[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Feb 12 20:10:34 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4511104f by security tracker role at 2020-02-12T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,141 @@
+CVE-2020-8949 (Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3. ...)
+ TODO: check
+CVE-2020-8948
+ RESERVED
+CVE-2020-8947 (functions_netflow.php in Artica Pandora FMS 7.0 allows remote attacker ...)
+ TODO: check
+CVE-2020-8946 (Netis WF2471 v1.2.30142 devices allow an authenticated attacker to exe ...)
+ TODO: check
+CVE-2020-8945 (The proglottis Go wrapper before 0.1.1 for the GPGME library has a use ...)
+ TODO: check
+CVE-2020-8944
+ RESERVED
+CVE-2020-8943
+ RESERVED
+CVE-2020-8942
+ RESERVED
+CVE-2020-8941
+ RESERVED
+CVE-2020-8940
+ RESERVED
+CVE-2020-8939
+ RESERVED
+CVE-2020-8938
+ RESERVED
+CVE-2020-8937
+ RESERVED
+CVE-2020-8936
+ RESERVED
+CVE-2020-8935
+ RESERVED
+CVE-2020-8934
+ RESERVED
+CVE-2020-8933
+ RESERVED
+CVE-2020-8932
+ RESERVED
+CVE-2020-8931
+ RESERVED
+CVE-2020-8930
+ RESERVED
+CVE-2020-8929
+ RESERVED
+CVE-2020-8928
+ RESERVED
+CVE-2020-8927
+ RESERVED
+CVE-2020-8926
+ RESERVED
+CVE-2020-8925
+ RESERVED
+CVE-2020-8924
+ RESERVED
+CVE-2020-8923
+ RESERVED
+CVE-2020-8922
+ RESERVED
+CVE-2020-8921
+ RESERVED
+CVE-2020-8920
+ RESERVED
+CVE-2020-8919
+ RESERVED
+CVE-2020-8918
+ RESERVED
+CVE-2020-8917
+ RESERVED
+CVE-2020-8916
+ RESERVED
+CVE-2020-8915
+ RESERVED
+CVE-2020-8914
+ RESERVED
+CVE-2020-8913
+ RESERVED
+CVE-2020-8912
+ RESERVED
+CVE-2020-8911
+ RESERVED
+CVE-2020-8910
+ RESERVED
+CVE-2020-8909
+ RESERVED
+CVE-2020-8908
+ RESERVED
+CVE-2020-8907
+ RESERVED
+CVE-2020-8906
+ RESERVED
+CVE-2020-8905
+ RESERVED
+CVE-2020-8904
+ RESERVED
+CVE-2020-8903
+ RESERVED
+CVE-2020-8902
+ RESERVED
+CVE-2020-8901
+ RESERVED
+CVE-2020-8900
+ RESERVED
+CVE-2020-8899
+ RESERVED
+CVE-2020-8898
+ RESERVED
+CVE-2020-8897
+ RESERVED
+CVE-2020-8896
+ RESERVED
+CVE-2020-8895
+ RESERVED
+CVE-2020-8894 (An issue was discovered in MISP before 2.4.121. ACLs for discussion th ...)
+ TODO: check
+CVE-2020-8893 (An issue was discovered in MISP before 2.4.121. The Galaxy view contai ...)
+ TODO: check
+CVE-2020-8892 (An issue was discovered in MISP before 2.4.121. It did not consider th ...)
+ TODO: check
+CVE-2020-8891 (An issue was discovered in MISP before 2.4.121. It did not canonicaliz ...)
+ TODO: check
+CVE-2020-8890 (An issue was discovered in MISP before 2.4.121. It mishandled time ske ...)
+ TODO: check
+CVE-2020-8889
+ RESERVED
+CVE-2020-8888
+ RESERVED
+CVE-2020-8887
+ RESERVED
+CVE-2020-8886
+ RESERVED
+CVE-2020-8885
+ RESERVED
+CVE-2019-20453
+ RESERVED
+CVE-2019-20452
+ RESERVED
+CVE-2012-6721 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...)
+ TODO: check
+CVE-2012-6720 (Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine be ...)
+ TODO: check
CVE-2020-8884
RESERVED
CVE-2020-8883
@@ -92,8 +230,8 @@ CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain x
NOTE: https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by
NOTE: but still an issue when Default Typing is enabled.
-CVE-2020-8839
- RESERVED
+CVE-2020-8839 (Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter dev ...)
+ TODO: check
CVE-2015-9542
RESERVED
CVE-2020-8838
@@ -146,8 +284,8 @@ CVE-2020-8817
RESERVED
CVE-2020-8816
RESERVED
-CVE-2020-8815
- RESERVED
+CVE-2020-8815 (Improper connection handling in the base connection handler in IKTeam ...)
+ TODO: check
CVE-2020-8814
RESERVED
CVE-2018-21034
@@ -625,8 +763,7 @@ CVE-2020-8597 (eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer
NOTE: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
CVE-2020-8596 (participants-database.php in the Participants Database plugin 1.9.5.5 ...)
NOT-FOR-US: Participants Database plugin for WordPress
-CVE-2020-8595
- RESERVED
+CVE-2020-8595 (Istio 1.3 through 1.4.3 allows authentication bypass. The Authenticati ...)
NOT-FOR-US: itsio
CVE-2020-8594
RESERVED
@@ -2049,8 +2186,7 @@ CVE-2020-7959
RESERVED
CVE-2020-7958
RESERVED
-CVE-2020-7957
- RESERVED
+CVE-2020-7957 (The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle ...)
- dovecot <not-affected> (Only affects 2.3.9)
NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/2
CVE-2020-7956 (HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validate ...)
@@ -4060,8 +4196,7 @@ CVE-2020-7048 (The WordPress plugin, WP Database Reset through 3.1, contains a f
NOT-FOR-US: Wordpress plugin
CVE-2020-7047 (The WordPress plugin, WP Database Reset through 3.1, contains a flaw t ...)
NOT-FOR-US: Wordpress plugin
-CVE-2020-7046
- RESERVED
+CVE-2020-7046 (lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 ...)
- dovecot <not-affected> (Only affects 2.3.9)
NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/1
CVE-2020-7045 (In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. Thi ...)
@@ -6237,20 +6372,20 @@ CVE-2020-6071
RESERVED
CVE-2020-6070
RESERVED
-CVE-2020-6069
- RESERVED
+CVE-2020-6069 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
+ TODO: check
CVE-2020-6068
RESERVED
-CVE-2020-6067
- RESERVED
-CVE-2020-6066
- RESERVED
-CVE-2020-6065
- RESERVED
-CVE-2020-6064
- RESERVED
-CVE-2020-6063
- RESERVED
+CVE-2020-6067 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
+ TODO: check
+CVE-2020-6066 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
+ TODO: check
+CVE-2020-6065 (An exploitable out-of-bounds write vulnerability exists in the bmp_par ...)
