Author: jmm
Date: 2011-06-20 21:52:37 +0000 (Mon, 20 Jun 2011)
New Revision: 16825
Modified:
data/CVE/list
Log:
update CVE list. The old update cronjob run by Joey Hess seems
to have lost in the Alioth transition. I''ll wire this up as a
cron job soon.
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-06-20 18:28:01 UTC (rev 16824)
+++ data/CVE/list 2011-06-20 21:52:37 UTC (rev 16825)
@@ -1,4 +1,650 @@
-CVE-2011-2477 (Multiple cross-site scripting (XSS) vulnerabilities in config.c
in config.cgi in Icinga ...)
+CVE-2011-2529
+ RESERVED
+CVE-2011-2528
+ RESERVED
+CVE-2011-2527
+ RESERVED
+CVE-2011-2526
+ RESERVED
+CVE-2011-2525
+ RESERVED
+CVE-2011-2524
+ RESERVED
+CVE-2011-2523
+ RESERVED
+CVE-2011-2522
+ RESERVED
+CVE-2011-2521
+ RESERVED
+CVE-2011-2520
+ RESERVED
+CVE-2011-2519
+ RESERVED
+CVE-2011-2518
+ RESERVED
+CVE-2011-2517
+ RESERVED
+CVE-2011-2516
+ RESERVED
+CVE-2011-2515
+ RESERVED
+CVE-2011-2514
+ RESERVED
+CVE-2011-2513
+ RESERVED
+CVE-2011-2512
+ RESERVED
+CVE-2011-2511
+ RESERVED
+CVE-2011-2510
+ RESERVED
+CVE-2011-2509
+ RESERVED
+CVE-2011-2508
+ RESERVED
+CVE-2011-2507
+ RESERVED
+CVE-2011-2506
+ RESERVED
+CVE-2011-2505
+ RESERVED
+CVE-2011-2504
+ RESERVED
+CVE-2011-2503
+ RESERVED
+CVE-2011-2502
+ RESERVED
+CVE-2011-2501
+ RESERVED
+CVE-2011-2500
+ RESERVED
+CVE-2011-2499
+ RESERVED
+CVE-2011-2498
+ RESERVED
+CVE-2011-2497
+ RESERVED
+CVE-2011-2496
+ RESERVED
+CVE-2011-2495
+ RESERVED
+CVE-2011-2494
+ RESERVED
+CVE-2011-2493
+ RESERVED
+CVE-2011-2492
+ RESERVED
+CVE-2011-2491
+ RESERVED
+CVE-2011-2490
+ RESERVED
+CVE-2011-2489
+ RESERVED
+CVE-2011-2488
+ RESERVED
+CVE-2011-2487
+ RESERVED
+CVE-2011-2486
+ RESERVED
+CVE-2011-2485
+ RESERVED
+CVE-2011-2484
+ RESERVED
+CVE-2011-2483
+ RESERVED
+CVE-2011-2482
+ RESERVED
+CVE-2011-2481
+ RESERVED
+CVE-2011-2480
+ RESERVED
+CVE-2011-2479
+ RESERVED
+CVE-2011-2478
+ RESERVED
+CVE-2011-2470
+ RESERVED
+CVE-2011-2469
+ RESERVED
+CVE-2011-2467
+ RESERVED
+CVE-2011-2466
+ RESERVED
+CVE-2011-2465
+ RESERVED
+CVE-2011-2464
+ RESERVED
+CVE-2011-2463
+ RESERVED
+CVE-2011-2462
+ RESERVED
+CVE-2011-2461
+ RESERVED
+CVE-2011-2460
+ RESERVED
+CVE-2011-2459
+ RESERVED
+CVE-2011-2458
+ RESERVED
+CVE-2011-2457
+ RESERVED
+CVE-2011-2456
+ RESERVED
+CVE-2011-2455
+ RESERVED
+CVE-2011-2454
+ RESERVED
+CVE-2011-2453
+ RESERVED
+CVE-2011-2452
+ RESERVED
+CVE-2011-2451
+ RESERVED
+CVE-2011-2450
+ RESERVED
+CVE-2011-2449
+ RESERVED
+CVE-2011-2448
+ RESERVED
+CVE-2011-2447
+ RESERVED
+CVE-2011-2446
+ RESERVED
+CVE-2011-2445
+ RESERVED
+CVE-2011-2444
+ RESERVED
+CVE-2011-2443
+ RESERVED
+CVE-2011-2442
+ RESERVED
+CVE-2011-2441
+ RESERVED
+CVE-2011-2440
+ RESERVED
+CVE-2011-2439
+ RESERVED
+CVE-2011-2438
+ RESERVED
+CVE-2011-2437
+ RESERVED
+CVE-2011-2436
+ RESERVED
+CVE-2011-2435
+ RESERVED
+CVE-2011-2434
+ RESERVED
+CVE-2011-2433
+ RESERVED
+CVE-2011-2432
+ RESERVED
+CVE-2011-2431
+ RESERVED
+CVE-2011-2430
+ RESERVED
+CVE-2011-2429
+ RESERVED
+CVE-2011-2428
+ RESERVED
+CVE-2011-2427
+ RESERVED
+CVE-2011-2426
+ RESERVED
+CVE-2011-2425
+ RESERVED
+CVE-2011-2424
+ RESERVED
+CVE-2011-2423
+ RESERVED
+CVE-2011-2422
+ RESERVED
+CVE-2011-2421
+ RESERVED
+CVE-2011-2420
+ RESERVED
+CVE-2011-2419
+ RESERVED
+CVE-2011-2418
+ RESERVED
+CVE-2011-2417
+ RESERVED
+CVE-2011-2416
+ RESERVED
+CVE-2011-2415
+ RESERVED
+CVE-2011-2414
+ RESERVED
+CVE-2011-2413
+ RESERVED
+CVE-2011-2412
+ RESERVED
+CVE-2011-2411
+ RESERVED
+CVE-2011-2410
+ RESERVED
+CVE-2011-2409
+ RESERVED
+CVE-2011-2408
+ RESERVED
+CVE-2011-2407
+ RESERVED
+CVE-2011-2406
+ RESERVED
+CVE-2011-2405
+ RESERVED
+CVE-2011-2404
+ RESERVED
+CVE-2011-2403
+ RESERVED
+CVE-2011-2402
+ RESERVED
+CVE-2011-2401
+ RESERVED
+CVE-2011-2400
+ RESERVED
+CVE-2011-2399
+ RESERVED
+CVE-2011-2398
+ RESERVED
+CVE-2011-2397
+ RESERVED
+CVE-2011-2396
+ RESERVED
+CVE-2011-2394
+ RESERVED
+CVE-2011-2393
+ RESERVED
+CVE-2011-2392
+ RESERVED
+CVE-2011-2391
+ RESERVED
+CVE-2011-2390
+ RESERVED
+CVE-2011-2389
+ RESERVED
+CVE-2011-2388
+ RESERVED
+CVE-2011-2387
+ RESERVED
+CVE-2011-2386 (VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site
Survey ...)
+ TODO: check
+CVE-2011-2385
+ RESERVED
+CVE-2011-2384
+ RESERVED
+CVE-2011-2381
+ RESERVED
+CVE-2011-2380
+ RESERVED
+CVE-2011-2379
+ RESERVED
+CVE-2011-2378
+ RESERVED
+CVE-2011-2377
+ RESERVED
+CVE-2011-2376
+ RESERVED
+CVE-2011-2375
+ RESERVED
+CVE-2011-2374
+ RESERVED
+CVE-2011-2373
+ RESERVED
+CVE-2011-2372
+ RESERVED
+CVE-2011-2371
+ RESERVED
+CVE-2011-2370
+ RESERVED
+CVE-2011-2369
+ RESERVED
+CVE-2011-2368
+ RESERVED
+CVE-2011-2367
+ RESERVED
+CVE-2011-2366
+ RESERVED
+CVE-2011-2365
+ RESERVED
+CVE-2011-2364
+ RESERVED
+CVE-2011-2363
+ RESERVED
+CVE-2011-2362
+ RESERVED
+CVE-2011-2361
+ RESERVED
+CVE-2011-2360
+ RESERVED
+CVE-2011-2359
+ RESERVED
+CVE-2011-2358
+ RESERVED
+CVE-2011-2357
+ RESERVED
+CVE-2011-2356
+ RESERVED
+CVE-2011-2355
+ RESERVED
+CVE-2011-2354
+ RESERVED
+CVE-2011-2353
+ RESERVED
+CVE-2011-2352
+ RESERVED
+CVE-2011-2351
+ RESERVED
+CVE-2011-2350
+ RESERVED
+CVE-2011-2349
+ RESERVED
+CVE-2011-2348
+ RESERVED
+CVE-2011-2347
+ RESERVED
+CVE-2011-2346
+ RESERVED
+CVE-2011-2345
+ RESERVED
+CVE-2011-2344
+ RESERVED
+CVE-2011-2343
+ RESERVED
+CVE-2011-2341
+ RESERVED
+CVE-2011-2340
+ RESERVED
+CVE-2011-2339
+ RESERVED
+CVE-2011-2338
+ RESERVED
+CVE-2011-2337
+ RESERVED
+CVE-2011-2336
+ RESERVED
+CVE-2011-2335
+ RESERVED
+CVE-2011-2334
+ RESERVED
+CVE-2011-2333
+ RESERVED
+CVE-2011-2329 (The rampart_timestamp_token_validate function in ...)
+ TODO: check
+CVE-2011-2327
+ RESERVED
+CVE-2011-2326
+ RESERVED
+CVE-2011-2325
+ RESERVED
+CVE-2011-2324
+ RESERVED
+CVE-2011-2323
+ RESERVED
+CVE-2011-2322
+ RESERVED
+CVE-2011-2321
+ RESERVED
+CVE-2011-2320
+ RESERVED
+CVE-2011-2319
+ RESERVED
+CVE-2011-2318
+ RESERVED
+CVE-2011-2317
+ RESERVED
+CVE-2011-2316
+ RESERVED
+CVE-2011-2315
+ RESERVED
+CVE-2011-2314
+ RESERVED
+CVE-2011-2313
+ RESERVED
+CVE-2011-2312
+ RESERVED
+CVE-2011-2311
+ RESERVED
+CVE-2011-2310
+ RESERVED
+CVE-2011-2309
+ RESERVED
+CVE-2011-2308
+ RESERVED
+CVE-2011-2307
+ RESERVED
+CVE-2011-2306
+ RESERVED
+CVE-2011-2305
+ RESERVED
+CVE-2011-2304
+ RESERVED
+CVE-2011-2303
+ RESERVED
+CVE-2011-2302
+ RESERVED
+CVE-2011-2301
+ RESERVED
+CVE-2011-2300
+ RESERVED
+CVE-2011-2299
+ RESERVED
+CVE-2011-2298
+ RESERVED
+CVE-2011-2297
+ RESERVED
+CVE-2011-2296
+ RESERVED
+CVE-2011-2295
+ RESERVED
+CVE-2011-2294
+ RESERVED
+CVE-2011-2293
+ RESERVED
+CVE-2011-2292
+ RESERVED
+CVE-2011-2291
+ RESERVED
+CVE-2011-2290
+ RESERVED
+CVE-2011-2289
+ RESERVED
+CVE-2011-2288
+ RESERVED
+CVE-2011-2287
+ RESERVED
+CVE-2011-2286
+ RESERVED
+CVE-2011-2285
+ RESERVED
+CVE-2011-2284
+ RESERVED
+CVE-2011-2283
+ RESERVED
+CVE-2011-2282
+ RESERVED
+CVE-2011-2281
+ RESERVED
+CVE-2011-2280
+ RESERVED
+CVE-2011-2279
+ RESERVED
+CVE-2011-2278
+ RESERVED
+CVE-2011-2277
+ RESERVED
+CVE-2011-2276
+ RESERVED
+CVE-2011-2275
+ RESERVED
+CVE-2011-2274
+ RESERVED
+CVE-2011-2273
+ RESERVED
+CVE-2011-2272
+ RESERVED
+CVE-2011-2271
+ RESERVED
+CVE-2011-2270
+ RESERVED
+CVE-2011-2269
+ RESERVED
+CVE-2011-2268
+ RESERVED
+CVE-2011-2267
+ RESERVED
+CVE-2011-2266
+ RESERVED
+CVE-2011-2265
+ RESERVED
+CVE-2011-2264
+ RESERVED
+CVE-2011-2263
+ RESERVED
+CVE-2011-2262
+ RESERVED
+CVE-2011-2261
+ RESERVED
+CVE-2011-2260
+ RESERVED
+CVE-2011-2259
+ RESERVED
+CVE-2011-2258
+ RESERVED
+CVE-2011-2257
+ RESERVED
+CVE-2011-2256
+ RESERVED
+CVE-2011-2255
+ RESERVED
+CVE-2011-2254
+ RESERVED
+CVE-2011-2253
+ RESERVED
+CVE-2011-2252
+ RESERVED
+CVE-2011-2251
+ RESERVED
+CVE-2011-2250
+ RESERVED
+CVE-2011-2249
+ RESERVED
+CVE-2011-2248
+ RESERVED
+CVE-2011-2247
+ RESERVED
+CVE-2011-2246
+ RESERVED
+CVE-2011-2245
+ RESERVED
+CVE-2011-2244
+ RESERVED
+CVE-2011-2243
+ RESERVED
+CVE-2011-2242
+ RESERVED
+CVE-2011-2241
+ RESERVED
+CVE-2011-2240
+ RESERVED
+CVE-2011-2239
+ RESERVED
+CVE-2011-2238
+ RESERVED
+CVE-2011-2237
+ RESERVED
+CVE-2011-2236
+ RESERVED
+CVE-2011-2235
+ RESERVED
+CVE-2011-2234
+ RESERVED
+CVE-2011-2233
+ RESERVED
+CVE-2011-2232
+ RESERVED
+CVE-2011-2231
+ RESERVED
+CVE-2011-2230
+ RESERVED
+CVE-2011-2229
+ RESERVED
+CVE-2011-2228
+ RESERVED
+CVE-2011-2227
+ RESERVED
+CVE-2011-2226
+ RESERVED
+CVE-2011-2225
+ RESERVED
+CVE-2011-2224
+ RESERVED
+CVE-2011-2223
+ RESERVED
+CVE-2011-2222
+ RESERVED
+CVE-2011-2221
+ RESERVED
+CVE-2011-2220
+ RESERVED
+CVE-2011-2219
+ RESERVED
+CVE-2011-2218
+ RESERVED
+CVE-2011-2217 (Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) ...)
