-1 (low) [lenny] - feh (Minor issue) [squeeze] - feh (Minor issue) CVE-2011-1030 (Cross-site scripting (XSS) vulnerability in the Wikis component in IBM ...) NOT-FOR-US: IBM CVE-2011-1029 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert ...) NOT-FOR-US: IBM CVE-2011-1028 (The $smarty.template variable in Smarty3 allows attackers to possibly ...) - smarty3 3.0.8-1 - smarty [squeeze] - smarty3 (Unsupported in squeeze-lts) [squeeze] - smarty (Unsupported in squeeze-lts) CVE-2011-1027 (Off-by-one error in the convert_query_hexchar function in html.c in cg ...) NOT-FOR-US: cgit CVE-2011-1026 (Multiple cross-site request forgery (CSRF) vulnerabilities in Apache A ...) NOT-FOR-US: Apache Archiva CVE-2011-1025 (bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require ...) - openldap 2.4.25-1 (unimportant; bug #617606) [squeeze] - openldap 2.4.23-7.1 NOTE: NBD backend disabled in Debian builds CVE-2011-1024 (chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-sl ...) - openldap 2.4.25-1 (low; bug #617606) [lenny] - openldap 2.4.11-1+lenny2.1 [squeeze] - openldap 2.4.23-7.1 CVE-2011-1023 (The Reliable Datagram Sockets (RDS) subsystem in the Linux kernel befo ...) - linux-2.6 2.6.38-1 [squeeze] - linux-2.6 (Introduced in 2.6.35) [lenny] - linux-2.6 (Introduced in 2.6.35) CVE-2011-1022 (The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrul ...) {DSA-2193-1} - libcgroup 0.37.1-1 (bug #615987) CVE-2011-1021 (drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local use ...) - linux-2.6 2.6.37-1 [wheezy] - linux-2.6 (Introduced in 2.6.33) [squeeze] - linux-2.6 (Introduced in 2.6.33) [lenny] - linux-2.6 (Introduced in 2.6.33) CVE-2011-1020 (The proc filesystem implementation in the Linux kernel 2.6.37 and earl ...) {DSA-2310-1 DSA-2303-1} - linux-2.6 2.6.39-1 CVE-2011-1019 (The dev_load function in net/core/dev.c in the Linux kernel before 2.6 ...) [lenny] - linux-2.6 (Introduced in 2.6.32) - linux-2.6 2.6.38-1 (unimportant) NOTE: We won't fix this for Squeeze. This only applies to non-standard setups with fine NOTE: grained security capability models, and an attacker can only load modules from NOTE: /lib/modules, which is only writable with root privs CVE-2011-1018 (logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbit ...) {DSA-2182-1} - logwatch 7.3.6.cvs20090906-2 (bug #615995) CVE-2011-1017 (Heap-based buffer overflow in the ldm_frag_add function in fs/partitio ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-5 CVE-2011-1016 (The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not pr ...) {DSA-2240-1} - linux-2.6 2.6.38-1 CVE-2011-1015 (The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in P ...) {DLA-25-1} - python2.6 2.6.8-1 (low; bug #614860) [wheezy] - python2.6 (Minor issue, fix modifies behaviour, too intrusive to backport) - python2.5 (low) [squeeze] - python2.5 (Minor issue, fix modifies behaviour, too intrusive to backport) [lenny] - python2.5 (Minor issue, fix modifies behaviour, too intrusive to backport) - python2.4 (low) [lenny] - python2.4 (Minor issue) NOTE: Python 2.7 and 3.1 are fixed NOTE: http://bugs.python.org/issue2254 CVE-2011-1014 REJECTED CVE-2011-1013 (Integer signedness error in the drm_modeset_ctl function in (1) driver ...) - linux-2.6 2.6.38-1 [wheezy] - linux-2.6 2.6.32-31 [squeeze] - linux-2.6 2.6.32-31 [lenny] - linux-2.6 (Vulnerable code not present) CVE-2011-1012 (The ldm_parse_vmdb function in fs/partitions/ldm.c in the Linux kernel ...) {DSA-2264-1} - linux-2.6 2.6.38-1 [squeeze] - linux-2.6 2.6.32-31 CVE-2011-1011 (The seunshare_mount function in sandbox/seunshare.c in seunshare in ce ...) NOT-FOR-US: seunshare CVE-2011-1010 (Buffer overflow in the mac_partition function in fs/partitions/mac.c i ...) {DSA-2264-1} - linux-2.6 2.6.37-2 [wheezy] - linux-2.6 2.6.32-31 [squeeze] - linux-2.6 2.6.32-31 CVE-2011-1009 (Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php ...) NOT-FOR-US: Vanilla Forums CVE-2011-1008 (Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not ...) - request-tracker3.8 3.8.10-1 (bug #614576) [squeeze] - request-tracker3.8 3.8.8-7+squeeze1 [lenny] - request-tracker3.6 3.6.7-5+lenny6 CVE-2011-1007 (Best Practical Solutions RT before 3.8.9 does not perform certain redi ...) - request-tracker3.6 (unimportant) - request-tracker3.8 3.8.10-1 (unimportant) NOTE: A physically proximate attacker can do far more damage anyway CVE-2011-1006 (Heap-based buffer overflow in the parse_cgroup_spec function in tools/ ...) {DSA-2193-1} - libcgroup 0.37.1-1 CVE-2011-1005 (The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through ...) - ruby1.8 1.8.7.334-1 (bug #615517) [lenny] - ruby1.8 (Minor issue) [squeeze] - ruby1.8 (Minor issue) - ruby1.9 - ruby1.9.1 CVE-2011-1004 (The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-4 ...) - ruby1.8 1.8.7.334-1 (bug #615518) [lenny] - ruby1.8 (Minor issue) [squeeze] - ruby1.8 (Minor issue) - ruby1.9 (bug #615519) [lenny] - ruby1.9 (Minor issue) - ruby1.9.1 1.9.2.180-1 (bug #615519) [squeeze] - ruby1.9.1 (Minor issue, patch would change behaviour and might break things) CVE-2011-1003 (Double free vulnerability in the vba_read_project_strings function in ...) - clamav 0.97+dfsg-1 (low) [squeeze] - clamav 0.97+dfsg-2~squeeze1 (bug #617444) [lenny] - clamav NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=2486 NOTE: http://web.archive.org/web/20110304224953/http://git.clamav.net:80/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f CVE-2011-1002 (avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remo ...) {DSA-2174-1} - avahi 0.6.28-4 (bug #614785) NOTE: duped with CVE-2011-0634 CVE-2011-1001 (dexdump in Android SDK before 2.3 does not properly perform structural ...) NOT-FOR-US: Android SDK CVE-2011-1000 (jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0 ...) {DSA-2169-1} - telepathy-gabble 0.9.15-2 NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=34048 CVE-2011-0999 (mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not preven ...) - linux-2.6 (Introduced in 2.6.38-rc1, fixed in 2.6.38-rc5) CVE-2011-0998 RESERVED CVE-2011-0997 (dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV befo ...) {DSA-2217-1 DSA-2216-1} - isc-dhcp 4.1.1-P1-16.1 (bug #621099) - dhcp3 CVE-2011-XXXX [isc-dhcp: omapi dos] - isc-dhcp (only affects 4.2.0) - dhcp3 (only affects 4.2.0) NOTE: http://thread.gmane.org/gmane.comp.security.oss.general/4820 NOTE: inrodroduced in 4.2.0 and fixed in 4.2.1 CVE-2011-0996 (dhcpcd before 5.2.12 allows remote attackers to execute arbitrary comm ...) - dhcpcd (old shell quoting code is not vulnerable) NOTE: Debian's dhcpcd.sh is not vulnerable. CVE-2011-0995 (The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 ...) - ruby-sqlite3 (SuSE-specific packaging flaw) CVE-2011-0994 (Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (N ...) NOT-FOR-US: Novell File Reporter CVE-2011-0993 (SUSE Lifecycle Management Server before 1.1 uses world readable postgr ...) NOT-FOR-US: SUSE Lifecycle Management Server CVE-2011-0992 (Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 ...) - mono (Moonlight no longer present in Debian) CVE-2011-0991 (Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 ...) - mono (Moonlight no longer present in Debian) CVE-2011-0990 (Race condition in the FastCopy optimization in the Array.Copy method i ...) - mono (Moonlight no longer present in Debian) CVE-2011-0989 (The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, ...) - mono (Moonlight no longer present in Debian) CVE-2011-0988 (pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and S ...) - pure-ftpd (SUSE-specific) CVE-2011-1132 (The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8 ...) NOT-FOR-US: Apple IPv6 implementation CVE-2011-XXXX [kfreebsd dos] - kfreebsd-8 8.2-1 (low; bug #613312; bug #611476) [squeeze] - kfreebsd-8 8.1+dfsg-8 [lenny] - kfreebsd-8 (Not-supported in Lenny) - kfreebsd-7 [lenny] - kfreebsd-7 (Not supported in Lenny) CVE-2011-1133 (Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity pa ...) - serendipity (bug #611661) [lenny] - serendipity (Xinha not yet included) [squeeze] - serendipity (Minor issue) - openacs (PHP bindings not used) - dotlrn (PHP bindings not used) NOTE: http://secunia.com/advisories/40669/ CVE-2011-1134 (Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity pa ...) - serendipity (bug #611661) [lenny] - serendipity (Xinha not yet included) [squeeze] - serendipity (Minor issue) - openacs (PHP bindings not used) - dotlrn (PHP bindings not used) NOTE: http://secunia.com/advisories/40669/ CVE-2011-1135 (Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity pa ...) - serendipity (bug #611661) [lenny] - serendipity (Xinha not yet included) [squeeze] - serendipity (Minor issue) - openacs (PHP bindings not used) - dotlrn (PHP bindings not used) NOTE: http://secunia.com/advisories/40669/ CVE-2011-1137 (Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d a ...) {DSA-2185-1} - proftpd-dfsg 1.3.3d-4 (bug #616179) [lenny] - proftpd-dfsg (Vulnerable code not present) NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3586 NOTE: http://www.exploit-db.com/exploits/16129/ CVE-2011-XXXX [incorrect handling of {$smarty.template} and {$smarty.current_dir}] - smarty3 3.0.8-1 (unimportant) - smarty (unimportant) NOTE: http://www.smarty.net/forums/viewtopic.php?t=18815 NOTE: http://code.google.com/p/smarty-php/source/detail?r=3989 NOTE: https://github.com/smarty-php/smarty/commit/0154f17de2b2dd16ff9c016923015ac19af9c0cb(3.0.7) NOTE: non-issue in practice, if you can place arbitrary template files you have worse problems CVE-2011-0987 (The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAd ...) {DSA-2167-1} - phpmyadmin 4:3.3.9.2-1 CVE-2011-0986 (phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not ...) - phpmyadmin 4:3.3.9.2-1 (unimportant) NOTE: Path disclosure; paths in Debian are public info already CVE-2011-0985 (Google Chrome before 9.0.597.94 does not properly perform process term ...) {DSA-2166-1} - chromium-browser 9.0.597.98~r74359-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - webkit (Chromium specific) CVE-2011-0984 (Google Chrome before 9.0.597.94 does not properly handle plug-ins, whi ...) {DSA-2166-1} - chromium-browser 9.0.597.98~r74359-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - webkit (doesn't include v8 code) NOTE: http://trac.webkit.org/changeset/76264 NOTE: ^ this has to be the wrong commit, its a v8 fix, but that doesn't match the description at all CVE-2011-0983 (Google Chrome before 9.0.597.94 does not properly handle anonymous blo ...) {DSA-2166-1} - chromium-browser 9.0.597.98~r74359-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - webkit (vulnerable code not yet present in 1.2) NOTE: http://trac.webkit.org/changeset/75810 CVE-2011-0982 (Use-after-free vulnerability in Google Chrome before 9.0.597.94 allows ...) - chromium-browser 9.0.597.98~r74359-1 [squeeze] - chromium-browser [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 NOTE: http://trac.webkit.org/changeset/76990 CVE-2011-0981 (Google Chrome before 9.0.597.94 does not properly perform event handli ...) {DSA-2166-1} - chromium-browser 9.0.597.98~r74359-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 NOTE: http://trac.webkit.org/changeset/76708 CVE-2011-0980 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, a ...) NOT-FOR-US: Microsoft Office Excel 2003 CVE-2011-0979 (Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2 ...) NOT-FOR-US: Microsoft Office Excel CVE-2011-0978 (Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and ...) NOT-FOR-US: Microsoft Office Excel CVE-2011-0977 (Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 S ...) NOT-FOR-US: Microsoft Office Excel CVE-2011-0976 (Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and ...) NOT-FOR-US: Microsoft Office CVE-2011-0975 (Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in ...) NOT-FOR-US: BMC PATROL CVE-2011-0974 RESERVED CVE-2011-0973 RESERVED CVE-2011-0972 RESERVED CVE-2011-0971 RESERVED CVE-2011-0970 RESERVED CVE-2011-0969 RESERVED CVE-2011-0968 RESERVED CVE-2011-0967 RESERVED CVE-2011-0966 (Directory traversal vulnerability in cwhp/auditLog.do in the Homepage ...) NOT-FOR-US: Cisco CiscoWorks Common Services CVE-2011-0965 RESERVED CVE-2011-0964 RESERVED CVE-2011-0963 (The default configuration of the RADIUS authentication feature on the ...) NOT-FOR-US: Cisco Network Access Control (NAC) Guest Server CVE-2011-0962 (Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.n ...) NOT-FOR-US: Cisco Unified Operations Manager CVE-2011-0961 (Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in t ...) NOT-FOR-US: Cisco CiscoWorks Common Services CVE-2011-0960 (Multiple SQL injection vulnerabilities in Cisco Unified Operations Man ...) NOT-FOR-US: Cisco Unified Operations Manager CVE-2011-0959 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified O ...) NOT-FOR-US: Cisco Unified Operations Manager CVE-2011-0958 RESERVED CVE-2011-0957 RESERVED CVE-2011-0956 RESERVED CVE-2011-0955 RESERVED CVE-2011-0954 RESERVED CVE-2011-0953 RESERVED CVE-2011-0952 RESERVED CVE-2011-0951 (The web-based management interface in Cisco Secure Access Control Syst ...) NOT-FOR-US: Cisco ACS CVE-2011-0950 RESERVED CVE-2011-0949 (Cisco IOS XR 3.6.x, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 does no ...) NOT-FOR-US: Cisco CVE-2011-0948 RESERVED CVE-2011-0947 RESERVED CVE-2011-0946 (The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through ...) NOT-FOR-US: Cisco IOS CVE-2011-0945 (Memory leak in the Data-link switching (aka DLSw) feature in Cisco IOS ...) NOT-FOR-US: Cisco IOS CVE-2011-0944 (Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a deni ...) NOT-FOR-US: Cisco IOS CVE-2011-0943 (Cisco IOS XR 3.8.3, 3.8.4, and 3.9.1 allows remote attackers to cause ...) NOT-FOR-US: Cisco CVE-2011-0942 RESERVED CVE-2011-0941 (Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2011-0940 RESERVED CVE-2011-0939 (Unspecified vulnerability in Cisco IOS 12.4, 15.0, and 15.1, and IOS X ...) NOT-FOR-US: Cisco IOS CVE-2011-0938 RESERVED CVE-2011-0937 RESERVED CVE-2011-0936 RESERVED CVE-2011-0935 (The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent perm ...) NOT-FOR-US: Cisco IOS CVE-2011-0934 RESERVED CVE-2011-0933 RESERVED CVE-2011-0932 RESERVED CVE-2011-0931 RESERVED CVE-2011-0930 RESERVED CVE-2011-0929 RESERVED CVE-2011-0928 RESERVED CVE-2011-0927 RESERVED CVE-2011-0926 (A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Deskt ...) NOT-FOR-US: Cisco Secure Desktop CVE-2011-0925 (The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisc ...) NOT-FOR-US: Cisco Secure Desktop CVE-2011-0924 (The client in HP Data Protector does not verify the contents of files ...) NOT-FOR-US: HP Data Protector CVE-2011-0923 (The client in HP Data Protector does not properly validate EXEC_CMD ar ...) NOT-FOR-US: HP Data Protector CVE-2011-0922 (The client in HP Data Protector allows remote attackers to execute arb ...) NOT-FOR-US: HP Data Protector CVE-2011-0921 (crs.exe in the Cell Manager Service in the client in HP Data Protector ...) NOT-FOR-US: HP Data Protector CVE-2011-0920 (The Remote Console in IBM Lotus Domino, when a certain unsupported con ...) NOT-FOR-US: IBM Lotus Domino CVE-2011-0919 (Multiple stack-based buffer overflows in the (1) POP3 and (2) IMAP ser ...) NOT-FOR-US: IBM Lotus Domino CVE-2011-0918 (Stack-based buffer overflow in