[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Dec 20 20:10:30 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9da912fb by security tracker role at 2019-12-20T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,69 @@
+CVE-2020-3939
+ RESERVED
+CVE-2020-3938
+ RESERVED
+CVE-2020-3937
+ RESERVED
+CVE-2020-3936
+ RESERVED
+CVE-2020-3935
+ RESERVED
+CVE-2020-3934
+ RESERVED
+CVE-2020-3933
+ RESERVED
+CVE-2020-3932
+ RESERVED
+CVE-2020-3931
+ RESERVED
+CVE-2020-3930
+ RESERVED
+CVE-2020-3929
+ RESERVED
+CVE-2020-3928
+ RESERVED
+CVE-2020-3927
+ RESERVED
+CVE-2020-3926
+ RESERVED
+CVE-2020-3925
+ RESERVED
+CVE-2020-3924
+ RESERVED
+CVE-2020-3923
+ RESERVED
+CVE-2020-3922
+ RESERVED
+CVE-2020-3921
+ RESERVED
+CVE-2020-3920
+ RESERVED
+CVE-2019-19916 (In Midori Browser 0.5.11 (on Windows 10), Content Security Policy (CSP ...)
+ TODO: check
+CVE-2019-19915 (The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for Wor ...)
+ TODO: check
+CVE-2019-19914
+ RESERVED
CVE-2019-19913
+ RESERVED
TODO: check
CVE-2019-19912
+ RESERVED
TODO: check
CVE-2019-19911
+ RESERVED
TODO: check
-CVE-2019-19910
+CVE-2019-19910 (The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 ...)
NOT-FOR-US: Mediawiki skin
-CVE-2019-19909
+CVE-2019-19909 (An issue was discovered in Public Knowledge Project (PKP) pkp-lib befo ...)
NOT-FOR-US: Public Knowledge Project (PKP) pkp-lib
-CVE-2019-19908
+CVE-2019-19908 (phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript inje ...)
TODO: check
-CVE-2019-19907
+CVE-2019-19907 (HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core ...)
- kopanocore <unfixed>
NOTE: https://stash.kopano.io/projects/KC/repos/kopanocore/commits/4e02b420fff
CVE-2019-19904
+ RESERVED
TODO: check
CVE-2019-19903 (An issue was discovered in Backdrop CMS 1.14.x before 1.14.2. It doesn ...)
- backdrop <itp> (bug #914257)
@@ -41,11 +91,12 @@ CVE-2019-19892
RESERVED
CVE-2019-19891
RESERVED
-CVE-2019-19906
+CVE-2019-19906 (cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading ...)
+ {DLA-2044-1}
- cyrus-sasl2 <unfixed> (bug #947043)
NOTE: https://github.com/cyrusimap/cyrus-sasl/issues/587
NOTE: https://www.openldap.org/its/index.cgi/Incoming?id=9123
-CVE-2019-19905
+CVE-2019-19905 (NetHack before 3.6.4 is prone to a buffer overflow vulnerability when ...)
- nethack <unfixed> (low; bug #947005)
[buster] - nethack <no-dsa> (Minor issue)
[stretch] - nethack <no-dsa> (Minor issue)
@@ -906,8 +957,8 @@ CVE-2019-19791
RESERVED
CVE-2019-19790 (Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a rem ...)
NOT-FOR-US: Telerik UI for ASP.NET AJAX
-CVE-2019-19789
- RESERVED
+CVE-2019-19789 (3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Tool ...)
+ TODO: check
CVE-2019-19788 (Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed ...)
NOT-FOR-US: Opera for Android
CVE-2019-19787 (ATasm 1.06 has a stack-based buffer overflow in the get_signed_express ...)
@@ -2009,8 +2060,8 @@ CVE-2019-19749
RESERVED
CVE-2019-19748 (The Work Time Calendar app before 4.7.1 for Jira allows XSS. ...)
