[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Nov 26 08:10:28 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
209092d6 by security tracker role at 2019-11-26T08:10:13Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2019-19272 (An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Dir ...)
+ TODO: check
+CVE-2019-19271 (An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A w ...)
+ TODO: check
+CVE-2019-19270 (An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. F ...)
+ TODO: check
+CVE-2019-19269 (An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A ...)
+ TODO: check
+CVE-2019-19268
+ RESERVED
+CVE-2019-19267
+ RESERVED
+CVE-2019-19266
+ RESERVED
+CVE-2019-19265
+ RESERVED
+CVE-2019-19264
+ RESERVED
CVE-2019-19263
RESERVED
CVE-2019-19262
@@ -40,8 +58,8 @@ CVE-2019-19246 (Oniguruma through 6.9.3, as used in PHP 7.3.x and other products
NOTE: https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b
CVE-2019-19245
RESERVED
-CVE-2019-19244
- RESERVED
+CVE-2019-19244 (sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-sel ...)
+ TODO: check
CVE-2019-19243
RESERVED
CVE-2019-19242 (SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_C ...)
@@ -4700,10 +4718,10 @@ CVE-2019-18253
RESERVED
CVE-2019-18252
RESERVED
-CVE-2019-18251
- RESERVED
-CVE-2019-18250
- RESERVED
+CVE-2019-18251 (In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervis ...)
+ TODO: check
+CVE-2019-18250 (In all versions of ABB Power Generation Information Manager (PGIM) and ...)
+ TODO: check
CVE-2019-18249
RESERVED
CVE-2019-18248
@@ -4720,8 +4738,8 @@ CVE-2019-18243
RESERVED
CVE-2019-18242
RESERVED
-CVE-2019-18241
- RESERVED
+CVE-2019-18241 (In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all ver ...)
+ TODO: check
CVE-2019-18240 (In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer o ...)
NOT-FOR-US: Fuji
CVE-2019-18239
@@ -6951,8 +6969,8 @@ CVE-2019-17634
RESERVED
CVE-2019-17633
RESERVED
-CVE-2019-17632
- RESERVED
+CVE-2019-17632 (In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4. ...)
+ TODO: check
CVE-2019-17631 (From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such ...)
NOT-FOR-US: Eclipse OpenJ9
CVE-2019-17630 (CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a cra ...)
@@ -10705,6 +10723,7 @@ CVE-2016-10938 (The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-
NOT-FOR-US: Wordpress plugin
CVE-2019-16255 [A code injection vulnerability of Shell#[] and Shell#test]
RESERVED
+ {DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -10713,6 +10732,7 @@ CVE-2019-16255 [A code injection vulnerability of Shell#[] and Shell#test]
NOTE: ruby2.5: https://github.com/ruby/ruby/commit/3af01ae1101e0b8815ae5a106be64b0e82a58640
CVE-2019-16254 [HTTP response splitting in WEBrick (Additional fix)]
RESERVED
+ {DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -10895,6 +10915,7 @@ CVE-2019-16202 (MISP before 2.4.115 allows privilege escalation in certain situa
NOT-FOR-US: MISP
CVE-2019-16201 [Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication]
RESERVED
+ {DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -11407,40 +11428,40 @@ CVE-2019-16004
RESERVED
CVE-2019-16003
RESERVED
-CVE-2019-16002
- RESERVED
-CVE-2019-16001
- RESERVED
+CVE-2019-16002 (A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-W ...)
+ TODO: check
+CVE-2019-16001 (A vulnerability in the loading mechanism of specific dynamic link libr ...)
+ TODO: check
CVE-2019-16000
RESERVED
CVE-2019-15999
RESERVED
-CVE-2019-15998
- RESERVED
-CVE-2019-15997
- RESERVED
-CVE-2019-15996
- RESERVED
-CVE-2019-15995
- RESERVED
-CVE-2019-15994
- RESERVED
+CVE-2019-15998 (A vulnerability in the access-control logic of the NETCONF over Secure ...)
+ TODO: check
+CVE-2019-15997 (A vulnerability in Cisco DNA Spaces: Connector could allow an authenti ...)
