Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
209092d6 by security tracker role at 2019-11-26T08:10:13Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2019-19272 (An issue was discovered in tls_verify_crl in ProFTPD before
1.3.6. Dir ...)
+ TODO: check
+CVE-2019-19271 (An issue was discovered in tls_verify_crl in ProFTPD before
1.3.6. A w ...)
+ TODO: check
+CVE-2019-19270 (An issue was discovered in tls_verify_crl in ProFTPD through
1.3.6b. F ...)
+ TODO: check
+CVE-2019-19269 (An issue was discovered in tls_verify_crl in ProFTPD through
1.3.6b. A ...)
+ TODO: check
+CVE-2019-19268
+ RESERVED
+CVE-2019-19267
+ RESERVED
+CVE-2019-19266
+ RESERVED
+CVE-2019-19265
+ RESERVED
+CVE-2019-19264
+ RESERVED
CVE-2019-19263
RESERVED
CVE-2019-19262
@@ -40,8 +58,8 @@ CVE-2019-19246 (Oniguruma through 6.9.3, as used in PHP 7.3.x
and other products
NOTE:
https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b
CVE-2019-19245
RESERVED
-CVE-2019-19244
- RESERVED
+CVE-2019-19244 (sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a
sub-sel ...)
+ TODO: check
CVE-2019-19243
RESERVED
CVE-2019-19242 (SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by
the TK_C ...)
@@ -4700,10 +4718,10 @@ CVE-2019-18253
RESERVED
CVE-2019-18252
RESERVED
-CVE-2019-18251
- RESERVED
-CVE-2019-18250
- RESERVED
+CVE-2019-18251 (In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron
CX-Supervis ...)
+ TODO: check
+CVE-2019-18250 (In all versions of ABB Power Generation Information Manager
(PGIM) and ...)
+ TODO: check
CVE-2019-18249
RESERVED
CVE-2019-18248
@@ -4720,8 +4738,8 @@ CVE-2019-18243
RESERVED
CVE-2019-18242
RESERVED
-CVE-2019-18241
- RESERVED
+CVE-2019-18241 (In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub
all ver ...)
+ TODO: check
CVE-2019-18240 (In Fuji Electric V-Server 4.0.6 and prior, several heap-based
buffer o ...)
NOT-FOR-US: Fuji
CVE-2019-18239
@@ -6951,8 +6969,8 @@ CVE-2019-17634
RESERVED
CVE-2019-17633
RESERVED
-CVE-2019-17632
- RESERVED
+CVE-2019-17632 (In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022,
and 9.4. ...)
+ TODO: check
CVE-2019-17631 (From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic
operations such ...)
NOT-FOR-US: Eclipse OpenJ9
CVE-2019-17630 (CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin
via a cra ...)
@@ -10705,6 +10723,7 @@ CVE-2016-10938 (The copy-me plugin 1.0.0 for WordPress
has CSRF for copying non-
NOT-FOR-US: Wordpress plugin
CVE-2019-16255 [A code injection vulnerability of Shell#[] and Shell#test]
RESERVED
+ {DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -10713,6 +10732,7 @@ CVE-2019-16255 [A code injection vulnerability of
Shell#[] and Shell#test]
NOTE: ruby2.5:
https://github.com/ruby/ruby/commit/3af01ae1101e0b8815ae5a106be64b0e82a58640
CVE-2019-16254 [HTTP response splitting in WEBrick (Additional fix)]
RESERVED
+ {DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -10895,6 +10915,7 @@ CVE-2019-16202 (MISP before 2.4.115 allows privilege
escalation in certain situa
NOT-FOR-US: MISP
CVE-2019-16201 [Regular Expression Denial of Service vulnerability of
WEBrick's Digest access authentication]
RESERVED
+ {DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -11407,40 +11428,40 @@ CVE-2019-16004
RESERVED
CVE-2019-16003
RESERVED
-CVE-2019-16002
- RESERVED
-CVE-2019-16001
- RESERVED
+CVE-2019-16002 (A vulnerability in the vManage web-based UI (web UI) of the
Cisco SD-W ...)
