[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Feb 5 20:10:25 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b93748f8 by security tracker role at 2020-02-05T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2020-8640
+ RESERVED
+CVE-2020-8639
+ RESERVED
+CVE-2020-8638
+ RESERVED
+CVE-2020-8637
+ RESERVED
+CVE-2020-8636
+ RESERVED
+CVE-2020-8635
+ RESERVED
+CVE-2020-8634
+ RESERVED
+CVE-2020-8633
+ RESERVED
+CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_ ...)
+ TODO: check
+CVE-2020-8631 (cloud-init through 19.4 relies on Mersenne Twister for a random passwo ...)
+ TODO: check
+CVE-2020-8630
+ RESERVED
+CVE-2020-8629
+ RESERVED
+CVE-2020-8628
+ RESERVED
+CVE-2020-8627
+ RESERVED
+CVE-2020-8626
+ RESERVED
+CVE-2020-8625
+ RESERVED
+CVE-2020-8624
+ RESERVED
+CVE-2020-8623
+ RESERVED
+CVE-2020-8622
+ RESERVED
+CVE-2020-8621
+ RESERVED
+CVE-2020-8620
+ RESERVED
+CVE-2020-8619
+ RESERVED
+CVE-2020-8618
+ RESERVED
+CVE-2020-8617
+ RESERVED
+CVE-2020-8616
+ RESERVED
CVE-2020-8615 (A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPres ...)
NOT-FOR-US: Tutor LMS plugin for WordPress
CVE-2020-8614
@@ -223,10 +273,10 @@ CVE-2020-8509
RESERVED
CVE-2020-8508 (nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbi ...)
NOT-FOR-US: Norman Malware Cleaner
-CVE-2020-8507
- RESERVED
-CVE-2020-8506
- RESERVED
+CVE-2020-8507 (The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends ...)
+ TODO: check
+CVE-2020-8506 (The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Un ...)
+ TODO: check
CVE-2020-8505 (School Management Software PHP/mySQL through 2019-03-14 allows office_ ...)
NOT-FOR-US: School Management Software PHP/mySQL
CVE-2020-8504 (School Management Software PHP/mySQL through 2019-03-14 allows office_ ...)
@@ -1041,8 +1091,7 @@ CVE-2020-8116 (Prototype pollution vulnerability in dot-prop npm package version
TODO: check
CVE-2020-8115 (A reflected XSS vulnerability has been discovered in the publicly acce ...)
TODO: check
-CVE-2020-8114 [User Permissions Not Validated in ProjectExportWorker]
- RESERVED
+CVE-2020-8114 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-8113
@@ -1379,56 +1428,44 @@ CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injectio
NOTE: https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613
CVE-2020-7980 (Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary ...)
NOT-FOR-US: Intellian Aptus Web
-CVE-2020-7979 [Private Project Names Exposed in GraphQL queries]
- RESERVED
+CVE-2020-7979 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission ...)
- gitlab <not-affected> (Only affects Gitlab EE 12.0 and later)
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
-CVE-2020-7978 [Denial of Service via AsciiDoc]
- RESERVED
+CVE-2020-7978 (GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. ...)
- gitlab <not-affected> (Only affects Gitlab EE 12.6 and later)
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
-CVE-2020-7977 [Arbitrary Change of Pipeline Status]
- RESERVED
+CVE-2020-7977 (GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. ...)
- gitlab <not-affected> (Only affects Gitlab EE 8.8 and later)
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
-CVE-2020-7976 [Grafana Token Displayed in Plaintext]
- RESERVED
+CVE-2020-7976 (GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. ...)
- gitlab <not-affected> (Only affects Gitlab EE 12.4 and later)
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7975
RESERVED
-CVE-2020-7974 [Last Pipeline Status Exposed]
- RESERVED
+CVE-2020-7974 (GitLab EE 10.1 through 12.7.2 allows Information Disclosure. ...)
- gitlab <not-affected> (Only affects Gitlab EE 10.1 and later)
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
-CVE-2020-7973 [XSS Vulnerability in File API]
- RESERVED
+CVE-2020-7973 (GitLab through 12.7.2 allows XSS. ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
-CVE-2020-7972 [Email Confirmation Bypass Using API]
- RESERVED
+CVE-2020-7972 (GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). ...)