+ TODO: check
+CVE-2020-6064 (An exploitable out-of-bounds write vulnerability exists in the uncompr ...)
+ TODO: check
+CVE-2020-6063 (An exploitable out-of-bounds write vulnerability exists in the uncompr ...)
+ TODO: check
CVE-2020-6062
RESERVED
CVE-2020-6061
@@ -11200,12 +11335,12 @@ CVE-2019-20102
RESERVED
CVE-2019-20101
RESERVED
-CVE-2019-20100
- RESERVED
-CVE-2019-20099
- RESERVED
-CVE-2019-20098
- RESERVED
+CVE-2019-20100 (The Atlassian Application Links plugin is vulnerable to cross-site req ...)
+ TODO: check
+CVE-2019-20099 (The VerifyPopServerConnection!add.jspa component in Atlassian Jira Ser ...)
+ TODO: check
+CVE-2019-20098 (The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Se ...)
+ TODO: check
CVE-2019-20097 (Bitbucket Server and Bitbucket Data Center versions starting from 1.0. ...)
NOT-FOR-US: Bitbucket Server and Bitbucket Data Center
CVE-2019-20096 (In the Linux kernel before 5.1, there is a memory leak in __feat_regis ...)
@@ -11704,8 +11839,7 @@ CVE-2019-19922 (kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.c
[buster] - linux 4.19.87-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://git.kernel.org/linus/de53fd7aedb100f03e5d2231cfce0e4993282425
-CVE-2019-19921 [Volume mount race condition with shared mounts]
- RESERVED
+CVE-2019-19921 (runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalat ...)
- runc 1.0.0~rc10+dfsg1-1
[buster] - runc <no-dsa> (Minor issue)
[stretch] - runc <no-dsa> (Minor issue)
@@ -16275,80 +16409,55 @@ CVE-2020-2135
RESERVED
CVE-2020-2134
RESERVED
-CVE-2020-2133
- RESERVED
+CVE-2020-2133 (Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2132
- RESERVED
+CVE-2020-2132 (Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2131
- RESERVED
+CVE-2020-2131 (Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencryp ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2130
- RESERVED
+CVE-2020-2130 (Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencry ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2129
- RESERVED
+CVE-2020-2129 (Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencr ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2128
- RESERVED
+CVE-2020-2128 (Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a passw ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2127
- RESERVED
+CVE-2020-2127 (Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stor ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2126
- RESERVED
+CVE-2020-2126 (Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2125
- RESERVED
+CVE-2020-2125 (Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2124
- RESERVED
+CVE-2020-2124 (Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier sto ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2123
- RESERVED
+CVE-2020-2123 (Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML pa ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2122
- RESERVED
+CVE-2020-2122 (Jenkins Brakeman Plugin 0.12 and earlier did not escape values receive ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2121
- RESERVED
+CVE-2020-2121 (Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not con ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2120
- RESERVED
+CVE-2020-2120 (Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML pa ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2119
- RESERVED
+CVE-2020-2119 (Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credent ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2118
- RESERVED
+CVE-2020-2118 (A missing permission check in Jenkins Pipeline GitHub Notify Step Plug ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2117
- RESERVED
+CVE-2020-2117 (A missing permission check in Jenkins Pipeline GitHub Notify Step Plug ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2116
- RESERVED
+CVE-2020-2116 (A cross-site request forgery vulnerability in Jenkins Pipeline GitHub ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2115
- RESERVED
+CVE-2020-2115 (Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parse ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2114
- RESERVED
+CVE-2020-2114 (Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured cr ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2113
- RESERVED
+CVE-2020-2113 (Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the de ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2112
- RESERVED
+CVE-2020-2112 (Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the pa ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2111
- RESERVED
+CVE-2020-2111 (Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2110
- RESERVED
+CVE-2020-2110 (Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2109
- RESERVED
+CVE-2020-2109 (Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2108 (Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure ...)
NOT-FOR-US: Jenkins plugin
@@ -16938,8 +17047,7 @@ CVE-2020-1944
RESERVED
CVE-2020-1943
RESERVED
-CVE-2020-1942
- RESERVED
+CVE-2020-1942 (In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated ...)
NOT-FOR-US: Apache NiFi
CVE-2020-1941
RESERVED
@@ -17743,8 +17851,7 @@ CVE-2020-1728
RESERVED
CVE-2020-1727
RESERVED
-CVE-2020-1726
- RESERVED
+CVE-2020-1726 (A flaw was discovered in Podman where it incorrectly allows containers ...)
- podman <itp> (bug #930440)
CVE-2020-1725
RESERVED
@@ -17788,8 +17895,7 @@ CVE-2020-1712 [heap use-after-free vulnerability]
NOTE: https://github.com/systemd/systemd/commit/5c1163273569809742c164260cfd9f096520cb82 (documentation)
NOTE: https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d (documentation)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1794578
-CVE-2020-1711 [block: iscsi: OOB heap access via an unexpected response of iSCSI Server]
- RESERVED
+CVE-2020-1711 (An out-of-bounds heap buffer access flaw was found in the way the iSCS ...)
- qemu 1:4.2-2 (bug #949731)
[buster] - qemu 1:3.1+dfsg-8+deb10u4
[stretch] - qemu <postponed> (Intrusive to backport, revisit later)
@@ -18352,16 +18458,16 @@ CVE-2019-19198 (The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS. ...
NOT-FOR-US: Scoutnet Kalender plugin for WordPress
CVE-2019-19197 (IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0. ...)
NOT-FOR-US: Kyrol Internet Security
-CVE-2019-19196
- RESERVED
+CVE-2019-19196 (The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation ...)
+ TODO: check
CVE-2019-19195 (The Bluetooth Low Energy implementation on Microchip Technology BluSDK ...)
TODO: check
-CVE-2019-19194
- RESERVED
+CVE-2019-19194 (The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation ...)
+ TODO: check
CVE-2019-19193 (The Bluetooth Low Energy peripheral implementation on Texas Instrument ...)
TODO: check
-CVE-2019-19192
- RESERVED
+CVE-2019-19192 (The Bluetooth Low Energy implementation on STMicroelectronics BLE Stac ...)
+ TODO: check
CVE-2019-19191 (Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file ...)
- shibboleth-sp <unfixed> (unimportant)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1157471
@@ -21275,8 +21381,8 @@ CVE-2020-0794
RESERVED
CVE-2020-0793
RESERVED
-CVE-2020-0792
- RESERVED
+CVE-2020-0792 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
+ TODO: check
CVE-2020-0791
RESERVED
CVE-2020-0790
@@ -21325,8 +21431,8 @@ CVE-2020-0769
RESERVED
CVE-2020-0768
RESERVED
-CVE-2020-0767
- RESERVED
+CVE-2020-0767 (A remote code execution vulnerability exists in the way that the Chakr ...)