NOT-FOR-US: Work Time Calendar app for Jira
-CVE-2019-19747
- RESERVED
+CVE-2019-19747 (NeuVector 3.1 when configured to allow authentication via Active Direc ...)
+ TODO: check
CVE-2019-19746 (make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fau ...)
- fig2dev <unfixed> (unimportant; bug #946628)
- transfig <removed> (unimportant)
@@ -3382,12 +3433,12 @@ CVE-2019-19695
RESERVED
CVE-2019-19694
RESERVED
-CVE-2019-19693
- RESERVED
-CVE-2019-19692
- RESERVED
-CVE-2019-19691
- RESERVED
+CVE-2019-19693 (The Trend Micro Security 2020 consumer family of products contains a v ...)
+ TODO: check
+CVE-2019-19692 (Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS ...)
+ TODO: check
+CVE-2019-19691 (A vulnerability in Trend Micro Apex One and OfficeScan XG could allow ...)
+ TODO: check
CVE-2019-19690 (Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and ...)
NOT-FOR-US: Trend Micro
CVE-2019-19689 (Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) co ...)
@@ -5833,14 +5884,11 @@ CVE-2019-19343
RESERVED
- undertow <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780445
-CVE-2019-19342
- RESERVED
+CVE-2019-19342 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5 ...)
NOT-FOR-US: Ansible Tower
-CVE-2019-19341
- RESERVED
+CVE-2019-19341 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where ...)
NOT-FOR-US: Ansible Tower
-CVE-2019-19340
- RESERVED
+CVE-2019-19340 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5 ...)
NOT-FOR-US: Ansible Tower
CVE-2019-19339
RESERVED
@@ -6175,12 +6223,12 @@ CVE-2019-19236
RESERVED
CVE-2019-19235 (AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 note ...)
NOT-FOR-US: ASUS
-CVE-2019-19234
- RESERVED
+CVE-2019-19234 (In Sudo through 1.8.29, the fact that a user has been blocked (e.g., b ...)
+ TODO: check
CVE-2019-19233
RESERVED
-CVE-2019-19232
- RESERVED
+CVE-2019-19232 (In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer ...)
+ TODO: check
CVE-2019-19231
RESERVED
CVE-2019-19230 (An unsafe deserialization vulnerability exists in CA Release Automatio ...)
@@ -6384,8 +6432,8 @@ CVE-2019-19143
RESERVED
CVE-2019-19142
RESERVED
-CVE-2019-19141
- RESERVED
+CVE-2019-19141 (The Camera Upload functionality in Plex Media Server through 1.18.2.20 ...)
+ TODO: check
CVE-2019-19140
RESERVED
CVE-2019-19139
@@ -6887,8 +6935,7 @@ CVE-2019-18957 (Microstrategy Library in MicroStrategy before 2019 before 11.1.3
NOT-FOR-US: Microstrategy Library
CVE-2019-18956 (Divisa Proxia Suite 9 < 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 an ...)
NOT-FOR-US: Divisa Proxia Suite
-CVE-2019-18955
- RESERVED
+CVE-2019-18955 (The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Prod ...)
NOT-FOR-US: Lansweeper
CVE-2019-18954 (Pomelo v2.2.5 allows external control of critical state data. A malici ...)
NOT-FOR-US: Pomelo
@@ -9888,8 +9935,7 @@ CVE-2019-18617
RESERVED
CVE-2019-18616
RESERVED
-CVE-2019-18615
- RESERVED
+CVE-2019-18615 (In CloudVision Portal (CVP) for all releases in the 2018.2 Train, unde ...)
NOT-FOR-US: CloudVision Portal
CVE-2019-18614
RESERVED
@@ -10911,8 +10957,8 @@ CVE-2019-18265
RESERVED
CVE-2019-18264
RESERVED
-CVE-2019-18263
- RESERVED
+CVE-2019-18263 (An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual ...)
+ TODO: check
CVE-2019-18262
RESERVED
CVE-2019-18261 (In Omron PLC CS series, all versions, Omron PLC CJ series, all version ...)
