[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 21 08:10:27 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e8011a50 by security tracker role at 2020-02-21T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2020-9326
+ RESERVED
+CVE-2020-9325
+ RESERVED
+CVE-2020-9324
+ RESERVED
+CVE-2020-9323
+ RESERVED
+CVE-2020-9322
+ RESERVED
+CVE-2020-9321
+ RESERVED
+CVE-2020-9320 (Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a ...)
+ TODO: check
+CVE-2020-9319
+ RESERVED
+CVE-2020-9318 (Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative us ...)
+ TODO: check
+CVE-2020-9317
+ RESERVED
+CVE-2020-9316
+ RESERVED
+CVE-2020-9315
+ RESERVED
+CVE-2020-9314
+ RESERVED
+CVE-2020-9313
+ RESERVED
+CVE-2020-9312
+ RESERVED
+CVE-2020-9311
+ RESERVED
+CVE-2020-9310
+ RESERVED
+CVE-2020-9309
+ RESERVED
+CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts ...)
+ TODO: check
+CVE-2020-9307
+ RESERVED
CVE-2020-9306
RESERVED
CVE-2020-9305
@@ -44,8 +84,8 @@ CVE-2020-9285
RESERVED
CVE-2020-9284
RESERVED
-CVE-2020-9283
- RESERVED
+CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ...)
+ TODO: check
CVE-2020-9282
RESERVED
CVE-2020-9281
@@ -64,11 +104,11 @@ CVE-2020-9275
RESERVED
CVE-2020-9274
RESERVED
-CVE-2020-9273
- RESERVED
-CVE-2020-9272
- RESERVED
-CVE-2019-20479 [open redirect issue exists in URLs with slash and backslash]
+CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interru ...)
+ TODO: check
+CVE-2020-9272 (ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap ...)
+ TODO: check
+CVE-2019-20479 (A flaw was found in mod_auth_openidc before version 2.4.1. An open red ...)
- libapache2-mod-auth-openidc 2.4.1-1
NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/02431c0adfa30f478cf2eb20ed6ea51fdf446be7
NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/453
@@ -609,8 +649,8 @@ CVE-2020-9017
RESERVED
CVE-2020-9016 (Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, ...)
- dolibarr <removed>
-CVE-2020-9015
- RESERVED
+CVE-2020-9015 (Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7 ...)
+ TODO: check
CVE-2020-9014
RESERVED
CVE-2020-9013 (Arvato Skillpipe 3.0 allows attackers to bypass intended print restric ...)
@@ -667,8 +707,8 @@ CVE-2020-9005 (meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote a
NOT-FOR-US: Dota 2
CVE-2020-9004
RESERVED
-CVE-2020-9003
- RESERVED
+CVE-2020-9003 (A stored XSS vulnerability exists in the Modula Image Gallery plugin b ...)
+ TODO: check
CVE-2020-9002
RESERVED
CVE-2020-9001
@@ -708,8 +748,8 @@ CVE-2020-8991 (vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanag
[jessie] - lvm2 <no-dsa> (Minor issue)
NOTE: https://sourceware.org/git/?p=lvm2.git;a=commit;h=bcf9556b8fcd16ad8997f80cc92785f295c66701
NOTE: 2.03.00 upstream removed lvmetad (and the still vulnerable code)
-CVE-2020-8990
- RESERVED
+CVE-2020-8990 (Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow ...)
+ TODO: check
CVE-2020-8989 (In the Voatz application 2020-01-01 for Android, the amount of data tr ...)
NOT-FOR-US: Voatz application for Android
CVE-2020-8988 (The Voatz application 2020-01-01 for Android allows only 100 million d ...)
@@ -768,8 +808,8 @@ CVE-2020-8962 (A stack-based buffer overflow was found on the D-Link DIR-842 REV
NOT-FOR-US: D-Link
CVE-2020-8961
RESERVED
-CVE-2020-8960
- RESERVED
+CVE-2020-8960 (Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. ...)
+ TODO: check
CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 all ...)