+ TODO: check
+CVE-2019-16001 (A vulnerability in the loading mechanism of specific dynamic
link libr ...)
+ TODO: check
CVE-2019-16000
RESERVED
CVE-2019-15999
RESERVED
-CVE-2019-15998
- RESERVED
-CVE-2019-15997
- RESERVED
-CVE-2019-15996
- RESERVED
-CVE-2019-15995
- RESERVED
-CVE-2019-15994
- RESERVED
+CVE-2019-15998 (A vulnerability in the access-control logic of the NETCONF
over Secure ...)
+ TODO: check
+CVE-2019-15997 (A vulnerability in Cisco DNA Spaces: Connector could allow an
authenti ...)
+ TODO: check
+CVE-2019-15996 (A vulnerability in Cisco DNA Spaces: Connector could allow an
authenti ...)
+ TODO: check
+CVE-2019-15995 (A vulnerability in the web UI of Cisco DNA Spaces: Connector
could all ...)
+ TODO: check
+CVE-2019-15994 (A vulnerability in the web-based management interface of Cisco
Stealth ...)
+ TODO: check
CVE-2019-15993
RESERVED
CVE-2019-15992
RESERVED
CVE-2019-15991
RESERVED
-CVE-2019-15990
- RESERVED
+CVE-2019-15990 (A vulnerability in the web-based management interface of
certain Cisco ...)
+ TODO: check
CVE-2019-15989
RESERVED
-CVE-2019-15988
- RESERVED
-CVE-2019-15987
- RESERVED
-CVE-2019-15986
- RESERVED
+CVE-2019-15988 (A vulnerability in the antispam protection mechanisms of Cisco
AsyncOS ...)
+ TODO: check
+CVE-2019-15987 (A vulnerability in web interface of the Cisco Webex Event
Center, Cisc ...)
+ TODO: check
+CVE-2019-15986 (A vulnerability in the CLI of Cisco Unity Express could allow
an authe ...)
+ TODO: check
CVE-2019-15985
RESERVED
CVE-2019-15984
@@ -11465,20 +11486,20 @@ CVE-2019-15975
RESERVED
CVE-2019-15974
RESERVED
-CVE-2019-15973
- RESERVED
-CVE-2019-15972
- RESERVED
-CVE-2019-15971
- RESERVED
+CVE-2019-15973 (A vulnerability in the web-based management interface of Cisco
Industr ...)
+ TODO: check
+CVE-2019-15972 (A vulnerability in the web-based management interface of Cisco
Unified ...)
+ TODO: check
+CVE-2019-15971 (A vulnerability in the MP3 detection engine of Cisco AsyncOS
Software ...)
+ TODO: check
CVE-2019-15970
RESERVED
CVE-2019-15969
RESERVED
-CVE-2019-15968
- RESERVED
-CVE-2019-15967
- RESERVED
+CVE-2019-15968 (A vulnerability in the web-based management interface of Cisco
Unified ...)
+ TODO: check
+CVE-2019-15967 (A vulnerability in the CLI of Cisco TelePresence Collaboration
Endpoin ...)
+ TODO: check
CVE-2019-15966 (A vulnerability in the web application of Cisco TelePresence
Advanced ...)
NOT-FOR-US: Cisco TelePresence Advanced Media Gateway
CVE-2019-15965
@@ -11495,16 +11516,16 @@ CVE-2019-15961
[buster] - clamav <no-dsa> (ClamAV is updated via -updates)
[stretch] - clamav <no-dsa> (ClamAV is updated via -updates)
NOTE:
https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html
-CVE-2019-15960
- RESERVED
+CVE-2019-15960 (A vulnerability in the Webex Network Recording Admin page of
Cisco Web ...)
+ TODO: check
CVE-2019-15959
RESERVED
-CVE-2019-15958
- RESERVED
+CVE-2019-15958 (A vulnerability in the REST API of Cisco Prime Infrastructure
(PI) and ...)
+ TODO: check
CVE-2019-15957
RESERVED
-CVE-2019-15956
- RESERVED
+CVE-2019-15956 (A vulnerability in the web management interface of Cisco
AsyncOS Softw ...)