- gitlab <not-affected> (Only affects Gitlab EE 12.0 and later)
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
-CVE-2020-7971 [XSS Vulnerability in Create Groups]
- RESERVED
+CVE-2020-7971 (GitLab EE 11.0 and later through 12.7.2 allows XSS. ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7970
RESERVED
-CVE-2020-7969 [Disclosure of Issues and Merge Requests via Todos]
- RESERVED
+CVE-2020-7969 (GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. ...)
- gitlab <not-affected> (Only affects Gitlab EE 8.0 and later)
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
-CVE-2020-7968 [Disclosure of Forked Private Project Source Code]
- RESERVED
+CVE-2020-7968 (GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
-CVE-2020-7967 [Issue and Merge Request Activity Counts Exposed]
- RESERVED
+CVE-2020-7967 (GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). ...)
- gitlab <not-affected> (ONly affects Gitlab EE 12.0 and later)
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
-CVE-2020-7966 [Path Traversal to Arbitrary File Read]
- RESERVED
+CVE-2020-7966 (GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. ...)
- gitlab <not-affected> (Only affects Gitlab EE 11.11 and later)
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7965 (flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Con ...)
@@ -3011,7 +3048,7 @@ CVE-2020-7242 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated
NOT-FOR-US: Comtech Stampede FX-1010 devices
CVE-2020-7241 (The WP Database Backup plugin through 5.5 for WordPress stores downloa ...)
NOT-FOR-US: WP Database Backup plugin for WordPress
-CVE-2020-7240 (Meinberg Lantime M300 and M1000 devices allow attackers (with privileg ...)
+CVE-2020-7240 (** DISPUTED ** Meinberg Lantime M300 and M1000 devices allow attackers ...)
NOT-FOR-US: Meinberg Lantime M300 and M1000 devices
CVE-2020-7239 (The conversation-watson plugin before 0.8.21 for WordPress has a DOM-b ...)
NOT-FOR-US: conversation-watson plugin for WordPress
@@ -3086,8 +3123,8 @@ CVE-2020-7218 (HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounde
NOTE: https://github.com/hashicorp/nomad/issues/7002
CVE-2020-7217
RESERVED
-CVE-2020-7216
- RESERVED
+CVE-2020-7216 (An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and e ...)
+ TODO: check
CVE-2020-7215 (An issue was discovered in Gallagher Command Centre 7.x before 7.90.99 ...)
NOT-FOR-US: Gallagher Command Centre
CVE-2020-7214
@@ -3483,6 +3520,7 @@ CVE-2020-7042
CVE-2020-7041
RESERVED
CVE-2020-7040 (storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBack ...)
+ {DLA-2095-1}
- storebackup <unfixed> (bug #949393)
[buster] - storebackup <no-dsa> (Minor issue)
[stretch] - storebackup <no-dsa> (Minor issue)
@@ -3641,8 +3679,8 @@ CVE-2020-6971
RESERVED
CVE-2020-6970
RESERVED
-CVE-2020-6969
- RESERVED
+CVE-2020-6969 (It is possible to unmask credentials and other sensitive information o ...)
+ TODO: check
CVE-2020-6968
RESERVED
CVE-2020-6967
@@ -3932,8 +3970,7 @@ CVE-2020-6835 (An issue was discovered in Bftpd before 5.4. There is a heap-base
- bftpd <itp> (bug #640469)
CVE-2020-6834
RESERVED
-CVE-2020-6833 [Package and File Disclosure through GitLab Workhorse]
- RESERVED
+CVE-2020-6833 (An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhors ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-6832 (An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 throug ...)
@@ -4103,8 +4140,8 @@ CVE-2020-6756 (languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-201506
NOT-FOR-US: Rasilient PixelStor
CVE-2020-6755
RESERVED
-CVE-2020-6754
- RESERVED
+CVE-2020-6754 (dotCMS before 5.2.4 is vulnerable to directory traversal, leading to i ...)