+ TODO: check
+CVE-2019-15996 (A vulnerability in Cisco DNA Spaces: Connector could allow an authenti ...)
+ TODO: check
+CVE-2019-15995 (A vulnerability in the web UI of Cisco DNA Spaces: Connector could all ...)
+ TODO: check
+CVE-2019-15994 (A vulnerability in the web-based management interface of Cisco Stealth ...)
+ TODO: check
CVE-2019-15993
RESERVED
CVE-2019-15992
RESERVED
CVE-2019-15991
RESERVED
-CVE-2019-15990
- RESERVED
+CVE-2019-15990 (A vulnerability in the web-based management interface of certain Cisco ...)
+ TODO: check
CVE-2019-15989
RESERVED
-CVE-2019-15988
- RESERVED
-CVE-2019-15987
- RESERVED
-CVE-2019-15986
- RESERVED
+CVE-2019-15988 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...)
+ TODO: check
+CVE-2019-15987 (A vulnerability in web interface of the Cisco Webex Event Center, Cisc ...)
+ TODO: check
+CVE-2019-15986 (A vulnerability in the CLI of Cisco Unity Express could allow an authe ...)
+ TODO: check
CVE-2019-15985
RESERVED
CVE-2019-15984
@@ -11465,20 +11486,20 @@ CVE-2019-15975
RESERVED
CVE-2019-15974
RESERVED
-CVE-2019-15973
- RESERVED
-CVE-2019-15972
- RESERVED
-CVE-2019-15971
- RESERVED
+CVE-2019-15973 (A vulnerability in the web-based management interface of Cisco Industr ...)
+ TODO: check
+CVE-2019-15972 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
+CVE-2019-15971 (A vulnerability in the MP3 detection engine of Cisco AsyncOS Software ...)
+ TODO: check
CVE-2019-15970
RESERVED
CVE-2019-15969
RESERVED
-CVE-2019-15968
- RESERVED
-CVE-2019-15967
- RESERVED
+CVE-2019-15968 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
+CVE-2019-15967 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
+ TODO: check
CVE-2019-15966 (A vulnerability in the web application of Cisco TelePresence Advanced ...)
NOT-FOR-US: Cisco TelePresence Advanced Media Gateway
CVE-2019-15965
@@ -11495,16 +11516,16 @@ CVE-2019-15961
[buster] - clamav <no-dsa> (ClamAV is updated via -updates)
[stretch] - clamav <no-dsa> (ClamAV is updated via -updates)
NOTE: https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html
-CVE-2019-15960
- RESERVED
+CVE-2019-15960 (A vulnerability in the Webex Network Recording Admin page of Cisco Web ...)
+ TODO: check
CVE-2019-15959
RESERVED
-CVE-2019-15958
- RESERVED
+CVE-2019-15958 (A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and ...)
+ TODO: check
CVE-2019-15957
RESERVED
-CVE-2019-15956
- RESERVED
+CVE-2019-15956 (A vulnerability in the web management interface of Cisco AsyncOS Softw ...)
+ TODO: check
CVE-2019-15955 (An issue was discovered in Total.js CMS 12.0.0. A low privilege user c ...)
NOT-FOR-US: Total.js CMS
CVE-2019-15954 (An issue was discovered in Total.js CMS 12.0.0. An authenticated user ...)
@@ -11862,6 +11883,7 @@ CVE-2019-15846 (Exim before 4.92.2 allows remote attackers to execute arbitrary
NOTE: https://git.exim.org/exim.git/commit/2600301ba6dbac5c9d640c87007a07ee6dcea1f4
CVE-2019-15845 [A NUL injection vulnerability of File.fnmatch and File.fnmatch?]
RESERVED
+ {DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -12509,8 +12531,8 @@ CVE-2019-15631
RESERVED
CVE-2019-15630 (Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider com ...)
NOT-FOR-US: Mulesoft
-CVE-2019-15629
- RESERVED
+CVE-2019-15629 (Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is ...)
+ TODO: check
CVE-2019-15628
RESERVED
CVE-2019-15627 (Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent ar ...)