+ TODO: check
CVE-2020-0766
RESERVED
CVE-2020-0765
@@ -21341,216 +21447,216 @@ CVE-2020-0761
RESERVED
CVE-2020-0760
RESERVED
-CVE-2020-0759
- RESERVED
+CVE-2020-0759 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ TODO: check
CVE-2020-0758
RESERVED
-CVE-2020-0757
- RESERVED
-CVE-2020-0756
- RESERVED
-CVE-2020-0755
- RESERVED
-CVE-2020-0754
- RESERVED
-CVE-2020-0753
- RESERVED
-CVE-2020-0752
- RESERVED
-CVE-2020-0751
- RESERVED
-CVE-2020-0750
- RESERVED
-CVE-2020-0749
- RESERVED
-CVE-2020-0748
- RESERVED
-CVE-2020-0747
- RESERVED
-CVE-2020-0746
- RESERVED
-CVE-2020-0745
- RESERVED
-CVE-2020-0744
- RESERVED
-CVE-2020-0743
- RESERVED
-CVE-2020-0742
- RESERVED
-CVE-2020-0741
- RESERVED
-CVE-2020-0740
- RESERVED
-CVE-2020-0739
- RESERVED
-CVE-2020-0738
- RESERVED
-CVE-2020-0737
- RESERVED
-CVE-2020-0736
- RESERVED
-CVE-2020-0735
- RESERVED
-CVE-2020-0734
- RESERVED
-CVE-2020-0733
- RESERVED
-CVE-2020-0732
- RESERVED
-CVE-2020-0731
- RESERVED
-CVE-2020-0730
- RESERVED
-CVE-2020-0729
- RESERVED
-CVE-2020-0728
- RESERVED
-CVE-2020-0727
- RESERVED
-CVE-2020-0726
- RESERVED
-CVE-2020-0725
- RESERVED
-CVE-2020-0724
- RESERVED
-CVE-2020-0723
- RESERVED
-CVE-2020-0722
- RESERVED
-CVE-2020-0721
- RESERVED
-CVE-2020-0720
- RESERVED
-CVE-2020-0719
- RESERVED
+CVE-2020-0757 (An elevation of privilege vulnerability exists when Windows improperly ...)
+ TODO: check
+CVE-2020-0756 (An information disclosure vulnerability exists in the Cryptography Nex ...)
+ TODO: check
+CVE-2020-0755 (An information disclosure vulnerability exists in the Cryptography Nex ...)
+ TODO: check
+CVE-2020-0754 (An elevation of privilege vulnerability exists in Windows Error Report ...)
+ TODO: check
+CVE-2020-0753 (An elevation of privilege vulnerability exists in Windows Error Report ...)
+ TODO: check
+CVE-2020-0752 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0751 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
+ TODO: check
+CVE-2020-0750 (An elevation of privilege vulnerability exists in the way that the Con ...)
+ TODO: check
+CVE-2020-0749 (An elevation of privilege vulnerability exists in the way that the Con ...)
+ TODO: check
+CVE-2020-0748 (An information disclosure vulnerability exists in the Cryptography Nex ...)
+ TODO: check
+CVE-2020-0747 (An elevation of privilege vulnerability exists when the Windows Data S ...)
+ TODO: check
+CVE-2020-0746 (An information disclosure vulnerability exists in the way that Microso ...)
+ TODO: check
+CVE-2020-0745 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
+ TODO: check
+CVE-2020-0744 (An information disclosure vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0743 (An elevation of privilege vulnerability exists in the way that the Con ...)
+ TODO: check
+CVE-2020-0742 (An elevation of privilege vulnerability exists in the way that the Con ...)
+ TODO: check
+CVE-2020-0741 (An elevation of privilege vulnerability exists in the way that the Con ...)
+ TODO: check
+CVE-2020-0740 (An elevation of privilege vulnerability exists in the way that the Con ...)
+ TODO: check
+CVE-2020-0739 (An elevation of privilege vulnerability exists in the way that the dss ...)
+ TODO: check
+CVE-2020-0738 (A memory corruption vulnerability exists when Windows Media Foundation ...)
+ TODO: check
+CVE-2020-0737 (An elevation of privilege vulnerability exists in the way that the tap ...)
+ TODO: check
+CVE-2020-0736 (An information disclosure vulnerability exists when the Windows kernel ...)
+ TODO: check
+CVE-2020-0735 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0734 (A remote code execution vulnerability exists in the Windows Remote Des ...)
+ TODO: check
+CVE-2020-0733 (An elevation of privilege vulnerability exists when the Windows Malici ...)
+ TODO: check
+CVE-2020-0732 (An elevation of privilege vulnerability exists when DirectX improperly ...)
+ TODO: check
+CVE-2020-0731 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ TODO: check
+CVE-2020-0730 (An elevation of privilege vulnerability exists when the Windows User P ...)
+ TODO: check
+CVE-2020-0729 (A remote code execution vulnerability exists in Microsoft Windows that ...)
+ TODO: check
+CVE-2020-0728 (An information vulnerability exists when Windows Modules Installer Ser ...)
+ TODO: check
+CVE-2020-0727 (An elevation of privilege vulnerability exists when the Connected User ...)
+ TODO: check
+CVE-2020-0726 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ TODO: check
+CVE-2020-0725 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ TODO: check
+CVE-2020-0724 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ TODO: check
+CVE-2020-0723 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ TODO: check
+CVE-2020-0722 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ TODO: check
+CVE-2020-0721 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ TODO: check
+CVE-2020-0720 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ TODO: check
+CVE-2020-0719 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ TODO: check
CVE-2020-0718
RESERVED
-CVE-2020-0717
- RESERVED
-CVE-2020-0716
- RESERVED
-CVE-2020-0715
- RESERVED
-CVE-2020-0714
- RESERVED
-CVE-2020-0713
- RESERVED
-CVE-2020-0712
- RESERVED
-CVE-2020-0711
- RESERVED
-CVE-2020-0710
- RESERVED
-CVE-2020-0709
- RESERVED
-CVE-2020-0708
- RESERVED
-CVE-2020-0707
- RESERVED
-CVE-2020-0706
- RESERVED
-CVE-2020-0705
- RESERVED
-CVE-2020-0704
- RESERVED
-CVE-2020-0703
- RESERVED
-CVE-2020-0702
- RESERVED
-CVE-2020-0701
- RESERVED
+CVE-2020-0717 (An information disclosure vulnerability exists when the win32k compone ...)
+ TODO: check
+CVE-2020-0716 (An information disclosure vulnerability exists when the win32k compone ...)
