[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Jul 29 21:10:32 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e964c821 by security tracker role at 2019-07-29T20:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,119 @@
+CVE-2019-14418 (An issue was discovered in Veritas Resiliency Platform (VRP) before 3. ...)
+ TODO: check
+CVE-2019-14417 (An issue was discovered in Veritas Resiliency Platform (VRP) before 3. ...)
+ TODO: check
+CVE-2019-14416 (An issue was discovered in Veritas Resiliency Platform (VRP) before 3. ...)
+ TODO: check
+CVE-2019-14415 (An issue was discovered in Veritas Resiliency Platform (VRP) before 3. ...)
+ TODO: check
+CVE-2019-14414
+ RESERVED
+CVE-2019-14413
+ RESERVED
+CVE-2019-14412
+ RESERVED
+CVE-2019-14411
+ RESERVED
+CVE-2019-14410
+ RESERVED
+CVE-2019-14409
+ RESERVED
+CVE-2019-14408
+ RESERVED
+CVE-2019-14407
+ RESERVED
+CVE-2019-14406
+ RESERVED
+CVE-2019-14405
+ RESERVED
+CVE-2019-14404
+ RESERVED
+CVE-2019-14403
+ RESERVED
+CVE-2019-14402
+ RESERVED
+CVE-2019-14401
+ RESERVED
+CVE-2019-14400
+ RESERVED
+CVE-2019-14399
+ RESERVED
+CVE-2019-14398
+ RESERVED
+CVE-2019-14397
+ RESERVED
+CVE-2019-14396
+ RESERVED
+CVE-2019-14395
+ RESERVED
+CVE-2019-14394
+ RESERVED
+CVE-2019-14393
+ RESERVED
+CVE-2019-14392
+ RESERVED
+CVE-2019-14391
+ RESERVED
+CVE-2019-14390
+ RESERVED
+CVE-2019-14389
+ RESERVED
+CVE-2019-14388
+ RESERVED
+CVE-2019-14387
+ RESERVED
+CVE-2019-14386
+ RESERVED
+CVE-2019-14385
+ RESERVED
+CVE-2019-14384
+ RESERVED
+CVE-2019-14383
+ RESERVED
+CVE-2019-14382
+ RESERVED
+CVE-2019-14381
+ RESERVED
+CVE-2019-14380
+ RESERVED
+CVE-2019-14379 (SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mis ...)
+ TODO: check
+CVE-2019-14378 (ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overf ...)
+ TODO: check
+CVE-2018-20870
+ RESERVED
+CVE-2018-20869
+ RESERVED
+CVE-2018-20868
+ RESERVED
+CVE-2018-20867
+ RESERVED
+CVE-2018-20866
+ RESERVED
+CVE-2018-20865
+ RESERVED
+CVE-2018-20864
+ RESERVED
+CVE-2018-20863
+ RESERVED
+CVE-2018-20862
+ RESERVED
+CVE-2018-20861
+ RESERVED
+CVE-2018-20860
+ RESERVED
+CVE-2018-20859
+ RESERVED
+CVE-2018-20858
+ RESERVED
+CVE-2017-18381
+ RESERVED
+CVE-2017-18380
+ RESERVED
+CVE-2016-10766 (edx-platform before 2016-06-06 allows CSRF. ...)
+ TODO: check
+CVE-2016-10765 (edx-platform before 2016-06-10 allows account activation with a spoofe ...)
+ TODO: check
CVE-2019-14377
RESERVED
CVE-2019-14376
@@ -217,8 +333,8 @@ CVE-2019-14286 (In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS v
NOT-FOR-US: MISP
CVE-2019-14285
RESERVED
-CVE-2015-9288
- RESERVED
+CVE-2015-9288 (The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allo ...)
+ TODO: check
CVE-2019-1000033
REJECTED
CVE-2019-14284 (In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a deni ...)
@@ -227,44 +343,44 @@ CVE-2019-14284 (In the Linux kernel before 5.2.3, drivers/block/floppy.c allows
CVE-2019-14283 (In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy ...)