+ TODO: check
CVE-2019-15955 (An issue was discovered in Total.js CMS 12.0.0. A low
privilege user c ...)
NOT-FOR-US: Total.js CMS
CVE-2019-15954 (An issue was discovered in Total.js CMS 12.0.0. An
authenticated user ...)
@@ -11862,6 +11883,7 @@ CVE-2019-15846 (Exim before 4.92.2 allows remote
attackers to execute arbitrary
NOTE:
https://git.exim.org/exim.git/commit/2600301ba6dbac5c9d640c87007a07ee6dcea1f4
CVE-2019-15845 [A NUL injection vulnerability of File.fnmatch and
File.fnmatch?]
RESERVED
+ {DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -12509,8 +12531,8 @@ CVE-2019-15631
RESERVED
CVE-2019-15630 (Directory Traversal in APIkit, HTTP connector, and OAuth2
Provider com ...)
NOT-FOR-US: Mulesoft
-CVE-2019-15629
- RESERVED
+CVE-2019-15629 (Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for
Android is ...)
+ TODO: check
CVE-2019-15628
RESERVED
CVE-2019-15627 (Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security
Agent ar ...)
@@ -12577,8 +12599,8 @@ CVE-2019-15597
RESERVED
CVE-2019-15596
RESERVED
-CVE-2019-15595
- RESERVED
+CVE-2019-15595 (A privilege escalation exists in UniFi Video Controller
=<3.10.6 th ...)
+ TODO: check
CVE-2019-15594
RESERVED
CVE-2019-15593 (GitLab 12.2.3 contains a security vulnerability that allows a
user to ...)
@@ -13421,16 +13443,16 @@ CVE-2019-15293 (An issue was discovered in ACDSee
Photo Studio Standard 22.1 Bui
NOT-FOR-US: ACDSee
CVE-2019-15289
RESERVED
-CVE-2019-15288
- RESERVED
+CVE-2019-15288 (A vulnerability in the CLI of Cisco TelePresence Collaboration
Endpoin ...)
+ TODO: check
CVE-2019-15287
RESERVED
-CVE-2019-15286
- RESERVED
+CVE-2019-15286 (Multiple vulnerabilities in Cisco Webex Network Recording
Player for M ...)
+ TODO: check
CVE-2019-15285
RESERVED
-CVE-2019-15284
- RESERVED
+CVE-2019-15284 (Multiple vulnerabilities in Cisco Webex Network Recording
Player for M ...)
+ TODO: check
CVE-2019-15283
RESERVED
CVE-2019-15282 (A vulnerability in the web-based management interface of Cisco
Identit ...)
@@ -13445,8 +13467,8 @@ CVE-2019-15278
RESERVED
CVE-2019-15277 (A vulnerability in the CLI of Cisco TelePresence Collaboration
Endpoin ...)
NOT-FOR-US: Cisco
-CVE-2019-15276
- RESERVED
+CVE-2019-15276 (A vulnerability in the web interface of Cisco Wireless LAN
Controller ...)
+ TODO: check
CVE-2019-15275 (A vulnerability in the CLI of Cisco TelePresence Collaboration
Endpoin ...)
NOT-FOR-US: Cisco
CVE-2019-15274 (A vulnerability in the CLI of Cisco TelePresence Collaboration
Endpoin ...)
@@ -13455,8 +13477,8 @@ CVE-2019-15273 (Multiple vulnerabilities in the CLI of
Cisco TelePresence Collab
NOT-FOR-US: Cisco
CVE-2019-15272 (A vulnerability in the web-based interface of Cisco Unified
Communicat ...)
NOT-FOR-US: Cisco
-CVE-2019-15271
- RESERVED
+CVE-2019-15271 (A vulnerability in the web-based management interface of
certain Cisco ...)
+ TODO: check
CVE-2019-15270 (A vulnerability in the web-based management interface of Cisco
Firepow ...)