+ TODO: check
+CVE-2020-0715 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
+ TODO: check
+CVE-2020-0714 (An information disclosure vulnerability exists when DirectX improperly ...)
+ TODO: check
+CVE-2020-0713 (A remote code execution vulnerability exists in the way that the Chakr ...)
+ TODO: check
+CVE-2020-0712 (A remote code execution vulnerability exists in the way that the Chakr ...)
+ TODO: check
+CVE-2020-0711 (A remote code execution vulnerability exists in the way that the Chakr ...)
+ TODO: check
+CVE-2020-0710 (A remote code execution vulnerability exists in the way that the Chakr ...)
+ TODO: check
+CVE-2020-0709 (An elevation of privilege vulnerability exists when DirectX improperly ...)
+ TODO: check
+CVE-2020-0708 (A remote code execution vulnerability exists when the Windows Imaging ...)
+ TODO: check
+CVE-2020-0707 (An elevation of privilege vulnerability exists when the Windows IME im ...)
+ TODO: check
+CVE-2020-0706 (An information disclosure vulnerability exists in the way that affecte ...)
+ TODO: check
+CVE-2020-0705 (An information disclosure vulnerability exists when the Windows Networ ...)
+ TODO: check
+CVE-2020-0704 (An elevation of privilege vulnerability exists when the Windows Wirele ...)
+ TODO: check
+CVE-2020-0703 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ TODO: check
+CVE-2020-0702 (A security feature bypass vulnerability exists in Surface Hub when pro ...)
+ TODO: check
+CVE-2020-0701 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
CVE-2020-0700
RESERVED
CVE-2020-0699
RESERVED
-CVE-2020-0698
- RESERVED
-CVE-2020-0697
- RESERVED
-CVE-2020-0696
- RESERVED
-CVE-2020-0695
- RESERVED
-CVE-2020-0694
- RESERVED
-CVE-2020-0693
- RESERVED
-CVE-2020-0692
- RESERVED
-CVE-2020-0691
- RESERVED
+CVE-2020-0698 (An information disclosure vulnerability exists when the Telephony Serv ...)
+ TODO: check
+CVE-2020-0697 (An elevation of privilege vulnerability exists in Microsoft Office OLi ...)
+ TODO: check
+CVE-2020-0696 (A security feature bypass vulnerability exists in Microsoft Outlook so ...)
+ TODO: check
+CVE-2020-0695 (A spoofing vulnerability exists when Office Online Server does not val ...)
+ TODO: check
+CVE-2020-0694 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ TODO: check
+CVE-2020-0693 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ TODO: check
+CVE-2020-0692 (An elevation of privilege vulnerability exists in Microsoft Exchange S ...)
+ TODO: check
+CVE-2020-0691 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ TODO: check
CVE-2020-0690
RESERVED
-CVE-2020-0689
- RESERVED
-CVE-2020-0688
- RESERVED
+CVE-2020-0689 (A security feature bypass vulnerability exists in secure boot, aka 'Mi ...)
+ TODO: check
+CVE-2020-0688 (A remote code execution vulnerability exists in Microsoft Exchange sof ...)
+ TODO: check
CVE-2020-0687
RESERVED
-CVE-2020-0686
- RESERVED
-CVE-2020-0685
- RESERVED
+CVE-2020-0686 (An elevation of privilege vulnerability exists in the Windows Installe ...)
+ TODO: check
+CVE-2020-0685 (An elevation of privilege vulnerability exists when Windows improperly ...)
+ TODO: check
CVE-2020-0684
RESERVED
-CVE-2020-0683
- RESERVED
-CVE-2020-0682
- RESERVED
-CVE-2020-0681
- RESERVED
-CVE-2020-0680
- RESERVED
-CVE-2020-0679
- RESERVED
-CVE-2020-0678
- RESERVED
-CVE-2020-0677
- RESERVED
-CVE-2020-0676
- RESERVED
-CVE-2020-0675
- RESERVED
-CVE-2020-0674
- RESERVED
-CVE-2020-0673
- RESERVED
-CVE-2020-0672
- RESERVED
-CVE-2020-0671
- RESERVED
-CVE-2020-0670
- RESERVED
-CVE-2020-0669
- RESERVED
-CVE-2020-0668
- RESERVED
-CVE-2020-0667
- RESERVED
-CVE-2020-0666
- RESERVED
-CVE-2020-0665
- RESERVED
+CVE-2020-0683 (An elevation of privilege vulnerability exists in the Windows Installe ...)
+ TODO: check
+CVE-2020-0682 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0681 (A remote code execution vulnerability exists in the Windows Remote Des ...)
+ TODO: check
+CVE-2020-0680 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0679 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0678 (An elevation of privilege vulnerability exists when Windows Error Repo ...)
+ TODO: check
+CVE-2020-0677 (An information disclosure vulnerability exists in the Cryptography Nex ...)
+ TODO: check
+CVE-2020-0676 (An information disclosure vulnerability exists in the Cryptography Nex ...)
+ TODO: check
+CVE-2020-0675 (An information disclosure vulnerability exists in the Cryptography Nex ...)
+ TODO: check
+CVE-2020-0674 (A remote code execution vulnerability exists in the way that the scrip ...)
+ TODO: check
+CVE-2020-0673 (A remote code execution vulnerability exists in the way that the scrip ...)
+ TODO: check
+CVE-2020-0672 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ TODO: check
+CVE-2020-0671 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ TODO: check
+CVE-2020-0670 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ TODO: check
+CVE-2020-0669 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0668 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0667 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0666 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0665 (An elevation of privilege vulnerability exists in Active Directory For ...)
+ TODO: check
CVE-2020-0664
RESERVED
-CVE-2020-0663
- RESERVED
-CVE-2020-0662
- RESERVED
-CVE-2020-0661
- RESERVED
-CVE-2020-0660
- RESERVED
-CVE-2020-0659
- RESERVED
-CVE-2020-0658
- RESERVED
-CVE-2020-0657
- RESERVED
+CVE-2020-0663 (An elevation of privilege vulnerability exists when Microsoft Edge doe ...)
+ TODO: check
+CVE-2020-0662 (A remote code execution vulnerability exists in the way that Windows h ...)
+ TODO: check
+CVE-2020-0661 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
+ TODO: check
+CVE-2020-0660 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...)
+ TODO: check
+CVE-2020-0659 (An elevation of privilege vulnerability exists when the Windows Data S ...)
+ TODO: check
+CVE-2020-0658 (An information disclosure vulnerability exists in the Windows Common L ...)
+ TODO: check
+CVE-2020-0657 (An elevation of privilege vulnerability exists when the Windows Common ...)
+ TODO: check
CVE-2020-0656 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
NOT-FOR-US: Microsoft
-CVE-2020-0655
- RESERVED
+CVE-2020-0655 (A remote code execution vulnerability exists in Remote Desktop Service ...)