@@ -12093,8 +12139,7 @@ CVE-2019-18183
RESERVED
CVE-2019-18182
RESERVED
-CVE-2019-18181
- RESERVED
+CVE-2019-18181 (In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train ...)
TODO: check
CVE-2019-18180 (Improper Check for filenames with overly long extensions in PostMaster ...)
- otrs2 <unfixed> (bug #945251)
@@ -13184,8 +13229,7 @@ CVE-2019-17635
RESERVED
CVE-2019-17634
RESERVED
-CVE-2019-17633
- RESERVED
+CVE-2019-17633 (For Eclipse Che versions 6.16 to 7.3.0, with both authentication and T ...)
NOT-FOR-US: Eclipse Che
CVE-2019-17632 (In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4. ...)
- jetty9 <unfixed>
@@ -13395,8 +13439,8 @@ CVE-2019-17573
RESERVED
CVE-2019-17572
RESERVED
-CVE-2019-17571
- RESERVED
+CVE-2019-17571 (Included in Log4j 1.2 is a SocketServer class that is vulnerable to de ...)
+ TODO: check
CVE-2019-17570
RESERVED
CVE-2019-17569
@@ -13635,8 +13679,8 @@ CVE-2019-17529 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based
NOT-FOR-US: Bento4
CVE-2019-17528 (An issue was discovered in Bento4 1.5.1.0. There is a SEGV in the func ...)
NOT-FOR-US: Bento4
-CVE-2019-17527
- RESERVED
+CVE-2019-17527 (dataForDepandantField in models/custormfields.php in the JS JOBS FREE ...)
+ TODO: check
CVE-2019-17526 (** DISPUTED ** An issue was discovered in SageMath Sage Cell Server th ...)
NOT-FOR-US: Sage Cell Server (not part of SafeMath as packaged in Debian)
CVE-2019-17525
@@ -13879,8 +13923,8 @@ CVE-2019-17442
RESERVED
CVE-2019-17441
RESERVED
-CVE-2019-17440
- RESERVED
+CVE-2019-17440 (Improper restriction of communications to Log Forwarding Card (LFC) on ...)
+ TODO: check
CVE-2019-17439
RESERVED
CVE-2019-17438
@@ -15308,8 +15352,8 @@ CVE-2019-16873 (Portainer before 1.22.1 has XSS (issue 1 of 2). ...)
NOT-FOR-US: Portainer
CVE-2019-16872 (Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). ...)
NOT-FOR-US: Portainer
-CVE-2019-16871
- RESERVED
+CVE-2019-16871 (Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twinca ...)
+ TODO: check
CVE-2019-16870
RESERVED
CVE-2019-16869 (Netty before 4.1.42.Final mishandles whitespace before the colon in HT ...)
@@ -16377,70 +16421,49 @@ CVE-2019-16467
RESERVED
CVE-2019-16466
RESERVED
-CVE-2019-16465
- RESERVED
+CVE-2019-16465 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16464
- RESERVED
+CVE-2019-16464 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16463
- RESERVED
+CVE-2019-16463 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16462
- RESERVED
+CVE-2019-16462 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16461
- RESERVED
+CVE-2019-16461 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16460
- RESERVED
+CVE-2019-16460 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16459
- RESERVED
+CVE-2019-16459 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16458
- RESERVED
+CVE-2019-16458 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16457
- RESERVED
+CVE-2019-16457 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16456
- RESERVED
+CVE-2019-16456 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16455
- RESERVED
+CVE-2019-16455 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16454
- RESERVED
+CVE-2019-16454 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16453
- RESERVED
+CVE-2019-16453 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16452
- RESERVED
+CVE-2019-16452 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16451
- RESERVED
+CVE-2019-16451 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16450
- RESERVED
+CVE-2019-16450 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16449
- RESERVED
+CVE-2019-16449 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16448
- RESERVED
+CVE-2019-16448 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
CVE-2019-16447
RESERVED
-CVE-2019-16446
- RESERVED
+CVE-2019-16446 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16445
- RESERVED
+CVE-2019-16445 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16444
- RESERVED
+CVE-2019-16444 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
NOT-FOR-US: Adobe
CVE-2019-16443
RESERVED
@@ -16565,11 +16588,11 @@ CVE-2019-16390
RESERVED
CVE-2019-16389
RESERVED
-CVE-2019-16388 (PEGA Platform 8.3.0 is vulnerable to Information disclosure via a dire ...)