NOT-FOR-US: Cisco
CVE-2019-15269 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
@@ -14865,8 +14887,8 @@ CVE-2019-14892
NOTE:
https://github.com/FasterXML/jackson-databind/commit/819cdbcab51c6da9fb896380f2d46e9b7d4fdc3b
CVE-2019-14891 (A flaw was found in cri-o, as a result of all pod-related
processes be ...)
NOT-FOR-US: Kubernetes CRI-O
-CVE-2019-14890
- RESERVED
+CVE-2019-14890 (An attacker with low privilege could retrieve usernames and
passwords ...)
+ TODO: check
CVE-2019-14889
RESERVED
CVE-2019-14888
@@ -24934,6 +24956,7 @@ CVE-2019-11746 (A use-after-free vulnerability can
occur while manipulating vide
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11746
CVE-2019-11745 [Out-of-bounds write when passing an output buffer smaller than
the block size to NSC_EncryptUpdate]
RESERVED
+ {DLA-2008-1}
- nss <unfixed>
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1586176 (not public)
NOTE: Upstream patch:
https://hg.mozilla.org/releases/mozilla-esr68/rev/ea1bc0fb2dda
@@ -26352,8 +26375,8 @@ CVE-2019-11292
RESERVED
CVE-2019-11291 (Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8
version prior ...)
TODO: check
-CVE-2019-11290
- RESERVED
+CVE-2019-11290 (Cloud Foundry UAA Release, versions prior to v74.8.0, logs all
query p ...)
+ TODO: check
CVE-2019-11289 (Cloud Foundry Routing, all versions before 0.193.0, does not
properly ...)
NOT-FOR-US: Cloud Foundry Routing
CVE-2019-11288
@@ -27750,8 +27773,8 @@ CVE-2019-10773
RESERVED
CVE-2019-10772
RESERVED
-CVE-2019-10771
- RESERVED
+CVE-2019-10771 (Characters in the GET url path are not properly escaped and
can be ref ...)
+ TODO: check
CVE-2019-10770
RESERVED
CVE-2019-10769
@@ -41740,7 +41763,6 @@ CVE-2019-5867 (Out of bounds read in JavaScript in
Google Chrome prior to 76.0.3
{DSA-4500-1}
- chromium 76.0.3809.100-1
CVE-2019-5866 (Out of bounds memory access in JavaScript in Google Chrome
prior to 75 ...)
- {DSA-4500-1}
- chromium 76.0.3809.71-1
CVE-2019-5865 (Insufficient policy enforcement in navigations in Google Chrome
prior ...)
{DSA-4500-1}
@@ -41860,12 +41882,10 @@ CVE-2019-5827 (Integer overflow in SQLite via WebSQL
in Google Chrome prior to 7
[jessie] - sqlite3 <no-dsa> (Minor issue; mainly with inpact in
chromium)
NOTE: https://www.sqlite.org/src/info/07ee06fd390bfebe
NOTE: https://www.sqlite.org/src/info/0b6ae032c28e7fe3
-CVE-2019-5826
- RESERVED
+CVE-2019-5826 (Use after free in IndexedDB in Google Chrome prior to
73.0.3683.86 all ...)
{DSA-4500-1}
- chromium 75.0.3770.80-1
-CVE-2019-5825
- RESERVED
+CVE-2019-5825 (Out of bounds write in JavaScript in Google Chrome prior to
73.0.3683. ...)
{DSA-4500-1}
- chromium 75.0.3770.80-1
CVE-2019-5824 (Parameter passing error in media in Google Chrome prior to
74.0.3729.1 ...)
@@ -157353,6 +157373,7 @@ CVE-2017-2626 (It was discovered that libICE before
1.0.9-8 used a weak entropy
[wheezy] - libice <no-dsa> (Minor issue, can be fixed in a point update
or next DSA)
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
CVE-2017-2625 (It was discovered that libXdmcp before 1.1.2 including used
weak entro ...)