NOT-FOR-US: Western Digital
CVE-2020-8958
@@ -1552,8 +1592,8 @@ CVE-2020-8603
RESERVED
CVE-2020-8602
RESERVED
-CVE-2020-8601
- RESERVED
+CVE-2020-8601 (Trend Micro Vulnerability Protection 2.0 is affected by a vulnerabilit ...)
+ TODO: check
CVE-2020-8600
RESERVED
CVE-2020-8599
@@ -1569,7 +1609,7 @@ CVE-2020-8597 (eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer
NOTE: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
CVE-2020-8596 (participants-database.php in the Participants Database plugin 1.9.5.5 ...)
NOT-FOR-US: Participants Database plugin for WordPress
-CVE-2020-8595 (Istio 1.3 through 1.4.3 allows authentication bypass. The Authenticati ...)
+CVE-2020-8595 (Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and ...)
NOT-FOR-US: itsio
CVE-2020-8594 (The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vu ...)
NOT-FOR-US: Ninja Forms plugin for WordPress
@@ -1983,7 +2023,7 @@ CVE-2020-8418
RESERVED
CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF becau ...)
NOT-FOR-US: Code Snippets plugin for WordPress
-CVE-2020-8416 (BearFTP before 0.2.0 allows remote attackers to achieve denial of serv ...)
+CVE-2020-8416 (IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial ...)
NOT-FOR-US: BearFTP
CVE-2020-8415
RESERVED
@@ -5186,8 +5226,8 @@ CVE-2020-6979
RESERVED
CVE-2020-6978
RESERVED
-CVE-2020-6977
- RESERVED
+CVE-2020-6977 (A restricted desktop environment escape vulnerability exists in the Ki ...)
+ TODO: check
CVE-2020-6976
RESERVED
CVE-2020-6975 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...)
@@ -5204,8 +5244,8 @@ CVE-2020-6970 (A Heap-based Buffer Overflow was found in Emerson OpenEnterprise
NOT-FOR-US: Emerson OpenEnterprise SCADA Server
CVE-2020-6969 (It is possible to unmask credentials and other sensitive information o ...)
NOT-FOR-US: AutomationDirect
-CVE-2020-6968
- RESERVED
+CVE-2020-6968 (Honeywell INNCOM INNControl 3 allows workstation users to escalate app ...)
+ TODO: check
CVE-2020-6967
RESERVED
CVE-2020-6966 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...)
@@ -8953,10 +8993,10 @@ CVE-2020-5245
RESERVED
CVE-2020-5244
RESERVED
-CVE-2020-5243
- RESERVED
-CVE-2020-5242
- RESERVED
+CVE-2020-5243 (uap-core before 0.7.3 is vulnerable to a denial of service attack when ...)
+ TODO: check
+CVE-2020-5242 (openHAB before 2.5.2 allow a remote attacker to use REST calls to inst ...)
+ TODO: check
CVE-2020-5241 (matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script i ...)
NOT-FOR-US: matestack-ui-core Ruby gem
CVE-2020-5240
@@ -13219,10 +13259,10 @@ CVE-2020-3767
RESERVED
CVE-2020-3766
RESERVED
-CVE-2020-3765
- RESERVED
-CVE-2020-3764
- RESERVED
+CVE-2020-3765 (Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds ...)
+ TODO: check
+CVE-2020-3764 (Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds wr ...)
+ TODO: check
CVE-2020-3763 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
NOT-FOR-US: Adobe
CVE-2020-3762 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
@@ -14881,8 +14921,8 @@ CVE-2019-19743 (On D-Link DIR-615 devices, a normal user is able to create a roo
NOT-FOR-US: D-Link
CVE-2019-19742 (On D-Link DIR-615 devices, the User Account Configuration page is vuln ...)
NOT-FOR-US: D-Link
-CVE-2019-19741
- RESERVED
+CVE-2019-19741 (Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege ...)
+ TODO: check
CVE-2019-19740 (Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignI ...)
NOT-FOR-US: Octeth Oempro
CVE-2019-19739 (MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag o ...)