@@ -12577,8 +12599,8 @@ CVE-2019-15597
RESERVED
CVE-2019-15596
RESERVED
-CVE-2019-15595
- RESERVED
+CVE-2019-15595 (A privilege escalation exists in UniFi Video Controller =<3.10.6 th ...)
+ TODO: check
CVE-2019-15594
RESERVED
CVE-2019-15593 (GitLab 12.2.3 contains a security vulnerability that allows a user to ...)
@@ -13421,16 +13443,16 @@ CVE-2019-15293 (An issue was discovered in ACDSee Photo Studio Standard 22.1 Bui
NOT-FOR-US: ACDSee
CVE-2019-15289
RESERVED
-CVE-2019-15288
- RESERVED
+CVE-2019-15288 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
+ TODO: check
CVE-2019-15287
RESERVED
-CVE-2019-15286
- RESERVED
+CVE-2019-15286 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
+ TODO: check
CVE-2019-15285
RESERVED
-CVE-2019-15284
- RESERVED
+CVE-2019-15284 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
+ TODO: check
CVE-2019-15283
RESERVED
CVE-2019-15282 (A vulnerability in the web-based management interface of Cisco Identit ...)
@@ -13445,8 +13467,8 @@ CVE-2019-15278
RESERVED
CVE-2019-15277 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
NOT-FOR-US: Cisco
-CVE-2019-15276
- RESERVED
+CVE-2019-15276 (A vulnerability in the web interface of Cisco Wireless LAN Controller ...)
+ TODO: check
CVE-2019-15275 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
NOT-FOR-US: Cisco
CVE-2019-15274 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
@@ -13455,8 +13477,8 @@ CVE-2019-15273 (Multiple vulnerabilities in the CLI of Cisco TelePresence Collab
NOT-FOR-US: Cisco
CVE-2019-15272 (A vulnerability in the web-based interface of Cisco Unified Communicat ...)
NOT-FOR-US: Cisco
-CVE-2019-15271
- RESERVED
+CVE-2019-15271 (A vulnerability in the web-based management interface of certain Cisco ...)
+ TODO: check
CVE-2019-15270 (A vulnerability in the web-based management interface of Cisco Firepow ...)
NOT-FOR-US: Cisco
CVE-2019-15269 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -14865,8 +14887,8 @@ CVE-2019-14892
NOTE: https://github.com/FasterXML/jackson-databind/commit/819cdbcab51c6da9fb896380f2d46e9b7d4fdc3b
CVE-2019-14891 (A flaw was found in cri-o, as a result of all pod-related processes be ...)
NOT-FOR-US: Kubernetes CRI-O
-CVE-2019-14890
- RESERVED
+CVE-2019-14890 (An attacker with low privilege could retrieve usernames and passwords ...)
+ TODO: check
CVE-2019-14889
RESERVED
CVE-2019-14888
@@ -24934,6 +24956,7 @@ CVE-2019-11746 (A use-after-free vulnerability can occur while manipulating vide
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11746
CVE-2019-11745 [Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate]
RESERVED
+ {DLA-2008-1}
- nss <unfixed>
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1586176 (not public)
NOTE: Upstream patch: https://hg.mozilla.org/releases/mozilla-esr68/rev/ea1bc0fb2dda
@@ -26352,8 +26375,8 @@ CVE-2019-11292
RESERVED
CVE-2019-11291 (Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior ...)
TODO: check
-CVE-2019-11290
- RESERVED
+CVE-2019-11290 (Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query p ...)
+ TODO: check
CVE-2019-11289 (Cloud Foundry Routing, all versions before 0.193.0, does not properly ...)
NOT-FOR-US: Cloud Foundry Routing
CVE-2019-11288
@@ -27750,8 +27773,8 @@ CVE-2019-10773
RESERVED
CVE-2019-10772
RESERVED
-CVE-2019-10771
- RESERVED
+CVE-2019-10771 (Characters in the GET url path are not properly escaped and can be ref ...)
+ TODO: check
CVE-2019-10770
RESERVED
CVE-2019-10769
@@ -41740,7 +41763,6 @@ CVE-2019-5867 (Out of bounds read in JavaScript in Google Chrome prior to 76.0.3
{DSA-4500-1}
- chromium 76.0.3809.100-1
CVE-2019-5866 (Out of bounds memory access in JavaScript in Google Chrome prior to 75 ...)
