[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu Feb 13 20:26:06 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e406155c by Salvatore Bonaccorso at 2020-02-13T21:25:42+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2020-8983
CVE-2020-8982
RESERVED
CVE-2020-8981 (A cross-site scripting (XSS) vulnerability was discovered in the Sourc ...)
- TODO: check
+ NOT-FOR-US: Source Integration plugin for MantisBT
CVE-2020-8980
RESERVED
CVE-2020-8979
@@ -396,15 +396,15 @@ CVE-2020-8806
CVE-2020-8805
RESERVED
CVE-2020-8804 (SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the Em ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2020-8803 (SuiteCRM through 7.11.11 allows Directory Traversal to include arbitra ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2020-8802 (SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveH ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2020-8801 (SuiteCRM through 7.11.11 allows PHAR Deserialization. ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2020-8800 (SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PH ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2020-8799
RESERVED
CVE-2020-8798
@@ -796,7 +796,7 @@ CVE-2020-8616
CVE-2020-8615 (A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPres ...)
NOT-FOR-US: Tutor LMS plugin for WordPress
CVE-2020-8614 (An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An att ...)
- TODO: check
+ NOT-FOR-US: Askey devices
CVE-2020-8613
RESERVED
CVE-2020-8612
@@ -4453,11 +4453,11 @@ CVE-2020-6977
CVE-2020-6976
RESERVED
CVE-2020-6975 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...)
- TODO: check
+ NOT-FOR-US: Digi International ConnectPort LTS 32 MEI
CVE-2020-6974
RESERVED
CVE-2020-6973 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...)
- TODO: check
+ NOT-FOR-US: Digi International ConnectPort LTS 32 MEI
CVE-2020-6972
RESERVED
CVE-2020-6971
@@ -7861,7 +7861,7 @@ CVE-2020-5401
CVE-2020-5400
RESERVED
CVE-2020-5399 (Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL d ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry CredHub
CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x pri ...)
- libspring-java <unfixed>
NOTE: https://pivotal.io/security/cve-2020-5398
@@ -12435,93 +12435,93 @@ CVE-2020-3765
CVE-2020-3764
RESERVED
CVE-2020-3763 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3762 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3761
RESERVED
CVE-2020-3760 (Adobe Digital Editions versions 4.5.10 and below have a command inject ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3759 (Adobe Digital Editions versions 4.5.10 and below have a buffer errors ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3758 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
NOT-FOR-US: Magento
CVE-2020-3757 (Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and ear ...)
NOT-FOR-US: Adobe
CVE-2020-3756 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3755 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3754 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3753 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3752 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3751 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3750 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3749 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3748 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3747 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3746 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3745 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3744 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3743 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3742 (Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.01 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3741 (Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled re ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3740 (Adobe Framemaker versions 2019.0.4 and below have a memory corruption ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3739 (Adobe Framemaker versions 2019.0.4 and below have a memory corruption ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3738 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3737 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3736 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3735 (Adobe Framemaker versions 2019.0.4 and below have a heap overflow vuln ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3734 (Adobe Framemaker versions 2019.0.4 and below have a buffer error vulne ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3733 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3732 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3731 (Adobe Framemaker versions 2019.0.4 and below have a heap overflow vuln ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3730 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3729 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3728 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3727 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3726 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3725 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3724 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3723 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3722 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3721 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3720 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3719 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
NOT-FOR-US: Magento
CVE-2020-3718 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
@@ -16812,9 +16812,9 @@ CVE-2020-1978
CVE-2020-1977 (Insufficient Cross-Site Request Forgery (XSRF) protection on Expeditio ...)
TODO: check
CVE-2020-1976 (A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalPr ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks GlobalProtect software
CVE-2020-1975 (Missing XML validation vulnerability in the PAN-OS web interface on Pa ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2019-19598 (D-Link DAP-1860 devices before v1.04b03 Beta allow access to administr ...)
NOT-FOR-US: D-Link
CVE-2019-19597 (D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote co ...)
@@ -19650,7 +19650,7 @@ CVE-2019-18792 (An issue was discovered in Suricata 5.0.0. It is possible to byp
NOTE: https://redmine.openinfosecfoundation.org/issues/3324
NOTE: https://redmine.openinfosecfoundation.org/issues/3394
CVE-2019-18791 (Lexmark printer MS812 and multiple older generation Lexmark devices ha ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2019-18790 (An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13. ...)