the NRouter (aka Router) service in IBM ...) NOT-FOR-US: IBM Lotus Domino CVE-2011-0917 (Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attacke ...) NOT-FOR-US: IBM Lotus Domino CVE-2011-0916 (Stack-based buffer overflow in the SMTP service in IBM Lotus Domino al ...) NOT-FOR-US: IBM Lotus Domino CVE-2011-0915 (Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino before ...) NOT-FOR-US: IBM Lotus Domino CVE-2011-0914 (Integer signedness error in ndiiop.exe in the DIIOP implementation in ...) NOT-FOR-US: IBM Lotus Domino CVE-2011-0913 (Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation ...) NOT-FOR-US: IBM Lotus Domino CVE-2011-0912 (Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 ...) NOT-FOR-US: IBM Lotus Notes CVE-2011-0911 (Cross-site scripting (XSS) vulnerability in the Users module in Zikula ...) NOT-FOR-US: zikula CVE-2011-0910 (The cookie implementation in Vanilla Forums before 2.0.17.6 makes it e ...) NOT-FOR-US: Vanilla Forums CVE-2011-0909 (Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0. ...) NOT-FOR-US: Vanilla Forums CVE-2011-0908 (Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows r ...) NOT-FOR-US: Vanilla Forums CVE-2011-0907 RESERVED CVE-2011-0906 RESERVED CVE-2011-0905 (The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver ...) {DSA-2238-1} - vino 2.28.2-3 - libvncserver (Performs sufficient range validation, but was initially reported as affected) - kdenetwork 4:4.0 NOTE: Only affects the krfb from KDE 3.5 CVE-2011-0904 (The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver ...) {DSA-2238-1} - vino 2.28.2-3 - libvncserver (Performs sufficient range validation, but was initially reported as affected) - kdenetwork 4:4.0 NOTE: Only affects the krfb from KDE 3.5 CVE-2011-0903 (Multiple directory traversal vulnerabilities in AR Web Content Manager ...) NOT-FOR-US: AR Web Content Manager CVE-2011-0902 (Multiple untrusted search path vulnerabilities in the Java Service in ...) NOT-FOR-US: SunOS CVE-2011-0901 (Multiple stack-based buffer overflows in the tsc_launch_remote functio ...) - tsclient (low; bug #613204) [lenny] - tsclient (Minor issue) [squeeze] - tsclient (Minor issue) CVE-2011-0900 (Stack-based buffer overflow in the tsc_launch_remote function (src/sup ...) - tsclient (low; bug #613204) [lenny] - tsclient (Minor issue) [squeeze] - tsclient (Minor issue) CVE-2011-0899 (The AES encryption module 7.x-1.4 for Drupal leaves certain debugging ...) NOT-FOR-US: AES module for Drupal CVE-2011-0898 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i ...) NOT-FOR-US: HP Network Node Manager CVE-2011-0897 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00 all ...) NOT-FOR-US: HP Network Node Manager CVE-2011-0896 (Unspecified vulnerability in HP NFS/ONCplus B.11.31.10 and earlier on ...) NOT-FOR-US: HP-UX CVE-2011-0895 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x and ...) NOT-FOR-US: HP Network Node Manager CVE-2011-0894 (Unspecified vulnerability in HP Operations 9.10 on UNIX platforms allo ...) NOT-FOR-US: HP Operations CVE-2011-0893 (Cross-site scripting (XSS) vulnerability in HP Operations 9.10 on UNIX ...) NOT-FOR-US: HP Operations CVE-2011-0892 (Cross-site scripting (XSS) vulnerability in HP Diagnostics 7.5x and 8. ...) NOT-FOR-US: HP Diagnostics CVE-2011-0891 (Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP HP-UX ...) NOT-FOR-US: HP HP-UX CVE-2011-0890 (HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.6 ...) NOT-FOR-US: HP Discovery & Dependency Mapping Inventory CVE-2011-0889 (Unspecified vulnerability in HP Client Automation Enterprise (aka HPCA ...) NOT-FOR-US: HP Client Automation Enterprise CVE-2011-0888 RESERVED CVE-2011-0887 (The web management portal on the SMC SMCD3G-CCR (aka Comcast Business ...) NOT-FOR-US: SMC SMCD3G-CCR CVE-2011-0886 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) NOT-FOR-US: SMC SMCD3G-CCR CVE-2011-0885 (A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR ...) NOT-FOR-US: SMC SMCD3G-CCR CVE-2011-0884 (Unspecified vulnerability in the Oracle BPEL Process Manager component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-0883 (Unspecified vulnerability in the Oracle Containers for J2EE component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-0882 (Unspecified vulnerability in the Content Management component in Oracl ...) NOT-FOR-US: Oracle Database Server CVE-2011-0881 (Unspecified vulnerability in the EMCTL component in Oracle Database Se ...) NOT-FOR-US: Oracle Database Server CVE-2011-0880 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2011-0879 (Unspecified vulnerability in the Instance Management component in Orac ...) NOT-FOR-US: Oracle Database Server CVE-2011-0878 REJECTED CVE-2011-0877 (Unspecified vulnerability in the Instance Management component in Orac ...) NOT-FOR-US: Oracle Database Server CVE-2011-0876 (Unspecified vulnerability in the Enterprise Manager Console component ...) NOT-FOR-US: Oracle Database Server CVE-2011-0875 (Unspecified vulnerability in the EMCTL component in Oracle Database Se ...) NOT-FOR-US: Oracle Database Server CVE-2011-0874 REJECTED CVE-2011-0873 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) [lenny] - sun-java6 6.26-0lenny1 [squeeze] - sun-java6 6.26-0squeeze1 - sun-java6 6.26-1 (bug #629852) - openjdk-6 6b18-1.8.9-0.1 (bug #629852) CVE-2011-0872 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) NOT-FOR-US: OpenJDK on Microsoft Windows CVE-2011-0871 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2358-1 DSA-2311-1} [lenny] - sun-java6 6.26-0lenny1 [squeeze] - sun-java6 6.26-0squeeze1 - sun-java6 6.26-1 (bug #629852) - openjdk-6 6b18-1.8.9-0.1 (bug #629852) CVE-2011-0870 (Unspecified vulnerability in the Schema Management component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2011-0869 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2358-1 DSA-2311-1} [lenny] - sun-java6 6.26-0lenny1 [squeeze] - sun-java6 6.26-0squeeze1 - sun-java6 6.26-1 (bug #629852) - openjdk-6 6b18-1.8.9-0.1 (bug #629852) CVE-2011-0868 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2358-1 DSA-2311-1} [lenny] - sun-java6 6.26-0lenny1 [squeeze] - sun-java6 6.26-0squeeze1 - sun-java6 6.26-1 (bug #629852) - openjdk-6 6b18-1.8.9-0.1 (bug #629852) CVE-2011-0867 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2358-1 DSA-2311-1} [lenny] - sun-java6 6.26-0lenny1 [squeeze] - sun-java6 6.26-0squeeze1 - sun-java6 6.26-1 (bug #629852) - openjdk-6 6b18-1.8.9-0.1 (bug #629852) CVE-2011-0866 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) NOT-FOR-US: Java on Windows CVE-2011-0865 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2358-1 DSA-2311-1} [lenny] - sun-java6 6.26-0lenny1 [squeeze] - sun-java6 6.26-0squeeze1 - sun-java6 6.26-1 (bug #629852) - openjdk-6 6b18-1.8.9-0.1 (bug #629852) CVE-2011-0864 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2358-1 DSA-2311-1} [lenny] - sun-java6 6.26-0lenny1 [squeeze] - sun-java6 6.26-0squeeze1 - sun-java6 6.26-1 (bug #629852) - openjdk-6 6b18-1.8.9-0.1 (bug #629852) CVE-2011-0863 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) [lenny] - sun-java6 6.26-0lenny1 [squeeze] - sun-java6 6.26-0squeeze1 - sun-java6 6.26-1 (bug #629852) CVE-2011-0862 (Multiple unspecified vulnerabilities in the Java Runtime Environment ( ...) {DSA-2358-1 DSA-2311-1} [lenny] - sun-java6 6.26-0lenny1 [squeeze] - sun-java6 6.26-0squeeze1 - sun-java6 6.26-1 (bug #629852) - openjdk-6 6b18-1.8.9-0.1 (bug #629852) CVE-2011-0861 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Upd ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2011-0860 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Upd ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2011-0859 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Tax ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2011-0858 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Bun ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2011-0857 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Bun ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2011-0856 (Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.49 GA thro ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2011-0855 (Unspecified vulnerability in the InForm component in Oracle Industry A ...) NOT-FOR-US: Oracle Industry Applications CVE-2011-0854 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.1 Bun ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2011-0853 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Bun ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2011-0852 (Unspecified vulnerability in the Security Management component in Orac ...) NOT-FOR-US: Oracle Database Server CVE-2011-0851 (Unspecified vulnerability in Oracle PeopleSoft Enterprise ELS 9.0 Bund ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2011-0850 (Unspecified vulnerability in Oracle PeopleSoft Enterprise CRM 8.9 Bund ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2011-0849 (Unspecified vulnerability in Oracle Java Dynamic Management Kit 5.1 al ...) NOT-FOR-US: Oracle Java Dynamic Management Kit CVE-2011-0848 (Unspecified vulnerability in the Security Framework component in Oracl ...) NOT-FOR-US: Oracle Database Server CVE-2011-0847 (Unspecified vulnerability in the OpenSSO Enterprise and Sun Java Syste ...) NOT-FOR-US: Oracle Sun Products Suite CVE-2011-0846 (Unspecified vulnerability in the Oracle Sun Java System Access Manager ...) NOT-FOR-US: Oracle Sun Java System Access Manager Policy Agent CVE-2011-0845 (Unspecified vulnerability in the Database Control component in Oracle ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2011-0844 (Unspecified vulnerability in the OpenSSO Enterprise and Sun Java Syste ...) NOT-FOR-US: Oracle Sun Products Suite CVE-2011-0843 (Unspecified vulnerability in the Siebel CRM Core component in Oracle S ...) NOT-FOR-US: Oracle Siebel CRM CVE-2011-0842 REJECTED CVE-2011-0841 (Unspecified vulnerability in Oracle Solaris 11 Express allows remote a ...) NOT-FOR-US: Oracle Solaris CVE-2011-0840 (Unspecified vulnerability in Oracle PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Enterprise PeopleTools CVE-2011-0839 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allo ...) NOT-FOR-US: Oracle Solaris CVE-2011-0838 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2011-0837 (Unspecified vulnerability in the Agile Technology Platform component i ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2011-0836 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...) NOT-FOR-US: Oracle JD Edwards EnterpriseOne CVE-2011-0835 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2011-0834 (Unspecified vulnerability in the Siebel CRM Core component in Oracle S ...) NOT-FOR-US: Oracle Siebel CRM CVE-2011-0833 (Unspecified vulnerability in the Siebel CRM Core component in Oracle S ...) NOT-FOR-US: Oracle Siebel CRM CVE-2011-0832 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2011-0831 (Unspecified vulnerability in the Enterprise Config Management componen ...) NOT-FOR-US: Oracle Database Server CVE-2011-0830 (Unspecified vulnerability in the Event Management component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2011-0829 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows l ...) NOT-FOR-US: Oracle Solaris CVE-2011-0828 (Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.8 Bundle # ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2011-0827 (Unspecified vulnerability in the PeopleSoft Enterprise component in Or ...) NOT-FOR-US: Oracle PeopleSoft CVE-2011-0826 (Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.8 Bundle # ...) NOT-FOR-US: Oracle PeopleSoft CVE-2011-0825 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...) NOT-FOR-US: Oracle JD Edwards EnterpriseOne CVE-2011-0824 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...) NOT-FOR-US: Oracle JD Edwards EnterpriseOne CVE-2011-0823 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...) NOT-FOR-US: Oracle JD Edwards EnterpriseOne CVE-2011-0822 (Unspecified vulnerability in the Streams, AQ & Replication Mgmt co ...) NOT-FOR-US: Oracle Database Serve CVE-2011-0821 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local ...) NOT-FOR-US: Oracle Solaris CVE-2011-0820 (Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows ...) NOT-FOR-US: Oracle Solaris CVE-2011-0819 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...) NOT-FOR-US: Oracle JD Edwards EnterpriseOne CVE-2011-0818 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...) NOT-FOR-US: Oracle JD Edwards EnterpriseOne CVE-2011-0817 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) NOT-FOR-US: Java on Windows CVE-2011-0816 (Unspecified vulnerability in the CMDB Metadata & Instance APIs com ...) NOT-FOR-US: Oracle Database Server CVE-2011-0815 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) NOT-FOR-US: Java on Windows CVE-2011-0814 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) [lenny] - sun-java6 6.26-0lenny1 [squeeze] - sun-java6 6.26-0squeeze1 - sun-java6 6.26-1 (bug #629852) CVE-2011-0813 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...) NOT-FOR-US: Oracle Solaris CVE-2011-0812 (Unspecified vulnerability in the Solaris component in Oracle Solaris 8 ...) NOT-FOR-US: Oracle Solaris CVE-2011-0811 (Unspecified vulnerability in the Enterprise Config Management componen ...) NOT-FOR-US: Oracle Database Server CVE-2011-0810 (Unspecified vulnerability Oracle JD Edwards EnterpriseOne Tools 8.9 GA ...) NOT-FOR-US: Oracle JD Edwards EnterpriseOne CVE-2011-0809 (Unspecified vulnerability in the Web ADI component in Oracle E-Busines ...) NOT-FOR-US: Oracle E-Business Suite CVE-2011-0808 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-0807 (Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2. ...) NOT-FOR-US: Oracle Sun GlassFish Enterprise Server CVE-2011-0806 (Unspecified vulnerability in the Network Foundation component in Oracl ...) NOT-FOR-US: Oracle Database Server CVE-2011-0805 (Unspecified vulnerability in the UIX component in Oracle Database Serv ...) NOT-FOR-US: Oracle Database Server CVE-2011-0804 (Unspecified vulnerability in the Database Vault component in Oracle Da ...) NOT-FOR-US: Oracle Database Server CVE-2011-0803 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...) NOT-FOR-US: Oracle JD Edwards Products CVE-2011-0802 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) [lenny] - sun-java6 6.26-0lenny1 [squeeze] - sun-java6 6.26-0squeeze1 - sun-java6 6.26-1 (bug #629852) CVE-2011-0801 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows l ...) NOT-FOR-US: Oracle Solaris CVE-2011-0800 (Unspecified vulnerability in the Solaris component in Oracle Solaris 8 ...) NOT-FOR-US: Oracle Solaris CVE-2011-0799 (Unspecified vulnerability in the Oracle Warehouse Builder component in ...) NOT-FOR-US: Oracle Database Server CVE-2011-0798 (Unspecified vulnerability in the Portal component in Oracle Fusion Mid ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-0797 (Unspecified vulnerability in the Applications Install component in Ora ...) NOT-FOR-US: Oracle E-Business Suite CVE-2011-0796 (Unspecified vulnerability in the Applications Install component in Ora ...) NOT-FOR-US: Oracle E-Business Suite CVE-2011-0795 (Unspecified vulnerability in the Single Sign On component in Oracle Fu ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-0794 