+ TODO: check
+CVE-2011-2213
+ RESERVED
+CVE-2011-2212
+ RESERVED
+CVE-2011-2207
+ RESERVED
+CVE-2011-2206
+ RESERVED
+CVE-2011-2205
+ RESERVED
+CVE-2011-2204
+ RESERVED
+CVE-2011-2201
+ RESERVED
+CVE-2011-2200
+ RESERVED
+CVE-2011-2197
+ RESERVED
+CVE-2011-2196
+ RESERVED
+CVE-2011-2195
+ RESERVED
+CVE-2011-2193
+ RESERVED
+CVE-2011-2192
+ RESERVED
+CVE-2011-2191
+ RESERVED
+CVE-2011-2189
+ RESERVED
+CVE-2011-2187
+ RESERVED
+CVE-2011-2186
+ RESERVED
+CVE-2011-2181
+ RESERVED
+CVE-2011-2180
+ RESERVED
+CVE-2011-2177
+ RESERVED
+CVE-2011-2176
+ RESERVED
+CVE-2011-2167 (script-login in Dovecot 2.0.x before 2.0.13 does not follow the
chroot ...)
+ TODO: check
+CVE-2011-2166 (script-login in Dovecot 2.0.x before 2.0.13 does not follow the
user ...)
+ TODO: check
+CVE-2010-4805 (The socket implementation in net/core/sock.c in the Linux kernel
...)
+ TODO: check
+CVE-2009-5077 (CRE Loaded before 6.2.14 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2009-5076 (CRE Loaded before 6.2.14, and possibly other versions before
6.3.x, ...)
+ TODO: check
+CVE-2011-2477 (Multiple cross-site scripting (XSS) vulnerabilities in config.c
in ...)
- icinga <undetermined>
NOTE: 1.4.1 is said to be fixed
- nagios3 <undetermined>
@@ -6,134 +652,150 @@
CVE-2011-2476 (Cross-site scripting (XSS) vulnerability in Coppermine Photo
Gallery ...)
NOT-FOR-US: Coppermine Photo Gallery
CVE-2011-2208 [Alpha-specific issue]
+ RESERVED
- linux-2.6 2.6.32-1
NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed
CVE-2011-2209 [Alpha-specific issue]
+ RESERVED
- linux-2.6 2.6.32-1
CVE-2011-2210 [Alpha-specific issue]
+ RESERVED
- linux-2.6 2.6.32-1
CVE-2011-2211 [Alpha-specific issue]
+ RESERVED
- linux-2.6 2.6.32-1
CVE-2011-2203 [HFS DoS]
+ RESERVED
- linux-2.6 <unfixed>
-CVE-2011-2202 (The rfc1867_post_handler function in main/rfc1867.c ...)
+CVE-2011-2202 (The rfc1867_post_handler function in main/rfc1867.c in PHP
before ...)
- php5 <undetermined>
NOTE: probably affected, because fixed upstream in 5.3.7
CVE-2011-2199 [tftp-hpa buffer overflow]
+ RESERVED
- tftp-hpa <unfixed>
NOTE:
http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=commitdiff;h=f3035c45bc50bb5cac87ca01e7ef6a12485184f8
CVE-2011-2198 [vte memory exhaustion]
+ RESERVED
- vte 1:0.28.1-1 (low; bug #629688)
[lenny] - vte <no-dsa> (Minor issue)
[squeeze] - vte <no-dsa> (Minor issue)
CVE-2011-XXXX [libpam-ssh: pam_ssh not dropping root gid(s)]
- - libpam-ssh <unfixed> (low)
- [squeeze] - libpam-ssh <no-dsa> (Minor issue)
- [lenny] - libpam-ssh <no-dsa> (Minor issue)
- NOTE: https://bugzilla.novell.com/show_bug.cgi?id=665061
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=711170
- NOTE: CVE request and discussion:
http://www.openwall.com/lists/oss-security/2011/06/06/3
+ - libpam-ssh <unfixed> (low)
+ [squeeze] - libpam-ssh <no-dsa> (Minor issue)
+ [lenny] - libpam-ssh <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.novell.com/show_bug.cgi?id=665061
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=711170
+ NOTE: CVE request and discussion:
http://www.openwall.com/lists/oss-security/2011/06/06/3
CVE-2011-2185 [fabric insecure temp files]
+ RESERVED
- fabric <unfixed> (low; bug #629003)
[squeeze] - fabric <no-dsa> (Minor issue)
-CVE-2011-2475
+CVE-2011-2475 (Format string vulnerability in ECTrace.dll in the iMailGateway
service ...)
NOT-FOR-US: Sybase OneBridge Mobile Data Suite
-CVE-2011-2474
+CVE-2011-2474 (Directory traversal vulnerability in the HTTP Server in Sybase
...)
NOT-FOR-US: Sybase EAServer
-CVE-2011-2473
+CVE-2011-2473 (The do_dump_data function in utils/opcontrol in OProfile 0.9.6
and ...)
- oprofile <unfixed> (bug #630084)
-CVE-2011-2472
+CVE-2011-2472 (Directory traversal vulnerability in utils/opcontrol in OProfile
0.9.6 ...)
- oprofile <unfixed> (bug #630084)
-CVE-2011-2471
+CVE-2011-2471 (utils/opcontrol in OProfile 0.9.6 and earlier might allow local
users ...)
- oprofile <unfixed> (bug #630084)
-CVE-2011-2468
+CVE-2011-2468 (Directory traversal vulnerability in the web interface in
AnyMacro ...)
NOT-FOR-US: AnyMacro Mail System G4X
-CVE-2011-2395
+CVE-2011-2395 (The Neighbor Discovery (ND) protocol implementation in Cisco IOS
on ...)
NOT-FOR-US: Cisco
-CVE-2011-2383
+CVE-2011-2383 (Microsoft Internet Explorer 9 and earlier does not properly
restrict ...)
NOT-FOR-US: Microsoft
-CVE-2011-2342
+CVE-2011-2342 (The DOM implementation in Google Chrome before 12.0.742.91
allows ...)
- chromium-browser 12.0.742.91~r87961-1
- webkit <undetermined>
-CVE-2011-2382
+CVE-2011-2382 (Microsoft Internet Explorer 8 and earlier, and Internet Explorer
9 ...)
NOT-FOR-US: Microsoft
-CVE-2011-2332
+CVE-2011-2332 (Google V8, as used in Google Chrome before 12.0.742.91, allows
remote ...)
- chromium-browser 12.0.742.91~r87961-1
- libv8 <undetermined>
-CVE-2011-2194 [vlc xspf integer overflow]
+CVE-2011-2194 [vlc xspf integer overflow]
+ RESERVED
+ {DSA-2257-1}
- vlc 1.1.10-1
[lenny] - vlc <not-affected> (Vulnerable code not present)
NOTE:
http://repo.or.cz/w/vlc.git/commitdiff/cd929923ff49175a501bb3e9553a683bc42ff61c
CVE-2011-2190 [cherokee csrf]
+ RESERVED
- cherokee <unfixed> (low)
[squeeze] - cherokee <no-dsa> (Minor issue)
[lenny] - cherokee <no-dsa> (Minor issue)
NOTE: http://code.google.com/p/cherokee/issues/detail?id=1212
CVE-2011-2188 [lua-expat billion laugh mitigation]
+ RESERVED
- lua-expat 1.2.0-1 (low; bug #629225)
[squeeze] - lua-expat <no-dsa> (Minor issue)
[lenny] - lua-expat <no-dsa> (Minor issue)
CVE-2011-2184 [race condition in KSM]
+ RESERVED
- linux-2.6 <unfixed>
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.39)
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
CVE-2011-2183 [race condition in KSM]
+ RESERVED
- linux-2.6 <unfixed>
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-XXXX [login: tty hijacking possible in "su" via TIOCSTI
ioctl]
- shadow <unfixed> (bug #628843)
NOTE: CVE requested http://www.openwall.com/lists/oss-security/2011/06/02/3
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=173008
-CVE-2011-2331
+CVE-2011-2331 (Integer overflow in img.exe in HP Intelligent Management Center
(IMC) ...)
NOT-FOR-US: HP Intelligent Management Center (IMC)
-CVE-2011-2330
+CVE-2011-2330 (Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1,
4.1.1, ...)
NOT-FOR-US: IBM Tivoli Management Framework
-CVE-2011-2328
+CVE-2011-2328 (Buffer overflow in HP LoadRunner allows remote attackers to
cause a ...)
NOT-FOR-US: HP LoadRunner
-CVE-2011-2215
+CVE-2011-2215 (Unspecified vulnerability in WalRack 1.x before 1.1.8 and 2.x
before ...)
NOT-FOR-US: WalRack
-CVE-2011-2214
+CVE-2011-2214 (Unspecified vulnerability in the Open Database Connectivity
(ODBC) ...)
NOT-FOR-US: 7T Interactive Graphical SCADA System
-CVE-2011-2175 (Integer underflow in the visual_read function in
wiretap/visual.c ...)
+CVE-2011-2175 (Integer underflow in the visual_read function in
wiretap/visual.c in ...)
- wireshark 1.6.0-1 (unimportant; bug #630159)
NOTE: Crashes w/o code injection not treated as security issues, see
README.Security
-CVE-2011-2174 (Double free vulnerability in the tvb_uncompress function in
epan/tvbuff.c ...)
+CVE-2011-2174 (Double free vulnerability in the tvb_uncompress function in ...)
- wireshark 1.6.0-1 (bug #630159)
-CVE-2011-2173
+CVE-2011-2173 (The implementation of OutputMediator objects in IBM WebSphere
Portal ...)
NOT-FOR-US: IBM WebSphere Portal
-CVE-2011-2172
+CVE-2011-2172 (Cross-site scripting (XSS) vulnerability in the search center in
IBM ...)
NOT-FOR-US: IBM WebSphere Portal
-CVE-2011-2171
+CVE-2011-2171 (Unspecified vulnerability in the dbugs package in Google Chrome
OS ...)
NOT-FOR-US: Google Chrome OS
-CVE-2011-2170
+CVE-2011-2170 (Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is
...)
NOT-FOR-US: Google Chrome OS
-CVE-2011-2169
+CVE-2011-2169 (Google Chrome OS before R12 0.12.433.38 Beta allows local users
to ...)
NOT-FOR-US: Google Chrome OS
-CVE-2011-2168
+CVE-2011-2168 (Multiple integer overflows in the glob implementation in libc in
...)