+ TODO: check
CVE-2020-6753
RESERVED
CVE-2020-6752
@@ -4857,9 +4894,9 @@ CVE-2020-6413
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6412
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
- RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6411
@@ -5418,8 +5455,8 @@ CVE-2020-6176
RESERVED
CVE-2020-6175
RESERVED
-CVE-2020-6174
- RESERVED
+CVE-2020-6174 (TUF (aka The Update Framework) through 0.12.1 has Improper Verificatio ...)
+ TODO: check
CVE-2020-6173 (TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolle ...)
- python-tuf <itp> (bug #934151)
CVE-2020-6172
@@ -7387,8 +7424,8 @@ CVE-2020-5239
RESERVED
CVE-2020-5238
RESERVED
-CVE-2020-5237
- RESERVED
+CVE-2020-5237 (oneup/uploader-bundle before 1.9.3 and 2.1.5, can be exploited to uplo ...)
+ TODO: check
CVE-2020-5236 (Waitress version 1.4.2 allows a DOS attack When waitress receives a he ...)
- waitress <unfixed>
NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-73m2-3pwg-5fgc
@@ -7479,8 +7516,8 @@ CVE-2020-5209 (In NetHack before 3.6.5, unknown options starting with -de and -i
NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8
NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77
NOTE: Negligible security impact
-CVE-2020-5208
- RESERVED
+CVE-2020-5208 (It's been found that multiple functions in ipmitool before 1.8.19 negl ...)
+ TODO: check
CVE-2020-5207 (In Ktor before 1.3.0, request smuggling is possible when running behin ...)
NOT-FOR-US: Ktor
CVE-2020-5206 (In Opencast before 7.6 and 8.1, using a remember-me cookie with an arb ...)
@@ -13094,8 +13131,8 @@ CVE-2020-3151
RESERVED
CVE-2020-3150
RESERVED
-CVE-2020-3149
- RESERVED
+CVE-2020-3149 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ TODO: check
CVE-2020-3148
RESERVED
CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches could a ...)
@@ -13146,18 +13183,18 @@ CVE-2020-3125
RESERVED
CVE-2020-3124
RESERVED
-CVE-2020-3123
- RESERVED
+CVE-2020-3123 (A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiV ...)
+ TODO: check
CVE-2020-3122
RESERVED
CVE-2020-3121 (A vulnerability in the web-based management interface of Cisco Small B ...)
NOT-FOR-US: Cisco
-CVE-2020-3120
- RESERVED
-CVE-2020-3119
- RESERVED
-CVE-2020-3118
- RESERVED
+CVE-2020-3120 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
+ TODO: check
+CVE-2020-3119 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
+ TODO: check
+CVE-2020-3118 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
+ TODO: check
CVE-2020-3117
RESERVED
CVE-2020-3116
@@ -13170,10 +13207,10 @@ CVE-2020-3113
RESERVED
CVE-2020-3112
RESERVED
-CVE-2020-3111
- RESERVED
-CVE-2020-3110
- RESERVED
+CVE-2020-3111 (A vulnerability in the Cisco Discovery Protocol implementation for the ...)
+ TODO: check
+CVE-2020-3110 (A vulnerability in the Cisco Discovery Protocol implementation for the ...)
+ TODO: check
CVE-2019-19770 (In the Linux kernel 4.19.83, there is a use-after-free (read) in the d ...)
- linux <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205713
@@ -28804,10 +28841,10 @@ CVE-2019-16206 (The authentication mechanism, in Brocade SANnav versions before
NOT-FOR-US: Brocade
CVE-2019-16205 (A vulnerability, in Brocade SANnav versions before v2.0, could allow r ...)
NOT-FOR-US: Brocade
-CVE-2019-16204
- RESERVED
-CVE-2019-16203
- RESERVED
+CVE-2019-16204 (Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1 ...)
+ TODO: check
+CVE-2019-16203 (Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the ...)
+ TODO: check
CVE-2019-16202 (MISP before 2.4.115 allows privilege escalation in certain situations. ...)
NOT-FOR-US: MISP
CVE-2019-16201 (WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5 ...)
@@ -31488,8 +31525,8 @@ CVE-2019-15255 (A vulnerability in the web-based management interface of Cisco I
NOT-FOR-US: Cisco
CVE-2019-15254
RESERVED
-CVE-2019-15253
- RESERVED
+CVE-2019-15253 (A vulnerability in the web-based management interface of Cisco Digital ...)
