[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Feb 8 20:10:30 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f2af77da by security tracker role at 2020-02-08T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -221362,8 +221362,7 @@ CVE-2014-9742 (The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.
 	- botan1.10 1.10.8-1
 	NOTE: Introduced in 1.8.3, fixed in 1.10.8 and 1.11.9
 	NOTE: http://botan.randombit.net/security.html
-CVE-2015-5741 [other discoveries of security-relevant RFC 7230 violations]
-	RESERVED
+CVE-2015-5741 (The net/http library in net/http/transfer.go in Go before 1.4.3 does n ...)
 	- golang 2:1.4.2-4 (bug #795106)
 	[jessie] - golang <no-dsa> (Minor issue)
 	[wheezy] - golang <no-dsa> (Minor issue)
@@ -228058,8 +228057,8 @@ CVE-2015-3425 (Cross-site scripting (XSS) vulnerability in Accentis Content Reso
 	NOT-FOR-US: Accentis Content Resource Management System
 CVE-2015-3424 (SQL injection vulnerability in Accentis Content Resource Management Sy ...)
 	NOT-FOR-US: Accentis Content Resource Management System
-CVE-2015-3423
-	RESERVED
+CVE-2015-3423 (Multiple SQL injection vulnerabilities in NetCracker Resource Manageme ...)
+	TODO: check
 CVE-2015-3422 (Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 al ...)
 	NOT-FOR-US: SearchBlox
 CVE-2015-3421 (The eshop_checkout function in checkout.php in the Wordpress Eshop plu ...)
@@ -232034,8 +232033,8 @@ CVE-2015-2209 (DLGuard 4.5 allows remote attackers to obtain the installation pa
 	NOT-FOR-US: DLGuard
 CVE-2015-2208 (The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remo ...)
 	NOT-FOR-US: phpMoAdmin
-CVE-2015-2207
-	RESERVED
+CVE-2015-2207 (Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Reso ...)
+	TODO: check
 CVE-2015-2206 (libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2 ...)
 	{DSA-3382-1 DLA-336-1}
 	- phpmyadmin 4:4.4.4-1 (unimportant)
@@ -232485,8 +232484,8 @@ CVE-2015-2080 (The exception handling code in Eclipse Jetty before 9.2.9.v201502
 	NOTE: http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
 	NOTE: https://github.com/eclipse/jetty.project/blob/master/advisories/2015-02-24-httpparser-error-buffer-bleed.md
 	NOTE: http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
-CVE-2015-2062
-	RESERVED
+CVE-2015-2062 (Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-i ...)
+	TODO: check
 CVE-2015-2061 (Heap-based buffer overflow in the browser plugin for PTC Creo View all ...)
 	NOT-FOR-US: PTC Creo View
 CVE-2015-2057
@@ -234562,8 +234561,7 @@ CVE-2015-1398 (Multiple directory traversal vulnerabilities in Magento Community
 	NOT-FOR-US: Magento
 CVE-2015-1397 (SQL injection vulnerability in the getCsvFile function in the Mage_Adm ...)
 	NOT-FOR-US: Magento
-CVE-2015-1394
-	RESERVED
+CVE-2015-1394 (Multiple cross-site scripting (XSS) vulnerabilities in the Photo Galle ...)
 	NOT-FOR-US: WordPress plugin photo-gallery
 CVE-2015-1393 (SQL injection vulnerability in the Photo Gallery plugin before 1.2.11  ...)
 	NOT-FOR-US: WordPress plugin photo-gallery
@@ -237733,8 +237731,8 @@ CVE-2014-9472 (The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x b
 	{DSA-3176-1 DLA-158-1}
 	- request-tracker4 4.2.8-3
 	- request-tracker3.8 <removed> (unimportant)
-CVE-2014-9470
-	RESERVED
+CVE-2014-9470 (Cross-site scripting (XSS) vulnerability in the loadForm function in F ...)
+	TODO: check
 CVE-2014-9469 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3. ...)
 	NOT-FOR-US: vBulletin
 CVE-2014-9468 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP Inst ...)
@@ -239490,10 +239488,10 @@ CVE-2014-9131
 	RESERVED
 CVE-2014-9128
 	RESERVED
-CVE-2014-9127
-	RESERVED
-CVE-2014-9126
-	RESERVED
+CVE-2014-9127 (Open-School Community Edition 2.2 does not properly restrict access to ...)
+	TODO: check
+CVE-2014-9126 (Multiple cross-site scripting (XSS) vulnerabilities in Open-School Com ...)
+	TODO: check
 CVE-2014-9125
 	RESERVED
 CVE-2014-9124
@@ -241298,8 +241296,8 @@ CVE-2014-8741 (Directory traversal vulnerability in the GfdFileUploadServerlet s
 	NOT-FOR-US: Lexmark
 CVE-2014-8740
 	RESERVED
-CVE-2014-8739
-	RESERVED
+CVE-2014-8739 (Unrestricted file upload vulnerability in server/php/UploadHandler.php ...)