- {DSA-4500-1}
- chromium 76.0.3809.71-1
CVE-2019-5865 (Insufficient policy enforcement in navigations in Google Chrome prior ...)
{DSA-4500-1}
@@ -41860,12 +41882,10 @@ CVE-2019-5827 (Integer overflow in SQLite via WebSQL in Google Chrome prior to 7
[jessie] - sqlite3 <no-dsa> (Minor issue; mainly with inpact in chromium)
NOTE: https://www.sqlite.org/src/info/07ee06fd390bfebe
NOTE: https://www.sqlite.org/src/info/0b6ae032c28e7fe3
-CVE-2019-5826
- RESERVED
+CVE-2019-5826 (Use after free in IndexedDB in Google Chrome prior to 73.0.3683.86 all ...)
{DSA-4500-1}
- chromium 75.0.3770.80-1
-CVE-2019-5825
- RESERVED
+CVE-2019-5825 (Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683. ...)
{DSA-4500-1}
- chromium 75.0.3770.80-1
CVE-2019-5824 (Parameter passing error in media in Google Chrome prior to 74.0.3729.1 ...)
@@ -157353,6 +157373,7 @@ CVE-2017-2626 (It was discovered that libICE before 1.0.9-8 used a weak entropy
[wheezy] - libice <no-dsa> (Minor issue, can be fixed in a point update or next DSA)
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
CVE-2017-2625 (It was discovered that libXdmcp before 1.1.2 including used weak entro ...)
+ {DLA-2006-1}
- libxdmcp 1:1.1.2-2 (bug #856399)
[wheezy] - libxdmcp <no-dsa> (Minor issue, can be fixed in a point update or next DSA)
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
@@ -283630,8 +283651,7 @@ CVE-2011-4351 (Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x
NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=a31ccacb1a9b2abc0e140a812fb0ffca6f7c2591
NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=0d93d5c4614fafea74bdac681673f5b32eb49063
NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=73472053516f82b7d273a3d42c583f894077a191
-CVE-2011-4350
- RESERVED
+CVE-2011-4350 (Yaws 1.91 has a directory traversal vulnerability in the way certain U ...)
- yaws 1.91-2 (bug #650009)
[lenny] - yaws <not-affected> (Vulnerable code not present)
[squeeze] - yaws <not-affected> (Vulnerable code not present)
@@ -284326,11 +284346,9 @@ CVE-2011-4123
REJECTED
CVE-2011-4122 (Directory traversal vulnerability in openpam_configure.c in OpenPAM be ...)
NOT-FOR-US: OpenPAM
-CVE-2011-4121
- RESERVED
+CVE-2011-4121 (The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up ...)
- ruby1.9.1 <not-affected> (Only affected trunk versions)
-CVE-2011-4120 [authentication bypass by pressing ctrl-d]
- RESERVED
+CVE-2011-4120 (Yubico PAM Module before 2.10 performed user authentication when 'use_ ...)
- yubico-pam 2.10-1
CVE-2011-4119
RESERVED
@@ -284436,8 +284454,7 @@ CVE-2011-4091 (The libobby server in inc/server.hpp in libnet6 (aka net6) before
[squeeze] - net6 <no-dsa> (Minor issue)
[lenny] - net6 <no-dsa> (Minor issue)
- net6 1:1.3.14-1 (low; bug #647318)
-CVE-2011-4090 [serendipity before 1.6 backend XSS in karma plugin]
- RESERVED
+CVE-2011-4090 (Serendipity before 1.6 has an XSS issue in the karma plugin which may ...)
- serendipity <removed> (bug #650937)
[squeeze] - serendipity <no-dsa> (Minor issue)
NOTE: http://seclists.org/oss-sec/2011/q4/192
@@ -284461,8 +284478,7 @@ CVE-2011-4084
REJECTED
CVE-2011-4083 (The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x ...)
NOT-FOR-US: RedHat sos
-CVE-2011-4082
- RESERVED
+CVE-2011-4082 (A local file inclusion flaw was found in the way the phpLDAPadmin befo ...)