NOT-FOR-US: OpenBSD
-CVE-2011-2165
+CVE-2011-2165 (The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does
not ...)
NOT-FOR-US: WatchGuard XCS
-CVE-2010-4807
+CVE-2010-4807 (Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before
CF003 ...)
NOT-FOR-US: IBM Web Content Manager
-CVE-2010-4806
+CVE-2010-4806 (The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and
7.0.0.1 ...)
NOT-FOR-US: IBM Web Content Manager
CVE-2011-2182 [incomplete fix for cve-2011-1017]
+ RESERVED
- linux-2.6 <unfixed>
-CVE-2011-2179 [nagios XSS]
+CVE-2011-2179 (Multiple cross-site scripting (XSS) vulnerabilities in config.c
in ...)
- nagios3 3.2.3-3 (bug #629127)
- [lenny] - nagios3 <not-affected> (Affected feature got introduced in
3.2.2)
- [squeeze] - nagios3 <not-affected> (Affected feature got introduced in
3.2.2)
+ [lenny] - nagios3 <not-affected> (Affected feature got introduced in
3.2.2)
+ [squeeze] - nagios3 <not-affected> (Affected feature got introduced in
3.2.2)
- icinga 1.4.1-1 (bug #629131)
[squeeze] - icinga <not-affected> (Affected feature got introduced in
1.3.1)
[lenny] - icinga <not-affected> (Affected feature got introduced in
1.3.1)
NOTE: http://tracker.nagios.org/view.php?id=224
CVE-2011-2178 [libvirt regression]
+ RESERVED
- libvirt 0.9.1-2 (bug #629128)
[squeeze] - libvirt <not-affected> (Introduced in 0.8.8)
[lenny] - libvirt <not-affected> (Introduced in 0.8.8)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=709769
NOTE: https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html
-CVE-2011-2216 [AST 2011-007]
+CVE-2011-2216 (reqresp_parser.c in the SIP channel driver in Asterisk Open
Source ...)
- asterisk 1:1.8.4.2-1 (bug #629130)
[lenny] - asterisk <not-affected> (Only affects 1.8)
[squeeze] - asterisk <not-affected> (Only affects 1.8)
@@ -185,10 +847,10 @@
NOT-FOR-US: SmarterStats
CVE-2011-2147 (Openswan 2.2.x does not properly restrict permissions for (1)
...)
- openswan <unfixed> (bug #628449)
-CVE-2011-2146
- RESERVED
-CVE-2011-2145
- RESERVED
+CVE-2011-2146 (mount.vmhgfs in the VMware Host Guest File System (HGFS) in
VMware ...)
+ TODO: check
+CVE-2011-2145 (mount.vmhgfs in the VMware Host Guest File System (HGFS) in
VMware ...)
+ TODO: check
CVE-2009-5075 (Monkey''s Audio before 4.02 allows remote attackers to
cause a denial ...)
NOT-FOR-US: Monkey''s Audio
CVE-2006-7245 (Monkey''s Audio before 4.01b2 allows remote attackers to
cause a denial ...)
@@ -263,81 +925,81 @@
RESERVED
CVE-2011-2129
RESERVED
-CVE-2011-2128 (... allows attackers to execute arbitrary code or cause a denial
...)
+CVE-2011-2128 (Adobe Shockwave Player before 11.6.0.626 allows attackers to
execute ...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-2127 (... allows attackers to execute arbitrary code or cause a denial
...)
+CVE-2011-2127 (Adobe Shockwave Player before 11.6.0.626 allows attackers to
execute ...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-2126 (... allows attackers to execute arbitrary code via unspecified
vectors.)
+CVE-2011-2126 (Buffer overflow in Adobe Shockwave Player before 11.6.0.626
allows ...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-2125 (Buffer overflow in Dirapix.dll ...)
+CVE-2011-2125 (Buffer overflow in Dirapix.dll in Adobe Shockwave Player before
...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-2124 (... attackers to execute arbitrary code or cause a denial of
service ...)
+CVE-2011-2124 (Adobe Shockwave Player before 11.6.0.626 allows attackers to
execute ...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-2123 (Integer overflow in the Shockwave 3D Asset x32 component ...)
+CVE-2011-2123 (Integer overflow in the Shockwave 3D Asset x32 component in
Adobe ...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-2122 (Dirapi.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+CVE-2011-2122 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows
...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-2121 (Integer overflow ...)
+CVE-2011-2121 (Integer overflow in Adobe Shockwave Player before 11.6.0.626
allows ...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-2120 (Integer overflow in the CursorAsset x32 component ...)
+CVE-2011-2120 (Integer overflow in the CursorAsset x32 component in Adobe
Shockwave ...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-2119 (Dirapi.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+CVE-2011-2119 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows
...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-2118 (The FLV ASSET Xtra component ... allows attackers to execute
arbitrary code ...)
+CVE-2011-2118 (The FLV ASSET Xtra component in Adobe Shockwave Player before
...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-2117 (... allows attackers to execute arbitrary code or cause a denial
of service ...)
+CVE-2011-2117 (Adobe Shockwave Player before 11.6.0.626 allows attackers to
execute ...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-2116 (IML32.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+CVE-2011-2116 (IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows
attackers ...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-2115 (IML32.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+CVE-2011-2115 (IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows
attackers ...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-2114 (... allows attackers to execute arbitrary code or cause a denial
of service ...)
+CVE-2011-2114 (Adobe Shockwave Player before 11.6.0.626 allows attackers to
execute ...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-2113 (Multiple buffer overflows in the Shockwave3DAsset component ...)
+CVE-2011-2113 (Multiple buffer overflows in the Shockwave3DAsset component in
Adobe ...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-2112 (Multiple buffer overflows in IML32.dll ...)
+CVE-2011-2112 (Multiple buffer overflows in IML32.dll in Adobe Shockwave Player
...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-2111 (IML32.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+CVE-2011-2111 (IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows
attackers ...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-2110 (... allows remote attackers to execute arbitrary code or cause a
denial of service ...)
+CVE-2011-2110 (Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X,
Linux, and ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2011-2109 (Multiple integer overflows in Dirapi.dll ...)
+CVE-2011-2109 (Multiple integer overflows in Dirapi.dll in Adobe Shockwave
Player ...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-2108 (... allows attackers to execute arbitrary code via unspecified
vectors ...)
+CVE-2011-2108 (Adobe Shockwave Player before 11.6.0.626 allows attackers to
execute ...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-2107 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player
before 10.3.181.22 ...)
+CVE-2011-2107 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player
before ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2011-2106 (... allow attackers to execute arbitrary code or cause a denial
of service ...)
+CVE-2011-2106 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and
10.x ...)
NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2105 (... allow attackers to execute arbitrary code or cause a denial
of service ...)
+CVE-2011-2105 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and
10.x ...)
NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2104 (... allow attackers to execute arbitrary code or cause a denial
of service ...)
+CVE-2011-2104 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and
10.x ...)
NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2103 (... allow attackers to execute arbitrary code or cause a denial
of service ...)
+CVE-2011-2103 (Adobe Reader and Acrobat 8.x before 8.3 on Windows and Mac OS X
allow ...)
NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2102 (... allows attackers to bypass intended access restrictions ...)
+CVE-2011-2102 (Unspecified vulnerability in Adobe Reader and Acrobat before
10.1 on ...)
NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2101 (... do not properly restrict script ...)
+CVE-2011-2101 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and
10.x ...)
NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2100 (Untrusted search path vulnerability ...)
+CVE-2011-2100 (Untrusted search path vulnerability in Adobe Reader and Acrobat
8.x ...)
NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2099 (... allow attackers to execute arbitrary code or cause a denial
of service ...)
+CVE-2011-2099 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and
10.x ...)
NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2098 (... allow attackers to execute arbitrary code or cause a denial
of service ...)
+CVE-2011-2098 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and
10.x ...)
NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2097 (Buffer overflow ...)
+CVE-2011-2097 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x
before ...)
NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2096 (Heap-based buffer overflow ...)
+CVE-2011-2096 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x
before 8.3, ...)
NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2095 (Buffer overflow ...)
+CVE-2011-2095 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x
before ...)
NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2094 (Buffer overflow ...)
+CVE-2011-2094 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x
before ...)
NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2011-2093 (... do not properly handle object graphs ...)
+CVE-2011-2093 (Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2
and ...)
NOT-FOR-US: Adobe LiveCycle Data Services
-CVE-2011-2092 (... do not properly restrict creation of classes ...)
+CVE-2011-2092 (Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2
and ...)
NOT-FOR-US: Adobe LiveCycle Data Services
-CVE-2011-2091 (... allows remote attackers to cause a denial of service ...)
+CVE-2011-2091 (Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0,
and ...)
NOT-FOR-US: Adobe ColdFusion
CVE-2011-2090
RESERVED
@@ -438,11 +1100,11 @@
RESERVED
CVE-2011-2042
RESERVED
-CVE-2011-2041
+CVE-2011-2041 (The Start Before Logon (SBL) functionality in Cisco AnyConnect
Secure ...)
NOT-FOR-US: Cisco
-CVE-2011-2040
+CVE-2011-2040 (The helper application in Cisco AnyConnect Secure Mobility
Client ...)
NOT-FOR-US: Cisco
-CVE-2011-2039
+CVE-2011-2039 (The helper application in Cisco AnyConnect Secure Mobility
Client ...)
NOT-FOR-US: Cisco
CVE-2011-2038
RESERVED
@@ -472,11 +1134,12 @@
RESERVED
CVE-2011-2025
RESERVED
-CVE-2011-2024
+CVE-2011-2024 (Cisco Network Registrar before 7.2 has a default administrative
...)
NOT-FOR-US: Cisco
CVE-2011-2023
RESERVED
CVE-2011-2022 (The agp_generic_remove_memory function in
drivers/char/agp/generic.c ...)
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-5
CVE-2011-2021 (Session fixation vulnerability in TIBCO iProcess Engine before
11.1.3 ...)
NOT-FOR-US: TIBCO iProcess Engine
@@ -602,67 +1265,64 @@
RESERVED
CVE-2011-1960
RESERVED
-CVE-2011-1959 (The snoop_read function in wiretap/snoop.c ... does not properly
handle certain virtualizable buffers ...)
+CVE-2011-1959 (The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x
before ...)
- wireshark 1.6.0-1 (unimportant; bug #630159)
NOTE: Crashes w/o code injection not treated as security issues, see
README.Security
-CVE-2011-1958
- RESERVED
-CVE-2011-1957
- RESERVED
-CVE-2011-1956
- RESERVED
+CVE-2011-1958 (Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows ...)
+ TODO: check
+CVE-2011-1957 (The dissect_dcm_main function in epan/dissectors/packet-dcm.c in
the ...)
+ TODO: check
+CVE-2011-1956 (The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect
...)
+ TODO: check
CVE-2011-1955
RESERVED
-CVE-2011-1954
- RESERVED
-CVE-2011-1953
- RESERVED
-CVE-2011-1952
- RESERVED
+CVE-2011-1954 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Post ...)
+ TODO: check
+CVE-2011-1953 (Multiple cross-site scripting (XSS) vulnerabilities in
common.php in ...)
+ TODO: check
+CVE-2011-1952 (common.php in Post Revolution before 0.8.0c-2 allows remote
attackers ...)
+ TODO: check
CVE-2011-1951
RESERVED
- syslog-ng 3.2.4-1 (low)
[squeeze] - syslog-ng <not-affected> (Only affects PCRE >= 8.12)
[lenny] - syslog-ng <not-affected> (Only affects PCRE >= 8.12)
NOTE:
http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=09710c0b105e579d35c7b5f6c66d1ea5e3a3d3ff
-CVE-2011-1950
- RESERVED
-CVE-2011-1949
- RESERVED
-CVE-2011-1948
- RESERVED
-CVE-2011-1947
- RESERVED
+CVE-2011-1950 (plone.app.users in Plone 4.0 and 4.1 allows remote authenticated
users ...)
+ TODO: check
+CVE-2011-1949 (Cross-site scripting (XSS) vulnerability in the safe_html filter
in ...)
+ TODO: check
+CVE-2011-1948 (Cross-site scripting (XSS) vulnerability in Plone 4.1 and
earlier ...)
+ TODO: check
+CVE-2011-1947 (fetchmail 5.9.9 through 6.3.19 does not properly limit the wait
time ...)
- fetchmail <unfixed> (unimportant)
NOTE:
http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt
CVE-2011-1946
RESERVED
-CVE-2011-1945
- RESERVED
+CVE-2011-1945 (The elliptic curve cryptography (ECC) subsystem in OpenSSL
1.0.0d and ...)