+ {DLA-2006-1}
- libxdmcp 1:1.1.2-2 (bug #856399)
[wheezy] - libxdmcp <no-dsa> (Minor issue, can be fixed in a point
update or next DSA)
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
@@ -283630,8 +283651,7 @@ CVE-2011-4351 (Buffer overflow in FFmpeg before
0.5.6, 0.6.x before 0.6.4, 0.7.x
NOTE:
http://git.libav.org/?p=libav.git;a=commitdiff;h=a31ccacb1a9b2abc0e140a812fb0ffca6f7c2591
NOTE:
http://git.libav.org/?p=libav.git;a=commitdiff;h=0d93d5c4614fafea74bdac681673f5b32eb49063
NOTE:
http://git.libav.org/?p=libav.git;a=commitdiff;h=73472053516f82b7d273a3d42c583f894077a191
-CVE-2011-4350
- RESERVED
+CVE-2011-4350 (Yaws 1.91 has a directory traversal vulnerability in the way
certain U ...)
- yaws 1.91-2 (bug #650009)
[lenny] - yaws <not-affected> (Vulnerable code not present)
[squeeze] - yaws <not-affected> (Vulnerable code not present)
@@ -284326,11 +284346,9 @@ CVE-2011-4123
REJECTED
CVE-2011-4122 (Directory traversal vulnerability in openpam_configure.c in
OpenPAM be ...)
NOT-FOR-US: OpenPAM
-CVE-2011-4121
- RESERVED
+CVE-2011-4121 (The OpenSSL extension of Ruby (Git trunk) versions after
2011-09-01 up ...)
- ruby1.9.1 <not-affected> (Only affected trunk versions)
-CVE-2011-4120 [authentication bypass by pressing ctrl-d]
- RESERVED
+CVE-2011-4120 (Yubico PAM Module before 2.10 performed user authentication
when 'use_ ...)
- yubico-pam 2.10-1
CVE-2011-4119
RESERVED
@@ -284436,8 +284454,7 @@ CVE-2011-4091 (The libobby server in inc/server.hpp
in libnet6 (aka net6) before
[squeeze] - net6 <no-dsa> (Minor issue)
[lenny] - net6 <no-dsa> (Minor issue)
- net6 1:1.3.14-1 (low; bug #647318)
-CVE-2011-4090 [serendipity before 1.6 backend XSS in karma plugin]
- RESERVED
+CVE-2011-4090 (Serendipity before 1.6 has an XSS issue in the karma plugin
which may ...)
- serendipity <removed> (bug #650937)
[squeeze] - serendipity <no-dsa> (Minor issue)
NOTE: http://seclists.org/oss-sec/2011/q4/192
@@ -284461,8 +284478,7 @@ CVE-2011-4084
REJECTED
CVE-2011-4083 (The sosreport utility in the Red Hat sos package before 1.7-9
and 2.x ...)
NOT-FOR-US: RedHat sos
-CVE-2011-4082
- RESERVED
+CVE-2011-4082 (A local file inclusion flaw was found in the way the
phpLDAPadmin befo ...)
- phpldapadmin 0.9.8-1
CVE-2011-4081 (crypto/ghash-generic.c in the Linux kernel before 3.1 allows
local use ...)
- linux-2.6 3.0.0-6
@@ -284484,8 +284500,7 @@ CVE-2011-4078 (include/iniset.php in Roundcube
Webmail 0.5.4 and earlier, when P
CVE-2011-4077 (Buffer overflow in the xfs_readlink function in
fs/xfs/xfs_vnodeops.c ...)
{DSA-2389-1}
- linux-2.6 3.0.0-6
-CVE-2011-4076
- RESERVED
+CVE-2011-4076 (OpenStack Nova before 2012.1 allows someone with access to an
EC2_ACCE ...)
- nova 2012.1~e1-1
NOTE: https://bugs.launchpad.net/nova/+bug/868360
NOTE: the patch for this bug is available at
https://review.openstack.org/#/c/794/
@@ -285952,14 +285967,11 @@ CVE-2011-3634 (methods/https.cc in apt before
0.8.11 accepts connections when th
NOTE: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353
CVE-2011-3633
REJECTED
-CVE-2011-3632 [hardlink has buffer overflows, is unsafe on changing trees]
- RESERVED
+CVE-2011-3632 (Hardlink before 0.1.2 operates on full file system objects path
names ...)