+ TODO: check
CVE-2020-0654 (A security feature bypass vulnerability exists in Microsoft OneDrive A ...)
NOT-FOR-US: Microsoft
CVE-2020-0653 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
@@ -21623,8 +21729,8 @@ CVE-2020-0620 (An elevation of privilege vulnerability exists when Microsoft Cry
NOT-FOR-US: Microsoft
CVE-2020-0619
RESERVED
-CVE-2020-0618
- RESERVED
+CVE-2020-0618 (A remote code execution vulnerability exists in Microsoft SQL Server R ...)
+ TODO: check
CVE-2020-0617 (A denial of service vulnerability exists when Microsoft Hyper-V Virtua ...)
NOT-FOR-US: Microsoft
CVE-2020-0616 (A denial of service vulnerability exists when Windows improperly handl ...)
@@ -25887,8 +25993,8 @@ CVE-2019-17521 (An issue was discovered in Landing-CMS 0.0.6. There is a CSRF vu
NOT-FOR-US: Landing-CMS
CVE-2019-17520 (The Bluetooth Low Energy implementation on Texas Instruments SDK throu ...)
TODO: check
-CVE-2019-17519
- RESERVED
+CVE-2019-17519 (The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for K ...)
+ TODO: check
CVE-2019-17518 (The Bluetooth Low Energy implementation on Dialog Semiconductor SDK th ...)
TODO: check
CVE-2019-17517 (The Bluetooth Low Energy implementation on Dialog Semiconductor SDK th ...)
@@ -29072,8 +29178,8 @@ CVE-2019-16338
RESERVED
CVE-2019-16337
RESERVED
-CVE-2019-16336
- RESERVED
+CVE-2019-16336 (The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE componen ...)
+ TODO: check
CVE-2019-16335 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
{DSA-4542-1 DLA-1943-1}
- jackson-databind 2.10.0-1 (bug #940498)
@@ -43683,8 +43789,8 @@ CVE-2019-11869 (The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS beca
NOT-FOR-US: WordPress plugin yuzo-related-post
CVE-2019-11868 (See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or ...)
NOT-FOR-US: SoftEther VPN Server
-CVE-2019-11867
- RESERVED
+CVE-2019-11867 (Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to ...)
+ TODO: check
CVE-2019-11866
RESERVED
CVE-2019-11865
@@ -63704,8 +63810,8 @@ CVE-2019-4743 (IBM Financial Transaction Manager 3.0 does not set the secure att
NOT-FOR-US: IBM
CVE-2019-4742 (IBM Financial Transaction Manager 3.0 could allow a remote attacker to ...)
NOT-FOR-US: IBM
-CVE-2019-4741
- RESERVED
+CVE-2019-4741 (IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forge ...)
+ TODO: check
CVE-2019-4740
RESERVED
CVE-2019-4739
@@ -64324,16 +64430,16 @@ CVE-2019-4433 (IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSph
NOT-FOR-US: IBM
CVE-2019-4432
RESERVED
-CVE-2019-4431
- RESERVED
+CVE-2019-4431 (IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cros ...)
+ TODO: check
CVE-2019-4430 (IBM Maximo Asset Management 7.6 could allow a remote attacker to trave ...)
NOT-FOR-US: IBM
CVE-2019-4429
RESERVED
CVE-2019-4428 (IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is ...)
NOT-FOR-US: IBM
-CVE-2019-4427
- RESERVED
+CVE-2019-4427 (IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using ...)
+ TODO: check
CVE-2019-4426 (The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and ...)
NOT-FOR-US: IBM
CVE-2019-4425 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 coul ...)
@@ -79024,6 +79130,7 @@ CVE-2018-18900
CVE-2018-18899
RESERVED
CVE-2018-18898 (The email-ingestion feature in Best Practical Request Tracker 4.1.13 t ...)
+ {DLA-2101-1}
- libemail-address-list-perl 0.06-1
[stretch] - libemail-address-list-perl 0.05-1+deb9u1
NOTE: https://github.com/bestpractical/email-address-list/commit/a22e6b233443fe3ad1a408e50ecbd7237674817d
@@ -215859,8 +215966,8 @@ CVE-2015-7892 (Stack-based buffer overflow in the m2m1shot_compat_ioctl32 functi
NOT-FOR-US: Samsung
CVE-2015-7891 (Race condition in the ioctl implementation in the Samsung Graphics 2D ...)
NOT-FOR-US: Samsung Graphics 2D driver on Samsung devices with Android
-CVE-2015-7890
- RESERVED
+CVE-2015-7890 (Multiple buffer overflows in the esa_write function in /dev/seirenin t ...)
+ TODO: check
CVE-2015-7889 (The SecEmailComposer/EmailComposer application in the Samsung S6 Edge ...)
NOT-FOR-US: Samsung
CVE-2015-7888 (Directory traversal vulnerability in the WifiHs20UtilityService on the ...)
@@ -217137,8 +217244,7 @@ CVE-2015-7509 (fs/ext4/namei.c in the Linux kernel before 3.7 allows physically
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1259222
NOTE: https://git.kernel.org/linus/c9b92530a723ac5ef8e352885a1862b18f31b2f5
NOTE: https://git.kernel.org/linus/0e9a9a1ad619e7e987815d20262d36a2f95717ca
-CVE-2015-7508 [heap overflow]
- RESERVED
+CVE-2015-7508 (Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp. ...)
- libnsbmp <removed>
[squeeze] - libnsbmp <no-dsa> (Library not used anywhere in Debian)
NOTE: http://source.netsurf-browser.org/libnsbmp.git/commit/?id=041df43bbe273b0829132b0b17d89a69da2927d4
@@ -222057,8 +222163,8 @@ CVE-2015-5619 (Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjac
- logstash <itp> (bug #664841)
CVE-2015-5618 (Chiyu BF-630 and BF-630W fingerprint access-control devices allow remo ...)
NOT-FOR-US: Chiyu BF-630 and BF-630W fingerprint access-control devices
-CVE-2015-5617
- RESERVED
+CVE-2015-5617 (SQL injection vulnerability in pub/m_pending_news/delete_pending_news. ...)
+ TODO: check
CVE-2015-5616
RESERVED
CVE-2015-5615
@@ -238965,8 +239071,7 @@ CVE-2014-9420 (The rock_continue function in fs/isofs/rock.c in the Linux kernel
[wheezy] - linux 3.2.65-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/linus/f54e18f1b831c92f6512d2eedb224cd63d607d3d (v3.19-rc1)
-CVE-2014-9390 [arbitrary command execution vulnerability on case-insensitive file systems]
- RESERVED
+CVE-2014-9390 (Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x befo ...)