- openssl <unfixed> (low)
CVE-2011-1944
RESERVED
-CVE-2011-1943 [network-manager-openvpn Password to unlock certificate is
logged]
- RESERVED
+CVE-2011-1943 (The destroy_one_secret function in nm-setting-vpn.c in
libnm-util in ...)
- network-manager-openvpn <not-affected> (Affected code was only in
experimental, see bug #628730)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=708876
CVE-2011-1942
RESERVED
CVE-2011-1941 [phpMyAdmin PMASA-2011-4 insecure redirect]
+ RESERVED
- phpmyadmin 4:3.4.1-1
[lenny] - phpmyadmin <not-affected> (3.4.x only)
[squeeze] - phpmyadmin <not-affected> (3.4.x only)
+CVE-2011-1940 [phpMyAdmin PMASA-2011-3 xss on tracking]
RESERVED
-CVE-2011-1940 [phpMyAdmin PMASA-2011-3 xss on tracking]
- phpmyadmin 4:3.4.1-1
[lenny] - phpmyadmin <not-affected> (3.3.x+ only)
[squeeze] - phpmyadmin <no-dsa> (may be bundled with future issues)
- RESERVED
CVE-2011-1939
RESERVED
-CVE-2011-1938
- RESERVED
-CVE-2011-1937
+CVE-2011-1938 (Stack-based buffer overflow in the socket_connect function in
...)
+ TODO: check
+CVE-2011-1937 (Cross-site scripting (XSS) vulnerability in Webmin 1.540 and
earlier ...)
NOT-FOR-US: Webmin
CVE-2011-1936
RESERVED
@@ -694,13 +1354,12 @@
- klibc 1.5.22-1 (low)
[squeeze] - klibc <no-dsa> (Minor issue)
[lenny] - klibc <no-dsa> (Minor issue)
-CVE-2011-1929
- RESERVED
+CVE-2011-1929 (lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17
and ...)
+ {DSA-2252-1}
- dovecot 1:2.0.13-1 (bug #627443)
NOTE: [lenny] - dovecot <not-affected> (Vulnerability introduced in 1.1)
NOTE: <e15277de7326d4d7f8b560cd853e1a12 at muenster.org> claims lenny is
affected
-CVE-2011-1928
- RESERVED
+CVE-2011-1928 (The fnmatch implementation in apr_fnmatch.c in the Apache
Portable ...)
{DSA-2237-2}
- apr 1.4.5-1 (bug #627182)
CVE-2011-1927 [kernel remote DoS]
@@ -708,34 +1367,31 @@
- linux-2.6 <unfixed> (high)
[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
-CVE-2011-1926 [cyrus STARTTLS]
- RESERVED
+CVE-2011-1926 (The STARTTLS implementation in Cyrus IMAP Server before 2.4.7
does not ...)
+ {DSA-2258-1 DSA-2242-1}
- cyrus-imapd-2.2 2.2.13p1-11 (bug #627081)
- cyrus-imapd-2.4 2.4.7-1
- kolab-cyrus-imapd 2.2.13p1-0.1 (bug #629350)
-CVE-2011-1925
- RESERVED
+CVE-2011-1925 (nbd-server.c in Network Block Device (nbd-server) 2.9.21 allows
remote ...)
- nbd 1:2.9.22-1 (bug #627042)
[wheezy] - nbd <not-affected>
[squeeze] - nbd <not-affected>
[lenny] - nbd <not-affected>
-CVE-2011-1924
- RESERVED
+CVE-2011-1924 (Buffer overflow in the policy_summarize function in
or/policies.c in ...)
- tor 0.2.1.30-1
[squeeze] - tor <no-dsa> (Only affects the central Tor directory
servers)
[lenny] - tor <no-dsa> (Only affects the central Tor directory servers)
CVE-2011-1923 [polarssl MITM]
RESERVED
- polarssl <unfixed> (bug #616114)
-CVE-2011-1922 [Unbound empty error packet handling assertion failure]
- RESERVED
+CVE-2011-1922 (daemon/worker.c in Unbound 1.x before 1.4.10, when debugging
...)
- unbound 1.4.10-1 (unimportant)
NOTE: http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt
NOTE: asserts not enabled in Debian build
-CVE-2011-1921 [subversion information disclosure]
- RESERVED
+CVE-2011-1921 (The mod_dav_svn module for the Apache HTTP Server, as
distributed in ...)
+ {DSA-2251-1}
- subversion 1.6.17dfsg-1
-CVE-2011-1920 [pmake insecure tempfile]
+CVE-2011-1920 (The make include files in NetBSD before 1.6.2, as used in pmake
1.111 ...)
- pmake 1.111-3 (low; bug #626673)
[squeeze] - pmake <no-dsa> (Minor issue)
[lenny] - pmake <no-dsa> (Minor issue)
@@ -757,8 +1413,8 @@
RESERVED
CVE-2011-1911
RESERVED
-CVE-2011-1910 [bind9 crash when receiving large RRSIG RRsets]
- RESERVED
+CVE-2011-1910 (Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x
...)
+ {DSA-2244-1}
- bind9 <unfixed> (high)
NOTE: https://lists.isc.org/pipermail/bind-users/2011-May/083819.html
CVE-2011-1909
@@ -789,7 +1445,7 @@
RESERVED
CVE-2011-1895
RESERVED
-CVE-2011-1894 (The MHTML protocol handler ... does not properly handle a MIME
format ...)
+CVE-2011-1894 (The MHTML protocol handler in Microsoft Windows XP SP2 and SP3,
...)
NOT-FOR-US: Microsoft Windows
CVE-2011-1893
RESERVED
@@ -799,7 +1455,7 @@
RESERVED
CVE-2011-1890
RESERVED
-CVE-2011-1889 (The NSPLookupServiceNext function ... allows remote attackers to
execute arbitrary code ...)
+CVE-2011-1889 (The NSPLookupServiceNext function in the client in Microsoft
Forefront ...)
NOT-FOR-US: Microsoft Forefront Threat Management Gateway
CVE-2011-1888
RESERVED
@@ -831,19 +1487,19 @@
RESERVED
CVE-2011-1874
RESERVED
-CVE-2011-1873 (win32k.sys in the kernel-mode drivers ... does not properly
validate pointers during ...)
+CVE-2011-1873 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2, ...)
NOT-FOR-US: Microsoft Windows
-CVE-2011-1872 (Hyper-V ... allows guest OS users to cause a denial of service
...)
+CVE-2011-1872 (Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2
SP1 ...)
NOT-FOR-US: Microsoft Windows
CVE-2011-1871
RESERVED
CVE-2011-1870
RESERVED
-CVE-2011-1869 (The Distributed File System (DFS) implementation ... allows
remote DFS servers to cause a denial of service ...)
+CVE-2011-1869 (The Distributed File System (DFS) implementation in Microsoft
Windows ...)
NOT-FOR-US: Microsoft Windows
-CVE-2011-1868 (The Distributed File System (DFS) implementation ... does not
properly validate fields in DFS responses ...)
+CVE-2011-1868 (The Distributed File System (DFS) implementation in Microsoft
Windows ...)
NOT-FOR-US: Microsoft Windows
-CVE-2010-4804
+CVE-2010-4804 (The Android browser in Android before 2.3.4 allows remote
attackers to ...)
NOT-FOR-US: Android Browser
CVE-2011-XXXX
- libmodplug <unfixed> (low; bug #625966)
@@ -857,12 +1513,10 @@
CVE-2011-1907 (ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ)
RRset ...)
- bind9 <not-affected> (Only affects 9.8.0, never uploaded to the
archive)
NOTE: https://www.isc.org/CVE-2011-1907
-CVE-2011-1765 [IE6 XSS protection was incomplete]
- RESERVED
+CVE-2011-1765 (Cross-site scripting (XSS) vulnerability in MediaWiki before
1.16.5, ...)
- mediawiki <not-affected> (Incomplete fix was never released for
Debian, neither in sid, nor oldstable/stable)
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=28534
-CVE-2011-1766 [$wgBlockDisablesLogin insufficient]
- RESERVED
+CVE-2011-1766 (includes/User.php in MediaWiki before 1.16.5, when ...)
- mediawiki <unfixed>
[lenny] - mediawiki <not-affected> (Vulnerable code not present,
introduced in 1.16.0)
[squeeze] - mediawiki <not-affected> (Vulnerable code not present,
introduced in 1.16.0)
@@ -873,21 +1527,21 @@
RESERVED
CVE-2011-1865
RESERVED
-CVE-2011-1864 (Unspecified vulnerability in HP OpenView Storage Data Protector
... )
+CVE-2011-1864 (Unspecified vulnerability in HP OpenView Storage Data Protector
6.0, ...)
NOT-FOR-US: HP OpenView Storage Data Protector
-CVE-2011-1863 (HP Service Manager ... unspecified script injection ...)
+CVE-2011-1863 (HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center
6.2.8 ...)
NOT-FOR-US: HP Service Manager
-CVE-2011-1862 (Cross-site scripting (XSS) vulnerability in HP Service Manager
...)
+CVE-2011-1862 (Cross-site scripting (XSS) vulnerability in HP Service Manager
7.02, ...)
NOT-FOR-US: HP Service Manager
-CVE-2011-1861 (Unspecified vulnerability in HP Service Manager ...)
+CVE-2011-1861 (Unspecified vulnerability in HP Service Manager 7.02, 7.11,
9.20, and ...)
NOT-FOR-US: HP Service Manager
-CVE-2011-1860 (Unspecified vulnerability in HP Service Manager ...)
+CVE-2011-1860 (Unspecified vulnerability in HP Service Manager 7.02, 7.11,
9.20, and ...)
NOT-FOR-US: HP Service Manager
-CVE-2011-1859 (Unspecified vulnerability in HP Service Manager ...)
+CVE-2011-1859 (Unspecified vulnerability in HP Service Manager 7.02, 7.11,
9.20, and ...)
NOT-FOR-US: HP Service Manager
-CVE-2011-1858 (Unspecified vulnerability in HP Service Manager ...)
+CVE-2011-1858 (Unspecified vulnerability in HP Service Manager 7.02, 7.11,
9.20, and ...)
NOT-FOR-US: HP Service Manager
-CVE-2011-1857 (Unspecified vulnerability in HP Service Manager ...)
+CVE-2011-1857 (Unspecified vulnerability in HP Service Manager 7.02, 7.11,
9.20, and ...)
NOT-FOR-US: HP Service Manager
CVE-2011-1856 (Cross-site scripting (XSS) vulnerability in HP Business
Availability ...)
NOT-FOR-US: HP Business Availability
@@ -920,6 +1574,7 @@
CVE-2011-1842 (dbus_backend/lsd.py in the D-Bus backend in language-selector
before ...)
NOT-FOR-US: Ubuntu-specific language-selector package
CVE-2011-1841 (Cross-site scripting (XSS) vulnerability in the link_to helper
in ...)
+ {DSA-2239-1}
- libmojolicious-perl 1.12-1
CVE-2011-1840 (The MartiniCreations PassmanLite Password Manager application
before ...)
NOT-FOR-US: MartiniCreations PassmanLite Password Manager for Android
@@ -948,8 +1603,10 @@
CVE-2011-1828 (usb-creator-helper in usb-creator before 0.2.28.3 does not
enforce ...)
NOT-FOR-US: usb-creator, Ubuntu-specific package
CVE-2010-4803 (Mojolicious before 0.999927 does not properly implement HMAC-MD5
...)
+ {DSA-2239-1}
- libmojolicious-perl 0.999929-1
CVE-2010-4802 (Commands.pm in Mojolicious before 0.999928 does not properly
perform ...)
+ {DSA-2239-1}
- libmojolicious-perl 0.999929-1
CVE-2009-5074 (Unspecified vulnerability in the MojoX::Dispatcher::Static ...)
- libmojolicious-perl <not-affected> (Fixed before initial upload)
@@ -988,7 +1645,7 @@
NOT-FOR-US: CA Arcot WebFort Versatile Authentication Server
CVE-2011-1824 (The VEGAOpBitmap::AddLine function in Opera before 10.61 does
not ...)
NOT-FOR-US: Opera
-CVE-2011-1823
+CVE-2011-1823 (The vold volume manager daemon on Android 3.0 and 2.x before
2.3.4 ...)
NOT-FOR-US: Android
CVE-2011-1822 (The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS)
5.2 ...)