- hardlink <not-affected> (Only the C version, ours are written in
Python)
-CVE-2011-3631 [hardlink has buffer overflows, is unsafe on changing trees]
- RESERVED
+CVE-2011-3631 (Hardlink before 0.1.2 has multiple integer overflows leading to
heap-b ...)
- hardlink <not-affected> (Only the C version, ours are written in
Python)
-CVE-2011-3630 [hardlink has buffer overflows, is unsafe on changing trees]
- RESERVED
+CVE-2011-3630 (Hardlink before 0.1.2 suffer from multiple stack-based buffer
overflow ...)
- hardlink <not-affected> (Only the C version, ours are written in
Python)
CVE-2011-3629
RESERVED
@@ -285980,8 +285992,7 @@ CVE-2011-3625 (Stack-based buffer overflow in the
sub_read_line_sami function in
- mplayer 2:1.0~rc4.dfsg1+svn33713-2 (bug #645987)
[squeeze] - mplayer <not-affected> (Malformed SMI file correctly
rejected, possibly introduced by later changes)
- mplayer2 2.0-134-g84d8671-9 (bug #646937)
-CVE-2011-3624
- RESERVED
+CVE-2011-3624 (Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7
and ea ...)
- ruby1.8 <removed> (low; bug #646020)
[lenny] - ruby1.8 <no-dsa> (Minor issue)
[squeeze] - ruby1.8 <no-dsa> (Minor issue)
@@ -286010,8 +286021,7 @@ CVE-2011-3618 (atop: symlink attack possible due to
insecure tempfile handling .
- atop 1.23-1.1 (low; bug #622794)
[lenny] - atop 1.23-1+lenny1 (bug #622794)
[squeeze] - atop 1.23-1+squeeze1 (bug #622794)
-CVE-2011-3617 [tahoe-lafs: an unauthorized user can delete files]
- RESERVED
+CVE-2011-3617 (Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users
to del ...)
- tahoe-lafs 1.8.3-1 (bug #641540)
CVE-2011-3616 (The getSkillname function in the eve module in Conky 1.8.1 and
earlier ...)
- conky 1.8.0-1.1 (low; bug #612033)
@@ -286034,16 +286044,14 @@ CVE-2011-3611 [HTB22914: Local File Inclusion in
UseBB]
CVE-2011-3610 [serendipity freetag plugin before 3.30 and probably others]
RESERVED
NOT-FOR-US: Serendipity plugin
-CVE-2011-3609 [CSRF in the JBoss AS 7 administration console & HTTP management
API]
- RESERVED
+CVE-2011-3609 (A CSRF issue was found in JBoss Application Server 7 before
7.1.0. JBo ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
CVE-2011-3608
REJECTED
CVE-2011-3607 (Integer overflow in the ap_pregsub function in server/util.c in
the Ap ...)
{DSA-2405-1}
- apache2 2.2.21-4
-CVE-2011-3606 [DOM based XSS in the JBoss AS 7 administration console]
- RESERVED
+CVE-2011-3606 (A DOM based cross-site scripting flaw was found in the JBoss
Applicati ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
CVE-2011-3605 (The process_rs function in the router advertisement daemon
(radvd) bef ...)
{DSA-2323-1}
@@ -286066,8 +286074,7 @@ CVE-2011-3601 (Buffer overflow in the process_ra
function in the router advertis
[squeeze] - radvd <not-affected> (No support for
ND_OPT_DNSSL_INFORMATION)
[lenny] - radvd <not-affected> (No support for ND_OPT_DNSSL_INFORMATION)
NOTE: http://seclists.org/oss-sec/2011/q4/30
-CVE-2011-3600
- RESERVED
+CVE-2011-3600 (The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event
handler i ...)
- libxmlrpc3-java 3.1.3-1 (low)
[lenny] - libxmlrpc3-java <no-dsa> (Minor issue)
CVE-2011-3599 (The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for
Perl, when ...)