+ TODO: check
CVE-2019-15252 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
NOT-FOR-US: Cisco
CVE-2019-15251 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
@@ -31997,8 +32034,8 @@ CVE-2019-15128 (iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to
NOT-FOR-US: iF.SVNAdmin
CVE-2019-15127 (REDCap before 9.3.0 allows XSS attacks against non-administrator accou ...)
NOT-FOR-US: REDCap
-CVE-2019-15126
- RESERVED
+CVE-2019-15126 (An issue was discovered on Broadcom Wi-Fi client devices. Specifically ...)
+ TODO: check
CVE-2019-15125
RESERVED
CVE-2018-20975 (Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/t ...)
@@ -42154,8 +42191,8 @@ CVE-2019-12182
RESERVED
CVE-2019-12181 (A privilege escalation vulnerability exists in SolarWinds Serv-U befor ...)
NOT-FOR-US: SolarWinds
-CVE-2019-12180
- RESERVED
+CVE-2019-12180 (An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 ...)
+ TODO: check
CVE-2019-12179
RESERVED
CVE-2019-12178
@@ -44062,8 +44099,8 @@ CVE-2019-11518 (An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows
NOT-FOR-US: SEMCMS
CVE-2019-11517 (WampServer before 3.1.9 has CSRF in add_vhost.php because the synchron ...)
NOT-FOR-US: WampServer
-CVE-2019-11516
- RESERVED
+CVE-2019-11516 (An issue was discovered in the Bluetooth component of the Cypress (for ...)
+ TODO: check
CVE-2018-20823 (The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a deni ...)
NOT-FOR-US: Xiaomi Mi 5s devices
CVE-2019-11515 (core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?d ...)
@@ -63033,8 +63070,8 @@ CVE-2019-4672
RESERVED
CVE-2019-4671
RESERVED
-CVE-2019-4670
- RESERVED
+CVE-2019-4670 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
+ TODO: check
CVE-2019-4669
RESERVED
CVE-2019-4668
@@ -63141,14 +63178,14 @@ CVE-2019-4618
RESERVED
CVE-2019-4617
RESERVED
-CVE-2019-4616
- RESERVED
+CVE-2019-4616 (IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute ...)
+ TODO: check
CVE-2019-4615
RESERVED
CVE-2019-4614 (IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Que ...)
NOT-FOR-US: IBM
-CVE-2019-4613
- RESERVED
+CVE-2019-4613 (IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery ...)
+ TODO: check
CVE-2019-4612 (IBM Planning Analytics 2.0 is vulnerable to malicious file upload in t ...)
NOT-FOR-US: IBM
CVE-2019-4611 (IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This ...)
@@ -206538,7 +206575,8 @@ CVE-2016-2035
REJECTED
CVE-2016-2034 (SQL injection vulnerability in ClearPass Policy Manager 6.5.x through ...)
NOT-FOR-US: ClearPass Policy Manager
-CVE-2016-2033 (Multiple vulnerabilities exist in Aruba ClearPass Policy Manager up to ...)
+CVE-2016-2033
+ REJECTED
NOT-FOR-US: Aruba ClearPass Policy Manager
CVE-2016-2032 (A vulnerability exists in the Aruba AirWave Management Platform 8.x pr ...)
NOT-FOR-US: Aruba AirWave Management Platform
@@ -221258,12 +221296,12 @@ CVE-2015-5630 (Cross-site scripting (XSS) vulnerability in the NTT Broadband Pla
NOT-FOR-US: NTT
CVE-2015-5629 (The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6. ...)
NOT-FOR-US: NTT
-CVE-2015-5628
- RESERVED
-CVE-2015-5627
- RESERVED
-CVE-2015-5626
- RESERVED
+CVE-2015-5628 (Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and ea ...)
+ TODO: check
+CVE-2015-5627 (Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and ea ...)
+ TODO: check
+CVE-2015-5626 (Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and ea ...)
+ TODO: check
CVE-2015-5625 (Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 al ...)
NOT-FOR-US: OpenDocMan
CVE-2015-5624 (Buffer overflow in the ExecCall method in c2lv6.ocx in the FreeBit ELP ...)