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-0793 (Unspecified vulnerability in the Database Vault component in Oracle Da ...) NOT-FOR-US: Oracle Database Server CVE-2011-0792 (Unspecified vulnerability in the Oracle Warehouse Builder component in ...) NOT-FOR-US: Oracle Database Server CVE-2011-0791 (Unspecified vulnerability in the Application Object Library component ...) NOT-FOR-US: Oracle E-Business Suite CVE-2011-0790 (Unspecified vulnerability in Oracle Solaris 9 and 10 allows local user ...) NOT-FOR-US: Oracle Solaris CVE-2011-0789 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-0788 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) NOT-FOR-US: Java on Windows CVE-2011-0787 (Unspecified vulnerability in the Application Service Level Management ...) NOT-FOR-US: Oracle CVE-2011-0786 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) NOT-FOR-US: Java on Windows CVE-2011-0785 (Unspecified vulnerability in the Oracle Help component in Oracle Datab ...) NOT-FOR-US: Oracle CVE-2011-0784 (Race condition in Google Chrome before 9.0.597.84 allows remote attack ...) - chromium-browser 9.0.597.84~r72991-1 [squeeze] - chromium-browser [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - webkit (chromium specific) CVE-2011-0783 (Unspecified vulnerability in Google Chrome before 9.0.597.84 allows us ...) {DSA-2166-1} - chromium-browser 9.0.597.84~r72991-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - webkit (chromium specific) CVE-2011-0782 (Google Chrome before 9.0.597.84 on Mac OS X does not properly mitigate ...) - chromium-browser (mac only) - webkit (chromium specific) CVE-2011-0781 (Google Chrome before 9.0.597.84 does not properly handle autofill prof ...) - chromium-browser 9.0.597.84~r72991-1 (unimportant) - webkit (chromium specific) CVE-2011-0780 (The PDF event handler in Google Chrome before 9.0.597.84 does not prop ...) - chromium-browser (Chrome pdf plugin) - webkit (chromium specific) CVE-2011-0779 (Google Chrome before 9.0.597.84 does not properly handle a missing key ...) {DSA-2192-1} - chromium-browser 9.0.597.84~r72991-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - webkit (chromium specific) CVE-2011-0778 (Google Chrome before 9.0.597.84 does not properly restrict drag and dr ...) {DSA-2188-1 DSA-2166-1} - chromium-browser 9.0.597.84~r72991-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - webkit 1.2.7-1 NOTE: http://trac.webkit.org/changeset/71925 CVE-2011-0777 (Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows ...) {DSA-2166-1} - chromium-browser 9.0.597.84~r72991-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 NOTE: http://trac.webkit.org/changeset/72230 CVE-2011-0776 (The sandbox implementation in Google Chrome before 9.0.597.84 on Mac O ...) - chromium-browser (mac only) - webkit (chromium specific) CVE-2011-XXXX [evince segfault] - evince 2.30.3-1 [lenny] - evince (bug #612668) CVE-2011-XXXX [php-gettext XSS] - php-gettext (unimportant) NOTE: http://www.autosectools.com/Advisories/CiviCRM.3.3.3.Drupal-Joomla_Reflected.Cross-site.Scripting_102.html NOTE: Vulnerable code only in examples/ CVE-2011-1136 (In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user ...) - tesseract 2.04-2.1 (low; bug #612032) [squeeze] - tesseract 2.04-2+squeeze1 [lenny] - tesseract 2.03-2+lenny1 (bug #612032) CVE-2011-XXXX [aptitude tempfile] - aptitude 0.6.3-4 (low; bug #612034) [squeeze] - aptitude 0.6.3-2.1+squeeze1 (bug #612034) [lenny] - aptitude 0.4.11.11-1~lenny2 (bug #612034) CVE-2011-0775 (pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attacker ...) NOT-FOR-US: PivotX CVE-2011-0774 (PivotX before 2.2.2 allows remote attackers to obtain sensitive inform ...) NOT-FOR-US: PivotX CVE-2011-0773 (Cross-site scripting (XSS) vulnerability in pivotx/modules/module_imag ...) NOT-FOR-US: PivotX CVE-2011-0772 (Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, a ...) NOT-FOR-US: PivotX CVE-2011-0771 (The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not v ...) NOT-FOR-US: Janrain Engage Drupal module CVE-2011-0770 (Cross-site scripting (XSS) vulnerability in Windows Event Log SmartCon ...) NOT-FOR-US: Windows Event Log SmartConnector CVE-2011-0769 RESERVED CVE-2011-0768 RESERVED CVE-2011-0767 (Cross-site scripting (XSS) vulnerability in the management GUI in the ...) NOT-FOR-US: Imperva SecureSphere Web Application Firewall CVE-2011-0766 (The random number generator in the Crypto application before 2.0.2.2, ...) - erlang 1:14.b.3-dfsg-1 (low; bug #628456) [squeeze] - erlang 1:14.a-dfsg-3squeeze1 NOTE: http://www.kb.cert.org/vuls/id/178990 NOTE: https://github.com/erlang/otp/commit/f228601de45c5 CVE-2011-0765 (Unspecified vulnerability in lft in pWhois Layer Four Traceroute (LFT) ...) NOT-FOR-US: pWhois Layer Four Traceroute CVE-2011-0764 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and ot ...) {DSA-2388-1} - xpdf 3.02-9 - poppler (never used t1lib) - t1lib 5.1.2-3.3 [lenny] - t1lib 5.1.2-3+lenny1 [squeeze] - t1lib 5.1.2-3+squeeze1 NOTE: http://www.toucan-system.com/advisories/tssa-2011-01.txt CVE-2011-0763 RESERVED CVE-2011-0762 (The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 ...) {DSA-2305-1} - vsftpd 2.3.4-1 (bug #622741) [squeeze] - vsftpd 2.3.2-3+squeeze2 [lenny] - vsftpd 2.0.7-1+lenny1 CVE-2011-0761 (Perl 5.10.x allows context-dependent attackers to cause a denial of se ...) - perl 5.12.0-1 (unimportant; bug #628817) CVE-2011-0760 (Multiple cross-site request forgery (CSRF) vulnerabilities in the conf ...) NOT-FOR-US: WP Related Posts plugin for WordPress CVE-2011-0759 (Multiple cross-site request forgery (CSRF) vulnerabilities in the conf ...) NOT-FOR-US: Recaptcha plugin for WordPress CVE-2011-0758 (The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager 8. ...) NOT-FOR-US: CA ETrust CVE-2011-0757 (IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, ...) NOT-FOR-US: IBM DB2 CVE-2011-0756 (The application server in Trustwave WebDefend Enterprise before 5.0 us ...) NOT-FOR-US: Trustwave WebDefend Enterprise CVE-2011-0755 (Integer overflow in the mt_rand function in PHP before 5.3.4 might mak ...) - php5 5.3.5-1 (unimportant) NOTE: Only exploitable with malicious script CVE-2011-0754 (The SplFileInfo::getType function in the Standard PHP Library (SPL) ex ...) - php5 (Only affects PHP on Windows) CVE-2011-0753 (Race condition in the PCNTL extension in PHP before 5.3.4, when a user ...) - php5 5.3.5-1 (unimportant) NOTE: Only exploitable with malicious script CVE-2011-0752 (The extract function in PHP before 5.2.15 does not prevent use of the ...) - php5 5.3.3-7 (unimportant) NOTE: Only exploitable with malicious script CVE-2011-0751 (Directory traversal vulnerability in nhttpd (aka Nostromo webserver) b ...) NOT-FOR-US: Nostromo webserver CVE-2011-0750 RESERVED CVE-2011-0749 RESERVED CVE-2011-0748 (Multiple cross-site request forgery (CSRF) vulnerabilities in phpList ...) - phplist (bug #612288) CVE-2011-0747 RESERVED CVE-2011-0746 (Cross-site request forgery (CSRF) vulnerability in Forms/PortForwardin ...) NOT-FOR-US: ZyXEL O2 DSL Router CVE-2011-0745 (SugarCRM before 6.1.3 does not properly handle reloads and direct requ ...) - sugarcrm-ce-5.0 (bug #457876) CVE-2011-0744 RESERVED CVE-2011-0743 RESERVED CVE-2011-0742 (Buffer overflow in ZfHIPCND.exe in Novell ZENworks Handheld Management ...) NOT-FOR-US: Novell ZENworks Handheld Management CVE-2011-0741 (Multiple cross-site scripting (XSS) vulnerabilities in ModX Evolution ...) NOT-FOR-US: ModX CVE-2011-0740 (Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slas ...) - magpierss 0.72-10 (low; bug #611940) [squeeze] - magpierss 0.72-8+squeeze1 [lenny] - magpierss 0.72-5+lenny1 CVE-2011-0739 (The deliver function in the sendmail delivery agent (lib/mail/network/ ...) NOT-FOR-US: Ruby mail gem CVE-2011-0738 (MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2 ...) NOT-FOR-US: MyProxy CVE-2011-0737 (** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote a ...) NOT-FOR-US: Adobe Coldfusion CVE-2011-0736 (** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web app ...) NOT-FOR-US: Adobe ColdFusion CVE-2011-0735 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9. ...) NOT-FOR-US: Adobe ColdFusion CVE-2011-0734 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9. ...) NOT-FOR-US: Adobe ColdFusion CVE-2011-0733 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9. ...) NOT-FOR-US: Adobe ColdFusion CVE-2011-0732 (Multiple unspecified vulnerabilities in IBM Tivoli Integrated Portal ( ...) NOT-FOR-US: IBM Tivoli Integrated Portal CVE-2011-0731 (Buffer overflow in the DB2 Administration Server (DAS) component in IB ...) NOT-FOR-US: IBM DB2 CVE-2011-0730 (Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubu ...) - eucalyptus (It was once removed from archive, then re-added as 3.1.0) CVE-2011-0729 (dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector ...) NOT-FOR-US: Ubuntu-specific language-selector package CVE-2011-0728 (Cross-site scripting (XSS) vulnerability in templatefunctions.py in Lo ...) - loggerhead 1.18.1-1 (low) [squeeze] - loggerhead (Minor issue) CVE-2011-0727 (GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to ch ...) {DSA-2205-1} - gdm3 2.30.5-9 - gdm (Affected code was introduced in 2.28) CVE-2011-0726 (The do_task_stat function in fs/proc/array.c in the Linux kernel befor ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-2 [lenny] - linux-2.6 2.6.26-26lenny3 [squeeze] - linux-2.6 2.6.32-32 CVE-2011-0725 (Absolute path traversal vulnerability in the org.debian.apt.UpdateCach ...) - aptdaemon 0.43+bzr707-1 [squeeze] - aptdaemon (Introduced in 0.33) CVE-2011-0724 (The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctl ...) - italc (Only Edubuntu Live DVD affected) NOTE: https://bugs.launchpad.net/ubuntu/+source/italc/+bug/714864 NOTE: http://web.archive.org/web/20140817234205/https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001245.html CVE-2011-0723 (FFmpeg 0.5.x, as used in MPlayer and other products, allows remote att ...) {DSA-2306-1} - libav 4:0.6-1 - ffmpeg 7:2.4.1-1 - ffmpeg-debian CVE-2011-0722 (FFmpeg before 0.5.4, as used in MPlayer and other products, allows rem ...) {DSA-2306-1} - libav 4:0.6-1 - ffmpeg 7:2.4.1-1 - ffmpeg-debian CVE-2011-0721 (Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in sh ...) {DSA-2164-1} - shadow 1:4.1.4.2+svn3283-3 [lenny] - shadow (Vulnerable code not present) CVE-2011-0720 (Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, ...) - plone3 CVE-2011-0719 (Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 d ...) {DSA-2175-1} - samba 2:3.5.7~dfsg-1 CVE-2011-0718 (Red Hat Network (RHN) Satellite Server 5.4 does not use a time delay a ...) NOT-FOR-US: Red Hat Network Satellite/Spacewalk CVE-2011-0717 (Session fixation vulnerability in Red Hat Network (RHN) Satellite Serv ...) NOT-FOR-US: Red Hat Network Satellite/Spacewalk CVE-2011-0716 (The br_multicast_add_group function in net/bridge/br_multicast.c in th ...) - linux-2.6 2.6.38-1 (low) [lenny] - linux-2.6 (Vulnerable code not present, introduced in 2.6.34) [squeeze] - linux-2.6 (Vulnerable code not present, introduced in 2.6.34) [wheezy] - linux-2.6 (Vulnerable code not present, introduced in 2.6.34) CVE-2011-0715 (The mod_dav_svn module for the Apache HTTP Server, as distributed in A ...) {DSA-2181-1} - subversion 1.6.16dfsg-1 CVE-2011-0714 (Use-after-free vulnerability in a certain Red Hat patch for the RPC se ...) - linux-2.6 (This issue only affects Red Hat Enterprise Linux 6) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=678144 NOTE: http://seclists.org/oss-sec/2011/q1/438 CVE-2011-0713 (Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 t ...) {DSA-2201-1} - wireshark 1.4.4-1 [lenny] - wireshark (Vulnerable code not present) NOTE: http://anonsvn.wireshark.org/viewvc?view=rev&revision=35953 CVE-2011-0712 (Multiple buffer overflows in the caiaq Native Instruments USB audio fu ...) {DSA-2310-1} - linux-2.6 2.6.37-2 [wheezy] - linux-2.6 2.6.32-31 [squeeze] - linux-2.6 2.6.32-31 CVE-2011-0711 (The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-1 (low) CVE-2011-0710 (The task_show_regs function in arch/s390/kernel/traps.c in the Linux k ...) {DSA-2264-1} - linux-2.6 2.6.37-2 (low) [wheezy] - linux-2.6 2.6.32-31 [squeeze] - linux-2.6 2.6.32-31 CVE-2011-0709 (The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux k ...) - linux-2.6 (Introduced in 2.6.35-rc1 and fixed in 2.6.35-rc5) CVE-2011-0708 (exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms p ...) {DSA-2266-1} - php5 5.3.6-1 CVE-2011-0707 (Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py ...) {DSA-2170-1} - mailman 1:2.1.14-1 NOTE: patch http://mail.python.org/pipermail/mailman-developers/attachments/20110218/15500b22/attachment.txt NOTE: present in 2.1.14 and earlier NOTE: http://mail.python.org/pipermail/mailman-developers/2011-February/021317.html CVE-2011-0706 (The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in Open ...) {DSA-2224-1} - openjdk-6 6b18-1.8.7-1 CVE-2011-0705 REJECTED CVE-2011-0704 (389 Directory Server 1.2.7.5, when built with mozldap, allows remote a ...) NOT-FOR-US: 389 Directory Server CVE-2011-0703 (In gksu-polkit before 0.0.3, the source file for xauth may contain arb ...) - gksu-polkit (bug #684489) [squeeze] - gksu-polkit (Unsupported in squeeze-lts) CVE-2011-0702 (The feh_unique_filename function in utils.c in feh before 1.11.2 might ...) - feh 1.12-1 (low; bug #612035) [squeeze] - feh (Minor issue) [lenny] - feh (Minor issue) CVE-2011-0701 (wp-admin/async-upload.php in the media uploader in WordPress before 3. ...) {DSA-2190-1} - wordpress 3.0.5+dfsg-1 [lenny] - wordpress (2.x version is not affected) CVE-2011-0700 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress befor ...) {DSA-2190-1} - wordpress 3.0.5+dfsg-1 [lenny] - wordpress (2.x version is not affected) CVE-2011-0699 (Integer signedness error in the btrfs_ioctl_space_info function in the ...) - linux-2.6 2.6.37-2 [wheezy] - linux-2.6 (code introduced in .37) [squeeze] - linux-2.6 (code introduced in .37) [lenny] - linux-2.6 (code introduced in .37) CVE-2011-0698 (Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2 ...) - python-django (Windows-specific) NOTE: http://www.djangoproject.com/weblog/2011/feb/08/security/ CVE-2011-0697 (Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 ...) {DSA-2163-1} - python-django 1.2.5-1 [lenny] - python-django (Vulnerable code not present) NOTE: http://www.djangoproject.com/weblog/2011/feb/08/security/ [squeeze] - python-django 1.2.3-3+squeeze1 CVE-2011-0696 (Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly val ...) {DSA-2163-1} - python-django 1.2.5-1 [lenny] - python-django (Vulnerable code not present) NOTE: http://www.djangoproject.com/weblog/2011/feb/08/security/ [squeeze] - python-django 1.2.3-3+squeeze1 CVE-2011-0695 (Race condition in the cm_work_handler function in the InfiniBand drive ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-2 CVE-2011-0694 (RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 1 ...) NOT-FOR-US: RealPlayer CVE-2011-0693 RESERVED CVE-2011-0692 RESERVED CVE-2011-0691 RESERVED CVE-2011-0690 RESERVED CVE-2011-0689 RESERVED CVE-2011-0688 (Intel Alert Management System (aka AMS or AMS2), as used in Symantec A ...) NOT-FOR-US: Symantec Intel Alert Handler CVE-2011-0687 (Opera before 11.01 does not properly implement Wireless Application Pr ...) NOT-FOR-US: Opera