NOT-FOR-US: Tivoli
@@ -996,69 +1653,66 @@
NOT-FOR-US: Tivoli
CVE-2011-1820 (IBM Tivoli Directory Server (TDS) 5.2 before
5.2.0.5-TIV-ITDS-IF0010, ...)
NOT-FOR-US: Tivoli
-CVE-2011-1819
+CVE-2011-1819 (Google Chrome before 12.0.742.91 allows remote attackers to
perform ...)
- chromium-browser 12.0.742.91~r87961-1 (unimportant)
- webkit <not-affected> (chromium extensions)
-CVE-2011-1818
+CVE-2011-1818 (Use-after-free vulnerability in the image loader in Google
Chrome ...)
- chromium-browser 12.0.742.91~r87961-1
[squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/86725
-CVE-2011-1817
+CVE-2011-1817 (Google Chrome before 12.0.742.91 does not properly implement
history ...)
- chromium-browser 12.0.742.91~r87961-1
[squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
-CVE-2011-1816
+CVE-2011-1816 (Use-after-free vulnerability in the developer tools in Google
Chrome ...)
- chromium-browser 12.0.742.91~r87961-1
[squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/86507
-CVE-2011-1815
+CVE-2011-1815 (Google Chrome before 12.0.742.91 allows remote attackers to
inject ...)
- chromium-browser 12.0.742.91~r87961-1 (unimportant)
- webkit <not-affected> (chromium extensions specific)
-CVE-2011-1814
+CVE-2011-1814 (Google Chrome before 12.0.742.91 attempts to read data from an
...)
- chromium-browser <not-affected> (chromium pdiflugin)
- webkit <not-affected> (chromium pdf plugin)
-CVE-2011-1813
+CVE-2011-1813 (Google Chrome before 12.0.742.91 does not properly implement the
...)
- chromium-browser 12.0.742.91~r87961-1
[squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
-CVE-2011-1812
+CVE-2011-1812 (Google Chrome before 12.0.742.91 allows remote attackers to
bypass ...)
- chromium-browser 12.0.742.91~r87961-1 (unimportant)
- webkit <not-affected> (chromium extensions)
-CVE-2011-1811
+CVE-2011-1811 (Google Chrome before 12.0.742.91 does not properly handle a
large ...)
- chromium-browser 12.0.742.91~r87961-1
[squeeze] - chromium-browser <no-dsa> (minor issue)
- webkit <not-affected> (chromium specific)
-CVE-2011-1810
+CVE-2011-1810 (The Cascading Style Sheets (CSS) implementation in Google Chrome
...)
- chromium-browser 12.0.742.91~r87961-1
[squeeze] - chromium-browser <no-dsa> (minor issue)
- webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/83345
-CVE-2011-1809
+CVE-2011-1809 (Use-after-free vulnerability in the accessibility feature in
Google ...)
- chromium-browser 12.0.742.91~r87961-1
[squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/80890
-CVE-2011-1808
+CVE-2011-1808 (Use-after-free vulnerability in Google Chrome before 12.0.742.91
...)
- chromium-browser 12.0.742.91~r87961-1
[squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/84096
http://trac.webkit.org/changeset/84098 http://trac.webkit.org/changeset/84119
-CVE-2011-1807
- RESERVED
+CVE-2011-1807 (Google Chrome before 11.0.696.71 does not properly handle blobs,
which ...)
- chromium-browser 11.0.696.71~r86024-1
[squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
-CVE-2011-1806
- RESERVED
+CVE-2011-1806 (Google Chrome before 11.0.696.71 does not properly implement the
GPU ...)
- chromium-browser 11.0.696.71~r86024-1
[squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-1805
RESERVED
-CVE-2011-1804
- RESERVED
+CVE-2011-1804 (rendering/RenderBox.cpp in WebCore in WebKit before r86862, as
used in ...)
- chromium-browser 11.0.696.71~r86024-1
[squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
@@ -1067,8 +1721,7 @@
RESERVED
CVE-2011-1802
RESERVED
-CVE-2011-1801
- RESERVED
+CVE-2011-1801 (Unspecified vulnerability in Google Chrome before 11.0.696.71
allows ...)
- webkit <undetermined>
- chromium-browser 11.0.696.71~r86024-1 (unimportant)
NOTE: http://trac.webkit.org/changeset/85977
@@ -1078,6 +1731,7 @@
- webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/85926
CVE-2011-1799 (Google Chrome before 11.0.696.68 does not properly perform casts
of ...)
+ {DSA-2245-1}
- chromium-browser 11.0.696.68~r84545-1
- webkit <undetermined>
CVE-2011-1798
@@ -1088,6 +1742,7 @@
NOTE: http://trac.webkit.org/changeset/84085
CVE-2011-1797
RESERVED
+ {DSA-2245-1}
CVE-2011-1796
RESERVED
- chromium-browser 11.0.696.65~r84435-1
@@ -1148,16 +1803,16 @@
NOT-FOR-US: vSphere
CVE-2011-1788 (vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1
before ...)
NOT-FOR-US: vCenter
-CVE-2011-1787
- RESERVED
+CVE-2011-1787 (Race condition in mount.vmhgfs in the VMware Host Guest File
System ...)
+ TODO: check
CVE-2011-1786 (lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open
6.0 ...)
NOT-FOR-US: Likewise
CVE-2011-1785 (VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote
attackers to ...)
NOT-FOR-US: VMware
CVE-2011-1784 (The pidfile_write function in core/pidfile.c in keepalived 1.2.2
and ...)
- keepalived <unfixed>
-CVE-2011-1783 [subversion memory exhaustion]
- RESERVED
+CVE-2011-1783 (The mod_dav_svn module for the Apache HTTP Server, as
distributed in ...)
+ {DSA-2251-1}
- subversion 1.6.17dfsg-1
CVE-2011-1782
RESERVED
@@ -1178,9 +1833,10 @@
RESERVED
CVE-2011-1776
RESERVED
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 <unfixed> (low)
-CVE-2011-1775
- RESERVED
+CVE-2011-1775 (The CSecurityTLS::processMsg function in
common/rfb/CSecurityTLS.cxx ...)
+ TODO: check
CVE-2011-1774
RESERVED
- xmlsec1 1.2.14-1.1
@@ -1195,6 +1851,7 @@
RESERVED
CVE-2011-1770
RESERVED
+ {DSA-2240-1}
- linux-2.6 2.6.39-1
[squeeze] - linux-2.6 2.6.32-34squeeze1
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.29 with commit
e77b8363b2ea7c0d89919547c1a8b0562f298b57)
@@ -1207,6 +1864,7 @@
RESERVED
CVE-2011-1767
RESERVED
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.34-1
[squeeze] - linux-2.6 2.6.32-34squeeze1
CVE-2011-1764 [DKIM format string issue in exim4]
@@ -1220,14 +1878,14 @@
RESERVED
CVE-2011-1761
RESERVED
-CVE-2011-1760 [Arbitrary command execution via sudo opcontrol]
- RESERVED
+CVE-2011-1760 (utils/opcontrol in OProfile 0.9.6 and earlier might allow local
users ...)
+ {DSA-2254-1}
- oprofile 0.9.6-1.2 (medium; bug #624212)
CVE-2011-1759
RESERVED
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 <unfixed>
-CVE-2011-1758 [sssd: flaw handled cached passwords]
- RESERVED
+CVE-2011-1758 (The krb5_save_ccname_done function in providers/krb5/krb5_auth.c
in ...)
- sssd <not-affected> (Only affects version 1.5+)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=700867
NOTE:
http://git.fedorahosted.org/git/?p=sssd.git;a=commitdiff;h=fffdae81651b460f3d2c119c56d5caa09b4de42a
@@ -1235,21 +1893,25 @@
RESERVED
CVE-2011-1756 [citadel-server billion laughs]
RESERVED
+ {DSA-2250-1}
- citadel <unfixed> (medium)
CVE-2011-1755 [jabberd2 billion laughs]
RESERVED
- jabberd2 2.2.8-2.1 (medium)
CVE-2011-1754 [jabberd14 billion laughs]
RESERVED
+ {DSA-2249-1}
- jabberd14 1.6.1.1-5.1
CVE-2011-1753 [ejabberd billion laughs]
RESERVED
+ {DSA-2248-1}
- ejabberd 2.1.6-2.1 (medium)
-CVE-2011-1752 [subversion null pointer dereference]
- RESERVED
+CVE-2011-1752 (The mod_dav_svn module for the Apache HTTP Server, as
distributed in ...)
+ {DSA-2251-1}
- subversion 1.6.17dfsg-1
CVE-2011-1751
RESERVED
+ {DSA-2241-1}
- qemu-kvm 0.14.1+dfsg-1
- kvm <undetermined>
CVE-2011-1750 [virtio-blk: heap buffer overflow caused by unaligned requests]
@@ -1265,12 +1927,15 @@
[lenny] - nfs-utils <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=697975
CVE-2011-1748 (The raw_release function in net/can/raw.c in the Linux kernel
before ...)
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 <unfixed>
CVE-2011-1747 (The agp subsystem in the Linux kernel 2.6.38.5 and earlier does
not ...)
- linux-2.6 <unfixed> (low)
CVE-2011-1746 (Multiple integer overflows in the (1) agp_allocate_memory and
(2) ...)
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-5
CVE-2011-1745 (Integer overflow in the agp_generic_insert_memory function in
...)
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-5
CVE-2011-1744
RESERVED
@@ -1342,33 +2007,32 @@
NOT-FOR-US: Microsoft
CVE-2011-1712 (The txXPathNodeUtils::getXSLTId function in ...)
- iceweasel <unfixed> (unimportant)
-CVE-2011-1711
+CVE-2011-1711 (Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier
in ...)
NOT-FOR-US: Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer
CVE-2011-1710
RESERVED
-CVE-2011-1709
- RESERVED
+CVE-2011-1709 (GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is
used, ...)
- gdm3 <not-affected> (Vulnerable code patched out in Debian package in
sid, patched in 3.0.4 experimental)
- gdm <not-affected> (Vulnerable code not present)
-CVE-2011-1708
+CVE-2011-1708 (Stack-based buffer overflow in nipplib.dll in Novell iPrint
Client ...)
NOT-FOR-US: Novell iPrint Client
-CVE-2011-1707
+CVE-2011-1707 (Stack-based buffer overflow in nipplib.dll in Novell iPrint
Client ...)
NOT-FOR-US: Novell iPrint Client
-CVE-2011-1706
+CVE-2011-1706 (Stack-based buffer overflow in nipplib.dll in Novell iPrint
Client ...)
NOT-FOR-US: Novell iPrint Client
-CVE-2011-1705
+CVE-2011-1705 (Heap-based buffer overflow in nipplib.dll in Novell iPrint
Client ...)
NOT-FOR-US: Novell iPrint Client
-CVE-2011-1704
+CVE-2011-1704 (Heap-based buffer overflow in nipplib.dll in Novell iPrint
Client ...)
NOT-FOR-US: Novell iPrint Client
-CVE-2011-1703
+CVE-2011-1703 (Heap-based buffer overflow in nipplib.dll in Novell iPrint
Client ...)
NOT-FOR-US: Novell iPrint Client
-CVE-2011-1702
+CVE-2011-1702 (Heap-based buffer overflow in nipplib.dll in Novell iPrint
Client ...)
NOT-FOR-US: Novell iPrint Client
-CVE-2011-1701
+CVE-2011-1701 (Heap-based buffer overflow in nipplib.dll in Novell iPrint
Client ...)
NOT-FOR-US: Novell iPrint Client
-CVE-2011-1700
+CVE-2011-1700 (Heap-based buffer overflow in nipplib.dll in Novell iPrint
Client ...)
NOT-FOR-US: Novell iPrint Client
-CVE-2011-1699
+CVE-2011-1699 (Heap-based buffer overflow in nipplib.dll in Novell iPrint
Client ...)
NOT-FOR-US: Novell iPrint Client
CVE-2011-1698
RESERVED
@@ -1496,19 +2160,19 @@
NOT-FOR-US: Enano CMS
CVE-2010-4779 (Cross-site scripting (XSS) vulnerability in
lib/includes/auth.inc.php ...)
NOT-FOR-US: WPtouch plugin for WordPress
-CVE-2011-1651
+CVE-2011-1651 (Cisco IOS XR 3.9.x and 4.0.x before 4.0.3 and 4.1.x before
4.1.1, when ...)
NOT-FOR-US: Cisco
CVE-2011-1650
RESERVED
-CVE-2011-1649
+CVE-2011-1649 (The Internet Streamer application in Cisco Content Delivery
System ...)