@@ -240015,8 +240053,8 @@ CVE-2015-0104 (IBM Tivoli IT Asset Management for IT, Tivoli Service Request Man
NOT-FOR-US: IBM
CVE-2015-0103 (Multiple cross-site scripting (XSS) vulnerabilities in the Process Por ...)
NOT-FOR-US: IBM Business Process Manager
-CVE-2015-0102
- RESERVED
+CVE-2015-0102 (IBM Workflow for Bluemix does not set the secure flag for the session ...)
+ TODO: check
CVE-2015-0101 (Cross-site scripting (XSS) vulnerability in IBM Business Process Manag ...)
NOT-FOR-US: IBM
CVE-2015-0100 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...)
@@ -252732,7 +252770,7 @@ CVE-2014-3895 (The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-W
CVE-2014-3894 (Cross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional M ...)
NOT-FOR-US: PHP Kobo Multifunctional MailForm
CVE-2014-3893
- RESERVED
+ REJECTED
CVE-2014-3892 (Cross-site scripting (XSS) vulnerability in Nexa Meridian before 2014 ...)
NOT-FOR-US: Nexa Meridian
CVE-2014-3891 (Buffer overflow in RimArts Becky! Internet Mail before 2.68 allows rem ...)
@@ -266742,7 +266780,7 @@ CVE-2013-5991 (The displaySystemError function in html/handle_error.php in LOCKO
CVE-2013-5990 (Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; I ...)
NOT-FOR-US: JustSystems Ichitaro
CVE-2013-5989
- RESERVED
+ REJECTED
CVE-2013-5988
RESERVED
CVE-2013-5987 (Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, ...)
@@ -275274,8 +275312,8 @@ CVE-2013-2677
RESERVED
CVE-2013-2676 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...)
NOT-FOR-US: Brother
-CVE-2013-2675
- RESERVED
+CVE-2013-2675 (Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable r ...)
+ TODO: check
CVE-2013-2674 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...)
NOT-FOR-US: Brother MFC-9970CDW 1.10 firmware L devices
CVE-2013-2673 (Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass ...)
@@ -281912,8 +281950,8 @@ CVE-2013-0509 (Buffer overflow in the Transaction MIB agent in IBM Tivoli Netcoo
NOT-FOR-US: IBM
CVE-2013-0508 (Multiple buffer overflows in IBM Tivoli Netcool System Service Monitor ...)
NOT-FOR-US: IBM
-CVE-2013-0507
- RESERVED
+CVE-2013-0507 (IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fix ...)
+ TODO: check
CVE-2013-0506 (Cross-site scripting (XSS) vulnerability in IBM Sterling Order Managem ...)
NOT-FOR-US: IBM Sterling Order Management
CVE-2013-0505 (IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 b ...)
@@ -305529,8 +305567,7 @@ CVE-2010-4817 (pithos before 0.3.5 allows overwrite of arbitrary files via symli
- pithos 0.3.5-1
CVE-2010-4816
RESERVED
-CVE-2010-4815
- RESERVED
+CVE-2010-4815 (Coppermine gallery before 1.4.26 has an input validation vulnerability ...)
NOT-FOR-US: Coppermine Photo Gallery
CVE-2011-3169 (Unspecified vulnerability in the SMTP service implementation in HP TCP ...)
NOT-FOR-US: HP OpenVMS
@@ -314031,8 +314068,7 @@ CVE-2010-4664 (In ConsoleKit before 0.4.2, an intended security policy restricti
[squeeze] - consolekit <no-dsa> (Minor issue)
CVE-2010-4663 (Unspecified vulnerability in the News module in CMS Made Simple (CMSMS ...)
NOT-FOR-US: CMS Made Simple
-CVE-2010-4662
- RESERVED
+CVE-2010-4662 (PmWiki before 2.2.21 has XSS. ...)
NOT-FOR-US: pmwiki
CVE-2010-4661 (udisks before 1.0.3 allows a local user to load arbitrary Linux kernel ...)
- udisks 1.0.3-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b93748f8a76c8391bc49d903bf46d93bec4a87ee
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b93748f8a76c8391bc49d903bf46d93bec4a87ee
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200205/986dca37/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list