CVE-2011-0686 (Unspecified vulnerability in Opera before 11.01 allows remote attacker ...) NOT-FOR-US: Opera CVE-2011-0685 (The Delete Private Data feature in Opera before 11.01 does not properl ...) NOT-FOR-US: Opera CVE-2011-0684 (Opera before 11.01 does not properly handle redirections and unspecifi ...) NOT-FOR-US: Opera CVE-2011-0683 (Opera before 11.01 does not properly restrict the use of opera: URLs, ...) NOT-FOR-US: Opera CVE-2011-0682 (Integer truncation error in opera.dll in Opera before 11.01 allows rem ...) NOT-FOR-US: Opera CVE-2011-0681 (The Cascading Style Sheets (CSS) Extensions for XML implementation in ...) NOT-FOR-US: Opera CVE-2011-0680 (data/WorkingMessage.java in the Mms application in Android before 2.2. ...) NOT-FOR-US: Mms for Android CVE-2011-0679 (IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web ...) NOT-FOR-US: IBM WebSphere Portal CVE-2011-0678 (Unrestricted file upload vulnerability in the EasyEdit module in Lomte ...) NOT-FOR-US: Lomtec ActiveWeb Professional CVE-2011-0677 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2011-0676 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2011-0675 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2011-0674 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2011-0673 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allo ...) NOT-FOR-US: Microsoft Windows CVE-2011-0672 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2011-0671 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2011-0670 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2011-0669 REJECTED CVE-2011-0668 RESERVED CVE-2011-0667 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2011-0666 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2011-0665 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2011-0664 (Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and ...) NOT-FOR-US: Microsoft .NET Framework, Silverlight CVE-2011-0663 (Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5. ...) NOT-FOR-US: Microsoft JScript CVE-2011-0662 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2011-0661 (The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Se ...) NOT-FOR-US: Microsoft Windows CVE-2011-0660 (The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 200 ...) NOT-FOR-US: Microsoft Windows CVE-2011-0659 REJECTED CVE-2011-0658 (Integer underflow in the OLE Automation protocol implementation in VBS ...) NOT-FOR-US: Microsoft Windows CVE-2011-0657 (DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Wind ...) NOT-FOR-US: Microsoft Windows CVE-2011-0656 (Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 20 ...) NOT-FOR-US: Microsoft CVE-2011-0655 (Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 fo ...) NOT-FOR-US: Microsoft CVE-2011-0654 (Integer underflow in the BowserWriteErrorLogEntry function in the Comm ...) NOT-FOR-US: Windows 2003 CVE-2011-0653 (Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoin ...) NOT-FOR-US: Microsoft SharePoint CVE-2011-0652 (lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 all ...) NOT-FOR-US: Look 'n' Stop Firewall CVE-2011-0651 (Buffer overflow in the key exchange functionality in Icon Labs Iconfid ...) NOT-FOR-US: Iconfidant SSL Server (VxWorks OS) CVE-2011-0650 (Cross-site request forgery (CSRF) vulnerability in Greenbone Security ...) NOT-FOR-US: Greenbone Security Manager appliance CVE-2011-0649 (Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through ...) NOT-FOR-US: TIBCO Rendezvous CVE-2011-0648 (Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote ...) NOT-FOR-US: EMC Avamar CVE-2011-0647 (The irccd.exe service in EMC Replication Manager Client before 5.3 and ...) NOT-FOR-US: EMC CVE-2011-0646 (SQL injection vulnerability in viewfaqs.php in PHP LOW BIDS allows rem ...) NOT-FOR-US: PHPLOWBIDS CVE-2011-0645 (SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remot ...) NOT-FOR-US: PHPCMS CVE-2011-0644 (SQL injection vulnerability in include/admin/model_field.class.php in ...) NOT-FOR-US: PHPCMS CVE-2011-0643 (Cross-site request forgery (CSRF) vulnerability in admin/conf_users_ed ...) NOT-FOR-US: PHP Link Directory CVE-2011-0642 (Cross-site request forgery (CSRF) vulnerability in news/admin.php in N ...) NOT-FOR-US: N-13 News CVE-2011-0641 (Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/admin. ...) NOT-FOR-US: StatPressCN Wordpress Plugin CVE-2011-0640 (The default configuration of udev on Linux does not warn the user befo ...) NOTE: Not much that could sensibly be fixed here CVE-2011-0639 (Apple Mac OS X does not properly warn the user before enabling additio ...) NOT-FOR-US: Mac OS X CVE-2011-0638 (Microsoft Windows does not properly warn the user before enabling addi ...) NOT-FOR-US: Microsoft Windows CVE-2011-0637 (The FC SCSI protocol driver in IBM AIX 6.1 does not verify that a time ...) NOT-FOR-US: AIX CVE-2011-0636 (The (1) cudaHostAlloc and (2) cuMemHostAlloc functions in the NVIDIA C ...) NOT-FOR-US: NVIDIA CUDA Toolkit CVE-2011-0635 (Static code injection vulnerability in Simploo CMS 1.7.1 and earlier a ...) NOT-FOR-US: Simploo CVE-2011-XXXX [shibboleth Single TransientID Mapped to Multiple Principals] NOTE: Not packaged in Debian, separate package Shibboleth IdP NOTE: http://shibboleth.internet2.edu/secadv/secadv_20110113.txt CVE-2011-0520 (The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1 ...) {DSA-2196-1} - maradns 1.4.03-1.1 (bug #610834) CVE-2011-0634 REJECTED CVE-2011-0633 (The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW ...) - libwww-perl 6.01-1 (low; bug #669126) [squeeze] - libwww-perl (Minor issue) CVE-2011-0632 RESERVED CVE-2011-0631 RESERVED CVE-2011-0630 RESERVED CVE-2011-0629 (Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 8. ...) NOT-FOR-US: Adobe ColdFusion CVE-2011-0628 (Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0627 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0626 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0625 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0624 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0623 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0622 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0621 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0620 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0619 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0618 (Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0617 REJECTED CVE-2011-0616 REJECTED CVE-2011-0615 (Multiple buffer overflows in Adobe Audition 3.0.1 and earlier allow re ...) NOT-FOR-US: Adobe Audition CVE-2011-0614 (Buffer overflow in Adobe Audition 3.0.1 and earlier allows remote atta ...) NOT-FOR-US: Adobe Audition CVE-2011-0613 (Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and ...) NOT-FOR-US: RoboHelp CVE-2011-0612 (Adobe Flash Media Server (FMS) before 3.5.6, and 4.x before 4.0.2, all ...) NOT-FOR-US: Adobe Flash Media Server CVE-2011-0611 (Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player / Acrobat Reader CVE-2011-0610 (The CoolType library in Adobe Reader 9.x before 9.4.4 and 10.x through ...) NOT-FOR-US: Adobe Reader CVE-2011-0609 (Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlie ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0608 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0607 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0606 (Stack-based buffer overflow in rt3d.dll in Adobe Reader and Acrobat 10 ...) NOT-FOR-US: Adobe Reader CVE-2011-0605 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...) NOT-FOR-US: Adobe Reader CVE-2011-0604 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 1 ...) NOT-FOR-US: Adobe Reader CVE-2011-0603 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...) NOT-FOR-US: Adobe Reader CVE-2011-0602 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...) NOT-FOR-US: Adobe Reader CVE-2011-0601 REJECTED CVE-2011-0600 (The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x ...) NOT-FOR-US: Adobe Reader CVE-2011-0599 (The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 1 ...) NOT-FOR-US: Adobe Reader CVE-2011-0598 (Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before 10 ...) NOT-FOR-US: Adobe Reader CVE-2011-0597 REJECTED CVE-2011-0596 (The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat 10. ...) NOT-FOR-US: Adobe Reader CVE-2011-0595 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...) NOT-FOR-US: Adobe Reader CVE-2011-0594 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...) NOT-FOR-US: Adobe Reader CVE-2011-0593 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...) NOT-FOR-US: Adobe Reader CVE-2011-0592 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...) NOT-FOR-US: Adobe Reader CVE-2011-0591 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...) NOT-FOR-US: Adobe Reader CVE-2011-0590 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...) NOT-FOR-US: Adobe Reader CVE-2011-0589 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...) NOT-FOR-US: Adobe Reader CVE-2011-0588 (Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x b ...) NOT-FOR-US: Adobe Reader CVE-2011-0587 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 1 ...) NOT-FOR-US: Adobe Reader CVE-2011-0586 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...) NOT-FOR-US: Adobe Reader CVE-2011-0585 (Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0 ...) NOT-FOR-US: Adobe Reader CVE-2011-0584 (Session fixation vulnerability in Adobe ColdFusion 8.0 through 9.0.1 a ...) NOT-FOR-US: Adobe ColdFusion CVE-2011-0583 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 throu ...) NOT-FOR-US: Adobe ColdFusion CVE-2011-0582 (Unspecified vulnerability in the administrator console in Adobe ColdFu ...) NOT-FOR-US: ColdFusion CVE-2011-0581 (Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 throug ...) NOT-FOR-US: Adobe ColdFusion CVE-2011-0580 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...) NOT-FOR-US: Adobe ColdFusion CVE-2011-0579 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0578 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0577 (Unspecified vulnerability in Adobe Flash Player before 10.2.152.26 all ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0576 REJECTED CVE-2011-0575 (Untrusted search path vulnerability in Adobe Flash Player before 10.2. ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0574 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0573 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0572 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0571 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0570 (Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x b ...) NOT-FOR-US: Adobe Reader CVE-2011-0569 (The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-0568 (Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0 ...) NOT-FOR-US: Adobe Reader CVE-2011-0567 (AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x befor ...) NOT-FOR-US: Adobe Reader CVE-2011-0566 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...) NOT-FOR-US: Adobe Reader CVE-2011-0565 (Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0 ...) NOT-FOR-US: Adobe Reader CVE-2011-0564 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...) NOT-FOR-US: Adobe Reader CVE-2011-0563 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...) NOT-FOR-US: Adobe Reader CVE-2011-0562 (Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x b ...) NOT-FOR-US: Adobe Reader CVE-2011-0561 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0560 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0559 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0558 (Integer overflow in Adobe Flash Player before 10.2.152.26 allows attac ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0557 (Integer overflow in Adobe Shockwave Player before 11.5.9.620 allows re ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-0556 (The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-0555 (The TextXtra.x32 module in Adobe Shockwave Player before 11.5.9.620 al ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-0554 (The management console in Symantec IM Manager before 8.4.18 allows rem ...) NOT-FOR-US: Symantec IM Manager CVE-2011-0553 (SQL injection vulnerability in the management console in Symantec IM M ...) NOT-FOR-US: Symantec IM Manager CVE-2011-0552 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...) NOT-FOR-US: Symantec IM Manager CVE-2011-0551 (Cross-site request forgery (CSRF) vulnerability in the Web Interface i ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2011-0550 (Multiple cross-site scripting (XSS) vulnerabilities in the Web Interfa ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2011-0549 (SQL injection vulnerability in forget.php in the management GUI in Sym ...) NOT-FOR-US: Symantec Web Gateway CVE-2011-0548 (Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Aut ...) NOT-FOR-US: Lotus Freelance Graphics CVE-2011-0547 (Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Admi ...) NOT-FOR-US: Veritas CVE-2011-0546 (Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not vali ...) NOT-FOR-US: Symantec Backup Exec CVE-2011-0545 (Cross-site request forgery (CSRF) vulnerability in adduser.do in Syman ...) NOT-FOR-US: Symantec LiveUpdate Administrator CVE-2011-0544 (phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. ...) - phpbb3 3.0.7-PL1-5 (low; bug #612477) [squeeze] - phpbb3 (Minor issue) CVE-2011-0543 (Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, ...) - fuse 2.8.5-1 (low; bug #624551) [squeeze] - fuse (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0541 CVE-2011-0542 (fusermount in fuse 2.8.5 and earlier does not perform a chdir to / bef ...) - fuse 2.8.5-1 (low; bug #624551) [squeeze] - fuse (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0541 CVE-2011-0541 (fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot ...) - fuse 2.8.5-1 (low; bug #624551) [squeeze] - fuse (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0541 CVE-2011-0540 REJECTED CVE-2011-0539 (The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, ...) - openssh 1:5.8p1-2 [squeeze] - openssh (Only affects OpenSSH 5.6 and 5.7) [lenny] - openssh (Only affects OpenSSH 5.6 and 5.7) CVE-2011-0538 (Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees a ...) {DSA-2201-1} - wireshark 1.4.3-3 (low; bug #613202) CVE-2011-0537 (Multiple directory traversal vulnerabilities in (1) languages/Language ...) - mediawiki (Only affected when running on Windows or Novell Netware) CVE-2011-0536 (Multiple untrusted search path vulnerabilities in elf/dl-object.c in c ...) - eglibc 2.11.2-8 (bug #600667) - glibc (Lenny version not affected) CVE-2011-0535 (Cross-site request forgery (CSRF) vulnerability in the Users module in ...) NOT-FOR-US: zikula CVE-2011-0534 (Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not en ...) {DSA-2160-1} - tomcat5.5 (Vulnerable code not present) - tomcat6 6.0.28-10 (bug #612257) [lenny] - tomcat6 (Only ships the servlet package) CVE-2011-0533 (Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 throu ...) NOT-FOR-US: Apache Continuum CVE-2011-0532 (The (1) backup and restore scripts, (2) main initialization script, an ...) NOT-FOR-US: 389 LDAP server CVE-2011-0531 (demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media play ...) {DSA-2159-1} - vlc 1.1.7-1 (medium) [lenny] - vlc 0.8.6.h-4+lenny3 