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/da99466ac243f15fbba65bd261bfc75ffa1532b6
-CVE-2019-1020019
- RESERVED
-CVE-2019-1020018
- RESERVED
-CVE-2019-1020017
- RESERVED
-CVE-2019-1020016
- RESERVED
-CVE-2019-1020015
- RESERVED
-CVE-2019-1020014
- RESERVED
-CVE-2019-1020013
- RESERVED
-CVE-2019-1020012
- RESERVED
-CVE-2019-1020011
- RESERVED
-CVE-2019-1020010
- RESERVED
-CVE-2019-1020009
- RESERVED
-CVE-2019-1020008
- RESERVED
-CVE-2019-1020007
- RESERVED
-CVE-2019-1020006
- RESERVED
-CVE-2019-1020005
- RESERVED
-CVE-2019-1020004
- RESERVED
-CVE-2019-1020003
- RESERVED
-CVE-2019-1020002
- RESERVED
-CVE-2019-1020001
- RESERVED
+CVE-2019-1020019 (invenio-previewer before 1.0.0a12 allows XSS. ...)
+ TODO: check
+CVE-2019-1020018 (Discourse before v2.4.0.beta2 lacks a confirmation screen when logging ...)
+ TODO: check
+CVE-2019-1020017 (Discourse before v2.4.0.beta2 lacks a confirmation screen when logging ...)
+ TODO: check
+CVE-2019-1020016 (ASH-AIO before 2.0.0.3 allows an open redirect. ...)
+ TODO: check
+CVE-2019-1020015 (graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishand ...)
+ TODO: check
+CVE-2019-1020014 (docker-credential-helpers before 0.6.3 has a double free in the List f ...)
+ TODO: check
+CVE-2019-1020013 (parse-server before 3.6.0 allows account enumeration. ...)
+ TODO: check
+CVE-2019-1020012 (parse-server before 3.4.1 allows DoS after any POST to a volatile clas ...)
+ TODO: check
+CVE-2019-1020011 (SmokeDetector intentionally does automatic deployments of updated copi ...)
+ TODO: check
+CVE-2019-1020010 (Misskey before 10.102.4 allows hijacking a user's token. ...)
+ TODO: check
+CVE-2019-1020009 (Fleet before 2.1.2 allows exposure of SMTP credentials. ...)
+ TODO: check
+CVE-2019-1020008 (stacktable.js before 1.0.4 allows XSS. ...)
+ TODO: check
+CVE-2019-1020007 (Dependency-Track before 3.5.1 allows XSS. ...)
+ TODO: check
+CVE-2019-1020006 (invenio-app before 1.1.1 allows host header injection. ...)
+ TODO: check
+CVE-2019-1020005 (invenio-communities before 1.0.0a20 allows XSS. ...)
+ TODO: check
+CVE-2019-1020004 (Tridactyl before 1.16.0 allows fake key events. ...)
+ TODO: check
+CVE-2019-1020003 (invenio-records before 1.2.2 allows XSS. ...)
+ TODO: check
+CVE-2019-1020002 (Pterodactyl before 0.7.14 with 2FA allows credential sniffing. ...)
+ TODO: check
+CVE-2019-1020001 (yard before 0.9.20 allows path traversal. ...)
+ TODO: check
CVE-2018-20857 (Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as ...)
NOT-FOR-US: Zendesk Samlr
CVE-2019-14282 (The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org ...)
@@ -294,16 +410,16 @@ CVE-2019-14273
RESERVED
CVE-2019-14272
RESERVED
-CVE-2019-14271
- RESERVED
+CVE-2019-14271 (In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka ...)
+ TODO: check
CVE-2019-14270 (Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6 ...)
NOT-FOR-US: Comodo Antivirus
CVE-2019-14269
RESERVED
CVE-2019-14268 (In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request prox ...)
NOT-FOR-US: Octopus Deploy
-CVE-2019-14267
- RESERVED
+CVE-2019-14267 (PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because ...)
+ TODO: check
CVE-2019-14266 (OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Confi ...)