{DLA-2017-1}
- asterisk <unfixed> (bug #947381)
@@ -216625,7 +216625,7 @@ CVE-2014-9756 (The psf_fwrite function in file_io.c in libsndfile allows attacke
[jessie] - libsndfile 1.0.25-9.1+deb8u1
NOTE: https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6
CVE-2014-9753 (confirm.php in ATutor 2.2 and earlier allows remote attackers to bypas ...)
- TODO: check
+ NOT-FOR-US: ATutor
CVE-2014-9752 (Unrestricted file upload vulnerability in mods/_core/properties/lib/co ...)
NOT-FOR-US: ATutor
CVE-2015-7758 (Gummi 0.6.5 allows local users to write to arbitrary files via a symli ...)
@@ -222262,7 +222262,7 @@ CVE-2015-5619 (Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjac
CVE-2015-5618 (Chiyu BF-630 and BF-630W fingerprint access-control devices allow remo ...)
NOT-FOR-US: Chiyu BF-630 and BF-630W fingerprint access-control devices
CVE-2015-5617 (SQL injection vulnerability in pub/m_pending_news/delete_pending_news. ...)
- TODO: check
+ NOT-FOR-US: Enorth Webpublisher CMS
CVE-2015-5616
RESERVED
CVE-2015-5615
@@ -242840,7 +242840,7 @@ CVE-2014-8349 (Cross-site scripting (XSS) vulnerability in Liferay Portal Enterp
CVE-2014-8348
RESERVED
CVE-2014-8347 (An Authentication Bypass vulnerability exists in the MatchPasswordData ...)
- TODO: check
+ NOT-FOR-US: Filemaker
CVE-2014-8346 (The Remote Controls feature on Samsung mobile devices does not validat ...)
NOT-FOR-US: Samsung mobile devices
CVE-2014-8345
@@ -247603,7 +247603,7 @@ CVE-2014-6449 (Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35,
CVE-2014-6448 (Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before ...)
NOT-FOR-US: Juniper
CVE-2014-6447 (Multiple vulnerabilities exist in Juniper Junos J-Web error handling t ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2014-6446 (The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPre ...)
NOT-FOR-US: WordPress plugin Infusionsoft Gravity Forms
CVE-2014-6445 (Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmi ...)
@@ -251135,7 +251135,7 @@ CVE-2014-4970
CVE-2014-4969
RESERVED
CVE-2014-4968 (The WebView class and use of the WebView.addJavascriptInterface method ...)
- TODO: check
+ NOT-FOR-US: Boat Browser application for Android
CVE-2014-4967
RESERVED
- ansible 1.6.8+dfsg-1
@@ -252983,7 +252983,7 @@ CVE-2014-4199 (vm-support 0.88 in VMware Tools, as distributed with VMware Works
[wheezy] - open-vm-tools <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2014/Aug/71
CVE-2014-4198 (A Two-Factor Authentication Bypass Vulnerability exists in BS-Client P ...)
- TODO: check
+ NOT-FOR-US: BS-Client Private Client
CVE-2014-4197 (Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS ...)
NOT-FOR-US: Bank Soft Systems
CVE-2014-4196 (Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Syste ...)
@@ -253056,7 +253056,7 @@ CVE-2014-4171 (mm/shmem.c in the Linux kernel through 3.15.1 does not properly i
- linux-2.6 <not-affected> (Vulnerable code introduced later)
NOTE: https://lkml.org/lkml/2014/7/2/518
CVE-2014-4170 (A Privilege Escalation Vulnerability exists in Free Reprintables Artic ...)
- TODO: check
+ NOT-FOR-US: Free Reprintables ArticleFR
CVE-2014-4169
RESERVED
CVE-2014-4166 (Cross-site scripting (XSS) vulnerability in the song history in SHOUTc ...)
@@ -253651,7 +253651,7 @@ CVE-2014-3925 (sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Li
CVE-2014-3920 (Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0 ...)
- kanboard <itp> (bug #790814)
CVE-2014-3919 (A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2014-3918
RESERVED
CVE-2014-3916 (The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 all ...)
@@ -253783,7 +253783,7 @@ CVE-2014-3862 (CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to d
CVE-2014-3861 (Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 a ...)
NOT-FOR-US: HL7 C-CDA
CVE-2014-3860 (Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijac ...)
- TODO: check
+ NOT-FOR-US: Xilisoft Video Converter Ultimate
CVE-2014-3859 (libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS opti ...)