{DLA-237-1}
- git 1:2.1.4-1
[wheezy] - git <no-dsa> (Minor issue)
@@ -243316,8 +243421,7 @@ CVE-2014-8129 (LibTIFF 4.0.3 allows remote attackers to cause a denial of servic
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2487 (tiff2pdf)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2488 (tiff2pdf)
NOTE: The tiff3 source package doesn't build the TIFF tools, but most of these bugs are in the library
-CVE-2014-8128 [out-of-bounds write]
- RESERVED
+CVE-2014-8128 (LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X befor ...)
{DSA-3273-1 DLA-693-1 DLA-610-1 DLA-221-1}
- tiff 4.0.3-12.3 (bug #776185)
- tiff3 <removed>
@@ -247871,8 +247975,8 @@ CVE-2014-6264
RESERVED
CVE-2014-6263
RESERVED
-CVE-2014-6262
- RESERVED
+CVE-2014-6262 (Multiple format string vulnerabilities in the python module in RRDtool ...)
+ TODO: check
CVE-2014-6261 (Zenoss Core through 5 Beta 3 does not properly implement the Check For ...)
- zenoss <itp> (bug #361253)
CVE-2014-6260 (Zenoss Core through 5 Beta 3 does not require a password for modifying ...)
@@ -250932,8 +251036,8 @@ CVE-2014-4970
RESERVED
CVE-2014-4969
RESERVED
-CVE-2014-4968
- RESERVED
+CVE-2014-4968 (The WebView class and use of the WebView.addJavascriptInterface method ...)
+ TODO: check
CVE-2014-4967
RESERVED
- ansible 1.6.8+dfsg-1
@@ -251814,8 +251918,7 @@ CVE-2014-4608 (** DISPUTED ** Multiple integer overflows in the lzo1x_decompress
[squeeze] - linux-2.6 2.6.32-48squeeze9
NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=206a81c18401c0cde6e579164f752c4b147324ce
NOTE: Not exploitable with the block sizes used in kernel images
-CVE-2014-4607
- RESERVED
+CVE-2014-4607 (Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and ...)
{DSA-2995-1 DLA-35-1}
- lzo <removed>
- lzo2 2.08-1 (bug #752861)
@@ -253581,8 +253684,8 @@ CVE-2014-3862 (CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to d
NOT-FOR-US: HL7 C-CDA
CVE-2014-3861 (Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 a ...)
NOT-FOR-US: HL7 C-CDA
-CVE-2014-3860
- RESERVED
+CVE-2014-3860 (Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijac ...)
+ TODO: check
CVE-2014-3859 (libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS opti ...)
- bind9 <not-affected> (Only affects 9.10.0, 9.10.0-P1)
NOTE: https://kb.isc.org/article/AA-01166
@@ -254910,14 +255013,14 @@ CVE-2014-3463
REJECTED
CVE-2013-7382 (VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and e ...)
NOT-FOR-US: VICIDIAL
-CVE-2013-7381
- RESERVED
+CVE-2013-7381 (libnotify before 1.0.4 for Node.js allows remote attackers to execute ...)
+ TODO: check
CVE-2013-7380 (The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injectio ...)
NOT-FOR-US: Etherpad Lite ep_imageconvert Plugin
CVE-2013-7379 (The admin API in the tomato module before 0.0.6 for Node.js does not p ...)
NOT-FOR-US: tomato module for Node.js
-CVE-2013-7378
- RESERVED
+CVE-2013-7378 (scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node ...)
+ TODO: check
CVE-2013-7377 (The codem-transcode module before 0.5.0 for Node.js, when ffprobe is e ...)
NOT-FOR-US: codem-transcode Node module
CVE-2013-7376 (Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2. ...)
@@ -257285,8 +257388,8 @@ CVE-2014-2597 (PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to ca
NOT-FOR-US: PCNetSoftware RAC Server
CVE-2014-2596
RESERVED
-CVE-2014-2595
- RESERVED
+CVE-2014-2595 (Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attac ...)
+ TODO: check
CVE-2014-2594
RESERVED
CVE-2014-2593 (The management console in Aruba Networks ClearPass Policy Manager 6.3. ...)
@@ -257342,8 +257445,8 @@ CVE-2014-2562
RESERVED
CVE-2014-2561
RESERVED
-CVE-2014-2560
- RESERVED
+CVE-2014-2560 (The PhonerLite phone before 2.15 provides hashed credentials in a resp ...)
+ TODO: check
CVE-2014-2559 (Multiple cross-site request forgery (CSRF) vulnerabilities in twitget. ...)
NOT-FOR-US: WordPress plugin Twitget
CVE-2014-2558 (The File Gallery plugin before 1.7.9.2 for WordPress does not properly ...)
@@ -257493,10 +257596,10 @@ CVE-2011-5273 (Directory traversal vulnerability in shared/package-installer in
- dtc 0.34.1-1
CVE-2011-5272 (SQL injection vulnerability in Domain Technologie Control (DTC) before ...)
- dtc 0.34.1-1
-CVE-2009-5140
- RESERVED
-CVE-2009-5139
- RESERVED
+CVE-2009-5140 (The SIP implementation on the Linksys SPA2102 phone adapter provides h ...)
+ TODO: check
+CVE-2009-5139 (The SIP implementation on the Gizmo5 software phone provides hashed cr ...)
+ TODO: check
CVE-2014-2599 (The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bi ...)
{DSA-3006-1}
- xen 4.4.1-1 (bug #757724)
@@ -261460,8 +261563,8 @@ CVE-2013-7289 (Multiple cross-site scripting (XSS) vulnerabilities in register.p
NOT-FOR-US: Andy's PHP Knowledgebase (Aphpkb)
CVE-2013-7287
RESERVED
-CVE-2013-7286
- RESERVED
+CVE-2013-7286 (MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfu ...)
+ TODO: check
CVE-2013-7283 (Race condition in the libreswan.spec files for Red Hat Enterprise Linu ...)
- libreswan <not-affected> (Fixed before initial upload in Debian; /tmp-race in libreswan.spec for rpm based systems)
CVE-2013-7282 (The management web interface on the Nisuta NS-WIR150NE router with fir ...)
@@ -264233,8 +264336,7 @@ CVE-2014-0236 (file before 5.18, as used in the Fileinfo component in PHP before
NOTE: https://bugs.php.net/bug.php?id=67329
CVE-2014-0235
REJECTED
-CVE-2014-0234
- RESERVED
+CVE-2014-0234 (The default configuration of broker.conf in Red Hat OpenShift Enterpri ...)
NOT-FOR-US: OpenShift
CVE-2014-0233 (Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow re ...)
NOT-FOR-US: OpenShift
@@ -265628,8 +265730,8 @@ CVE-2013-6683 (The IPv6 implementation in Cisco NX-OS does not properly handle n
NOT-FOR-US: Cisco NX-OS
CVE-2013-6682 (The phone-proxy implementation in Cisco Adaptive Security Appliance (A ...)