+CVE-2019-16388 (** DISPUTED ** PEGA Platform 8.3.0 is vulnerable to Information disclo ...)
NOT-FOR-US: PEGA Platform
-CVE-2019-16387 (PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/! ...)
+CVE-2019-16387 (** DISPUTED ** PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso ...)
NOT-FOR-US: PEGA Platform
-CVE-2019-16386 (PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via ...)
+CVE-2019-16386 (** DISPUTED ** PEGA Platform 7.x and 8.x is vulnerable to Information ...)
NOT-FOR-US: PEGA Platform
CVE-2019-16385
RESERVED
@@ -18030,18 +18053,18 @@ CVE-2019-15916 (An issue was discovered in the Linux kernel before 5.0.1. There
[stretch] - linux 4.9.168-1
[jessie] - linux 3.16.70-1
NOTE: https://git.kernel.org/linus/895a5e96dbd6386c8e78e5b78e067dcc67b7f0ab
-CVE-2019-15915
- RESERVED
-CVE-2019-15914
- RESERVED
-CVE-2019-15913
- RESERVED
-CVE-2019-15912
- RESERVED
-CVE-2019-15911
- RESERVED
-CVE-2019-15910
- RESERVED
+CVE-2019-15915 (An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCG ...)
+ TODO: check
+CVE-2019-15914 (An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDC ...)
+ TODO: check
+CVE-2019-15913 (An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDC ...)
+ TODO: check
+CVE-2019-15912 (An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, ...)
+ TODO: check
+CVE-2019-15911 (An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, ...)
+ TODO: check
+CVE-2019-15910 (An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, ...)
+ TODO: check
CVE-2019-15909
RESERVED
CVE-2019-15908
@@ -31185,8 +31208,7 @@ CVE-2019-11782
RESERVED
CVE-2019-11781
RESERVED
-CVE-2019-11780
- RESERVED
+CVE-2019-11780 (Improper access control in the computed fields system of the framework ...)
NOT-FOR-US: Odoo
CVE-2019-11779 (In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT cli ...)
{DSA-4570-1 DLA-1972-1}
@@ -32807,8 +32829,8 @@ CVE-2019-11296
RESERVED
CVE-2019-11295
RESERVED
-CVE-2019-11294
- RESERVED
+CVE-2019-11294 (Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows spac ...)
+ TODO: check
CVE-2019-11293 (Cloud Foundry UAA Release, versions prior to v74.10.0, when set to log ...)
NOT-FOR-US: Cloud Foundry UAA Release
CVE-2019-11292
@@ -42235,14 +42257,14 @@ CVE-2019-8258 (UltraVNC revision 1198 has a heap buffer overflow vulnerability i
NOT-FOR-US: UltraVNC
CVE-2019-8257
RESERVED
-CVE-2019-8256
- RESERVED
-CVE-2019-8255
- RESERVED
-CVE-2019-8254
- RESERVED
-CVE-2019-8253
- RESERVED
+CVE-2019-8256 (ColdFusion versions Update 6 and earlier have an insecure inherited pe ...)
+ TODO: check
+CVE-2019-8255 (Brackets versions 1.14 and earlier have a command injection vulnerabil ...)
+ TODO: check
+CVE-2019-8254 (Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 hav ...)
+ TODO: check
+CVE-2019-8253 (Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 hav ...)