- phpldapadmin 0.9.8-1
CVE-2011-4081 (crypto/ghash-generic.c in the Linux kernel before 3.1 allows local use ...)
- linux-2.6 3.0.0-6
@@ -284484,8 +284500,7 @@ CVE-2011-4078 (include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when P
CVE-2011-4077 (Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c ...)
{DSA-2389-1}
- linux-2.6 3.0.0-6
-CVE-2011-4076
- RESERVED
+CVE-2011-4076 (OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCE ...)
- nova 2012.1~e1-1
NOTE: https://bugs.launchpad.net/nova/+bug/868360
NOTE: the patch for this bug is available at https://review.openstack.org/#/c/794/
@@ -285952,14 +285967,11 @@ CVE-2011-3634 (methods/https.cc in apt before 0.8.11 accepts connections when th
NOTE: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353
CVE-2011-3633
REJECTED
-CVE-2011-3632 [hardlink has buffer overflows, is unsafe on changing trees]
- RESERVED
+CVE-2011-3632 (Hardlink before 0.1.2 operates on full file system objects path names ...)
- hardlink <not-affected> (Only the C version, ours are written in Python)
-CVE-2011-3631 [hardlink has buffer overflows, is unsafe on changing trees]
- RESERVED
+CVE-2011-3631 (Hardlink before 0.1.2 has multiple integer overflows leading to heap-b ...)
- hardlink <not-affected> (Only the C version, ours are written in Python)
-CVE-2011-3630 [hardlink has buffer overflows, is unsafe on changing trees]
- RESERVED
+CVE-2011-3630 (Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow ...)
- hardlink <not-affected> (Only the C version, ours are written in Python)
CVE-2011-3629
RESERVED
@@ -285980,8 +285992,7 @@ CVE-2011-3625 (Stack-based buffer overflow in the sub_read_line_sami function in
- mplayer 2:1.0~rc4.dfsg1+svn33713-2 (bug #645987)
[squeeze] - mplayer <not-affected> (Malformed SMI file correctly rejected, possibly introduced by later changes)
- mplayer2 2.0-134-g84d8671-9 (bug #646937)
-CVE-2011-3624
- RESERVED
+CVE-2011-3624 (Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and ea ...)
- ruby1.8 <removed> (low; bug #646020)
[lenny] - ruby1.8 <no-dsa> (Minor issue)
[squeeze] - ruby1.8 <no-dsa> (Minor issue)
@@ -286010,8 +286021,7 @@ CVE-2011-3618 (atop: symlink attack possible due to insecure tempfile handling .
- atop 1.23-1.1 (low; bug #622794)
[lenny] - atop 1.23-1+lenny1 (bug #622794)
[squeeze] - atop 1.23-1+squeeze1 (bug #622794)
-CVE-2011-3617 [tahoe-lafs: an unauthorized user can delete files]
- RESERVED
+CVE-2011-3617 (Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to del ...)
- tahoe-lafs 1.8.3-1 (bug #641540)
CVE-2011-3616 (The getSkillname function in the eve module in Conky 1.8.1 and earlier ...)
- conky 1.8.0-1.1 (low; bug #612033)
@@ -286034,16 +286044,14 @@ CVE-2011-3611 [HTB22914: Local File Inclusion in UseBB]
CVE-2011-3610 [serendipity freetag plugin before 3.30 and probably others]
RESERVED
NOT-FOR-US: Serendipity plugin
-CVE-2011-3609 [CSRF in the JBoss AS 7 administration console & HTTP management API]
- RESERVED
+CVE-2011-3609 (A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBo ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2011-3608
REJECTED
CVE-2011-3607 (Integer overflow in the ap_pregsub function in server/util.c in the Ap ...)
{DSA-2405-1}
- apache2 2.2.21-4
-CVE-2011-3606 [DOM based XSS in the JBoss AS 7 administration console]
- RESERVED
+CVE-2011-3606 (A DOM based cross-site scripting flaw was found in the JBoss Applicati ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2011-3605 (The process_rs function in the router advertisement daemon (radvd) bef ...)
