[Git][security-tracker-team/security-tracker][master] number of consul issues (older issues need to be checked in more detail)
Moritz Muehlenhoff
jmm at debian.org
Sun Feb 2 21:07:35 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d698cdb2 by Moritz Muehlenhoff at 2020-02-02T22:06:51+01:00
number of consul issues (older issues need to be checked in more detail)
some exiv2 updates
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1222,7 +1222,7 @@ CVE-2020-7956 (HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly val
- nomad 0.10.3+dfsg1-1
NOTE: https://github.com/hashicorp/nomad/issues/7003
CVE-2020-7955 (HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uni ...)
- TODO: check
+ - consul <unfixed>
CVE-2020-7954
RESERVED
CVE-2020-7953
@@ -2836,7 +2836,7 @@ CVE-2020-7221
CVE-2020-7220 (HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circ ...)
NOT-FOR-US: HashiCorp Vault
CVE-2020-7219 (HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services a ...)
- TODO: check
+ - consul <unfixed>
CVE-2020-7218 (HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded res ...)
- nomad 0.10.3+dfsg1-1
NOTE: https://github.com/hashicorp/nomad/issues/7002
@@ -41358,7 +41358,7 @@ CVE-2019-12293 (In Poppler through 0.76.1, there is a heap-based buffer over-rea
CVE-2019-12292 (Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control. ...)
NOT-FOR-US: Citrix AppDNA
CVE-2019-12291 (HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Key ...)
- NOT-FOR-US: HashiCorp Consul
+ - consul <unfixed>
CVE-2019-12290 (GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specifi ...)
- libidn2 2.2.0-1
[buster] - libidn2 <no-dsa> (Minor issue; intrusive to backport)
@@ -49414,7 +49414,7 @@ CVE-2019-9766 (Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when conve
CVE-2019-9765 (In Blog_mini 1.0, XSS exists via the author name of a comment reply in ...)
NOT-FOR-US: Blog_mini
CVE-2019-9764 (HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to ...)
- NOT-FOR-US: HashiCorp Consul
+ - consul <unfixed>
CVE-2019-9763 (An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS ...)
NOT-FOR-US: Openfind Mail2000 Webmail
CVE-2019-9762 (A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment ...)
@@ -53485,7 +53485,7 @@ CVE-2019-8339 (An issue was discovered in Falco through 0.14.0. A missing indica
CVE-2019-8338 (The signature verification routine in the Airmail GPG-PGP Plugin, vers ...)
NOT-FOR-US: Airmail
CVE-2019-8336 (HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a c ...)
- NOT-FOR-US: HashiCorp Consul
+ - consul <unfixed>
CVE-2019-8335 (An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerabil ...)
NOT-FOR-US: SchoolCMS
CVE-2019-8334 (An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerabil ...)
@@ -72600,7 +72600,7 @@ CVE-2018-19655 (A stack-based buffer overflow in the find_green() function of dc
CVE-2018-19654 (An issue was discovered in Sales & Company Management System (SCMS ...)
NOT-FOR-US: Sales & Company Management System (SCMS)
CVE-2018-19653 (HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent ...)
- NOT-FOR-US: HashiCorp Consul
+ - consul <unfixed>
CVE-2018-19652
RESERVED
CVE-2018-19651 (admin/functions/remote.php in Interspire Email Marketer through 6.1.6 ...)
@@ -77236,7 +77236,7 @@ CVE-2018-19108 (In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in
NOTE: https://github.com/Exiv2/exiv2/commit/b7c71f3ad0386cd7af3b73443c0615ada073f0d5
CVE-2018-19107 (In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdi ...)
{DLA-1691-1}
- - exiv2 0.27.2-6 (bug #913273)
+ - exiv2 0.27.2-6 (low; bug #913273)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/427
@@ -98757,9 +98757,9 @@ CVE-2017-18268 (Symantec IntelligenceCenter 3.3 is vulnerable to the Return of t
CVE-2018-11038
RESERVED
CVE-2018-11037 (In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimag ...)
- - exiv2 0.27.2-6
- [buster] - exiv2 <no-dsa> (Minor issue)
- [stretch] - exiv2 <no-dsa> (Minor issue)
+ - exiv2 0.27.2-6 (low)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <not-affected> (Jessie doesn't have '-pS', not reproducible, closed upstream)
NOTE: https://github.com/Exiv2/exiv2/issues/307
CVE-2018-11036 (Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3 ...)
@@ -104216,7 +104216,7 @@ CVE-2018-8979 (Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifyin
CVE-2018-8978 (Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an ...)
NOT-FOR-US: Open-AudIT Professional
CVE-2018-8977 (In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonm ...)
- - exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental, bug #)
+ - exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental, bug #894179)
NOTE: https://github.com/Exiv2/exiv2/issues/247
CVE-2018-8976 (In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial ...)
- exiv2 0.27.2-6 (low; bug #903813)
@@ -137689,7 +137689,7 @@ CVE-2017-14865 (There is a heap-based buffer overflow in the Exiv2::us2Data func
NOTE: Patch: https://github.com/Exiv2/exiv2/commit/d3c2b9938583440f87ce9115de5a7e8cd8f8db57
CVE-2017-14864 (An Invalid memory address dereference was discovered in Exiv2::getULon ...)
{DLA-1147-1}
- - exiv2 0.27.2-6
+ - exiv2 0.27.2-6 (low)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <ignored> (Minor issue)
@@ -137703,7 +137703,7 @@ CVE-2017-14863 (A NULL pointer dereference was discovered in Exiv2::Image::print
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494443
CVE-2017-14862 (An Invalid memory address dereference was discovered in Exiv2::DataVal ...)
{DLA-1147-1}
- - exiv2 0.27.2-6
+ - exiv2 0.27.2-6 (low)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <ignored> (Minor issue)
@@ -137722,7 +137722,7 @@ CVE-2017-14860 (There is a heap-based buffer over-read in the Exiv2::Jp2Image::r
NOTE: Patch: https://github.com/Exiv2/exiv2/pull/108
CVE-2017-14859 (An Invalid memory address dereference was discovered in Exiv2::StringV ...)
{DLA-1147-1}
- - exiv2 0.27.2-6
+ - exiv2 0.27.2-6 (low)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <ignored> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d698cdb2984a01f09f208acd12bbb5202655df93
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d698cdb2984a01f09f208acd12bbb5202655df93
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200202/19247887/attachment.html>
More information about the debian-security-tracker-commits
mailing list