- bind9 <not-affected> (Only affects 9.10.0, 9.10.0-P1)
NOTE: https://kb.isc.org/article/AA-01166
@@ -257544,7 +257544,7 @@ CVE-2014-2562
CVE-2014-2561
RESERVED
CVE-2014-2560 (The PhonerLite phone before 2.15 provides hashed credentials in a resp ...)
- TODO: check
+ NOT-FOR-US: PhonerLite phone
CVE-2014-2559 (Multiple cross-site request forgery (CSRF) vulnerabilities in twitget. ...)
NOT-FOR-US: WordPress plugin Twitget
CVE-2014-2558 (The File Gallery plugin before 1.7.9.2 for WordPress does not properly ...)
@@ -257695,9 +257695,9 @@ CVE-2011-5273 (Directory traversal vulnerability in shared/package-installer in
CVE-2011-5272 (SQL injection vulnerability in Domain Technologie Control (DTC) before ...)
- dtc 0.34.1-1
CVE-2009-5140 (The SIP implementation on the Linksys SPA2102 phone adapter provides h ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2009-5139 (The SIP implementation on the Gizmo5 software phone provides hashed cr ...)
- TODO: check
+ NOT-FOR-US: Gizmo5
CVE-2014-2599 (The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bi ...)
{DSA-3006-1}
- xen 4.4.1-1 (bug #757724)
@@ -267799,7 +267799,7 @@ CVE-2013-5947
CVE-2013-5946 (The runShellCmd function in systemCheck.htm in D-Link DSR-150 with fir ...)
NOT-FOR-US: D-Link
CVE-2013-5945 (Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2013-5944 (The integrated web server on Siemens SCALANCE X-200 switches with firm ...)
NOT-FOR-US: web server on Siemens switches
CVE-2013-5959 (Blue Coat ProxySG before 6.2.14.1, 6.3.x, 6.4.x, and 6.5 before 6.5.2 ...)
@@ -271051,7 +271051,7 @@ CVE-2013-4604 (Fortinet FortiOS before 5.0.3 on FortiGate devices does not prope
CVE-2013-4603
RESERVED
CVE-2013-4602 (A Denial of Service (infinite loop) vulnerability exists in Avira Anti ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2013-4601
RESERVED
CVE-2013-4600 (Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms ...)
@@ -273739,7 +273739,7 @@ CVE-2013-3727 (SQL injection vulnerability in Kasseler CMS before 2 r1232 allows
CVE-2013-3726
REJECTED
CVE-2013-3725 (Invision Power Board (IPB) through 3.x allows admin account takeover l ...)
- TODO: check
+ NOT-FOR-US: Invision Power Board
CVE-2013-3724 (The mk_request_header_process function in mk_request.c in Monkey 1.1.1 ...)
- monkey <removed> (low)
[squeeze] - monkey <no-dsa> (Minor issue)
@@ -273825,7 +273825,7 @@ CVE-2013-3686 (cgi-bin/operator/param in AirLive WL2600CAM and possibly other ca
CVE-2013-3685 (A Privilege Escalation Vulnerability exists in Sprite Software Spriteb ...)
NOT-FOR-US: Sprite Software's backup softare for Android
CVE-2013-3684 (NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php fil ...)
- TODO: check
+ NOT-FOR-US: NextGEN Gallery plugin for WordPress
CVE-2013-3683
RESERVED
CVE-2013-3682
@@ -276304,7 +276304,7 @@ CVE-2013-2639 (Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage O
CVE-2013-2638
RESERVED
CVE-2013-2637 (A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior t ...)
- TODO: check
+ NOT-FOR-US: OTRS ITSM and OTRS FAQ
CVE-2013-2636 (net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initiali ...)
- linux <not-affected> (Introduced in 3.8)
- linux-2.6 <not-affected> (Introduced in 3.8)
@@ -280544,9 +280544,9 @@ CVE-2013-1362 (Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plu
CVE-2013-1361 (Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with ...)
NOT-FOR-US: Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software
CVE-2013-1360 (An Authentication Bypass vulnerability exists in DELL SonicWALL Global ...)
- TODO: check
+ NOT-FOR-US: DELL SonicWALL Global Management System (GMS)
CVE-2013-1359 (An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyz ...)