CVE-2011-0530 (Buffer overflow in the mainloop function in nbd-server.c in the server ...) {DSA-2183-1} - nbd 1:2.9.16-8 (bug #611187) [etch] - nbd (reintroduced in 2.9.0) CVE-2011-0529 (Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to m ...) - weborf 0.12.5-1 CVE-2011-0528 (Puppet 2.6.0 through 2.6.3 does not properly restrict access to node r ...) - puppet 2.6.2-3 [lenny] - puppet (Only affects 2.6.x) CVE-2011-0527 (VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0 ...) NOT-FOR-US: VMware vFabric tc Server CVE-2011-0526 (Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forum ...) NOT-FOR-US: Vanilla Forums CVE-2011-0525 (Batavi before 1.0 has CSRF. ...) NOT-FOR-US: Batavi CVE-2011-0524 (Multiple buffer overflows in the NMEA parser (nmea-gen.c) in gypsy 0.8 ...) - gypsy (bug #491723) CVE-2011-0523 (gypsy 0.8 does not properly restrict the files that can be read while ...) - gypsy (bug #491723) CVE-2011-0521 (The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in th ...) {DSA-2153-1} - linux-2.6 2.6.37-2 [wheezy] - linux-2.6 2.6.32-31 [squeeze] - linux-2.6 2.6.32-31 CVE-2011-0519 (SQL injection vulnerability in gallery.php in Gallarific PHP Photo Gal ...) NOT-FOR-US: Gallarific CVE-2011-0518 (Directory traversal vulnerability in core/lib/router.php in LotusCMS F ...) NOT-FOR-US: LotusCMS CVE-2011-0517 (Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and e ...) NOT-FOR-US: Winlog Pro CVE-2011-0516 (SQL injection vulnerability in mainx_a.php in E-PROMPT C BetMore Site ...) NOT-FOR-US: BetMore Site Suite CVE-2011-0515 (KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2 ...) NOT-FOR-US: Kingsoft AntiVirus CVE-2011-0514 (The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows rem ...) NOT-FOR-US: HP Data Protector Manager CVE-2011-0513 (DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows lo ...) NOT-FOR-US: SecurStar DriveCrypt CVE-2011-0512 (SQL injection vulnerability in team.php in the Teams Structure module ...) NOT-FOR-US: PHP-Fusion CVE-2011-0511 (SQL injection vulnerability in the allCineVid component (com_allcinevi ...) NOT-FOR-US: Joomla! component CVE-2011-0510 (SQL injection vulnerability in cart.php in Advanced Webhost Billing Sy ...) NOT-FOR-US: Advanced Webhost Billing System CVE-2011-0509 (Cross-site scripting (XSS) vulnerability in Vaadin before 6.4.9 allows ...) NOT-FOR-US: Vaadin CVE-2011-0508 (Cross-site scripting (XSS) vulnerability in system/modules/comments/Co ...) NOT-FOR-US: Contao CMS CVE-2011-0507 (FTPService.exe in Blackmoon FTP 3.1 Build 1735 and Build 1736 (3.1.7.1 ...) NOT-FOR-US: Blackmoon FTP NOTE: Windows-only CVE-2011-0506 (Directory traversal vulnerability in modules/profile/user.php in Ax De ...) NOT-FOR-US: AxDCMS CVE-2011-0505 (Directory traversal vulnerability in system/system.php in Zwii 2.1.1, ...) NOT-FOR-US: Zwii CVE-2011-0504 (Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1 ...) NOT-FOR-US: VaM Shop CVE-2011-0503 (Cross-site request forgery (CSRF) vulnerability in VaM Shop 1.6, 1.6.1 ...) NOT-FOR-US: VaM Shop CVE-2011-0502 (Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly ...) NOT-FOR-US: Music Animation Machine MIDI Player NOTE: Windows-only CVE-2011-0501 (Stack-based buffer overflow in Music Animation Machine MIDI Player 200 ...) NOT-FOR-US: Music Animation Machine MIDI Player NOTE: Windows-only CVE-2011-0500 (Buffer overflow in VideoSpirit Pro 1.6.8.1, 1.68, and earlier; and Vid ...) NOT-FOR-US: VideoSpirit Pro CVE-2011-0499 (Buffer overflow in VideoSpirit Pro 1.6.8.1 and possibly earlier versio ...) NOT-FOR-US: VideoSpirit Pro CVE-2011-0498 (Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, a ...) NOT-FOR-US: Nokia Multimedia Player CVE-2011-0497 (Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ES ...) NOT-FOR-US: Sybase EAServer CVE-2011-0496 (Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ES ...) NOT-FOR-US: Sybase EAServer CVE-2011-0495 (Stack-based buffer overflow in the ast_uri_encode function in main/uti ...) {DSA-2171-1} - asterisk 1:1.6.2.9-2+squeeze1 (bug #610487) CVE-2011-0494 (Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Mana ...) NOT-FOR-US: IBM Tivoli Access Manager CVE-2011-0489 (The server components in Objectivity/DB 10.0 do not require authentica ...) NOT-FOR-US: Objectivity/DB CVE-2011-0488 (Stack-based buffer overflow in NTWebServer.exe in the test web service ...) NOT-FOR-US: NTWebServer CVE-2011-0487 (ICQ 7 does not verify the authenticity of updates, which allows man-in ...) NOT-FOR-US: ICQ CVE-2011-0486 (Cross-site scripting (XSS) vulnerability in cognos.cgi in IBM Cognos 8 ...) NOT-FOR-US: IBM Cognos CVE-2011-0493 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow remo ...) {DSA-2148-1} - tor 0.2.1.29-1 CVE-2011-0492 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote at ...) {DSA-2148-1} - tor 0.2.1.29-1 CVE-2011-0491 (The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2 ...) {DSA-2148-1} - tor 0.2.1.29-1 CVE-2011-0490 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to L ...) {DSA-2148-1} - tor 0.2.1.29-1 CVE-2011-XXXX [multiple spip issues] - spip 2.1.1-3 (bug #609212; bug #610016) CVE-2011-0485 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...) - chromium-browser 9.0.597.45~r70550-1 [squeeze] - chromium-browser [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - webkit (chromium specific) CVE-2011-0484 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...) - chromium-browser 6.0.472.63~r59945-5 - webkit (vulnerable code not present in 1.2) NOTE: http://trac.webkit.org/changeset/75082 NOTE: http://trac.webkit.org/changeset/75084 CVE-2011-0483 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...) - chromium-browser 6.0.472.63~r59945-5 - webkit (vulnerable code not present in 1.2) NOTE: http://trac.webkit.org/changeset/74787 CVE-2011-0482 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...) {DSA-2188-1} - chromium-browser 6.0.472.63~r59945-5 - webkit 1.2.7-1 NOTE: http://trac.webkit.org/changeset/74779 CVE-2011-0481 (Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS befo ...) - chromium-browser (Chrome PDF plugin) - webkit (Chrome PDF plugin) CVE-2011-0480 (Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFm ...) {DSA-2306-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (webm not supported yet) - ffmpeg-debian (webm not supported yet) - libav 4:0.6.1-1 (bug #610550) CVE-2011-0479 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...) - chromium-browser 9.0.597.45~r70550-1 [squeeze] - chromium-browser [wheezy] - chromium-browser - webkit (chromium specific) CVE-2011-0478 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...) - chromium-browser 6.0.472.63~r59945-5 NOTE: http://trac.webkit.org/changeset/74636 CVE-2011-0477 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...) - chromium-browser 6.0.472.63~r59945-5 - webkit (chromium specific) CVE-2011-0476 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allo ...) - chromium-browser (Chrome PDF plugin) - webkit (Chrome PDF plugin) CVE-2011-0475 (Use-after-free vulnerability in Google Chrome before 8.0.552.237 and C ...) - chromium-browser (Chrome PDF plugin) - webkit (Chrome PDF plugin) CVE-2011-0474 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...) - chromium-browser 6.0.472.63~r59945-5 NOTE: http://trac.webkit.org/changeset/74574 CVE-2011-0473 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...) - chromium-browser 6.0.472.63~r59945-5 NOTE: http://trac.webkit.org/changeset/73927 NOTE: http://trac.webkit.org/changeset/73937 CVE-2011-0472 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...) - chromium-browser (Chrome PDF plugin) - webkit (Chrome PDF plugin) CVE-2011-0471 (The node-iteration implementation in Google Chrome before 8.0.552.237 ...) - chromium-browser 6.0.472.63~r59945-5 NOTE: http://trac.webkit.org/changeset/73559 NOTE: http://trac.webkit.org/changeset/73620 CVE-2011-0470 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...) - chromium-browser 9.0.597.45~r70550-1 [squeeze] - chromium-browser [wheezy] - chromium-browser - webkit (chromium specific) CVE-2011-0469 (Code injection in openSUSE when running some source services used in t ...) - open-build-service (Fixed before initial upload to Debian) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=679325 NOTE: Main fix: https://github.com/openSUSE/open-build-service/commit/76b0ab003f34435ca90d943e02dd22279cdeec2a NOTE: Secondary fix: https://github.com/openSUSE/open-build-service/commit/23c8d21c75242999e29379e6ca8418a14c8725c6 CVE-2011-0468 (The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and befo ...) NOT-FOR-US: OpenSUSE aaa_base package CVE-2011-0467 (A vulnerability in the listing of available software of SUSE Studio On ...) NOT-FOR-US: SUSE Studio Onsite CVE-2011-0466 (The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2. ...) NOT-FOR-US: openSUSE Build Service CVE-2011-0465 (xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote ...) {DSA-2213-1} - x11-xserver-utils 7.6+2 (low; bug #621423) NOTE: http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56 NOTE: low as this is not enabled in a standard setup CVE-2011-0464 (Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 ...) NOT-FOR-US: Novell Vibe OnPrem CVE-2011-0463 (The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Or ...) - linux-2.6 2.6.39-1 [squeeze] - linux-2.6 2.6.32-34 CVE-2011-0462 (Multiple cross-site scripting (XSS) vulnerabilities in the login page ...) NOT-FOR-US: openSUSE Build Service CVE-2011-0461 (/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 i ...) NOT-FOR-US: OpenSUSE aaa_base package CVE-2011-0460 (The init script in kbd, possibly 1.14.1 and earlier, allows local user ...) - kbd (SUSE-specific) CVE-2011-0459 (Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault W ...) NOT-FOR-US: Cyber-Ark CVE-2011-0458 (Untrusted search path vulnerability in the Locate on Disk feature in G ...) NOT-FOR-US: Google Picasa CVE-2011-0457 (Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier al ...) NOT-FOR-US: e107 CVE-2011-0456 (webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier al ...) - otrs2 2.4.5-1 CVE-2011-0455 (Cross-site scripting (XSS) vulnerability in Things BBS before 2.0.3 an ...) NOT-FOR-US: Things BBS CVE-2011-0454 (Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 ...) NOT-FOR-US: PPP Access Concentrator CVE-2011-0453 (F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not requir ...) NOT-FOR-US: F-Secure Internet Gatekeeper CVE-2011-0452 (Untrusted search path vulnerability in the script function in Lunascap ...) NOT-FOR-US: Lunascape CVE-2011-0451 (Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty ...) NOT-FOR-US: EC-CUBE CVE-2011-0450 (The downloads manager in Opera before 11.01 on Windows does not proper ...) NOT-FOR-US: Opera CVE-2011-0449 (actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x ...) - rails (Only affects 3.x) CVE-2011-0448 (Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the ...) - rails (Only affects 3.x) CVE-2011-0447 (Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3. ...) {DSA-2247-1} - rails 2.3.11-0.1 (bug #614864) CVE-2011-0446 (Multiple cross-site scripting (XSS) vulnerabilities in the mail_to hel ...) {DSA-2247-1} - rails 2.3.11-0.1 (bug #614864) CVE-2011-0426 (Directory traversal vulnerability in vCenter Server in VMware vCenter ...) NOT-FOR-US: VMware CVE-2011-0445 (The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote ...) - wireshark (Only affects Wireshark 1.4, fixed in experimental) CVE-2011-0444 (Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-l ...) - wireshark 1.2.11-6 [lenny] - wireshark (Vulnerable code not present) CVE-2011-0443 (SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, ...) NOT-FOR-US: tinyBB CVE-2011-0442 (The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to t ...) NOT-FOR-US: EMC Avamar CVE-2011-0441 (The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows lo ...) {DSA-2195-1} - php5 5.3.6-1 (bug #618489) NOTE: Debian-specific CVE-2011-0440 (Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before ...) {DSA-2206-1} - mahara 1.2.7-1 CVE-2011-0439 (Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 ...) {DSA-2206-1} - mahara 1.2.7-1 CVE-2011-0438 (nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success co ...) - nss-pam-ldapd (Only affects 0.8.0, which was only uploaded to experimental) CVE-2011-0437 (shared/inc/sql/ssh.php in the SSH accounts management implementation i ...) {DSA-2179-1} - dtc 0.32.10-1 CVE-2011-0436 (The register_user function in client/new_account_form.php in Domain Te ...) {DSA-2179-1} - dtc 0.32.10-1 (bug #614302) CVE-2011-0435 (Domain Technologie Control (DTC) before 0.32.9 does not require authen ...) {DSA-2179-1} - dtc 0.32.10-1 CVE-2011-0434 (Multiple SQL injection vulnerabilities in Domain Technologie Control ( ...) {DSA-2179-1} - dtc 0.32.10-1 CVE-2011-0433 (Heap-based buffer overflow in the linetoken function in afmparse.c in ...) {DSA-2388-1} - evince 2.32.0-1 (bug #614668) [squeeze] - evince 2.30.3-2+squeeze1 - vftool 2.0alpha-4.1 (low; bug #614669) [squeeze] - vftool 2.0alpha-4+squeeze1 [lenny] - vftool 2.0alpha-3+lenny1 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=640923 - t1lib 5.1.2-3.5 [lenny] - t1lib 5.1.2-3+lenny1 [squeeze] - t1lib 5.1.2-3+squeeze1 NOTE: vuln source file is lib/t1lib/parseAFM.c, which differs slightly from evince's afmparse.c in the affected areas but it is indeed affected NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=640923 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=643882 CVE-2011-0432 (Multiple SQL injection vulnerabilities in the get_userinfo method in t ...) {DSA-2177-1} - pywebdav 0.9.4-3 CVE-2011-0431 (The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel ...) {DSA-2168-1} - openafs 1.4.14+dfsg-1 CVE-2011-0430 (Double free vulnerability in the Rx server process in OpenAFS 1.4.14, ...) {DSA-2168-1} - openafs 1.4.14+dfsg-1 CVE-2011-0429 RESERVED CVE-2011-0428 (Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow re ...) - ikiwiki 3.20110122 [squeeze] - ikiwiki 3.20100815.5 [lenny] - ikiwiki (Vulnerable code not present) NOTE: https://ikiwiki.info/security/#index38h2 CVE-2011-0427 (Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0 ...) {DSA-2148-1} - tor 0.2.1.29-1 CVE-2011-0425 RESERVED CVE-2011-0424 RESERVED CVE-2011-0423 (The PolyVision RoomWizard with firmware 3.2.3 has a default password o ...) NOT-FOR-US: PolyVision RoomWizard CVE-2011-0422 RESERVED CVE-2011-0421 (The _zip_name_locate function in zip_name_locate.c in the Zip extensio ...) {DSA-2266-1} - php5 5.3.6-1 NOTE: http://svn.php.net/viewvc?view=revision&revision=307867 - libzip 0.10-1 (low) [squeeze] - libzip (Minor issue) NOTE: http://hg.nih.at/libzip/?fd=13654bfdc88c;file=lib/zip_name_locate.c CVE-2011-0420 (The grapheme_extract function in the Internationalization extension (I ...) {DSA-2266-1} - php5 5.3.6-1 (unimportant) [lenny] - php5 (intl extension added in 5.3) NOTE: Only triggerable through malicious script NOTE: http://svn.php.net/viewvc?view=revision&revision=306449 CVE-2011-0419 (Stack consumption vulnerability in the fnmatch implementation in apr_f ...) {DSA-2237-2} - apr 1.4.4-1 (low) CVE-2011-0418 (The glob implementation in Pure-FTPd before 1.0.32, and in libc in Net ...) - pure-ftpd 1.0.32-1 (unimportant) NOTE: The attack could not be reproduced on Linux. The