+	TODO: check
 CVE-2014-8736 (The Open Atrium Core module for Drupal before 7.x-2.22 allows remote a ...)
 	NOT-FOR-US: Drupal module Open Atrium Core
 CVE-2014-8735 (The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7 ...)
@@ -243876,8 +243874,8 @@ CVE-2014-7865
 	REJECTED
 CVE-2014-7864 (Multiple SQL injection vulnerabilities in the FailOverHelperServlet (a ...)
 	NOT-FOR-US: ZOHO ManageEngine OpManager
-CVE-2014-7863
-	RESERVED
+CVE-2014-7863 (The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngi ...)
+	TODO: check
 CVE-2014-7862 (The DCPluginServelet servlet in ManageEngine Desktop Central and Deskt ...)
 	NOT-FOR-US: ManageEngine
 CVE-2014-7861 (The IOHIDSecurePromptClient function in Apple OS X does not properly v ...)
@@ -258070,8 +258068,7 @@ CVE-2014-2227 (The default Flash cross-domain policy (crossdomain.xml) in Ubiqui
 	NOT-FOR-US: Ubiquiti Networks
 CVE-2014-2226 (Ubiquiti UniFi Controller before 3.2.1 logs the administrative passwor ...)
 	NOT-FOR-US: Ubiquiti Networks
-CVE-2014-2225
-	RESERVED
+CVE-2014-2225 (Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti ...)
 	NOT-FOR-US: Ubiquiti Networks
 CVE-2014-2224 (Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not as ...)
 	NOT-FOR-US: Plogger
@@ -286046,8 +286043,8 @@ CVE-2012-5572 (CRLF injection vulnerability in the cookie method (lib/Dancer/Coo
 	NOTE: https://github.com/PerlDancer/Dancer/issues/859
 CVE-2012-5571 (OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properl ...)
 	- keystone 2012.1.1-11 (bug #694433)
-CVE-2012-5570
-	RESERVED
+CVE-2012-5570 (The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remo ...)
+	TODO: check
 CVE-2012-5569 (Multiple cross-site scripting (XSS) vulnerabilities in the Basic webma ...)
 	NOT-FOR-US: Drupal Webmail module
 CVE-2012-5568 (Apache Tomcat through 7.0.x allows remote attackers to cause a denial  ...)
@@ -288998,8 +288995,7 @@ CVE-2012-4513 (khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows
 	- kdebase <removed> (unimportant)
 	- kde-baseapps <unfixed> (unimportant)
 	NOTE: Konqueror not supported security-wise
-CVE-2012-4512
-	RESERVED
+CVE-2012-4512 (The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 all ...)
 	- kdebase <removed> (unimportant)
 	- kde-baseapps <unfixed> (unimportant)
 	NOTE: Konqueror not supported security-wise
@@ -289399,8 +289395,7 @@ CVE-2012-4382 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not proper
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39823
 	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
-CVE-2012-4381 [Passwords were stored in local DB even if auth systems like LDAP were used]
-	RESERVED
+CVE-2012-4381 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in t ...)
 	- mediawiki 1:1.19.2-1 (bug #686330)
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39184
@@ -290321,8 +290316,8 @@ CVE-2012-4031 (Multiple directory traversal vulnerabilities in src/acloglogin.ph
 	NOT-FOR-US: Wangkongbao not in Debian
 CVE-2012-4030 (Chamilo before 1.8.8.6 does not adequately handle user supplied input  ...)
 	NOT-FOR-US: Chamilo LMS
-CVE-2012-4029
-	RESERVED
+CVE-2012-4029 (Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in  ...)
+	TODO: check
 CVE-2012-4028 (Tridium Niagara AX Framework does not properly store credential data,  ...)
 	NOT-FOR-US: Tridium Niagara AX Framework
 CVE-2012-4027 (Directory traversal vulnerability in Tridium Niagara AX Framework allo ...)
@@ -304662,8 +304657,7 @@ CVE-2011-3644
 	RESERVED
 CVE-2011-3643
 	RESERVED
-CVE-2011-3642 [flowplayer-core: Arbitrary plugins with remote code execution (XSS)]
-	RESERVED
+CVE-2011-3642 (Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 thr ...)
 	- mahara <removed> (low; bug #699230)
 	[squeeze] - mahara <no-dsa> (Minor issue)
 	NOTE: https://code.google.com/p/flowplayer-core/issues/detail?id=441



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2af77da61f06557937561af7d68b5cfa05f887e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2af77da61f06557937561af7d68b5cfa05f887e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200208/94a1470b/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list