NOT-FOR-US: OpenSNS
CVE-2019-14265
@@ -1557,8 +1673,8 @@ CVE-2019-13657
RESERVED
CVE-2019-13656
RESERVED
-CVE-2019-13655
- RESERVED
+CVE-2019-13655 (Imgix through 2019-06-19 allows remote attackers to cause a denial of ...)
+ TODO: check
CVE-2019-13654
RESERVED
CVE-2019-13653
@@ -2778,8 +2894,8 @@ CVE-2019-13573 (A SQL injection vulnerability exists in the FolioVision FV Flowp
NOT-FOR-US: FolioVision FV Flowplayer Video Player plugin for WordPress
CVE-2019-13572
RESERVED
-CVE-2019-13571
- RESERVED
+CVE-2019-13571 (A SQL injection vulnerability exists in the Vsourz Digital Advanced CF ...)
+ TODO: check
CVE-2019-13570 (The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection ...)
NOT-FOR-US: WordPress plugin AJdG AdRotate
CVE-2019-13569 (A SQL injection vulnerability exists in the Icegram Email Subscribers ...)
@@ -2935,8 +3051,8 @@ CVE-2019-13500
RESERVED
CVE-2019-13499
RESERVED
-CVE-2019-13498
- RESERVED
+CVE-2019-13498 (One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Trans ...)
+ TODO: check
CVE-2019-13497
RESERVED
CVE-2019-13496
@@ -3863,8 +3979,8 @@ CVE-2019-13128 (An issue was discovered on D-Link DIR-823G devices with firmware
NOT-FOR-US: D-Link
CVE-2019-13127 (An issue was discovered in mxGraph through 4.0.0, related to the "draw ...)
NOT-FOR-US: mxGraph
-CVE-2019-13126
- RESERVED
+CVE-2019-13126 (An integer overflow in NATS Server 2.0.0 allows a remote attacker to c ...)
+ TODO: check
CVE-2019-13125 (HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evad ...)
NOT-FOR-US: Tencent
CVE-2019-13124
@@ -3965,8 +4081,8 @@ CVE-2019-13105
RESERVED
CVE-2019-13104
RESERVED
-CVE-2019-13103
- RESERVED
+CVE-2019-13103 (A crafted self-referential DOS partition table will cause all Das U-Bo ...)
+ TODO: check
CVE-2019-13102
RESERVED
CVE-2019-13101
@@ -4382,8 +4498,8 @@ CVE-2019-12950
RESERVED
CVE-2019-12949 (In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authen ...)
NOT-FOR-US: pfSense
-CVE-2019-12948
- RESERVED
+CVE-2019-12948 (An RCE (Remote Code Execution) vulnerability exists in the UCS softwar ...)
+ TODO: check
CVE-2019-12947
RESERVED
CVE-2019-12946 (Elcom CMS before 10.7 has SQL Injection via EventSearchByState.aspx an ...)
@@ -4947,8 +5063,8 @@ CVE-2019-12745 (out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-
NOT-FOR-US: SeedDMS
CVE-2019-12744 (SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of ...)
NOT-FOR-US: SeedDMS
-CVE-2019-12743
- RESERVED
+CVE-2019-12743 (HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers t ...)
+ TODO: check
CVE-2019-12742 (Bludit prior to 3.9.1 allows a non-privileged user to change the passw ...)
NOT-FOR-US: bludit
CVE-2019-12741 (XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR l ...)
@@ -5215,7 +5331,7 @@ CVE-2019-12616 (An issue was discovered in phpMyAdmin before 4.9.0. A vulnerabil
NOTE: https://www.phpmyadmin.net/security/PMASA-2019-4/
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec
CVE-2019-12613
- RESERVED
+ REJECTED
CVE-2019-12612
RESERVED
CVE-2019-12611
@@ -5640,7 +5756,7 @@ CVE-2019-12452 (types/types.go in Containous Traefik 1.7.x through 1.7.11, when
NOT-FOR-US: Containous Traefik
CVE-2019-12451
RESERVED
-CVE-2019-13012 (The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.59.1 ...)