@@ -16314,8 +16354,8 @@ CVE-2019-19696 (A RootCA vulnerability found in Trend Micro Password Manager for
NOT-FOR-US: Trend Micro
CVE-2019-19695 (A privilege escalation vulnerability in Trend Micro Antivirus for Mac ...)
NOT-FOR-US: Trend Micro
-CVE-2019-19694
- RESERVED
+CVE-2019-19694 (The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family ...)
+ TODO: check
CVE-2019-19693 (The Trend Micro Security 2020 consumer family of products contains a v ...)
NOT-FOR-US: Trend Micro
CVE-2019-19692 (Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS ...)
@@ -30167,18 +30207,18 @@ CVE-2019-16304
RESERVED
CVE-2019-16303 (A class generated by the Generator in JHipster before 6.3.0 and JHipst ...)
NOT-FOR-US: JHipster
-CVE-2019-16302
- RESERVED
-CVE-2019-16301
- RESERVED
-CVE-2019-16300
- RESERVED
-CVE-2019-16299
- RESERVED
-CVE-2019-16298
- RESERVED
-CVE-2019-16297
- RESERVED
+CVE-2019-16302 (An issue was discovered in Open Network Operating System (ONOS) 1.14. ...)
+ TODO: check
+CVE-2019-16301 (An issue was discovered in Open Network Operating System (ONOS) 1.14. ...)
+ TODO: check
+CVE-2019-16300 (An issue was discovered in Open Network Operating System (ONOS) 1.14. ...)
+ TODO: check
+CVE-2019-16299 (An issue was discovered in Open Network Operating System (ONOS) 1.14. ...)
+ TODO: check
+CVE-2019-16298 (An issue was discovered in Open Network Operating System (ONOS) 1.14. ...)
+ TODO: check
+CVE-2019-16297 (An issue was discovered in Open Network Operating System (ONOS) 1.14. ...)
+ TODO: check
CVE-2019-16296
RESERVED
CVE-2019-16295 (Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS ...)
@@ -35465,8 +35505,8 @@ CVE-2019-14697 (musl libc through 1.1.23 has an x87 floating-point stack adjustm
NOTE: https://www.openwall.com/lists/oss-security/2019/08/06/1
CVE-2019-14689
RESERVED
-CVE-2019-14688
- RESERVED
+CVE-2019-14688 (Trend Micro has repackaged installers for several Trend Micro products ...)
+ TODO: check
CVE-2019-14687 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...)
NOT-FOR-US: Trend Micro
CVE-2019-14686 (A DLL hijacking vulnerability exists in the Trend Micro Security's 201 ...)
@@ -37155,7 +37195,7 @@ CVE-2011-5327 (In the Linux kernel before 3.1, an off by one in the drivers/targ
CVE-2010-5332 (In the Linux kernel before 2.6.37, an out of bounds array access happe ...)
- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
NOTE: https://git.kernel.org/linus/0926f91083f34d047abc74f1ca4fa6a9c161f7db
-CVE-2010-5331 (In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/ ...)
+CVE-2010-5331 (** DISPUTED ** In the Linux kernel before 2.6.34, a range check issue ...)
- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
NOTE: https://git.kernel.org/linus/0031c41be5c529f8329e327b63cde92ba1284842
CVE-2007-6762 (In the Linux kernel before 2.6.20, there is an off-by-one bug in net/n ...)
@@ -46799,8 +46839,8 @@ CVE-2019-11193 (The FileManager in InfinitumIT DirectAdmin through v1.561 has XS
NOT-FOR-US: DirectAdmin
CVE-2019-11192
RESERVED
-CVE-2019-11189
- RESERVED
+CVE-2019-11189 (Authentication Bypass by Spoofing in org.onosproject.acl (access contr ...)
+ TODO: check
CVE-2019-11191 (** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT i ...)
- linux <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/4
@@ -64720,8 +64760,8 @@ CVE-2019-4754
RESERVED
CVE-2019-4753
RESERVED
-CVE-2019-4752
- RESERVED
+CVE-2019-4752 (IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Manageme ...)
+ TODO: check
CVE-2019-4751
RESERVED
CVE-2019-4750
@@ -65058,8 +65098,8 @@ CVE-2019-4585
RESERVED
CVE-2019-4584
RESERVED
-CVE-2019-4583
- RESERVED
+CVE-2019-4583 (IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authen ...)
