From ec00c9524bad503cca9ff36c651acab75ecec33d Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 15 Jan 2020 08:10:21 +0000 Subject: automatic update --- data/CVE/2011.list | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) (limited to 'data/CVE/2011.list') diff --git a/data/CVE/2011.list b/data/CVE/2011.list index a65194a6f4..9e40545852 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -5345,11 +5345,9 @@ CVE-2011-3204 (hammerhead.cc in Hammerhead 2.1.4 allows local users to write to [lenny] - hammerhead (Minor issue) [squeeze] - hammerhead (Minor issue) NOTE: https://launchpad.net/bugs/826679 -CVE-2011-3203 [Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution] - RESERVED +CVE-2011-3203 (A Code Execution vulnerability exists the attachment parameter to inde ...) NOT-FOR-US: Jcow -CVE-2011-3202 [Jcow CMS 4.2 <= | Cross Site Scripting] - RESERVED +CVE-2011-3202 (A Cross-Site Scripting (XSS) vulnerability exists in the g parameter t ...) NOT-FOR-US: Jcow CVE-2011-3201 (GNOME Evolution before 3.2.3 allows user-assisted remote attackers to ...) - evolution (unimportant) @@ -5411,8 +5409,7 @@ CVE-2011-3185 (gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assiste CVE-2011-3184 (The msn_httpconn_parse_data function in httpconn.c in the MSN protocol ...) - pidgin 2.10.0-1 (unimportant) NOTE: Only exploitable by a malicious MSN server to crash the client -CVE-2011-3183 - RESERVED +CVE-2011-3183 (A Cross-Site Scripting (XSS) vulnerability exists in the rcID paramete ...) NOT-FOR-US: Concrete CMS CVE-2011-3182 (PHP before 5.3.7 does not properly check the return values of the mall ...) {DSA-2408-1} @@ -6220,11 +6217,9 @@ CVE-2011-2936 (Elgg through 1.7.10 has a SQL injection vulnerability ...) - elgg (bug #526197) CVE-2011-2935 (Elgg through 1.7.10 has XSS ...) - elgg (bug #526197) -CVE-2011-2934 - RESERVED +CVE-2011-2934 (A Cross Site Request Forgery (CSRF) vulnerability exists in the admini ...) NOT-FOR-US: WebsiteBaker -CVE-2011-2933 - RESERVED +CVE-2011-2933 (An Arbitrary File Upload vulnerability exists in admin/media/upload.ph ...) NOT-FOR-US: WebsiteBaker CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in activesupport/lib/active_s ...) {DSA-2655-1} @@ -6922,11 +6917,9 @@ CVE-2011-2716 (The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote D - busybox 1:1.20.0-3 (unimportant; bug #635548) NOTE: the default action script of busybox is not vulnerable to this attack NOTE: fixed in 1.20 (experimental). default script in udeb may be vulnerable. -CVE-2011-2715 - RESERVED +CVE-2011-2715 (An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0 ...) NOT-FOR-US: Drupal data module -CVE-2011-2714 - RESERVED +CVE-2011-2714 (A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6 ...) NOT-FOR-US: Drupal data module CVE-2011-2713 (oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows u ...) {DSA-2315-1} @@ -6948,8 +6941,7 @@ CVE-2011-2708 REJECTED CVE-2011-2707 (The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Lin ...) - linux-2.6 (xtensa arch not used in Debian) -CVE-2011-2706 - RESERVED +CVE-2011-2706 (A Cross-Site Scripting (XSS) vulnerability exists in the reorder admin ...) NOT-FOR-US: sNews CVE-2011-2705 (The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby ...) {DLA-235-1 DLA-88-1} -- cgit v1.2.3