+CVE-2019-13012 (The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 ...)
[experimental] - glib2.0 2.60.0-1
- glib2.0 2.60.5-1 (bug #931234)
[buster] - glib2.0 <no-dsa> (Minor issue)
@@ -7077,8 +7193,8 @@ CVE-2019-11870 (Serendipity before 2.1.5 has XSS via EXIF data that is mishandle
- serendipity <removed>
CVE-2019-11869 (The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it ...)
NOT-FOR-US: WordPress plugin yuzo-related-post
-CVE-2019-11868
- RESERVED
+CVE-2019-11868 (See.sys through 4.25 in the SoftEther VPN Server allows a user to spec ...)
+ TODO: check
CVE-2019-11867
RESERVED
CVE-2019-11866
@@ -8928,12 +9044,12 @@ CVE-2019-11203 (The workspace client, openspace client, app development client,
NOT-FOR-US: TIBCO
CVE-2019-11202
RESERVED
-CVE-2019-11201
- RESERVED
-CVE-2019-11200
- RESERVED
-CVE-2019-11199
- RESERVED
+CVE-2019-11201 (Dolibarr ERP/CRM 9.0.1 provides a module named website that provides f ...)
+ TODO: check
+CVE-2019-11200 (Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs u ...)
+ TODO: check
+CVE-2019-11199 (Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded file ...)
+ TODO: check
CVE-2019-11198
RESERVED
CVE-2019-11197
@@ -12744,7 +12860,8 @@ CVE-2019-1010158
RESERVED
CVE-2019-1010157
RESERVED
-CVE-2019-1010156 (D-Link DSL-2750U Firmware 1.11 is affected by: Authentication Bypass. ...)
+CVE-2019-1010156
+ REJECTED
NOT-FOR-US: D-Link
CVE-2019-1010155 (D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impac ...)
NOT-FOR-US: D-Link
@@ -21206,8 +21323,8 @@ CVE-2019-6728 (This vulnerability allows remote attackers to disclose sensitive
NOT-FOR-US: Foxit Reader
CVE-2019-6727 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Foxit Reader
-CVE-2019-6726
- RESERVED
+CVE-2019-6726 (The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remot ...)
+ TODO: check
CVE-2019-6725 (The rpWLANRedirect.asp ASP page is accessible without authentication o ...)
NOT-FOR-US: ZyXEL
CVE-2019-6724 (The barracudavpn component of the Barracuda VPN Client prior to versio ...)
@@ -36869,86 +36986,86 @@ CVE-2019-1139
RESERVED
CVE-2019-1138
RESERVED
-CVE-2019-1137
- RESERVED
-CVE-2019-1136
- RESERVED
+CVE-2019-1137 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Excha ...)
+ TODO: check
+CVE-2019-1136 (An elevation of privilege vulnerability exists in Microsoft Exchange S ...)
+ TODO: check
CVE-2019-1135
RESERVED
-CVE-2019-1134
- RESERVED
+CVE-2019-1134 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ TODO: check
CVE-2019-1133
RESERVED
-CVE-2019-1132
- RESERVED
+CVE-2019-1132 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ TODO: check
CVE-2019-1131
RESERVED
-CVE-2019-1130
- RESERVED
-CVE-2019-1129
- RESERVED
-CVE-2019-1128
- RESERVED
-CVE-2019-1127
- RESERVED
-CVE-2019-1126
- RESERVED
+CVE-2019-1130 (An elevation of privilege vulnerability exists when Windows AppX Deplo ...)
+ TODO: check
+CVE-2019-1129 (An elevation of privilege vulnerability exists when Windows AppX Deplo ...)
+ TODO: check
+CVE-2019-1128 (A remote code execution vulnerability exists in the way that DirectWri ...)
+ TODO: check
+CVE-2019-1127 (A remote code execution vulnerability exists in the way that DirectWri ...)
+ TODO: check
+CVE-2019-1126 (A security feature bypass vulnerability exists in Active Directory Fed ...)