- TODO: check
+ NOT-FOR-US: DELL SonicWALL
CVE-2013-1358
RESERVED
CVE-2013-1357
@@ -280558,7 +280558,7 @@ CVE-2013-1355
CVE-2013-1354
RESERVED
CVE-2013-1353 (Orange HRM 2.7.1 allows XSS via the vacancy name. ...)
- TODO: check
+ NOT-FOR-US: Orange HRM
CVE-2013-1352 (Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a ...)
NOT-FOR-US: Verax NMS
CVE-2013-1351 (Verax NMS prior to 2.10 allows authentication via the encrypted passwo ...)
@@ -281883,7 +281883,7 @@ CVE-2013-0805 (Multiple cross-site scripting (XSS) vulnerabilities in the search
CVE-2013-0804 (The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP ...)
NOT-FOR-US: GroupWise
CVE-2013-0803 (A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload ...)
- TODO: check
+ NOT-FOR-US: PolarBear CMS
CVE-2012-6497 (The Authlogic gem for Ruby on Rails, when used with certain versions b ...)
{DSA-2597-1}
- ruby-activerecord-3.2 3.2.6-3
@@ -284766,7 +284766,7 @@ CVE-2012-6093 (The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x befo
CVE-2012-6092 (Multiple cross-site scripting (XSS) vulnerabilities in the web demos i ...)
- activemq <not-affected> (Example code not shipped in .deb)
CVE-2012-6091 (Zend_XmlRpc Class in Magento before 1.7.0.2 contains an information di ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2012-6090 (Multiple stack-based buffer overflows in the expand function in os/pl- ...)
- swi-prolog 5.10.4-5 (low; bug #697416)
[squeeze] - swi-prolog 5.10.1-1+squeeze1
@@ -285723,7 +285723,7 @@ CVE-2012-5829 (Heap-based buffer overflow in the nsWindow::OnExposeEvent functio
- icedove 10.0.11-1
- iceape 2.7.11-1
CVE-2012-5828 (BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: BlackBerry PlayBook
CVE-2012-5827 (Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attack ...)
NOT-FOR-US: Joomla!
CVE-2012-5826
@@ -294489,7 +294489,7 @@ CVE-2012-2519 (Untrusted search path vulnerability in Entity Framework in ADO.NE
CVE-2012-2518
REJECTED
CVE-2012-2517 (Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 al ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2012-2516 (An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the ...)
NOT-FOR-US: KeyWorks not in Debian
CVE-2012-2515 (Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX ...)
@@ -295921,7 +295921,7 @@ CVE-2012-1996 (Unspecified vulnerability in HP Systems Insight Manager (SIM) bef
CVE-2012-1995 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7 ...)
NOT-FOR-US: HP Systems Insight Manager
CVE-2012-1994 (HP Systems Insight Manager before 7.0 allows a remote user on adjacent ...)
- TODO: check
+ NOT-FOR-US: HP Systems Insight Manager
CVE-2012-1993 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
NOT-FOR-US: HP System Management Homepage
CVE-2012-1992 (Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS ...)
@@ -296232,7 +296232,7 @@ CVE-2012-1905
CVE-2012-1904 (mp4fformat.dll in the QuickTime File Format plugin in RealNetworks Rea ...)
NOT-FOR-US: RealPlayer
CVE-2012-1903 (XSS in Telligent Community 5.6.583.20496 via a flash file and related ...)
- TODO: check
+ NOT-FOR-US: Telligent Community
CVE-2012-1902 (show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a con ...)
- phpmyadmin 4:3.4.10.2-1 (unimportant)
CVE-2012-1901 (Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS ...)
@@ -301943,7 +301943,7 @@ CVE-2011-4663
CVE-2011-4662
RESERVED
CVE-2011-4661 (A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2011-4660
RESERVED
CVE-2011-4659 (Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phon ...)
@@ -304334,7 +304334,7 @@ CVE-2011-3903 (Google Chrome before 16.0.912.63 does not properly perform regex
CVE-2011-3902
RESERVED
CVE-2011-3901 (Android SQLite Journal before 4.0.1 has an information disclosure vuln ...)
- TODO: check
+ NOT-FOR-US: Android SQLite Journal
CVE-2011-3900 (Google V8, as used in Google Chrome before 15.0.874.121, allows remote ...)
- chromium-browser 15.0.874.121~r109964-1
- webkit <not-affected> (Chrome issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e406155ca93240af9062626aae3a92043eb37b10
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e406155ca93240af9062626aae3a92043eb37b10
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200213/4cceaa1a/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list