[Git][security-tracker-team/security-tracker][master] NFUs, vintage nvidia bug
Moritz Muehlenhoff
jmm at debian.org
Thu Feb 20 13:08:27 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
81704651 by Moritz Muehlenhoff at 2020-02-20T14:08:05+01:00
NFUs, vintage nvidia bug
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -264631,7 +264631,7 @@ CVE-2013-7004 (D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmwa
CVE-2013-7003 (Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla befor ...)
NOT-FOR-US: LiveZilla
CVE-2012-6614 (D-Link DSR-250N devices before 1.08B31 allow remote authenticated user ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2012-6613 (D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root ...)
NOT-FOR-US: D-Link
CVE-2014-0365
@@ -266217,7 +266217,7 @@ CVE-2013-6871
CVE-2013-6870 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk befor ...)
NOT-FOR-US: Splunk Web
CVE-2012-6611 (An issue was discovered in Polycom Web Management Interface G3/HDX 800 ...)
- TODO: check
+ NOT-FOR-US: Polycom
CVE-2012-6610 (Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J al ...)
NOT-FOR-US: Polycom HDX Video End Points
CVE-2012-6609 (Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video ...)
@@ -279849,7 +279849,7 @@ CVE-2013-1762 (stunnel 4.21 through 4.54, when CONNECT protocol negotiation and
CVE-2013-1761
RESERVED
CVE-2013-1760 (The Bug Genie before 3.2.6 has Multiple XSS and HTML Injection Vulnera ...)
- TODO: check
+ NOT-FOR-US: Bug Genie
CVE-2013-1759 (Cross-site scripting (XSS) vulnerability in the Responsive Logo Slides ...)
NOT-FOR-US: WordPress plugin responsive-logo-slideshow
CVE-2013-1758 (Cross-site scripting (XSS) vulnerability in the Marekkis Watermark plu ...)
@@ -280466,7 +280466,7 @@ CVE-2013-1635 (ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does
NOTE: open_basedir not supported
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=702b436ef470cc02f8e2cc21f2fadeee42103c74
CVE-2013-1634 (A denial of service vulnerability exists in some motherboard implement ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2013-1633 (easy_install in setuptools before 0.7 uses HTTP to retrieve packages f ...)
- distribute <unfixed> (unimportant)
NOTE: Lack of a security feature, not a vulnerability
@@ -295425,7 +295425,7 @@ CVE-2012-2454
CVE-2012-2453
RESERVED
CVE-2012-2452 (Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x be ...)
- TODO: check
+ NOT-FOR-US: pragmaMx
CVE-2012-2450 (VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, V ...)
NOT-FOR-US: VMware
CVE-2012-2449 (VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, V ...)
@@ -296974,7 +296974,7 @@ CVE-2012-1934 (SQL injection vulnerability in admin/country/edit.php in Newscoop
CVE-2012-1933 (Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x b ...)
- newscoop <itp> (bug #604113)
CVE-2012-1932 (A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlie ...)
- TODO: check
+ NOT-FOR-US: Wolf CMS
CVE-2007-6753 (Untrusted search path vulnerability in Shell32.dll in Microsoft Window ...)
NOT-FOR-US: Microsoft Windows
CVE-2012-1931 (Opera before 11.62 on UNIX, when used in conjunction with an unspecifi ...)
@@ -297939,7 +297939,7 @@ CVE-2012-1502 (Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyP
CVE-2012-1501
REJECTED
CVE-2012-1500 (Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and Gre ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2012-1499 (The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attac ...)
- openjpeg <not-affected> (vulnerable code introduced after 1.3)
CVE-2012-1498 (Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio ...)
@@ -299224,7 +299224,7 @@ CVE-2012-0953
CVE-2012-0952
RESERVED
CVE-2012-0951 (A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29 ...)
- TODO: check
+ - nvidia-graphics-drivers 295.53-1
CVE-2012-0950 (The Apport hook (DistUpgradeApport.py) in Update Manager, as used by U ...)
- update-manager <not-affected> (Ubuntu-specific)
CVE-2012-0949 (The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, ...)
@@ -306811,7 +306811,7 @@ CVE-2011-3338
CVE-2011-3337 (eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 f ...)
NOT-FOR-US: eEye Digital Security Audits
CVE-2011-3336 (regcomp in the BSD implementation of libc is vulnerable to denial of s ...)
- TODO: check
+ NOT-FOR-US: BSD
CVE-2011-3335
RESERVED
CVE-2011-3334
@@ -309811,7 +309811,7 @@ CVE-2011-2345 (The NPAPI implementation in Google Chrome before 12.0.742.112 doe
CVE-2011-2344 (Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext H ...)
NOT-FOR-US: Android SDK
CVE-2011-2343 (The Bluetooth stack in Android before 2.3.6 allows a physically proxim ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2011-2341 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2340
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8170465163037bbdeb181f91474f6a1497244d0d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8170465163037bbdeb181f91474f6a1497244d0d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200220/3d5e5474/attachment.html>
More information about the debian-security-tracker-commits
mailing list