+ TODO: check
CVE-2019-1125
RESERVED
-CVE-2019-1124
- RESERVED
-CVE-2019-1123
- RESERVED
-CVE-2019-1122
- RESERVED
-CVE-2019-1121
- RESERVED
-CVE-2019-1120
- RESERVED
-CVE-2019-1119
- RESERVED
-CVE-2019-1118
- RESERVED
-CVE-2019-1117
- RESERVED
-CVE-2019-1116
- RESERVED
+CVE-2019-1124 (A remote code execution vulnerability exists in the way that DirectWri ...)
+ TODO: check
+CVE-2019-1123 (A remote code execution vulnerability exists in the way that DirectWri ...)
+ TODO: check
+CVE-2019-1122 (A remote code execution vulnerability exists in the way that DirectWri ...)
+ TODO: check
+CVE-2019-1121 (A remote code execution vulnerability exists in the way that DirectWri ...)
+ TODO: check
+CVE-2019-1120 (A remote code execution vulnerability exists in the way that DirectWri ...)
+ TODO: check
+CVE-2019-1119 (A remote code execution vulnerability exists in the way that DirectWri ...)
+ TODO: check
+CVE-2019-1118 (A remote code execution vulnerability exists in the way that DirectWri ...)
+ TODO: check
+CVE-2019-1117 (A remote code execution vulnerability exists in the way that DirectWri ...)
+ TODO: check
+CVE-2019-1116 (An information disclosure vulnerability exists when the Windows GDI co ...)
+ TODO: check
CVE-2019-1115
RESERVED
CVE-2019-1114
RESERVED
-CVE-2019-1113
- RESERVED
-CVE-2019-1112
- RESERVED
-CVE-2019-1111
- RESERVED
-CVE-2019-1110
- RESERVED
-CVE-2019-1109
- RESERVED
-CVE-2019-1108
- RESERVED
-CVE-2019-1107
- RESERVED
-CVE-2019-1106
- RESERVED
-CVE-2019-1105
- RESERVED
-CVE-2019-1104
- RESERVED
-CVE-2019-1103
- RESERVED
-CVE-2019-1102
- RESERVED
-CVE-2019-1101
- RESERVED
-CVE-2019-1100
- RESERVED
-CVE-2019-1099
- RESERVED
-CVE-2019-1098
- RESERVED
+CVE-2019-1113 (A remote code execution vulnerability exists in .NET software when the ...)
+ TODO: check
+CVE-2019-1112 (An information disclosure vulnerability exists when Microsoft Excel im ...)
+ TODO: check
+CVE-2019-1111 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ TODO: check
+CVE-2019-1110 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ TODO: check
+CVE-2019-1109 (A spoofing vulnerability exists when Microsoft Office Javascript does ...)
+ TODO: check
+CVE-2019-1108 (An information disclosure vulnerability exists when the Windows RDP cl ...)
+ TODO: check
+CVE-2019-1107 (A remote code execution vulnerability exists in the way that the Chakr ...)
+ TODO: check
+CVE-2019-1106 (A remote code execution vulnerability exists in the way that the Chakr ...)
+ TODO: check
+CVE-2019-1105 (A spoofing vulnerability exists in the way Microsoft Outlook for Andro ...)
+ TODO: check
+CVE-2019-1104 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ TODO: check
+CVE-2019-1103 (A remote code execution vulnerability exists in the way that the Chakr ...)
+ TODO: check
+CVE-2019-1102 (A remote code execution vulnerability exists in the way that the Windo ...)
+ TODO: check
+CVE-2019-1101 (An information disclosure vulnerability exists when the Windows GDI co ...)
+ TODO: check
+CVE-2019-1100 (An information disclosure vulnerability exists when the Windows GDI co ...)
+ TODO: check
+CVE-2019-1099 (An information disclosure vulnerability exists when the Windows GDI co ...)
+ TODO: check
+CVE-2019-1098 (An information disclosure vulnerability exists when the Windows GDI co ...)
+ TODO: check
CVE-2019-1097 (An information disclosure vulnerability exists when DirectWrite improp ...)