+ TODO: check
CVE-2019-4582
RESERVED
CVE-2019-4581 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...)
@@ -73335,7 +73375,7 @@ CVE-2019-1952 (A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure
NOT-FOR-US: Cisco
CVE-2019-1951 (A vulnerability in the packet filtering features of Cisco SD-WAN Solut ...)
NOT-FOR-US: Cisco
-CVE-2019-1950 (A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers ...)
+CVE-2019-1950 (A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthe ...)
TODO: check
CVE-2019-1949 (A vulnerability in the web-based management interface of Cisco Firepow ...)
NOT-FOR-US: Cisco
@@ -170103,7 +170143,7 @@ CVE-2017-5243 (The default SSH configuration in Rapid7 Nexpose hardware applianc
NOT-FOR-US: Rapid7 Nexpose hardware appliances
CVE-2017-5242
RESERVED
-CVE-2017-5241 (Biscom Secure File Transfer version 5.1.1015 (and possibly prior) is v ...)
+CVE-2017-5241 (Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulne ...)
NOT-FOR-US: Biscom Secure File Transfer
CVE-2017-5240 (Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a h ...)
NOT-FOR-US: Rapid7 AppSpider Pro
@@ -200147,8 +200187,8 @@ CVE-2016-4607 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes be
NOTE: contacted Apple for more information, but no reply for quite a while.
NOTE: Apple still does not provide information on this CVE, although it is
NOTE: possible that it's fixed in 1.1.29 upstream.
-CVE-2016-4606
- RESERVED
+CVE-2016-4606 (Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 al ...)
+ TODO: check
CVE-2016-4605 (Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a ...)
NOT-FOR-US: Apple
CVE-2016-4604 (Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the ...)
@@ -204504,14 +204544,12 @@ CVE-2016-3183 (The sycc422_t_rgb function in common/color.c in OpenJPEG before 2
[jessie] - openjpeg2 <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/14
NOTE: https://github.com/uclouvain/openjpeg/issues/726
-CVE-2016-3182 [Heap Corruption in opj_free function]
- RESERVED
+CVE-2016-3182 (The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG befo ...)
- openjpeg2 2.1.1-1
[jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0)
NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/13
NOTE: https://github.com/uclouvain/openjpeg/issues/725
-CVE-2016-3181 [Out-Of-Bounds Read in opj_tcd_free_tile function]
- RESERVED
+CVE-2016-3181 (DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-3182. Reason: T ...)
- openjpeg2 2.1.1-1
[jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0)
NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/12
@@ -227163,12 +227201,10 @@ CVE-2015-4625 (Integer overflow in the authentication_agent_new_cookie function
CVE-2015-4412 (BSON injection vulnerability in the legal? function in BSON (bson-ruby ...)
- ruby-bson <not-affected> (corresponding change in ruby-bson not present)
NOTE: Originating from https://github.com/mongodb/bson-ruby/commit/21141c78d99f23d5f34d32010557ef19d0f77203#diff-8c8558c185bbb548ccb5a6d6ac4bfee5L219
-CVE-2015-4411 [ruby-bson: DoS and possible injection, with bernerdschaefer 2012-04-17 commit]
- RESERVED
+CVE-2015-4411 (The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0 ...)
- ruby-bson <not-affected> (corresponding change in ruby-bson not present)
NOTE: https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24
-CVE-2015-4410 [ruby-bson: DoS and possible injection]
- RESERVED
+CVE-2015-4410 (The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit ...)
- ruby-bson 1.10.0-2 (bug #787951)
[jessie] - ruby-bson 1.10.0-1+deb8u1
NOTE: "original" implementation of legal? using ^[0-9a-f]{24}$ regular expression
@@ -231197,8 +231233,7 @@ CVE-2015-2924 (The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor
[jessie] - network-manager <no-dsa> (Minor issue)
[wheezy] - network-manager <no-dsa> (Minor issue)
[squeeze] - network-manager <no-dsa> (Minor issue)
-CVE-2015-2923 [IPv6 Hop limit lowering via RA messages]
- RESERVED
+CVE-2015-2923 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...)