NOT-FOR-US: Cisco Adaptive Security Appliance
-CVE-2013-6681
- RESERVED
+CVE-2013-6681 (Tube Map Live Underground for Android before 3.0.22 has an Information ...)
+ TODO: check
CVE-2013-6680
REJECTED
CVE-2013-6679
@@ -266971,8 +267073,7 @@ CVE-2013-6238
RESERVED
CVE-2013-6237 (The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 an ...)
NOT-FOR-US: ISL Light
-CVE-2013-6236
- RESERVED
+CVE-2013-6236 (IZON IP 2.0.2: hard-coded password vulnerability ...)
NOT-FOR-US: Stem Innovations IZON
CVE-2013-6235 (Multiple cross-site scripting (XSS) vulnerabilities in JAMon (Java App ...)
- libjamon-java <not-affected> (jamon.war/JAMon web apps gets excluded by debian/orig-tar.sh)
@@ -271623,8 +271724,7 @@ CVE-2013-4397 (Multiple integer overflows in the th_read function in lib/block.c
CVE-2013-4396 (Use-after-free vulnerability in the doImageText function in dix/dixfon ...)
{DSA-2784-1}
- xorg-server 2:1.14.3-4
-CVE-2013-4395
- RESERVED
+CVE-2013-4395 (Simple Machines Forum (SMF) through 2.0.5 has XSS ...)
NOT-FOR-US: Simple Machines Forum
CVE-2013-4394 (The SetX11Keyboard function in systemd, when PolicyKit Local Authority ...)
{DSA-2777-1}
@@ -272249,8 +272349,7 @@ CVE-2013-4227
CVE-2013-4226
RESERVED
NOT-FOR-US: Authenticated User Page Caching Drupal contributed module
-CVE-2013-4225
- RESERVED
+CVE-2013-4225 (The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7. ...)
NOT-FOR-US: RESTful Web Services (RESTWS) Drupal cotributed module
CVE-2013-4224
REJECTED
@@ -272680,8 +272779,8 @@ CVE-2013-4092 (The SecureSphere Operations Manager (SOM) Management Server in Im
NOT-FOR-US: Imperva SecureSphere
CVE-2013-4091 (The SecureSphere Operations Manager (SOM) Management Server in Imperva ...)
NOT-FOR-US: Imperva SecureSphere
-CVE-2013-4090
- RESERVED
+CVE-2013-4090 (Varnish HTTP cache before 3.0.4: ACL bug ...)
+ TODO: check
CVE-2013-4089
RESERVED
CVE-2013-4088 [Information Disclosure]
@@ -273541,8 +273640,8 @@ CVE-2013-3727 (SQL injection vulnerability in Kasseler CMS before 2 r1232 allows
NOT-FOR-US: Kasseler CMS
CVE-2013-3726
REJECTED
-CVE-2013-3725
- RESERVED
+CVE-2013-3725 (Invision Power Board (IPB) through 3.x allows admin account takeover l ...)
+ TODO: check
CVE-2013-3724 (The mk_request_header_process function in mk_request.c in Monkey 1.1.1 ...)
- monkey <removed> (low)
[squeeze] - monkey <no-dsa> (Minor issue)
@@ -273625,8 +273724,7 @@ CVE-2013-3687 (AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-20
NOT-FOR-US: AirLive cameras
CVE-2013-3686 (cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera ...)
NOT-FOR-US: AirLive
-CVE-2013-3685
- RESERVED
+CVE-2013-3685 (A Privilege Escalation Vulnerability exists in Sprite Software Spriteb ...)
NOT-FOR-US: Sprite Software's backup softare for Android
CVE-2013-3684 (NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php fil ...)
TODO: check
@@ -274088,8 +274186,8 @@ CVE-2013-3496 (Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordin
CVE-2013-3495 (The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x a ...)
- xen 4.4.1-3 (unimportant)
NOTE: Hardware design flaw, no software solution
-CVE-2013-3494
- RESERVED
+CVE-2013-3494 (A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll ...)
+ TODO: check
CVE-2013-3493 (XnView 2.03 has an integer overflow vulnerability ...)
NOT-FOR-US: XnView
CVE-2013-3492 (XnView 2.03 has a stack-based buffer overflow vulnerability ...)
@@ -276107,8 +276205,8 @@ CVE-2013-2639 (Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage O
NOT-FOR-US: CTERA Cloud Storage OS
CVE-2013-2638
RESERVED
-CVE-2013-2637
- RESERVED
+CVE-2013-2637 (A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior t ...)
+ TODO: check
CVE-2013-2636 (net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initiali ...)
- linux <not-affected> (Introduced in 3.8)
- linux-2.6 <not-affected> (Introduced in 3.8)
@@ -277328,8 +277426,7 @@ CVE-2013-2214 (status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 do
[wheezy] - nagios3 3.4.1-3+deb7u1
[squeeze] - nagios3 <no-dsa> (disputed, minor issue)
NOTE: Disputed issue; claimed work as designed, may be rejected
-CVE-2013-2213 [KRandom::random() Small Space of Random Values]
- RESERVED
+CVE-2013-2213 (The KRandom::random function in KDE Paste Applet after 4.10.5 in kdepl ...)
- kdeplasma-addons <not-affected> (only affects if incomplete patch for CVE-2013-2120 is applied)
CVE-2013-2212 (The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling ca ...)
- xen 4.3.0-1 (unimportant)
@@ -277742,8 +277839,7 @@ CVE-2013-2099 (Algorithmic complexity vulnerability in the ssl.match_hostname fu
- u1db 13.10-1 (low; bug #709486)
CVE-2013-2098
REJECTED
-CVE-2013-2097 [zPanel themes remote command execution as root]
- RESERVED
+CVE-2013-2097 (ZPanel through 10.1.0 has Remote Command Execution ...)
NOT-FOR-US: zPanel
CVE-2013-2096 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify t ...)
- nova 2013.1.2-2 (low; bug #710157)
@@ -278039,8 +278135,7 @@ CVE-2013-2012 (autojump before 21.5.8 allows local users to gain privileges via
CVE-2013-2011 (WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execu ...)
NOT-FOR-US: WP Super Cache
NOTE: this issue exists because of an incomplete fix for CVE-2013-2009
-CVE-2013-2010
- RESERVED
+CVE-2013-2010 (WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Executio ...)
NOT-FOR-US: W3 Total Cache
CVE-2013-2009 (WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution ...)
NOT-FOR-US: WP Super Cache
@@ -278267,8 +278362,7 @@ CVE-2013-1939 (The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.