NOT-FOR-US: Microsoft
CVE-2019-1096 (An information disclosure vulnerability exists when the win32k compone ...)
@@ -45338,12 +45455,12 @@ CVE-2018-17215 (An information-disclosure issue was discovered in Postman throug
NOT-FOR-US: Postman
CVE-2018-17214
RESERVED
-CVE-2018-17213
- RESERVED
+CVE-2018-17213 (An issue was discovered in PrinterOn Central Print Services (CPS) thro ...)
+ TODO: check
CVE-2018-17212
RESERVED
-CVE-2018-17211
- RESERVED
+CVE-2018-17211 (An issue was discovered in PrinterOn Central Print Services (CPS) thro ...)
+ TODO: check
CVE-2018-17210 (An issue was discovered in PrinterOn Central Print Services (CPS) thro ...)
NOT-FOR-US: PrinterOn Central Print Services
CVE-2018-17209
@@ -59704,14 +59821,11 @@ CVE-2018-11775 (TLS hostname verification when using the Apache ActiveMQ Client
NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=bde7097fb8173cf871827df7811b3865679b963d
NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=02971a40e281713a8397d3a1809c164b594abfbb
NOTE: Fixed in 5.15.6
-CVE-2018-11774
- RESERVED
+CVE-2018-11774 (Apache VCL versions 2.1 through 2.5 do not properly validate form inpu ...)
NOT-FOR-US: Apache VCL
-CVE-2018-11773
- RESERVED
+CVE-2018-11773 (Apache VCL versions 2.1 through 2.5 do not properly validate form inpu ...)
NOT-FOR-US: Apache VCL
-CVE-2018-11772
- RESERVED
+CVE-2018-11772 (Apache VCL versions 2.1 through 2.5 do not properly validate cookie in ...)
NOT-FOR-US: Apache VCL
CVE-2018-11771 (When reading a specially crafted ZIP archive, the read method of Apach ...)
- libcommons-compress-java 1.18-1 (bug #906301)
@@ -180316,8 +180430,8 @@ CVE-2015-6961 (Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 al
[wheezy] - web2py <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/web2py/web2py/commit/e31a099cb3456fef471886339653430ae59056b0 (R-2.12.1)
NOTE: https://github.com/web2py/web2py/issues/731
-CVE-2015-6960
- RESERVED
+CVE-2015-6960 (edx-platform before 2015-09-17 allows XSS via a team name. ...)
+ TODO: check
CVE-2015-6959 (Cross-site scripting (XSS) vulnerability in Vindula 1.9. ...)
NOT-FOR-US: Vindula
CVE-2015-6958
@@ -182166,8 +182280,8 @@ CVE-2015-6255 (Cross-site scripting (XSS) vulnerability in Cisco Unified Web and
NOT-FOR-US: Cisco Unified Web and E-Mail Interaction Manager
CVE-2015-6254 (The (1) Service Provider (SP) and (2) Identity Provider (IdP) in Picke ...)
NOT-FOR-US: PicketLink
-CVE-2015-6253
- RESERVED
+CVE-2015-6253 (edx-platform before 2015-08-17 allows XSS in the Studio listing of cou ...)
+ TODO: check
CVE-2014-9743 (Cross-site scripting (XSS) vulnerability in the httpd_HtmlError functi ...)
- vlc 2.2.0~rc2-1
[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
@@ -183928,8 +184042,8 @@ CVE-2015-5602 (sudoedit in Sudo before 1.8.15 allows local users to gain privile
NOTE: http://www.sudo.ws/repos/sudo/rev/9636fd256325
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1277426
NOTE: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1512781
-CVE-2015-5601
- RESERVED
+CVE-2015-5601 (edx-platform before 2015-07-20 allows code execution by privileged use ...)
+ TODO: check
CVE-2015-5600 (The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH th ...)
{DLA-1500-1 DLA-288-1}
- openssh 1:6.9p1-1 (bug #793616)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e964c821f3aac00c3578ca6eef70ea8cbc994342
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e964c821f3aac00c3578ca6eef70ea8cbc994342
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190729/cba1d8af/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list