+ TODO: check
CVE-2019-8252
RESERVED
CVE-2019-8251
@@ -50898,12 +50920,12 @@ CVE-2019-4746
RESERVED
CVE-2019-4745
RESERVED
-CVE-2019-4744
- RESERVED
-CVE-2019-4743
- RESERVED
-CVE-2019-4742
- RESERVED
+CVE-2019-4744 (IBM Financial Transaction Manager 3.0 is vulnerable to cross-site scri ...)
+ TODO: check
+CVE-2019-4743 (IBM Financial Transaction Manager 3.0 does not set the secure attribut ...)
+ TODO: check
+CVE-2019-4742 (IBM Financial Transaction Manager 3.0 could allow a remote attacker to ...)
+ TODO: check
CVE-2019-4741
RESERVED
CVE-2019-4740
@@ -50914,8 +50936,8 @@ CVE-2019-4738
RESERVED
CVE-2019-4737
RESERVED
-CVE-2019-4736
- RESERVED
+CVE-2019-4736 (IBM Financial Transaction Manager 3.0 is vulnerable to cross-site requ ...)
+ TODO: check
CVE-2019-4735
RESERVED
CVE-2019-4734
@@ -51276,8 +51298,8 @@ CVE-2019-4557
RESERVED
CVE-2019-4556 (IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting fo ...)
NOT-FOR-US: IBM
-CVE-2019-4555
- RESERVED
+CVE-2019-4555 (IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripti ...)
+ TODO: check
CVE-2019-4554
RESERVED
CVE-2019-4553
@@ -51924,8 +51946,8 @@ CVE-2019-4233
RESERVED
CVE-2019-4232
RESERVED
-CVE-2019-4231
- RESERVED
+CVE-2019-4231 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request ...)
+ TODO: check
CVE-2019-4230
RESERVED
CVE-2019-4229
@@ -87022,7 +87044,7 @@ CVE-2018-11118 (The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5
NOT-FOR-US: ILIAS
CVE-2018-11117 (Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5. ...)
NOT-FOR-US: ILIAS
-CVE-2018-11116 (OpenWrt mishandles access control in /etc/config/rpcd and the /usr/sha ...)
+CVE-2018-11116 (** DISPUTED ** OpenWrt mishandles access control in /etc/config/rpcd a ...)
NOT-FOR-US: OpenWrt
CVE-2018-11115
RESERVED
@@ -113065,8 +113087,8 @@ CVE-2018-1936 (IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a
NOT-FOR-US: IBM
CVE-2018-1935 (IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to ...)
NOT-FOR-US: IBM
-CVE-2018-1934
- RESERVED
+CVE-2018-1934 (IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site re ...)
+ TODO: check
CVE-2018-1933 (IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site s ...)
NOT-FOR-US: IBM
CVE-2018-1932 (IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability ...)
@@ -173796,8 +173818,7 @@ CVE-2016-1000231
RESERVED
CVE-2016-1000230
RESERVED
-CVE-2016-1000229
- RESERVED
+CVE-2016-1000229 (swagger-ui has XSS in key names ...)
NOT-FOR-US: nodejs swagger-ui
NOTE: https://github.com/swagger-api/swagger-ui/issues/1865
CVE-2016-1000228
@@ -180806,8 +180827,7 @@ CVE-2016-1000025
REJECTED
CVE-2016-1000024
RESERVED
-CVE-2016-1000022
- RESERVED
+CVE-2016-1000022 (negotiator before 0.6.1 is vulnerable to a regular expression DoS ...)
- node-negotiator 0.6.1-1 (unimportant)
NOTE: https://nodesecurity.io/advisories/106
NOTE: https://github.com/distributedweaknessfiling/DWF-Database/commit/5e607a0cad2769db2be5aafc4d9b1ec49bd7bbbc
@@ -201840,8 +201860,7 @@ CVE-2015-8315 (The ms package before 0.7.1 for Node.js allows attackers to cause
- node-ms <not-affected> (Fixed before initial upload to Debian)
CVE-2015-8314
RESERVED
-CVE-2015-8313 [fail to check the first byte of the padding in CBC modes]
- RESERVED
+CVE-2015-8313 (GnuTLS incorrectly validates the first byte of padding in CBC modes ...)