NOT-FOR-US: Cisco
CVE-2011-1648
RESERVED
-CVE-2011-1647
+CVE-2011-1647 (The web management interface on the Cisco RVS4000 Gigabit
Security ...)
NOT-FOR-US: Cisco
-CVE-2011-1646
+CVE-2011-1646 (The web management interface on the Cisco RVS4000 Gigabit
Security ...)
NOT-FOR-US: Cisco
-CVE-2011-1645
+CVE-2011-1645 (The web management interface on the Cisco RVS4000 Gigabit
Security ...)
NOT-FOR-US: Cisco
CVE-2011-1644
RESERVED
@@ -1524,7 +2188,7 @@
RESERVED
CVE-2011-1638
RESERVED
-CVE-2011-1637
+CVE-2011-1637 (Cisco Unified IP Phones 7900 devices (aka TNP phones) with
software ...)
NOT-FOR-US: Cisco
CVE-2011-1636
RESERVED
@@ -1552,7 +2216,7 @@
RESERVED
CVE-2011-1624
RESERVED
-CVE-2011-1623
+CVE-2011-1623 (Cisco Media Processing Software before 1.2 on Media Experience
Engine ...)
NOT-FOR-US: Cisco
CVE-2011-1622
RESERVED
@@ -1592,9 +2256,9 @@
NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1604 (Memory leak in Cisco Unified Communications Manager (aka CUCM,
...)
NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2011-1603
+CVE-2011-1603 (Cisco Unified IP Phones 7900 devices (aka TNP phones) with
software ...)
NOT-FOR-US: Cisco
-CVE-2011-1602
+CVE-2011-1602 (The su utility on Cisco Unified IP Phones 7900 devices (aka TNP
...)
NOT-FOR-US: Cisco
CVE-2011-1601
RESERVED
@@ -1605,20 +2269,21 @@
- asterisk 1:1.8.3.3-1
[lenny] - asterisk <not-affected> (Vulnerable code not present)
CVE-2011-1598 (The bcm_release function in net/can/bcm.c in the Linux kernel
before ...)
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-5
CVE-2011-1597
RESERVED
NOT-FOR-US: OpenVAS Manager
CVE-2011-1596
RESERVED
-CVE-2011-1595
- RESERVED
+CVE-2011-1595 (Directory traversal vulnerability in the disk_create function in
...)
- rdesktop 1.7.0-1 (low; bug #623552)
[squeeze] - rdesktop <no-dsa> (Minor issue)
[lenny] - rdesktop <no-dsa> (Minor issue)
CVE-2011-1594
RESERVED
CVE-2011-1593 (Multiple integer overflows in the next_pidmap function in
kernel/pid.c ...)
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4
CVE-2011-1592 (The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark
1.4.x ...)
- wireshark <not-affected> (Windows-specific)
@@ -1642,15 +2307,15 @@
[lenny] - kdenetwork <not-affected> (Metalink plugin not yet present)
CVE-2011-1585
RESERVED
+ {DSA-2240-1}
- linux-2.6 <unfixed>
-CVE-2011-1584
- RESERVED
+CVE-2011-1584 (The updateFile function in inc/core/class.dc.media.php in the
Media ...)
+ TODO: check
CVE-2011-1583
RESERVED
CVE-2011-1582 (Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a
...)
- tomcat6 <not-affected> (Only affects Tomcat 7)
-CVE-2011-1581
- RESERVED
+CVE-2011-1581 (The bond_select_queue function in
drivers/net/bonding/bond_main.c in ...)
- linux-2.6 <unfixed> (low)
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
@@ -1664,8 +2329,7 @@
- linux-2.6 <unfixed> (low)
CVE-2011-1576
RESERVED
-CVE-2011-1575
- RESERVED
+CVE-2011-1575 (The STARTTLS implementation in ftp_parser.c in Pure-FTPd before
1.0.30 ...)
- pure-ftpd 1.0.30-1
NOTE: http://www.pureftpd.org/project/pure-ftpd/news
CVE-2011-1574 (Stack-based buffer overflow in the ReadS3M method in
load_s3m.cpp in ...)
@@ -1827,8 +2491,7 @@
CVE-2011-1518 (Multiple cross-site scripting (XSS) vulnerabilities in Open
Ticket ...)
{DSA-2231-1}
- otrs2 2.4.10+dfsg1-1
-CVE-2011-1521 [python urllib]
- RESERVED
+CVE-2011-1521 (The urllib and urllib2 modules in Python 2.x before 2.7.2 and
3.x ...)
- python3.1 <unfixed> (bug #628453)
- python3.2 3.2-3
- python2.7 2.7.1-7
@@ -1856,7 +2519,7 @@
RESERVED
CVE-2011-1513
RESERVED
-CVE-2011-1512
+CVE-2011-1512 (Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as
used ...)
NOT-FOR-US: Autonomy KeyView
CVE-2011-1511
RESERVED
@@ -1915,11 +2578,14 @@
- tmux 1.4-6 (bug #620304)
NOTE: CVE id requested
CVE-2011-1495 (drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38
and ...)
+ {DSA-2240-1}
- linux-2.6 2.6.38-5 (unimportant)
CVE-2011-1494 (Integer overflow in the _ctl_do_mpt_command function in ...)
+ {DSA-2240-1}
- linux-2.6 2.6.38-5 (unimportant)
CVE-2011-1493
RESERVED
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4
CVE-2011-1492 (steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does
not ...)
- roundcube 0.5.1-1
@@ -1943,15 +2609,14 @@
[squeeze] - rsyslog <no-dsa> (Minor issue)
[lenny] - rsyslog <no-dsa> (Minor issue)
CVE-2011-1487 (The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in
Perl ...)
+ {DSA-2265-1}
- perl 5.10.1-20 (unimportant; bug #622817)
NOTE: http://nntp.perl.org/group/perl.perl5.porters/171010
-CVE-2011-1486
- RESERVED
+CVE-2011-1486 (libvirtd in libvirt before 0.9.0 does not use thread-safe error
...)
- libvirt 0.9.0-1 (low; bug #623222)
[squeeze] - libvirt <no-dsa> (Minor issue)
[lenny] - libvirt <no-dsa> (Minor issue)
-CVE-2011-1485 [/proc race conditions when checking privileges for pkexec.]
- RESERVED
+CVE-2011-1485 (Race condition in the pkexec utility and polkitd daemon in
PolicyKit ...)
- policykit-1 0.101-4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=692922
TODO: check
@@ -1972,12 +2637,15 @@
[squeeze] - linux-2.6 <not-affected> (Only affected 2.6.37 and 2.6.38)
CVE-2011-1478
RESERVED
+ {DSA-2240-1}
- linux-2.6 2.6.38-1
CVE-2011-1477
RESERVED
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4
CVE-2011-1476
RESERVED
+ {DSA-2240-1}
- linux-2.6 2.6.38-4
CVE-2011-1475 (The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does
not ...)
- tomcat6 <not-affected> (Only affects Tomcat 7)
@@ -2088,6 +2756,7 @@
- webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/81689
CVE-2011-1444 (Race condition in the sandbox launcher implementation in Google
Chrome ...)
+ {DSA-2245-1}
- chromium-browser 11.0.696.65~r84435-1
- webkit <undetermined>
CVE-2011-1443 (Google Chrome before 11.0.696.57 does not properly implement
layering, ...)
@@ -2106,6 +2775,7 @@
- webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/80773
http://trac.webkit.org/changeset/81088
CVE-2011-1440 (Use-after-free vulnerability in Google Chrome before 11.0.696.57
...)
+ {DSA-2245-1}
- chromium-browser 11.0.696.65~r84435-1
- webkit <undetermined>
CVE-2011-1439 (Google Chrome before 11.0.696.57 on Linux does not properly
isolate ...)
@@ -2220,7 +2890,7 @@
{DSA-2219-1}
- xmlsec1 1.2.14-1.1 (bug #620560)
NOTE: http://www.aleksey.com/xmlsec/news.html
-CVE-2011-1424
+CVE-2011-1424 (The default configuration of ExShortcut\Web.config in EMC
SourceOne ...)
NOT-FOR-US: EMC SourceOne Email Management
CVE-2011-1423 (Cross-site scripting (XSS) vulnerability in RSA Data Loss
Prevention ...)
NOT-FOR-US: RSA Data Loss Prevention Enterprise Manager
@@ -2257,6 +2927,7 @@
RESERVED
CVE-2011-1409 [fex missing check for authid]
RESERVED
+ {DSA-2259-1}
- fex 20110610-1
CVE-2011-1408
RESERVED
@@ -2265,14 +2936,19 @@
- exim4 4.76-1
[lenny] - exim4 <not-affected> (Vulnerable code not present)
CVE-2011-1406 (Mahara before 1.3.6 does not properly handle an https URL in the
...)
+ {DSA-2246-1}
- mahara 1.3.6-1
CVE-2011-1405 (Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6
allows ...)
+ {DSA-2246-1}
- mahara 1.3.6-1
CVE-2011-1404 (Mahara before 1.3.6 does not properly restrict the data in
responses ...)
+ {DSA-2246-1}
- mahara 1.3.6-1
CVE-2011-1403 (Cross-site request forgery (CSRF) vulnerability in the pieforms
...)
+ {DSA-2246-1}
- mahara 1.3.6-1
CVE-2011-1402 (Mahara before 1.3.6 allows remote authenticated users to bypass
...)
+ {DSA-2246-1}
- mahara 1.3.6-1
CVE-2011-1401 (ikiwiki before 3.20110328 does not ascertain whether the
htmlscrubber ...)
{DSA-2214-1}
@@ -2421,9 +3097,9 @@
RESERVED
CVE-2011-1330
RESERVED
-CVE-2011-1329
+CVE-2011-1329 (WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly
...)
NOT-FOR-US: WalRack
-CVE-2011-1328
+CVE-2011-1328 (SQL injection vulnerability in RADVISION iVIEW Suite before 7.5
allows ...)
NOT-FOR-US: RADVISION iVIEW Suite
CVE-2011-1327 (The Keystroke Encryption feature in Trend Micro Internet
Security 2009 ...)
NOT-FOR-US: Trend Micro Internet Security
@@ -2516,10 +3192,12 @@
- webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/80144
CVE-2011-1293 (Use-after-free vulnerability in the HTMLCollection
implementation in ...)
+ {DSA-2245-1}
- chromium-browser 10.0.648.204~r79063-1
- webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/80797
CVE-2011-1292 (Use-after-free vulnerability in the frame-loader implementation
in ...)
+ {DSA-2245-1}
- chromium-browser 10.0.648.204~r79063-1
- webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/79808
@@ -2552,75 +3230,75 @@
RESERVED
CVE-2011-1281
RESERVED
-CVE-2011-1280 (The XML Editor ... does not properly handle external entities
...)
+CVE-2011-1280 (The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL
Server ...)
NOT-FOR-US: Microsoft InfoPath, SQL Server, SQL Server Management Studio
Express, Visual Studio
-CVE-2011-1279 (... do not properly validate record information ...)
+CVE-2011-1279 (Microsoft Excel 2002 SP3 and 2003 SP3; Office 2004 and 2008 for
Mac, ...)
NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter
-CVE-2011-1278 (... do not properly validate record information ...)
+CVE-2011-1278 (Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly
...)
NOT-FOR-US: Microsoft Excel, Office
-CVE-2011-1277 (... do not properly validate record information ...)
+CVE-2011-1277 (Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File
...)
NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter
-CVE-2011-1276 (Buffer overflow ...)
+CVE-2011-1276 (Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007
SP2; ...)
NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel
Viewer, Office Compatibility Pack
-CVE-2011-1275 (... do not properly validate record information ...)
+CVE-2011-1275 (Microsoft Excel 2002 SP3; Office 2004, 2008, and 2011 for Mac;
and ...)
NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter
-CVE-2011-1274 (... do not properly validate record information ...)
+CVE-2011-1274 (Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004
and 2008 ...)
NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel
Viewer, Office Compatibility Pack
-CVE-2011-1273 (... do not properly validate record information ...)
+CVE-2011-1273 (Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office
2004, ...)
NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel
Viewer, Office Compatibility Pack
-CVE-2011-1272 (... do not properly validate record structures ...)
+CVE-2011-1272 (Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004
and 2008 ...)
NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel
Viewer, Office Compatibility Pack
-CVE-2011-1271 (The JIT compiler in Microsoft .NET Framework before 4 beta 2,
when ...)