upstream change from 1.0.32 NOTE: only disables GLOB_BRACE, possibly to protect installations with a vulnerable libc CVE-2011-0417 RESERVED CVE-2011-0416 RESERVED CVE-2011-0415 RESERVED CVE-2011-0414 (ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative s ...) {DSA-2208-1} - bind9 1:9.7.3.dfsg-1 (bug #601830) [lenny] - bind9 (Introduced in 9.7.1) CVE-2011-0413 (The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV ...) {DSA-2184-1} - isc-dhcp 4.1.1-P1-16 (bug #611217) - dhcp3 (vuln code introduced in 4.0) - dhcp (vuln code introduced in 4.0) NOTE: maintainer is aware NOTE: http://www.isc.org/software/dhcp/advisories/cve-2011-0413 CVE-2011-0412 (Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unenc ...) NOT-FOR-US: Oracle Solaris CVE-2011-0411 (The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x befo ...) {DSA-2233-1} - postfix 2.8.0-1 (bug #617849) NOTE: http://www.securityfocus.com/archive/1/516901/30/0/threaded NOTE: http://www.postfix.org/announcements/postfix-2.7.3.html NOTE: http://www.postfix.org/CVE-2011-0411.html NOTE: http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q CVE-2011-0410 (CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for networ ...) NOT-FOR-US: CollabNet ScrumWorks Basic CVE-2011-0409 RESERVED CVE-2011-0408 (pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cau ...) - libpng (vulnerable code introduced in 1.5.0, not packaged) CVE-2011-0407 (SQL injection vulnerability in the store function in _phenotype/system ...) NOT-FOR-US: Phenotype CMS CVE-2011-0406 (Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6. ...) NOT-FOR-US: WellinTech KingView CVE-2011-0405 (Directory traversal vulnerability in module.php in PhpGedView 4.2.3 an ...) - phpgedview CVE-2011-0404 (Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.0 ...) NOT-FOR-US: NetSupport Manager Agent for Linux CVE-2011-0403 (Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, ...) NOT-FOR-US: ImgBurn CVE-2011-0402 (dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted rem ...) {DSA-2142-1} - dpkg 1.15.8.8 CVE-2011-0401 (Piwik before 1.1 does not properly limit the number of files stored un ...) - piwik (bug #506933) CVE-2011-0400 (Cookie.php in Piwik before 1.1 does not set the secure flag for the se ...) - piwik (bug #506933) CVE-2011-0399 (Piwik before 1.1 does not prevent the rendering of the login form insi ...) - piwik (bug #506933) CVE-2011-0398 (The Piwik_Common::getIP function in Piwik before 1.1 does not properly ...) - piwik (bug #506933) CVE-2011-0397 RESERVED CVE-2011-0396 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...) NOT-FOR-US: Cisco CVE-2011-0395 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...) NOT-FOR-US: Cisco CVE-2011-0394 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...) NOT-FOR-US: Cisco CVE-2011-0393 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...) NOT-FOR-US: Cisco CVE-2011-0392 (Cisco TelePresence Recording Server devices with software 1.6.x do not ...) NOT-FOR-US: Cisco CVE-2011-0391 (Cisco TelePresence Recording Server devices with software 1.6.x allow ...) NOT-FOR-US: Cisco CVE-2011-0390 (The XML-RPC implementation on Cisco TelePresence Multipoint Switch (CT ...) NOT-FOR-US: Cisco CVE-2011-0389 (Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0. ...) NOT-FOR-US: Cisco CVE-2011-0388 (Cisco TelePresence Recording Server devices with software 1.6.x and Ci ...) NOT-FOR-US: Cisco CVE-2011-0387 (The administrative web interface on Cisco TelePresence Multipoint Swit ...) NOT-FOR-US: Cisco CVE-2011-0386 (The XML-RPC implementation on Cisco TelePresence Recording Server devi ...) NOT-FOR-US: Cisco CVE-2011-0385 (The administrative web interface on Cisco TelePresence Recording Serve ...) NOT-FOR-US: Cisco CVE-2011-0384 (The Java Servlet framework on Cisco TelePresence Multipoint Switch (CT ...) NOT-FOR-US: Cisco CVE-2011-0383 (The Java Servlet framework on Cisco TelePresence Recording Server devi ...) NOT-FOR-US: Cisco CVE-2011-0382 (The CGI subsystem on Cisco TelePresence Recording Server devices with ...) NOT-FOR-US: Cisco CVE-2011-0381 (Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers ...) NOT-FOR-US: Cisco CVE-2011-0380 (Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers ...) NOT-FOR-US: Cisco CVE-2011-0379 (Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 serie ...) NOT-FOR-US: Cisco CVE-2011-0378 (The XML-RPC implementation on Cisco TelePresence endpoint devices with ...) NOT-FOR-US: Cisco CVE-2011-0377 (Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x ...) NOT-FOR-US: Cisco CVE-2011-0376 (The TFTP implementation on Cisco TelePresence endpoint devices with so ...) NOT-FOR-US: Cisco CVE-2011-0375 (The CGI implementation on Cisco TelePresence endpoint devices with sof ...) NOT-FOR-US: Cisco CVE-2011-0374 (The CGI implementation on Cisco TelePresence endpoint devices with sof ...) NOT-FOR-US: Cisco CVE-2011-0373 (The CGI implementation on Cisco TelePresence endpoint devices with sof ...) NOT-FOR-US: Cisco CVE-2011-0372 (The CGI implementation on Cisco TelePresence endpoint devices with sof ...) NOT-FOR-US: Cisco CVE-2011-0371 RESERVED CVE-2011-0370 RESERVED CVE-2011-0369 RESERVED CVE-2011-0368 RESERVED CVE-2011-0367 RESERVED CVE-2011-0366 RESERVED CVE-2011-0365 RESERVED CVE-2011-0364 (The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2 ...) NOT-FOR-US: Cisco Security Agent Management CVE-2011-0363 RESERVED CVE-2011-0362 RESERVED CVE-2011-0361 RESERVED CVE-2011-0360 RESERVED CVE-2011-0359 RESERVED CVE-2011-0358 RESERVED CVE-2011-0357 RESERVED CVE-2011-0356 RESERVED CVE-2011-0355 (Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through ...) NOT-FOR-US: Cisco CVE-2011-0354 (The default configuration of Cisco Tandberg C Series Endpoints, and Ta ...) NOT-FOR-US: Cisco CVE-2011-0353 RESERVED CVE-2011-0352 (Buffer overflow in the web-based management interface on the Cisco Lin ...) NOT-FOR-US: Linksys router CVE-2011-0351 RESERVED CVE-2011-0350 (Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 o ...) NOT-FOR-US: Cisco IOS CVE-2011-0349 (Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 o ...) NOT-FOR-US: Cisco IOS CVE-2011-0348 (Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before 12.4(2 ...) NOT-FOR-US: Cisco IOS CVE-2011-0347 (Microsoft Internet Explorer on Windows XP allows remote attackers to t ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-0346 (Use-after-free vulnerability in the ReleaseInterface function in MSHTM ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-0345 (Directory traversal vulnerability in the NMS server in Alcatel-Lucent ...) NOT-FOR-US: Alcatel-Lucent OmniVista CVE-2011-0344 (Multiple stack-based buffer overflows in unspecified CGI programs in t ...) NOT-FOR-US: Unified Maintenance Tool CVE-2011-0342 (Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ...) NOT-FOR-US: InduSoft ISSymbol ActiveX CVE-2011-0341 (Stack-based buffer overflow in the pdfmoz_onmouse function in apps/moz ...) NOT-FOR-US: MuPDF plug-in for Firefox CVE-2011-0340 (Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol. ...) NOT-FOR-US: ISSymbol.ocx CVE-2011-0339 RESERVED CVE-2011-0338 RESERVED CVE-2011-0337 RESERVED CVE-2011-0336 RESERVED CVE-2011-0335 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attacker ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-0334 (Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (G ...) NOT-FOR-US: Novell GroupWise CVE-2011-0333 (Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf func ...) NOT-FOR-US: Novell GroupWise CVE-2011-0332 (Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom b ...) NOT-FOR-US: Foxit Reader CVE-2011-0331 (Use-after-free vulnerability in the addOSPLext method in the Honeywell ...) NOT-FOR-US: Honeywell ScanServer CVE-2011-0330 (The Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx ...) NOT-FOR-US: Dell System Lite CVE-2011-0329 (Directory traversal vulnerability in the GetData method in the Dell De ...) NOT-FOR-US: Dell System Lite CVE-2011-0328 RESERVED CVE-2011-0327 RESERVED CVE-2011-0326 RESERVED CVE-2011-0325 RESERVED CVE-2011-0324 (Multiple heap-based buffer overflows in Topaz Systems SigPlus Pro Acti ...) NOT-FOR-US: Topaz Systems SigPlus CVE-2011-0323 (Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other ver ...) NOT-FOR-US: Topaz Systems SigPlus CVE-2011-0322 (Unspecified vulnerability in EMC RSA Access Manager Server 5.5.x, 6.0. ...) NOT-FOR-US: EMC RSA Access Manager Server CVE-2011-0321 (librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before ...) NOT-FOR-US: EMC NetWorker CVE-2011-0320 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attacker ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-0319 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attacker ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-0318 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attacker ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-0317 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attacker ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-0316 (The Administrative Console component in IBM WebSphere Application Serv ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2011-0315 (Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web C ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2011-0314 (Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and ...) NOT-FOR-US: IBM WebSphere MQ CVE-2011-0313 RESERVED CVE-2011-0312 RESERVED CVE-2011-0311 (The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IB ...) NOT-FOR-US: IBM Java CVE-2011-0310 (Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote a ...) NOT-FOR-US: IBM WebSphere MQ CVE-2011-0309 RESERVED CVE-2011-0308 RESERVED CVE-2011-0307 RESERVED CVE-2011-0306 RESERVED CVE-2011-0305 RESERVED CVE-2011-0304 RESERVED CVE-2011-0303 RESERVED CVE-2011-0302 RESERVED CVE-2011-0301 RESERVED CVE-2011-0300 RESERVED CVE-2011-0299 RESERVED CVE-2011-0298 RESERVED CVE-2011-0297 RESERVED CVE-2011-0296 RESERVED CVE-2011-0295 RESERVED CVE-2011-0294 RESERVED CVE-2011-0293 RESERVED CVE-2011-0292 RESERVED CVE-2011-0291 (The BlackBerry PlayBook service on the Research In Motion (RIM) BlackB ...) NOT-FOR-US: BlackBarry PlayBook CVE-2011-0290 (The BlackBerry Collaboration Service in Research In Motion (RIM) Black ...) NOT-FOR-US: BlackBerry Enterprise Server CVE-2011-0289 RESERVED CVE-2011-0288 RESERVED CVE-2011-0287 (Unspecified vulnerability in the BlackBerry Administration API in Rese ...) NOT-FOR-US: BlackBerry products CVE-2011-0286 (Cross-site scripting (XSS) vulnerability in webdesktop/app in the Blac ...) NOT-FOR-US: BlackBerry Enterprise Server CVE-2011-XXXX - xdigger (bug #609096) [lenny] - xdigger 1.0.10-13+lenny1 NOTE: CVE ID requested CVE-2011-XXXX [Crash with long HOME environment variable] - toppler 1.1.4-2 (unimportant; bug #608979) NOTE: Negligible privilege escalation CVE-2011-XXXX [Crash with long HOME environment variable] - lbreakout2 (unimportant; bug #608980) NOTE: sgid games is dropped before buffer overflow CVE-2011-XXXX [Crash with long GGI_DISPLAY environment variable] - libggi (bug #608981) [squeeze] - libggi (Minor issue) CVE-2011-0343 (Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeB ...) - syslog-ng 3.1.3-2 (bug #608491) [lenny] - syslog-ng (2.0 not affected, also Freebsd-specific, which is not supported in Lenny anyway) CVE-2011-0285 (The process_chpw_request function in schpw.c in the password-changing ...) - krb5 1.9.1+dfsg-1 (bug #622681) [squeeze] - krb5 1.8.3+dfsg-4squeeze1 [lenny] - krb5 (see below) NOTE: 1.6 is not affected: While the error case in the process_chpw_request() NOTE: in kadmind in 1.6 can leave the data pointer uninitialized, the error NOTE: path in its caller will not free() that pointer (the invalid pointer NOTE: goes out of scope without being freed), unlike in krb5-1.7 and later. NOTE: Those later releases add support for password changing over TCP, and NOTE: the error path in the TCP handling code is what frees the NOTE: uninitialized pointer. (Clarification by Tom Yu) CVE-2011-0284 (Double free vulnerability in the prepare_error_as function in do_as_re ...) - krb5 1.8.3+dfsg-6 (low; bug #618517) [squeeze] - krb5 1.8.3+dfsg-4squeeze1 [lenny] - krb5 (Will be fixed through a point update) CVE-2011-0283 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 all ...) - krb5 (Only affects 1.9.x) [squeeze] - krb5 (minor issue) [lenny] - krb5 (minor issue) CVE-2011-0282 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x t ...) - krb5 1.8.3+dfsg-5 [squeeze] - krb5 1.8.3+dfsg-4squeeze1 [lenny] - krb5 (Will be fixed in a point update) CVE-2011-0281 (The unparse implementation in the Key Distribution Center (KDC) in MIT ...) - krb5 1.8.3+dfsg-5 [squeeze] - krb5 1.8.3+dfsg-4squeeze1 [lenny] - krb5 (Will be fixed in a point update) CVE-2011-0280 (Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manage ...) NOT-FOR-US: HP Power Manager CVE-2011-0279 (HP Multifunction Peripheral (MFP) Digital Sending Software (DSS) 4.91. ...) NOT-FOR-US: HP Multifunction Peripheral CVE-2011-0278 (Unspecified vulnerability in HP Web Jetadmin 10.2 Service Release 3 an ...) NOT-FOR-US: HP Web Jetadmin CVE-2011-0277 (Cross-site request forgery (CSRF) vulnerability in HP Power Manager (H ...) NOT-FOR-US: HP Power Manager CVE-2011-0276 (HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 c ...) NOT-FOR-US: HP OpenView Performance Insight Server CVE-2011-0275 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6 ...) NOT-FOR-US: HP OpenView CVE-2011-0274 (Cross-site scripting (XSS) vulnerability in HP Business Availability C ...) NOT-FOR-US: HP Business Availability CVE-2011-0273 (Buffer overflow in crs.exe in HP OpenView Storage Data Protector Cell ...) NOT-FOR-US: HP OpenView Storage Data Protector CVE-2011-0272 (Unspecified vulnerability in HP LoadRunner 9.52 allows remote attacker ...) NOT-FOR-US: HP LoadRunner CVE-2011-0271 (The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and ...) NOT-FOR-US: HP OpenView CVE-2011-0270 (Format string vulnerability in nnmRptConfig.exe in HP OpenView Network ...) NOT-FOR-US: HP OpenView CVE-2011-0269 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manage ...) NOT-FOR-US: HP OpenView CVE-2011-0268 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manage ...) NOT-FOR-US: HP OpenView CVE-2011-0267 (Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network N ...) NOT-FOR-US: HP OpenView CVE-2011-0266 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manage ...) NOT-FOR-US: HP OpenView CVE-2011-0265 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manage ...) NOT-FOR-US: HP OpenView CVE-2011-0264 (Stack-based buffer overflow in ovutil.dll in HP OpenView Network Node ...) NOT-FOR-US: HP OpenView CVE-2011-0263 (Multiple stack-based buffer overflows in ovas.exe in the OVAS service ...) NOT-FOR-US: HP OpenView CVE-2011-0262 (Buffer overflow in the stringToSeconds function in ovutil.dll in ovweb ...) NOT-FOR-US: HP OpenView CVE-2011-0261 (Unspecified vulnerability in jovgraph.exe in jovgraph in HP OpenView N ...) NOT-FOR-US: HP OpenView CVE-2011-0260 (The CoreProcesses component in Apple Mac OS X 10.7 before 10.7.2 does ...) NOT-FOR-US: Apple Mac OS CVE-2011-0259 (CoreFoundation, as used in Apple iTunes before 10.5, does not properly ...) NOT-FOR-US: Apple iTunes CVE-2011-0258 (Apple QuickTime before 7.7 on Windows allows remote attackers to execu ...) NOT-FOR-US: Apple QuickTime CVE-2011-0257 (Integer signedness error in Apple QuickTime before 7.7 allows remote a ...) NOT-FOR-US: Apple QuickTime CVE-2011-0256 (Integer overflow in Apple QuickTime before 7.7 allows remote attackers ...) NOT-FOR-US: Apple QuickTime CVE-2011-0255 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0254 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0253 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0252 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2011-0251 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2011-0250 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2011-0249 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2011-0248 (Stack-based buffer overflow in the QuickTime ActiveX control in Apple ...) NOT-FOR-US: Apple QuickTime CVE-2011-0247 (Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on ...) NOT-FOR-US: Apple QuickTime CVE-2011-0246 (Heap-based buffer overflow in Apple QuickTime before 7.7 on Windows al ...) NOT-FOR-US: Apple QuickTime CVE-2011-0245 (Buffer overflow in Apple QuickTime before 7.7 allows remote attackers ...) NOT-FOR-US: Apple QuickTime CVE-2011-0244 (WebKit in Apple Safari before 5.0.6 allows user-assisted remote attack ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0243 RESERVED CVE-2011-0242 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0241 (Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 all ...) NOT-FOR-US: Apple Safari CVE-2011-0240 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0239 RESERVED CVE-2011-0238 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0237 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0236 RESERVED CVE-2011-0235 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0234 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0233 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0232 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0231 (CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0230 (Buffer overflow in the ATSFontDeactivate API in Apple Type Services (A ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0229 (Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not pr ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0228 (The Data Security component in Apple iOS before 4.2.10 and 4.3.x befor ...) NOT-FOR-US: Apple iOS CVE-2011-0227 (The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2 ...) NOT-FOR-US: Apple iOS CVE-2011-0226 (Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, ...) {DSA-2294-1} - freetype 2.4.6-1 (bug #635871) CVE-2011-0225 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0224 (CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0223 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0222 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0221 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0220 (Apple Bonjour before 2011 allows a crash via a crafted multicast DNS p ...) NOT-FOR-US: Apple CVE-2011-0219 (Apple Safari before 5.0.6 allows remote attackers to bypass the Same O ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0218 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0217 (Apple Safari before 5.0.6 provides AutoFill information to scripts tha ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0216 (Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote ...) {DSA-2394-1} - libxml2 2.7.8.dfsg-5.1 (bug #652352) CVE-2011-0215 (ImageIO in Apple Safari before 5.0.6 on Windows does not properly addr ...) NOT-FOR-US: ImageIO in Apple Safari CVE-2011-0214 (CFNetwork in Apple Safari before 5.0.6 on Windows does not properly ha ...) NOT-FOR-US: CFNetwork in Apple Safari CVE-2011-0213 (Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows re ...) NOT-FOR-US: QuickTime in Apple Mac OS CVE-2011-0212 (servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0211 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows r ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0210 (QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to e ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0209 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows r ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0208 (QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0207 (The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartex ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0206 (Buffer overflow in International Components for Unicode (ICU) in Apple ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0205 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0204 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0203 (Absolute path traversal vulnerability in xftpd in the FTP Server compo ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0202 (Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allow ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0201 (Off-by-one error in the CoreFoundation framework in Apple Mac OS X bef ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0200 (Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows r ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0199 (The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0198 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac O ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0197 (App Store in Apple Mac OS X before 10.6.8 creates a log entry containi ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0196 (AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a de ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0195 (The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4. ...) NOT-FOR-US: Apple iOS CVE-2011-0194 (Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allow ...) NOT-FOR-US: Apple Mac OS CVE-2011-0193 (Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 ...) NOT-FOR-US: Apple Mac OS CVE-2011-0192 (Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other vers ...) {DSA-2210-1} - tiff 3.9.4-7 - tiff3 (fixed before initial upload) CVE-2011-0191 (Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used ...) {DSA-2210-1} - tiff 3.9.4-1 - tiff3 (fixed before initial upload) NOTE: This might've been fixed earlier even CVE-2011-0190 (Install Helper in Installer in Apple Mac OS X before 10.6.7 does not p ...) NOT-FOR-US: Apple Mac OS CVE-2011-0189 (The default configuration of Terminal in Apple Mac OS X 10.6 before 10 ...) NOT-FOR-US: Apple Mac OS CVE-2011-0188 (The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Rub ...) {DLA-235-1 DLA-88-1} - ruby1.8 1.8.7.352-1 (bug #628452) - ruby1.9 (bug #628451) - ruby1.9.1 1.9.2.290-1 (bug #628450) CVE-2011-0187 (The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote ...) NOT-FOR-US: Apple Mac OS CVE-2011-0186 (QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to e ...) NOT-FOR-US: Apple Mac OS CVE-2011-0185 (Format string vulnerability in the debug-logging feature in Applicatio ...) NOT-FOR-US: Apple Mac OS X CVE-2011-0184 (QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers ...) NOT-FOR-US: Apple Mac OS CVE-2011-0183 (Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an un ...) NOT-FOR-US: Apple Mac OS CVE-2011-0182 (The i386_set_ldt system call in the kernel in Apple Mac OS X before 10 ...) NOT-FOR-US: Apple Mac OS CVE-2011-0181 (Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows rem ...) NOT-FOR-US: Apple Mac OS CVE-2011-0180 (Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local u ...) NOT-FOR-US: Apple Mac OS CVE-2011-0179 (CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to ex ...) NOT-FOR-US: Apple Mac OS CVE-2011-0178 (The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 pro ...) NOT-FOR-US: Apple Mac OS CVE-2011-0177 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS ...) NOT-FOR-US: Apple Mac OS CVE-2011-0176 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS ...) NOT-FOR-US: Apple Mac OS CVE-2011-0175 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS ...) NOT-FOR-US: Apple Mac OS CVE-2011-0174 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac O ...) NOT-FOR-US: Apple Mac OS CVE-2011-0173 (Multiple format string vulnerabilities in AppleScript in Apple Mac OS ...) NOT-FOR-US: Apple Mac OS CVE-2011-0172 (AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers t ...) NOT-FOR-US: Apple Mac OS CVE-2011-0171 RESERVED CVE-2011-0170 (Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes ...) NOT-FOR-US: Apple iTunes CVE-2011-0169 (WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, d ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0168 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0167 (The windows functionality in WebKit in Apple Safari before 5.0.4 allow ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0166 (The HTML5 drag and drop functionality in WebKit in Apple Safari before ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0165 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0164 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0163 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0162 (Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properl ...) NOT-FOR-US: Apple iOS CVE-2011-0161 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0160 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0159 (The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does ...) NOT-FOR-US: Safari in Apple iOS CVE-2011-0158 (MobileSafari in Apple iOS before 4.3 does not properly implement appli ...) NOT-FOR-US: MobileSafari in Apple iOS CVE-2011-0157 (WebKit, as used in Apple iOS before 4.3, allows remote attackers to ex ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0156 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0155 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0154 (WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0153 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0152 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0151 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0150 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0149 (WebKit, as used in Apple iTunes before 10.2 on Windows, does not prope ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0148 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0147 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0146 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0145 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0144 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0143 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0142 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0141 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0140 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0139 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0138 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0137 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0136 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0135 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0134 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0133 (WebKit, as used in Apple iTunes before 10.2 on Windows, does not prope ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0132 (Use-after-free vulnerability in the Runin box functionality in the Cas ...) NOT-FOR-US: Apple CVE-2011-0131 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0130 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0129 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0128 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0127 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0126 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0125 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0124 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0123 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0122 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0121 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0120 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0119 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0118 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0117 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0116 (Use-after-free vulnerability in the setOuterText method in the htmlele ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0115 (The DOM level 2 implementation in WebKit, as used in Apple iTunes befo ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0114 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0113 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0112 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0111 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0110 REJECTED CVE-2011-0109 REJECTED CVE-2011-0108 REJECTED CVE-2011-0107 (Untrusted search path vulnerability in Microsoft Office XP SP3, Office ...) NOT-FOR-US: Microsoft Office CVE-2011-0106 REJECTED CVE-2011-0105 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML F ...) NOT-FOR-US: Microsoft Excel CVE-2011-0104 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, a ...) NOT-FOR-US: Microsoft Excel CVE-2011-0103 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, a ...) NOT-FOR-US: Microsoft Excel CVE-2011-0102 REJECTED CVE-2011-0101 (Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Microsoft Excel CVE-2011-0100 REJECTED CVE-2011-0099 REJECTED CVE-2011-0098 (Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 S ...) NOT-FOR-US: Microsoft Excel CVE-2011-0097 (Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and ...) NOT-FOR-US: Microsoft Excel CVE-2011-0096 (The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Window ...) NOT-FOR-US: Microsoft mhtml CVE-2011-0095 REJECTED CVE-2011-0094 (Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 al ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-0093 (ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does ...) NOT-FOR-US: Microsoft Visio CVE-2011-0092 (The LZW stream decompression functionality in ORMELEMS.DLL in Microsof ...) NOT-FOR-US: Microsoft Visio CVE-2011-0091 (Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not pr ...) NOT-FOR-US: Microsoft Windows CVE-2011-0090 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2011-0089 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2011-0088 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2011-0087 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2011-0086 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2011-0085 (Use-after-free vulnerability in the nsXULCommandDispatcher function in ...) {DSA-2273-3 DSA-2269-1 DSA-2268-1} - iceweasel 3.5.19-3 - xulrunner (unimportant) [lenny] - xulrunner 1.9.0.19-12 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-3 [lenny] - iceape (Only a stub package) - icedove 3.1.11-1 [lenny] - icedove NOTE: xulrunner in wheezy is not covered by security support CVE-2011-0084 (The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox be ...) {DSA-2297-1 DSA-2296-1 DSA-2295-1} - icedove 3.1.12-1 [lenny] - xulrunner (Only affects Firefox >= 3.6) - iceweasel 6.0-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-5 [lenny] - iceape (Only a stub package) [lenny] - icedove (Only affects Thunderbird 5) CVE-2011-0083 (Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem func ...) {DSA-2273-3 DSA-2269-1 DSA-2268-1} - iceweasel 3.5.19-3 - xulrunner (unimportant) [lenny] - xulrunner 1.9.0.19-12 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-3 [lenny] - iceape (Only a stub package) - icedove 3.1.11-1 [lenny] - icedove NOTE: xulrunner in wheezy is not covered by security support CVE-2011-0082 (The X.509 certificate validation functionality in Mozilla Firefox 4.0. ...) - xulrunner (unimportant) - iceweasel (unimportant; bug #627552) NOTE: Negligible impact CVE-2011-0081 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6 ...) {DSA-2235-1 DSA-2228-1 DSA-2227-1} - xulrunner (Only affects Firefox 4.0/3.6, not yet in unstable) - iceweasel (Only affects Firefox 4.0/3.6, not yet in unstable) CVE-2011-0080 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2235-1 DSA-2228-1 DSA-2227-1} - xulrunner (unimportant) - iceweasel 3.5.19-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-1 [lenny] - iceape (Only a stub package) - icedove 3.1.10-1 [lenny] - icedove NOTE: xulrunner in wheezy is not covered by security support CVE-2011-0079 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - xulrunner (Only affects Firefox 4.0, not yet in unstable) - iceweasel (Only affects Firefox 4.0, not yet in unstable) CVE-2011-0078 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...) {DSA-2235-1 DSA-2228-1 DSA-2227-1} - xulrunner (unimportant) - iceweasel 3.5.19-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-1 [lenny] - iceape (Only a stub package) - icedove 3.1.10-1 [lenny] - icedove NOTE: xulrunner in wheezy is not covered by security support CVE-2011-0077 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...) {DSA-2235-1 DSA-2228-1 DSA-2227-1} - xulrunner (unimportant) - iceweasel 3.5.19-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-1 [lenny] - iceape (Only a stub package) - icedove 3.1.10-1 [lenny] - icedove NOTE: xulrunner in wheezy is not covered by security support CVE-2011-0076 (Unspecified vulnerability in the Java Embedding Plugin (JEP) in Mozill ...) - xulrunner (Only affects MacOS X) - iceweasel (Only affects MacOS X) CVE-2011-0075 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...) {DSA-2235-1 DSA-2228-1 DSA-2227-1} - xulrunner (unimportant) - iceweasel 3.5.19-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-1 [lenny] - iceape (Only a stub package) - icedove 3.1.10-1 [lenny] - icedove NOTE: xulrunner in wheezy is not covered by security support CVE-2011-0074 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...) {DSA-2235-1 DSA-2228-1 DSA-2227-1} - xulrunner (unimportant) - iceweasel 3.5.19-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-1 [lenny] - iceape (Only a stub package) - icedove 3.1.10-1 [lenny] - icedove NOTE: xulrunner in wheezy is not covered by security support CVE-2011-0073 (Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey b ...) {DSA-2235-1 DSA-2228-1 DSA-2227-1} - xulrunner (unimportant) - iceweasel 3.5.19-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2011-0072 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...) {DSA-2235-1 DSA-2228-1 DSA-2227-1} - xulrunner (unimportant) - iceweasel 3.5.19-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-1 [lenny] - iceape (Only a stub package) - icedove 3.1.10-1 [lenny] - icedove NOTE: xulrunner in wheezy is not covered by security support CVE-2011-0071 (Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and ...) {DSA-2235-1 DSA-2228-1 DSA-2227-1} - xulrunner (unimportant) - iceweasel 3.5.19-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-1 [lenny] - iceape (Only a stub package) - icedove 3.1.10-1 [lenny] - icedove NOTE: xulrunner in wheezy is not covered by security support CVE-2011-0070 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...) {DSA-2235-1 DSA-2228-1 DSA-2227-1} - xulrunner (unimportant) - iceweasel 3.5.19-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-1 [lenny] - iceape (Only a stub package) - icedove 3.1.10-1 [lenny] - icedove NOTE: xulrunner in wheezy is not covered by security support CVE-2011-0069 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...) {DSA-2235-1 DSA-2228-1 DSA-2227-1} - xulrunner (Vulnerable code not present) - iceweasel 3.5.19-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-1 [lenny] - iceape (Only a stub package) - icedove 3.1.10-1 [lenny] - icedove CVE-2011-0068 RESERVED - xulrunner (Only affects Firefox 4.0, not yet in unstable) - iceweasel (Only affects Firefox 4.0, not yet in unstable) CVE-2011-0067 (Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey b ...) {DSA-2235-1 DSA-2228-1 DSA-2227-1} - xulrunner (unimportant) - iceweasel 3.5.19-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2011-0066 (Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6. ...) {DSA-2235-1 DSA-2228-1 DSA-2227-1} - xulrunner (unimportant) - iceweasel 3.5.19-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-1 [lenny] - iceape (Only a stub package) - icedove 3.1.15-1+b1 NOTE: xulrunner in wheezy is not covered by security support CVE-2011-0065 (Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6. ...) {DSA-2235-1 DSA-2228-1 DSA-2227-1} - xulrunner (unimportant) - iceweasel 3.5.19-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-1 [lenny] - iceape (Only a stub package) - icedove 3.1.15-1+b1 NOTE: xulrunner in wheezy is not covered by security support CVE-2011-0064 (The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in P ...) {DSA-2178-1} - pango1.0 1.28.3-2~sid1 [wheezy] - pango1.0 1.28.3-1+squeeze2 [lenny] - pango1.0 (introduced in code cleanup) CVE-2011-0063 (The _list_file_get function in lib/Majordomo.pm in Majordomo 2 2011020 ...) NOT-FOR-US: Majordomo CVE-2011-0062 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - xulrunner (Only affects Firefox 3.6, not yet in unstable) - iceweasel (Only affects Firefox 3.6, not yet in unstable) CVE-2011-0061 (Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird be ...) - xulrunner (Only affects Firefox 3.6, not yet in unstable) - iceweasel (Only affects Firefox 3.6, not yet in unstable) CVE-2011-0060 REJECTED CVE-2011-0059 (Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox bef ...) {DSA-2187-1 DSA-2186-1 DSA-2180-1} - icedove 3.0.11-2 [lenny] - icedove - xulrunner (unimportant) [lenny] - xulrunner 1.9.0.19-8 - iceweasel 3.5.17-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.12-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2011-0058 (Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6. ...) - icedove (Windows-specific) - xulrunner (Windows-specific) - iceweasel (Windows-specific) CVE-2011-0057 (Use-after-free vulnerability in the Web Workers implementation in Mozi ...) {DSA-2187-1 DSA-2186-1 DSA-2180-1} - icedove 3.0.11-2 [lenny] - icedove - xulrunner (Vulnerable code not present) - iceweasel 3.5.17-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.12-1 [lenny] - iceape (Only a stub package) CVE-2011-0056 (Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5 ...) {DSA-2187-1 DSA-2186-1 DSA-2180-1} - icedove 3.0.11-2 [lenny] - icedove - xulrunner (unimportant) [lenny] - xulrunner 1.9.0.19-8 - iceweasel 3.5.17-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.12-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2011-0055 (Use-after-free vulnerability in the JSON.stringify method in js3250.dl ...) {DSA-2187-1 DSA-2186-1 DSA-2180-1} - icedove 3.0.11-2 [lenny] - icedove - xulrunner (Vulnerable code not present) - iceweasel 3.5.17-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.12-1 [lenny] - iceape (Only a stub package) CVE-2011-0054 (Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5 ...) {DSA-2187-1 DSA-2186-1 DSA-2180-1} - icedove 3.0.11-2 [lenny] - icedove - xulrunner (Vulnerable code not present) - iceweasel 3.5.17-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.12-1 [lenny] - iceape (Only a stub package) CVE-2011-0053 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2187-1 DSA-2186-1 DSA-2180-1} - icedove 3.0.11-2 [lenny] - icedove - xulrunner (unimportant) [lenny] - xulrunner 1.9.0.19-8 - iceweasel 3.5.17-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.12-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2011-0052 RESERVED CVE-2011-0051 (Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey b ...) {DSA-2187-1 DSA-2186-1 DSA-2180-1} - icedove 3.0.11-2 [lenny] - icedove - xulrunner (unimportant) [lenny] - xulrunner 1.9.0.19-8 - iceweasel 3.5.17-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.12-1 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2011-0050 (Cross-site scripting (XSS) vulnerability in the nonjs interface (inter ...) {DSA-2158-1} - cgiirc 0.5.9-3.1 (bug #612671) CVE-2011-0049 (Directory traversal vulnerability in the _list_file_get function in li ...) NOT-FOR-US: Majordomo CVE-2011-0048 (Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4 ...) {DSA-2322-1} - bugzilla (bug #611176) [squeeze] - bugzilla 3.6.2.0-4.4 NOTE: http://www.bugzilla.org/security/3.2.9/ CVE-2011-0047 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 al ...) - mediawiki 1:1.15.5-3 (low; bug #611787) [lenny] - mediawiki 1:1.12.0-2lenny8 (low; bug #611787) [squeeze] - mediawiki 1:1.15.5-2squeeze1 (low; bug #611787) CVE-2011-0046 (Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla ...) {DSA-2322-1} - bugzilla (bug #611176) [squeeze] - bugzilla 3.6.2.0-4.4 NOTE: http://www.bugzilla.org/security/3.2.9/ CVE-2011-0045 (The Trace Events functionality in the kernel in Microsoft Windows XP S ...) NOT-FOR-US: Microsoft Windows CVE-2011-0044 REJECTED CVE-2011-0043 (Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 suppo ...) NOT-FOR-US: Microsoft Windows CVE-2011-0042 (SBE.dll in the Stream Buffer Engine in Windows Media Player and Window ...) NOT-FOR-US: Microsoft Windows CVE-2011-0041 (Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 an ...) NOT-FOR-US: Microsoft Windows CVE-2011-0040 (The server in Microsoft Active Directory on Windows Server 2003 SP2 do ...) NOT-FOR-US: Microsoft Windows CVE-2011-0039 (The Local Security Authority Subsystem Service (LSASS) in Microsoft Wi ...) NOT-FOR-US: Microsoft Windows CVE-2011-0038 (Untrusted search path vulnerability in Microsoft Internet Explorer 8 m ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-0037 (Microsoft Malware Protection Engine before 1.1.6603.0, as used in Micr ...) NOT-FOR-US: Microsoft Malware Protection Engine CVE-2011-0036 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-0035 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-0034 (Stack-based buffer overflow in the OpenType Compact Font Format (aka O ...) NOT-FOR-US: Microsoft Windows CVE-2011-0033 (The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP ...) NOT-FOR-US: Microsoft Windows CVE-2011-0032 (Untrusted search path vulnerability in DirectShow in Microsoft Windows ...) NOT-FOR-US: Microsoft Windows CVE-2011-0031 (The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsof ...) NOT-FOR-US: Microsoft Windows CVE-2011-0030 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP S ...) NOT-FOR-US: Microsoft Windows CVE-2011-0029 (Untrusted search path vulnerability in the client in Microsoft Remote ...) NOT-FOR-US: Microsoft CVE-2011-0028 (WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does n ...) NOT-FOR-US: Microsoft Windows CVE-2011-0027 (Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows D ...) NOT-FOR-US: Microsoft Data Access Components CVE-2011-0026 (Integer signedness error in the SQLConnectW function in an ODBC API (o ...) NOT-FOR-US: Microsoft Data Access Components CVE-2011-XXXX [remote DoS when case of the characters of a nickname is modified] - bip 0.8.7-1 [squeeze] - bip 0.8.2-1squeeze3 [lenny] - bip (Vulnerable code not present) CVE-2011-0025 (IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does ...) {DSA-2224-1} - openjdk-6 6b18-1.8.5-1 [squeeze] - openjdk-6 (bug #614151) [lenny] - openjdk-6 (bug #614151) CVE-2011-0024 (Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 ...) - wireshark 1.2-0-1 CVE-2011-0023 REJECTED CVE-2011-0022 (The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory ...) NOT-FOR-US: 389 LDAP server CVE-2011-0522 (The StripTags function in (1) the USF decoder (modules/codec/subtitles ...) - vlc 1.1.3-1squeeze2 [lenny] - vlc 0.8.6.h-4+lenny3 CVE-2011-0021 (Multiple heap-based buffer overflows in cdg.c in the CDG decoder in Vi ...) - vlc 1.1.3-1squeeze2 [lenny] - vlc (Vulnerable code not present) NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab CVE-2011-0020 (Heap-based buffer overflow in the pango_ft2_font_render_box_glyph func ...) - pango1.0 1.28.3-1+squeeze1 (bug #610792) CVE-2011-0019 (slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Dire ...) NOT-FOR-US: 389 LDAP server CVE-2011-0018 (The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1. ...) NOT-FOR-US: OpenVAS Manager CVE-2011-0017 (The open_log function in log.c in Exim 4.72 and earlier does not check ...) {DSA-2154-1} - exim4 4.72-4 CVE-2011-0016 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properl ...) {DSA-2148-1} - tor 0.2.1.29-1 CVE-2011-0015 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properl ...) {DSA-2148-1} - tor 0.2.1.29-1 CVE-2011-0014 (ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c ...) {DSA-2162-1} - openssl 0.9.8o-5 (low) [lenny] - openssl (Only 0.9.8h through 0.9.8q are affected) CVE-2011-0013 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manage ...) {DSA-2160-1} - tomcat5.5 (low) [lenny] - tomcat5.5 (Minor issue) - tomcat6 6.0.28-10 (bug #612257) [lenny] - tomcat6 (Only ships the servlet package) CVE-2011-0012 (The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly othe ...) - spice-xpi [jessie] - spice-xpi (Broken with newer Firefox versions) CVE-2011-0011 (qemu-kvm before 0.11.0 disables VNC authentication when the password i ...) {DSA-2230-1} - qemu-kvm 0.14.0+dfsg-1~tls (low; bug #611134) - kvm (Vulnerable code not present) NOTE: Harmless implementation bug, see discussion in #611134 CVE-2011-0010 (check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured ...) - sudo 1.7.4p4-6 (bug #609641) [lenny] - sudo (Only affects 1.7.x) [squeeze] - sudo 1.7.4p4-2.squeeze.1 NOTE: http://www.sudo.ws/sudo/alerts/runas_group_pw.html CVE-2011-0009 (Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc ...) {DSA-2150-1} - request-tracker3.8 3.8.8-7 CVE-2011-0008 (A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fe ...) - sudo (Fedora-specific issue) CVE-2011-0007 (pimd 2.1.5 and possibly earlier versions allows user-assisted local us ...) {DSA-2147-1} - pimd 2.1.6-1 (unimportant; bug #609304) [squeeze] - pimd 2.1.1-1.1 (unimportant; bug #609304) CVE-2011-0006 (The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c ...) - linux-2.6 2.6.32-30 [lenny] - linux-2.6 (Introduced in 2.6.30) CVE-2011-0005 (Cross-site scripting (XSS) vulnerability in the com_search module for ...) NOT-FOR-US: Joomla! CVE-2011-0004 (Multiple cross-site scripting (XSS) vulnerabilities in Piwik before 1. ...) - piwik (bug #506933) CVE-2011-0003 (MediaWiki before 1.16.1, when user or site JavaScript or CSS is enable ...) {DTSA-207-1} - mediawiki 1:1.15.5-2 [lenny] - mediawiki 1:1.12.0-2lenny7 CVE-2011-0002 (libuser before 0.57 uses a cleartext password value of (1) !! or (2) x ...) - libuser 1:0.56.9.dfsg.1-1.1 (bug #610034) CVE-2011-0001 (Double free vulnerability in the iscsi_rx_handler function (usr/iscsi/ ...) {DSA-2209-1} - tgt 1:1.0.4-3 CVE-2011-1072 (The installer in PEAR before 1.9.2 allows local users to overwrite arb ...) {DSA-2408-1} - php5 5.3.6-1 (low; bug #546164)