{DSA-3408-1 DLA-364-1}
- gnutls28 <not-affected> (Vulnerable code not present)
- gnutls26 <removed>
@@ -252138,7 +252157,7 @@ CVE-2014-0085 (JBoss Fuse did not enable encrypted passwords by default in its u
NOT-FOR-US: Fuse Fabric
CVE-2014-0084 (Ruby gem openshift-origin-node before 2014-02-14 does not contain a cr ...)
NOT-FOR-US: rubygem-openshift-origin-node
-CVE-2014-0083 (The Ruby net-ldap gem before 0.16.2 uses a weak salt when generating S ...)
+CVE-2014-0083 (The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSH ...)
- ruby-net-ldap <not-affected> (SSHA support not present)
NOTE: SSHA support only from version v0.5.0, see #742706
CVE-2014-0082 (actionpack/lib/action_view/template/text.rb in Action View in Ruby on ...)
@@ -271922,8 +271941,7 @@ CVE-2012-6112 (classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spell
NOTE: http://www.tinymce.com/develop/changelog/?type=phpspell
NOTE: patch: https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
NOTE: http://www.tinymce.com/forum/viewtopic.php?id=30036
-CVE-2012-6111 [gnome-keyring does not discard stored secrets in some cases]
- RESERVED
+CVE-2012-6111 (gnome-keyring does not discard stored secrets when using gnome_keyring ...)
- gnome-keyring 3.8.2-1 (low; bug #697896)
[squeeze] - gnome-keyring <no-dsa> (Minor issue)
[wheezy] - gnome-keyring <no-dsa> (Minor issue)
@@ -271983,8 +272001,7 @@ CVE-2012-6096 (Multiple stack-based buffer overflows in the get_history function
CVE-2012-6095 (ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows lo ...)
{DSA-2606-1}
- proftpd-dfsg 1.3.4a-3 (bug #697524)
-CVE-2012-6094
- RESERVED
+CVE-2012-6094 (cups (Common Unix Printing System) 'Listen localhost:631' option not h ...)
- cups <not-affected> (systemd patch not applied in Debian, see bug #697584)
CVE-2012-6093 (The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4. ...)
- qt4-x11 <not-affected> (Only affects environments where a different OpenSSL is used, doesn't apply to Debian; bug #697582)
@@ -273454,8 +273471,7 @@ CVE-2012-5641 (Directory traversal vulnerability in the partition2 function in m
CVE-2012-5640 (thttpd has a local DoS vulnerability via specially-crafted .htpasswd f ...)
- thttpd <removed> (low)
[squeeze] - thttpd <no-dsa> (Minor issue)
-CVE-2012-5639
- RESERVED
+CVE-2012-5639 (LibreOffice and OpenOffice automatically open embedded content ...)
- libreoffice <unfixed> (unimportant)
[wheezy] - libreoffice <ignored> (Minor issue)
- openoffice.org 1:3.3.0-1 (unimportant)
@@ -279520,8 +279536,7 @@ CVE-2012-3411 (Dnsmasq before 2.63test1, when used with certain libvirt configur
CVE-2012-3410 (Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 ...)
- bash 4.2-4 (low; bug #681278)
[squeeze] - bash <no-dsa> (Minor issue)
-CVE-2012-3409
- RESERVED
+CVE-2012-3409 (ecryptfs-utils: suid helper does not restrict mounting filesystems wit ...)
- ecryptfs-utils 99-1 (bug #682220)
[squeeze] - ecryptfs-utils <not-affected> (home src/dest mountpoints hardcoded in that version)
CVE-2012-3408 (lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet En ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9da912fb4daf890441dc6904792324d454d788cb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9da912fb4daf890441dc6904792324d454d788cb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191220/743f6ab7/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list