- owncloud <not-affected> (Windows version only)
- php-sabredav <not-affected> (running in Windows hosts)
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-016/
-CVE-2013-1938
- RESERVED
+CVE-2013-1938 (Zimbra 2013 has XSS in aspell.php ...)
NOT-FOR-US: Zimbra
CVE-2013-1937 (** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in ...)
- phpmyadmin <not-affected> (Affected are versions 3.5.0 to 3.5.7, older versions not vulnerable)
@@ -278308,8 +278402,7 @@ CVE-2013-1926 (The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses t
- icedtea-web 1.3.2-1
CVE-2013-1925 (The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal ...)
NOT-FOR-US: CTools module for Drupal
-CVE-2013-1924
- RESERVED
+CVE-2013-1924 (Commerce Skrill (Formerly Moneybookers) has an Access bypass vulnerabi ...)
NOT-FOR-US: Commerce Skrill Drupal module
CVE-2013-1923 (rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for ...)
- nfs-utils 1:1.2.8-1 (low; bug #707401)
@@ -280242,8 +280335,8 @@ CVE-2013-1412 (DataLife Engine (DLE) 9.7 allows remote attackers to execute arbi
NOT-FOR-US: DataLife Engine
CVE-2013-1411
RESERVED
-CVE-2013-1410
- RESERVED
+CVE-2013-1410 (Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities ...)
+ TODO: check
CVE-2013-1409 (Cross-site scripting (XSS) vulnerability in the CommentLuv plugin befo ...)
NOT-FOR-US: CommentLuv plugin for Wordpress
CVE-2013-1408 (Multiple SQL injection vulnerabilities in the Wysija Newsletters plugi ...)
@@ -294298,8 +294391,8 @@ CVE-2012-2519 (Untrusted search path vulnerability in Entity Framework in ADO.NE
NOT-FOR-US: Microsoft .NET framework
CVE-2012-2518
REJECTED
-CVE-2012-2517
- RESERVED
+CVE-2012-2517 (Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 al ...)
+ TODO: check
CVE-2012-2516 (An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the ...)
NOT-FOR-US: KeyWorks not in Debian
CVE-2012-2515 (Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX ...)
@@ -294429,8 +294522,8 @@ CVE-2012-2454
RESERVED
CVE-2012-2453
RESERVED
-CVE-2012-2452
- RESERVED
+CVE-2012-2452 (Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x be ...)
+ TODO: check
CVE-2012-2450 (VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, V ...)
NOT-FOR-US: VMware
CVE-2012-2449 (VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, V ...)
@@ -295186,7 +295279,7 @@ CVE-2012-2218
CVE-2012-2217 (The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, ...)
NOT-FOR-US: Android
CVE-2012-2216
- RESERVED
+ REJECTED
CVE-2012-2095 (The SetWiredProperty function in the D-Bus interface in WICD before 1. ...)
- wicd 1.7.2.4-1 (low; bug #668397)
[squeeze] - wicd 1.7.0+ds1-5+squeeze2
@@ -297797,8 +297890,7 @@ CVE-2012-1126 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 1
NOTE: Crash only
CVE-2012-1125 (Unrestricted file upload vulnerability in uploadify/scripts/uploadify. ...)
NOT-FOR-US: Kish Guest Posting Plugin for WordPress (not in Debian)
-CVE-2012-1124
- RESERVED
+CVE-2012-1124 (SQL injection vulnerability in search.php in phxEventManager 2.0 beta ...)
NOT-FOR-US: phxEventManager not in Debian
CVE-2012-1123 (The mci_check_login function in api/soap/mc_api.php in the SOAP API in ...)
{DSA-2500-1}
@@ -298229,8 +298321,8 @@ CVE-2012-0953
RESERVED
CVE-2012-0952
RESERVED
-CVE-2012-0951
- RESERVED
+CVE-2012-0951 (A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29 ...)
+ TODO: check
CVE-2012-0950 (The Apport hook (DistUpgradeApport.py) in Update Manager, as used by U ...)
- update-manager <not-affected> (Ubuntu-specific)
CVE-2012-0949 (The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, ...)
@@ -298619,8 +298711,7 @@ CVE-2012-0812 (PostfixAdmin 2.3.4 has multiple XSS vulnerabilities ...)
CVE-2012-0811 (Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixad ...)
- postfixadmin 2.3.5-1
NOTE: http://seclists.org/oss-sec/2012/q1/285
-CVE-2012-0810
- RESERVED
+CVE-2012-0810 (The int3 handler in the Linux kernel before 3.3 relies on a per-CPU de ...)
- linux-2.6 3.2.16-1 (bug #672660)
[squeeze] - linux-2.6 <not-affected> (rt patchset not yet present)
NOTE: Ben Hutchings said it was fixed in 3.2.9-1, I checked it for 3.2.16-1
@@ -300407,8 +300498,7 @@ CVE-2011-4939 (The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin
- pidgin 2.10.2-1 (bug #664028)
[squeeze] - pidgin <not-affected> (vulnerable code not present)
NOTE: http://pidgin.im/news/security/?id=60
-CVE-2011-4938
- RESERVED
+CVE-2011-4938 (Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 a ...)
NOT-FOR-US: Ariadne CMS not in Debian
CVE-2011-4937 (Joomla! 1.7.1 has core information disclosure due to inadequate error ...)
NOT-FOR-US: Joomla!
@@ -301757,8 +301847,8 @@ CVE-2011-4663
RESERVED
CVE-2011-4662
RESERVED
-CVE-2011-4661
- RESERVED
+CVE-2011-4661 (A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to ...)
+ TODO: check
CVE-2011-4660
RESERVED
CVE-2011-4659 (Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phon ...)
@@ -302626,8 +302716,7 @@ CVE-2011-4340 (Multiple cross-site scripting (XSS) vulnerabilities in Symphony C
CVE-2011-4339 (ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmito ...)
{DSA-2376-2 DSA-2376-1}
- ipmitool 1.8.11-5 (bug #651917)
-CVE-2011-4338
- RESERVED
+CVE-2011-4338 (Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.con ...)
NOT-FOR-US: Arch-Linux specific tool
CVE-2011-4337 (Static code injection vulnerability in translate.php in Support Incide ...)
NOT-FOR-US: Support Incident Tracker
@@ -308823,8 +308912,8 @@ CVE-2011-2345 (The NPAPI implementation in Google Chrome before 12.0.742.112 doe
- webkit <not-affected>
CVE-2011-2344 (Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext H ...)
NOT-FOR-US: Android SDK
-CVE-2011-2343
- RESERVED
+CVE-2011-2343 (The Bluetooth stack in Android before 2.3.6 allows a physically proxim ...)
+ TODO: check
CVE-2011-2341 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2340
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4511104fbd765a79bb13b860d1361162fe08ed8a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4511104fbd765a79bb13b860d1361162fe08ed8a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200212/b009a059/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list