{DSA-2323-1}
@@ -286066,8 +286074,7 @@ CVE-2011-3601 (Buffer overflow in the process_ra function in the router advertis
[squeeze] - radvd <not-affected> (No support for ND_OPT_DNSSL_INFORMATION)
[lenny] - radvd <not-affected> (No support for ND_OPT_DNSSL_INFORMATION)
NOTE: http://seclists.org/oss-sec/2011/q4/30
-CVE-2011-3600
- RESERVED
+CVE-2011-3600 (The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler i ...)
- libxmlrpc3-java 3.1.3-1 (low)
[lenny] - libxmlrpc3-java <no-dsa> (Minor issue)
CVE-2011-3599 (The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when ...)
@@ -286085,8 +286092,7 @@ CVE-2011-3597 (Eval injection vulnerability in the Digest module before 1.17 for
[squeeze] - perl 5.10.1-17squeeze3
[lenny] - perl <no-dsa> (Minor issue)
NOTE: https://github.com/gisle/digest/commit/33800e83550bcad19c4fc593874ec3497841fa1e
-CVE-2011-3596
- RESERVED
+CVE-2011-3596 (Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-c ...)
- polipo 1.0.4.1-1.2 (bug #644289)
[squeeze] - polipo <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2011/Oct/10
@@ -286127,13 +286133,11 @@ CVE-2011-3585
- cifs-utils 2:4.5-1 (low)
NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed
NOTE: http://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=810f7e4e0f2dbcbee0294d9b371071cb08268200
-CVE-2011-3584 [TYPO3-SA-2011-003]
- RESERVED
+CVE-2011-3584 (The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to ...)
- typo3-src 4.5.6+dfsg1-1 (low; bug #641683)
[squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze2
[lenny] - typo3-src 4.2.5-1+lenny9
-CVE-2011-3583 [TYPO3-SA-2011-002]
- RESERVED
+CVE-2011-3583 (It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared stat ...)
- typo3-src 4.5.6+dfsg1-1 (low; bug #641682)
[squeeze] - typo3-src <not-affected> (Only affects 4.5.x)
[lenny] - typo3-src <not-affected> (Only affects 4.5.x)
@@ -286771,12 +286775,10 @@ CVE-2011-3375 (Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does no
{DSA-2401-1}
- tomcat6 6.0.33-1
- tomcat7 7.0.22-1
-CVE-2011-3374 [apt-key insecure validation]
- RESERVED
+CVE-2011-3374 (It was found that apt-key in apt, all versions, do not correctly valid ...)
- apt <unfixed> (unimportant; bug #642480)
NOTE: Not exploitable in Debian, since no keyring URI is defined
-CVE-2011-3373
- RESERVED
+CVE-2011-3373 (Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 do ...)
NOT-FOR-US: Views Bulk Operations module for Drupal
CVE-2011-3372 (imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2 ...)
{DSA-2318-1}
@@ -286842,8 +286844,7 @@ CVE-2011-3356 (Multiple cross-site scripting (XSS) vulnerabilities in config_def
- mantis 1.2.7-1 (low; bug #640297)
[squeeze] - mantis <not-affected> (Vulnerable code not present)
[lenny] - mantis <not-affected> (Vulnerable code not present)
-CVE-2011-3355
- RESERVED
+CVE-2011-3355 (evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) con ...)
- evolution-data-server3 3.2.1-1 (bug #641052)
CVE-2011-3353 (Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev ...)
{DSA-2389-1}
@@ -286852,8 +286853,7 @@ CVE-2011-3353 (Buffer overflow in the fuse_notify_inval_entry function in fs/fus
[squeeze] - linux-2.6 2.6.32-36
CVE-2011-3352 (Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improp ...)
NOT-FOR-US: Zikula
-CVE-2011-3351
- RESERVED
+CVE-2011-3351 (openvas-scanner before 2011-09-11 creates a temporary file insecurely ...)
- openvas-server <removed> (low; bug #641327)
[squeeze] - openvas-server <no-dsa> (Minor issue)
NOTE: openvas-scanner in experimental also affected according to #671327
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/209092d6b3959d1b11319a4f14aa6287274113cf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/209092d6b3959d1b11319a4f14aa6287274113cf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191126/fa6da7d1/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list