@@ -286085,8 +286092,7 @@ CVE-2011-3597 (Eval injection vulnerability in the
Digest module before 1.17 for
[squeeze] - perl 5.10.1-17squeeze3
[lenny] - perl <no-dsa> (Minor issue)
NOTE:
https://github.com/gisle/digest/commit/33800e83550bcad19c4fc593874ec3497841fa1e
-CVE-2011-3596
- RESERVED
+CVE-2011-3596 (Polipo before 1.0.4.1 suffers from a DoD vulnerability via
specially-c ...)
- polipo 1.0.4.1-1.2 (bug #644289)
[squeeze] - polipo <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2011/Oct/10
@@ -286127,13 +286133,11 @@ CVE-2011-3585
- cifs-utils 2:4.5-1 (low)
NOTE: cifs-utils was split off from the samba source package with
2:3.4.7~dfsg-2, so marking it as fixed
NOTE:
http://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=810f7e4e0f2dbcbee0294d9b371071cb08268200
-CVE-2011-3584 [TYPO3-SA-2011-003]
- RESERVED
+CVE-2011-3584 (The TYPO3 Core wec_discussion extension before 2.1.1 is
vulnerable to ...)
- typo3-src 4.5.6+dfsg1-1 (low; bug #641683)
[squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze2
[lenny] - typo3-src 4.2.5-1+lenny9
-CVE-2011-3583 [TYPO3-SA-2011-002]
- RESERVED
+CVE-2011-3583 (It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses
prepared stat ...)
- typo3-src 4.5.6+dfsg1-1 (low; bug #641682)
[squeeze] - typo3-src <not-affected> (Only affects 4.5.x)
[lenny] - typo3-src <not-affected> (Only affects 4.5.x)
@@ -286771,12 +286775,10 @@ CVE-2011-3375 (Apache Tomcat 6.0.30 through 6.0.33
and 7.x before 7.0.22 does no
{DSA-2401-1}
- tomcat6 6.0.33-1
- tomcat7 7.0.22-1
-CVE-2011-3374 [apt-key insecure validation]
- RESERVED
+CVE-2011-3374 (It was found that apt-key in apt, all versions, do not
correctly valid ...)
- apt <unfixed> (unimportant; bug #642480)
NOTE: Not exploitable in Debian, since no keyring URI is defined
-CVE-2011-3373
- RESERVED
+CVE-2011-3373 (Drupal Views Builk Operations (VBO) module 6.x-1.0 through
6.x-1.10 do ...)
NOT-FOR-US: Views Bulk Operations module for Drupal
CVE-2011-3372 (imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x
before 2 ...)
{DSA-2318-1}
@@ -286842,8 +286844,7 @@ CVE-2011-3356 (Multiple cross-site scripting (XSS)
vulnerabilities in config_def
- mantis 1.2.7-1 (low; bug #640297)
[squeeze] - mantis <not-affected> (Vulnerable code not present)
[lenny] - mantis <not-affected> (Vulnerable code not present)
-CVE-2011-3355
- RESERVED
+CVE-2011-3355 (evolution-data-server3 3.0.3 through 3.2.1 used insecure
(non-SSL) con ...)
- evolution-data-server3 3.2.1-1 (bug #641052)
CVE-2011-3353 (Buffer overflow in the fuse_notify_inval_entry function in
fs/fuse/dev ...)
{DSA-2389-1}
@@ -286852,8 +286853,7 @@ CVE-2011-3353 (Buffer overflow in the
fuse_notify_inval_entry function in fs/fus
[squeeze] - linux-2.6 2.6.32-36
CVE-2011-3352 (Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to
improp ...)
NOT-FOR-US: Zikula
-CVE-2011-3351
- RESERVED
+CVE-2011-3351 (openvas-scanner before 2011-09-11 creates a temporary file
insecurely ...)
- openvas-server <removed> (low; bug #641327)
[squeeze] - openvas-server <no-dsa> (Minor issue)
NOTE: openvas-scanner in experimental also affected according to #671327
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/209092d6b3959d1b11319a4f14aa6287274113cf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/209092d6b3959d1b11319a4f14aa6287274113cf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