+CVE-2011-1271 (The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1,
3.5.1, ...)
NOT-FOR-US: Microsoft .NET Framework
CVE-2011-1270 (Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3
allows ...)
NOT-FOR-US: Microsoft PowerPoint 2002 SP3 and 2003 SP3
CVE-2011-1269 (Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office
2004 and ...)
NOT-FOR-US: Microsoft
-CVE-2011-1268 (The SMB client ... allows remote SMB servers to execute
arbitrary ...)
+CVE-2011-1268 (The SMB client in Microsoft Windows XP SP2 and SP3, Windows
Server ...)
NOT-FOR-US: Microsoft Windows
-CVE-2011-1267 (The SMB server ... allows remote attackers to cause a denial of
service ...)
+CVE-2011-1267 (The SMB server in Microsoft Windows Vista SP1 and SP2, Windows
Server ...)
NOT-FOR-US: Microsoft Windows
-CVE-2011-1266 (The Vector Markup Language (VML) implementation in vgx.dll ...)
+CVE-2011-1266 (The Vector Markup Language (VML) implementation in vgx.dll in
...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1265
RESERVED
-CVE-2011-1264 (Cross-site scripting (XSS) vulnerability in Active Directory
Certificate Services Web Enrollment ...)
+CVE-2011-1264 (Cross-site scripting (XSS) vulnerability in Active Directory
...)
NOT-FOR-US: Microsoft Windows
CVE-2011-1263
RESERVED
-CVE-2011-1262 (... does not properly handle objects in memory ...)
+CVE-2011-1262 (Microsoft Internet Explorer 7 through 9 does not properly handle
...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2011-1261 (... does not properly handle objects in memory ...)
+CVE-2011-1261 (Microsoft Internet Explorer 6 through 9 does not properly handle
...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2011-1260 (... does not properly handle objects in memory ...)
+CVE-2011-1260 (Microsoft Internet Explorer 8 and 9 does not properly handle
objects ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1259
RESERVED
-CVE-2011-1258 (... does not properly restrict web script ...)
+CVE-2011-1258 (Microsoft Internet Explorer 6 through 8 does not properly
restrict web ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1257
RESERVED
-CVE-2011-1256 (... does not properly handle objects in memory ...)
+CVE-2011-1256 (Microsoft Internet Explorer 6 through 8 does not properly handle
...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2011-1255 (The Timed Interactive Multimedia Extensions ... does not
properly handle objects in memory ...)
+CVE-2011-1255 (The Timed Interactive Multimedia Extensions (aka HTML+TIME) ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2011-1254 (... does not properly handle objects in memory ...)
+CVE-2011-1254 (Microsoft Internet Explorer 6 through 8 does not properly handle
...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1253
RESERVED
-CVE-2011-1252 (Cross-site scripting (XSS) vulnerability in the toStaticHTML API
...)
+CVE-2011-1252 (Cross-site scripting (XSS) vulnerability in the toStaticHTML API
in ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2011-1251 (... does not properly handle objects in memory ...)
+CVE-2011-1251 (Microsoft Internet Explorer 8 does not properly handle objects
in ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2011-1250 (... does not properly handle objects in memory ...)
+CVE-2011-1250 (Microsoft Internet Explorer 6 through 9 does not properly handle
...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2011-1249 (The Ancillary Function Driver (AFD) in afd.sys ... does not
properly validate user-mode input ...)
+CVE-2011-1249 (The Ancillary Function Driver (AFD) in afd.sys in Microsoft
Windows XP ...)
NOT-FOR-US: Microsoft Windows
CVE-2011-1248 (WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold,
SP2, ...)
NOT-FOR-US: Microsoft Windows
CVE-2011-1247
RESERVED
-CVE-2011-1246 (... does not properly handle content settings in HTTP responses
...)
+CVE-2011-1246 (Microsoft Internet Explorer 8 does not properly handle content
...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1245 (Microsoft Internet Explorer 6 and 7 does not properly restrict
script ...)
NOT-FOR-US: Microsoft Internet Explorer
@@ -2676,21 +3354,21 @@
RESERVED
CVE-2011-1221
RESERVED
-CVE-2011-1220
+CVE-2011-1220 (Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in
IBM ...)
NOT-FOR-US: IBM Tivoli Management Framework
CVE-2011-1219
RESERVED
-CVE-2011-1218
+CVE-2011-1218 (Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in
IBM ...)
NOT-FOR-US: Autonomy KeyView
-CVE-2011-1217
+CVE-2011-1217 (Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in
IBM ...)
NOT-FOR-US: Autonomy KeyView
-CVE-2011-1216
+CVE-2011-1216 (Stack-based buffer overflow in assr.dll in Autonomy KeyView, as
used ...)
NOT-FOR-US: Autonomy KeyView
-CVE-2011-1215
+CVE-2011-1215 (Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as
used ...)
NOT-FOR-US: Autonomy KeyView
-CVE-2011-1214
+CVE-2011-1214 (Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as
used ...)
NOT-FOR-US: Autonomy KeyView
-CVE-2011-1213
+CVE-2011-1213 (Integer underflow in lzhsr.dll in Autonomy KeyView, as used in
IBM ...)
NOT-FOR-US: Autonomy KeyView
CVE-2011-1212
RESERVED
@@ -2834,16 +3512,18 @@
- tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1182
RESERVED
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-2
CVE-2011-1181 [missing error handling in linux netdev]
RESERVED
- linux-2.6 <not-affected> (No security issue, see
http://marc.info/?l=linux-netdev&m=130075091711143&w=2)
CVE-2011-1180
RESERVED
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4
CVE-2011-1179 (The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and
possibly ...)
NOT-FOR-US: SPICE Firefox plug-in
-CVE-2011-1178 (Multiple integer overflows in the load_image function in
file-pcx.c ...)
+CVE-2011-1178 (Multiple integer overflows in the load_image function in
file-pcx.c in ...)
- gimp 2.6.10-1
NOTE: Likely fixed earlier, but only the squeeze version was checked
CVE-2011-1177
@@ -2863,15 +3543,19 @@
[lenny] - asterisk <not-affected> (Vulnerable code not present)
CVE-2011-1173
RESERVED
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4 (low)
CVE-2011-1172
RESERVED
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4 (low)
CVE-2011-1171
RESERVED
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4 (low)
CVE-2011-1170
RESERVED
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4 (low)
CVE-2011-1169 (Array index error in the asihpi_hpi_ioctl function in ...)
- linux-2.6 2.6.38-2
@@ -2893,6 +3577,7 @@
CVE-2011-1164
RESERVED
CVE-2011-1163 (The osf_partition function in fs/partitions/osf.c in the Linux
kernel ...)
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-1
CVE-2011-1162
RESERVED
@@ -2902,6 +3587,7 @@
- linux-2.6 <unfixed> (low)
CVE-2011-1160
RESERVED
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4 (low)
CVE-2011-1159
RESERVED
@@ -3173,6 +3859,7 @@
[lenny] - pidgin <no-dsa> (Minor issue)
[squeeze] - pidgin <no-dsa> (Minor issue)
CVE-2011-1090 (The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the
Linux ...)
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-1 (low)
CVE-2011-1089 (The addmntent function in the GNU C Library (aka glibc or libc6)
2.13 ...)
- glibc <removed>
@@ -3204,14 +3891,17 @@
[squeeze] - openldap <no-dsa> (Minor issue)
CVE-2011-1080
RESERVED
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4 (low)
CVE-2011-1079
RESERVED
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4 (low)
CVE-2011-1078
RESERVED
+ {DSA-2240-1}
- linux-2.6 2.6.38-4 (low)
-CVE-2011-1077
+CVE-2011-1077 (Multiple cross-site scripting (XSS) vulnerabilities in Apache
Archiva ...)
NOT-FOR-US: Apache Archiva
CVE-2011-1076
RESERVED
@@ -3362,7 +4052,7 @@
RESERVED
CVE-2011-1027 (Off-by-one error in the convert_query_hexchar function in html.c
in ...)
NOT-FOR-US: cgit
-CVE-2011-1026
+CVE-2011-1026 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Apache ...)
NOT-FOR-US: Apache Archiva
CVE-2011-1025 (bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not
require ...)
- openldap 2.4.25-1 (unimportant; bug #617606)
@@ -3395,8 +4085,10 @@
{DSA-2182-1}
- logwatch 7.3.6.cvs20090906-2 (bug #615995)
CVE-2011-1017 (Heap-based buffer overflow in the ldm_frag_add function in ...)
+ {DSA-2240-1}
- linux-2.6 2.6.38-5
CVE-2011-1016 (The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do
not ...)
+ {DSA-2240-1}
- linux-2.6 2.6.38-1
CVE-2011-1015 (The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer
module in ...)
- python2.6 <unfixed> (low; bug #614860)
@@ -3646,7 +4338,7 @@
NOT-FOR-US: Cisco ACS
CVE-2011-0950
RESERVED
-CVE-2011-0949
+CVE-2011-0949 (Cisco IOS XR 3.6.x, 3.8.x before 3.8.3, and 3.9.x before 3.9.1
does ...)
NOT-FOR-US: Cisco
CVE-2011-0948
RESERVED
@@ -3658,7 +4350,7 @@
RESERVED
CVE-2011-0944
RESERVED
-CVE-2011-0943
+CVE-2011-0943 (Cisco IOS XR 3.8.3, 3.8.4, and 3.9.1 allows remote attackers to
cause ...)
NOT-FOR-US: Cisco
CVE-2011-0942
RESERVED
@@ -3810,69 +4502,59 @@
RESERVED
CVE-2011-0874
RESERVED
-CVE-2011-0873
- RESERVED
+CVE-2011-0873 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
[squeeze] - sun-java6 <no-dsa> (non-free not supported)
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
-CVE-2011-0872
- RESERVED
+CVE-2011-0872 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
[squeeze] - sun-java6 <no-dsa> (non-free not supported)
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
-CVE-2011-0871
- RESERVED
+CVE-2011-0871 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
[squeeze] - sun-java6 <no-dsa> (non-free not supported)
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
CVE-2011-0870
RESERVED
-CVE-2011-0869
- RESERVED
+CVE-2011-0869 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
[squeeze] - sun-java6 <no-dsa> (non-free not supported)
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
-CVE-2011-0868 (Unspecified vulnerability in the Java Runtime Environment ...)
+CVE-2011-0868 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
[squeeze] - sun-java6 <no-dsa> (non-free not supported)
- sun-java6 <undetermined>
- openjdk-6 <undetermined>
-CVE-2011-0867
- RESERVED
+CVE-2011-0867 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
[squeeze] - sun-java6 <no-dsa> (non-free not supported)
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
-CVE-2011-0866
- RESERVED
+CVE-2011-0866 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
[squeeze] - sun-java6 <no-dsa> (non-free not supported)
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
-CVE-2011-0865
- RESERVED
+CVE-2011-0865 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
[squeeze] - sun-java6 <no-dsa> (non-free not supported)
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
-CVE-2011-0864
- RESERVED
+CVE-2011-0864 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
[squeeze] - sun-java6 <no-dsa> (non-free not supported)
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
-CVE-2011-0863
- RESERVED
+CVE-2011-0863 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
[squeeze] - sun-java6 <no-dsa> (non-free not supported)
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
-CVE-2011-0862
- RESERVED
+CVE-2011-0862 (Multiple unspecified vulnerabilities in the Java Runtime
Environment ...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
[squeeze] - sun-java6 <no-dsa> (non-free not supported)
- sun-java6 6.26-1 (bug #629852)
@@ -3965,22 +4647,19 @@
NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0818 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne
Tools 8.9 ...)
NOT-FOR-US: Oracle JD Edwards EnterpriseOne
-CVE-2011-0817
- RESERVED
+CVE-2011-0817 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
[squeeze] - sun-java6 <no-dsa> (non-free not supported)
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
CVE-2011-0816
RESERVED
-CVE-2011-0815
- RESERVED
+CVE-2011-0815 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
[squeeze] - sun-java6 <no-dsa> (non-free not supported)
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
-CVE-2011-0814
- RESERVED
+CVE-2011-0814 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
[squeeze] - sun-java6 <no-dsa> (non-free not supported)
- sun-java6 6.26-1 (bug #629852)
@@ -4007,8 +4686,7 @@
NOT-FOR-US: Oracle Database Server
CVE-2011-0803 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools
...)
NOT-FOR-US: Oracle JD Edwards Products
-CVE-2011-0802
- RESERVED
+CVE-2011-0802 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
[squeeze] - sun-java6 <no-dsa> (non-free not supported)
- sun-java6 6.26-1 (bug #629852)
@@ -4039,16 +4717,14 @@
NOT-FOR-US: Oracle Solaris
CVE-2011-0789 (Unspecified vulnerability in the Oracle HTTP Server component in
...)
NOT-FOR-US: Oracle Fusion Middleware
-CVE-2011-0788
- RESERVED
+CVE-2011-0788 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
[squeeze] - sun-java6 <no-dsa> (non-free not supported)
- sun-java6 6.26-1 (bug #629852)
- openjdk-6 <undetermined> (bug #629852)
CVE-2011-0787 (Unspecified vulnerability in the Application Service Level
Management ...)
NOT-FOR-US: Oracle
-CVE-2011-0786
- RESERVED
+CVE-2011-0786 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
[lenny] - sun-java6 <no-dsa> (non-free not supported)
[squeeze] - sun-java6 <no-dsa> (non-free not supported)
- sun-java6 6.26-1 (bug #629852)
@@ -4143,10 +4819,9 @@
RESERVED
CVE-2011-0768
RESERVED
-CVE-2011-0767
- RESERVED
-CVE-2011-0766 [Erlang OTP broken random number generator in SSH implementation]
- RESERVED
+CVE-2011-0767 (Cross-site scripting (XSS) vulnerability in the management GUI
in the ...)
+ TODO: check
+CVE-2011-0766 (The random number generator in the Crypto application before
2.0.2.2, ...)
- erlang <unfixed> (bug #628456)
NOTE: http://www.kb.cert.org/vuls/id/178990
NOTE: https://github.com/erlang/otp/commit/f228601de45c5
@@ -4265,8 +4940,8 @@
NOT-FOR-US: IBM Tivoli Integrated Portal
CVE-2011-0731 (Buffer overflow in the DB2 Administration Server (DAS) component
in ...)
NOT-FOR-US: IBM DB2
-CVE-2011-0730
- RESERVED
+CVE-2011-0730 (Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used
in ...)
+ TODO: check
CVE-2011-0729 (dbus_backend/ls-dbus-backend in the D-Bus backend in
language-selector ...)
NOT-FOR-US: Ubuntu-specific language-selector package
CVE-2011-0728 (Cross-site scripting (XSS) vulnerability in templatefunctions.py
in ...)
@@ -4277,6 +4952,7 @@
- gdm <not-affected> (Affected code was introduced in 2.28)
CVE-2011-0726
RESERVED
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-2
[lenny] - linux-2.6 2.6.26-26lenny3
[squeeze] - linux-2.6 2.6.32-32
@@ -4340,6 +5016,7 @@
[wheezy] - linux-2.6 2.6.32-31
[squeeze] - linux-2.6 2.6.32-31
CVE-2011-0711 (The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux
kernel ...)
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 <unfixed> (low)
CVE-2011-0710 (The task_show_regs function in arch/s390/kernel/traps.c in the
Linux ...)
- linux-2.6 2.6.37-2 (low)
@@ -4405,6 +5082,7 @@
NOTE: http://www.djangoproject.com/weblog/2011/feb/08/security/
[squeeze] - python-django 1.2.3-3+squeeze1
CVE-2011-0695 (Race condition in the cm_work_handler function in the InfiniBand
...)
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-2
CVE-2011-0694 (RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5,
and ...)
NOT-FOR-US: RealPlayer
@@ -4480,7 +5158,7 @@
NOT-FOR-US: Microsoft Windows
CVE-2011-0665 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
NOT-FOR-US: Microsoft Windows
-CVE-2011-0664 (... does not properly validate arguments to unspecified
networking API functions ...)
+CVE-2011-0664 (Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1,
3.5.1, and ...)
NOT-FOR-US: Microsoft .NET Framework, Silverlight
CVE-2011-0663 (Multiple integer overflows in the Microsoft (1) JScript 5.6
through ...)
NOT-FOR-US: Microsoft JScript
@@ -4492,7 +5170,7 @@
NOT-FOR-US: Microsoft Windows
CVE-2011-0659
RESERVED
-CVE-2011-0658 (Integer underflow in the OLE Automation protocol implementation
in VBScript.dll ...)
+CVE-2011-0658 (Integer underflow in the OLE Automation protocol implementation
in ...)
NOT-FOR-US: Microsoft Windows
CVE-2011-0657 (DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and
SP3, ...)
NOT-FOR-US: Microsoft Windows
@@ -4587,10 +5265,10 @@
RESERVED
CVE-2011-0630
RESERVED
-CVE-2011-0629 (Cross-site request forgery (CSRF) vulnerability ...)
+CVE-2011-0629 (Cross-site request forgery (CSRF) vulnerability in Adobe
ColdFusion ...)
NOT-FOR-US: Adobe ColdFusion
-CVE-2011-0628
- RESERVED
+CVE-2011-0628 (Integer overflow in Adobe Flash Player before 10.3.181.14 on
Windows, ...)
+ TODO: check
CVE-2011-0627 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X,
Linux, and ...)
NOT-FOR-US: Adobe Flash Player
CVE-2011-0626 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X,
Linux, and ...)
@@ -4753,7 +5431,7 @@
RESERVED
CVE-2011-0547
RESERVED
-CVE-2011-0546
+CVE-2011-0546 (Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does
not ...)
NOT-FOR-US: Symantec Backup Exec
CVE-2011-0545 (Cross-site request forgery (CSRF) vulnerability in adduser.do in
...)
NOT-FOR-US: Symantec LiveUpdate Administrator
@@ -5045,8 +5723,10 @@
CVE-2011-0448 (Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments
to the ...)
- rails <not-affected> (Only affects 3.x)
CVE-2011-0447 (Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x
before ...)
+ {DSA-2247-1}
- rails 2.3.11-0.1 (bug #614864)
CVE-2011-0446 (Multiple cross-site scripting (XSS) vulnerabilities in the
mail_to ...)
+ {DSA-2247-1}
- rails 2.3.11-0.1 (bug #614864)
CVE-2010-4695 (A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2,
as ...)
- gif2png 2.5.4-2 (low; bug #610479)
@@ -5140,8 +5820,7 @@
CVE-2011-0419 (Stack consumption vulnerability in the fnmatch implementation in
...)
{DSA-2237-2}
- apr 1.4.4-1 (low)
-CVE-2011-0418
- RESERVED
+CVE-2011-0418 (The glob implementation in Pure-FTPd before 1.0.32, and in libc
in ...)
- pure-ftpd <unfixed>
TODO: File bug
CVE-2011-0417
@@ -5322,7 +6001,7 @@
RESERVED
CVE-2011-0336
RESERVED
-CVE-2011-0335 (Dirapi.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+CVE-2011-0335 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows
...)
NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0334
RESERVED
@@ -5352,13 +6031,13 @@
NOT-FOR-US: EMC RSA Access Manager Server
CVE-2011-0321 (librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x
before ...)
NOT-FOR-US: EMC NetWorker
-CVE-2011-0320 (Dirapi.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+CVE-2011-0320 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows
...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-0319 (Dirapi.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+CVE-2011-0319 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows
...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-0318 (Dirapi.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+CVE-2011-0318 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows
...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-0317 (Dirapi.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+CVE-2011-0317 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows
...)
NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0316 (The Administrative Console component in IBM WebSphere
Application ...)
NOT-FOR-US: IBM WebSphere Application Server
@@ -5539,8 +6218,8 @@
TODO: check
CVE-2010-4664
RESERVED
-CVE-2010-4663
- RESERVED
+CVE-2010-4663 (Unspecified vulnerability in the News module in CMS Made Simple
...)
+ TODO: check
CVE-2010-4662
RESERVED
CVE-2010-4661 [arbitrary kernel module loading]
@@ -6183,8 +6862,7 @@
RESERVED
CVE-2011-0083
RESERVED
-CVE-2011-0082
- RESERVED
+CVE-2011-0082 (The X.509 certificate validation functionality in Mozilla
Firefox ...)
- xulrunner <removed>
- iceweasel <unfixed> (low; bug #627552)
CVE-2011-0081 (Unspecified vulnerability in the browser engine in Mozilla
Firefox ...)
@@ -6697,14 +7375,15 @@
RESERVED
CVE-2009-5025
RESERVED
-CVE-2009-5024
- RESERVED
+CVE-2009-5024 (ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb
...)
+ TODO: check
CVE-2009-5023 [fail2ban: Insecure creating/writing to tmpfile]
RESERVED
- fail2ban 0.8.4+svn20110323-1 (low; bug #544232)
[lenny] - fail2ban <no-dsa> (Minor issue)
[squeeze] - fail2ban <no-dsa> (Minor issue)
CVE-2009-5022 (Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder
in ...)
+ {DSA-2256-1}
- tiff 3.9.5-1 (bug #624287)
[lenny] - tiff <not-affected> (3.9+ only)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=1999
@@ -7503,6 +8182,7 @@
[lenny] - clamav <not-affected> (Introduced in
3643f3d2b0a38fdc7bc6777d093c857b9760804e)
NOTE: Fixed in 019f1955194360600ecf0644959ceca6734c2d7b
CVE-2010-4259 (Stack-based buffer overflow in FontForge 20100501 allows remote
...)
+ {DSA-2253-1}
- fontforge 0.0.20100501-4 (bug #605537)
CVE-2010-4258 (The do_exit function in kernel/exit.c in the Linux kernel before
...)
{DSA-2153-1}
@@ -7523,8 +8203,7 @@
CVE-2010-4252 (OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly
...)
- openssl <not-affected> (configured with -DOPENSSL_NO_JPAKE; bug
#606902)
NOTE: http://www.openssl.org/news/secadv_20101202.txt
-CVE-2010-4251
- RESERVED
+CVE-2010-4251 (The socket implementation in net/core/sock.c in the Linux kernel
...)
- linux-2.6 <not-affected> (introduced after 2.6.32; fixed in 2.6.37)
CVE-2010-4250 [linux inotify memory leak]
RESERVED
@@ -8470,7 +9149,7 @@
{DSA-2126-1}
- linux-2.6 2.6.32-30 (low)
CVE-2010-3875 (The ax25_getname function in net/ax25/af_ax25.c in the Linux
kernel ...)
- {DSA-2126-1}
+ {DSA-2264-1 DSA-2240-1 DSA-2126-1}
- linux-2.6 2.6.32-30 (low)
CVE-2010-3874 (Heap-based buffer overflow in the bcm_connect function in ...)
{DSA-2126-1}
@@ -13007,8 +13686,7 @@
RESERVED
- makepasswd 1.10-5 (low; bug #564559)
[lenny] - makepasswd 1.10-3+lenny1
-CVE-2010-2246 [feh --wget-timestamp issue]
- RESERVED
+CVE-2010-2246 (feh before 1.8, when the --wget-timestamp option is enabled,
might ...)
- feh 1.8-1 (low; bug #587205)
[lenny] - feh <no-dsa> (Minor issue)
CVE-2010-2245
@@ -21068,6 +21746,7 @@
- mysql-dfsg-5.1 <unfixed> (low; bug #569484)
- mysql-dfsg-5.0 <not-affected> (Vulnerable code not present)
CVE-2009-4214 (Cross-site scripting (XSS) vulnerability in the strip_tags
function in ...)
+ {DSA-2260-1}
- rails 2.2.3-2 (low; bug #558685)
NOTE:
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
CVE-2008-7248 (Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not
verify ...)
@@ -21289,8 +21968,8 @@
{DSA-1968-1}
- pdns-recursor 3.1.7.2-1 (high)
[etch] - pdns-recursor <not-affected> (vulnerable code not present)
-CVE-2009-4008 [Unbound DNSSEC validation failure induced by crafted queries]
- RESERVED
+CVE-2009-4008 (Unbound before 1.4.4 does not send responses for signed zones
after ...)
+ {DSA-2243-1}
- unbound 1.4.4-1 (low)
CVE-2009-4007 (Unspecified vulnerability in the NormaliseTrainConsist function
in ...)
- openttd 0.7.5-1
@@ -24181,6 +24860,7 @@
CVE-2009-3087 (Unspecified vulnerability in nserver.exe in the server in IBM
Lotus ...)
NOT-FOR-US: IBM Lotus Domino
CVE-2009-3086 (A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and
2.3.x ...)
+ {DSA-2260-1}
- rails 2.2.3-1 (low; bug #545063)
[etch] - rails <no-dsa> (Minor issue)
CVE-2009-3085 (The XMPP protocol plugin in libpurple in Pidgin before 2.6.2
does not ...)