{DSA-3175-2}
[experimental] - kfreebsd-11 11.0~svn284956-1
- kfreebsd-10 10.1~svn274115-4 (bug #782107)
@@ -244826,8 +244861,8 @@ CVE-2014-7952 (The backup mechanism in the adb tool in Android might allow attac
NOT-FOR-US: Android
NOTE: the vulnerability is in the Android OS itself (and its backup manager)
NOTE: adb is just an intermediary in the backup process
-CVE-2014-7951
- RESERVED
+CVE-2014-7951 (Directory traversal vulnerability in the Android debug bridge (aka adb ...)
+ TODO: check
CVE-2014-7950
RESERVED
CVE-2014-7949
@@ -244982,8 +245017,8 @@ CVE-2014-7916 (Integer overflow in SampleTable.cpp in libstagefright in Android
NOT-FOR-US: libstagefright in Android
CVE-2014-7915 (Integer overflow in SampleTable.cpp in libstagefright in Android befor ...)
NOT-FOR-US: libstagefright in Android
-CVE-2014-7914
- RESERVED
+CVE-2014-7914 (btif/src/btif_dm.c in Android before 5.1 does not properly enforce the ...)
+ TODO: check
CVE-2014-7913 (The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as ...)
{DLA-506-1}
- dhcpcd5 7.0.8-0.1 (unimportant; bug #846938)
@@ -252720,29 +252755,23 @@ CVE-2014-4652 (Race condition in the tlv handler functionality in the snd_ctl_el
[wheezy] - linux 3.2.60-1
- linux-2.6 <removed> (low)
[squeeze] - linux-2.6 2.6.32-48squeeze8
-CVE-2014-4678 [incomplete fix for CVE-2014-4657]
- RESERVED
+CVE-2014-4678 (The safe_eval function in Ansible before 1.6.4 does not properly restr ...)
- ansible 1.6.6+dfsg-1
NOTE: https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916
NOTE: See http://www.openwall.com/lists/oss-security/2014/06/26/30
-CVE-2014-4660
- RESERVED
+CVE-2014-4660 (Ansible before 1.5.5 constructs filenames containing user and password ...)
- ansible 1.5.5+dfsg-1
NOTE: https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08
-CVE-2014-4659
- RESERVED
+CVE-2014-4659 (Ansible before 1.5.5 sets 0644 permissions for sources.list, which mig ...)
- ansible 1.5.5+dfsg-1
NOTE: https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08
-CVE-2014-4658
- RESERVED
+CVE-2014-4658 (The vault subsystem in Ansible before 1.5.5 does not set the umask bef ...)
- ansible 1.5.5+dfsg-1
NOTE: https://github.com/ansible/ansible/commit/a0e027fe362fbc209dbeff2f72d6e95f39885c69
-CVE-2014-4657
- RESERVED
+CVE-2014-4657 (The safe_eval function in Ansible before 1.5.4 does not properly restr ...)
- ansible 1.5.5+dfsg-1
NOTE: https://github.com/ansible/ansible/commit/998793fd0ab55705d57527a38cee5e83f535974c
-CVE-2014-4650
- RESERVED
+CVE-2014-4650 (The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly h ...)
- python2.6 <removed> (low)
[squeeze] - python2.6 <no-dsa> (Minor issue)
[wheezy] - python2.6 <no-dsa> (Minor issue)
@@ -254168,8 +254197,8 @@ CVE-2014-4023 (Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.j
NOT-FOR-US: F5 BIG-IP
CVE-2014-4022 (The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, wh ...)
- xen <not-affected> (Only 32- and 64-bit ARM systems from Xen 4.4 onwards)
-CVE-2014-4019
- RESERVED
+CVE-2014-4019 (ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitiv ...)
+ TODO: check
CVE-2014-4018 (The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a defau ...)
NOT-FOR-US: ZTE router
CVE-2010-5301 (Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to ...)
@@ -255568,7 +255597,7 @@ CVE-2014-3558 (ReflectionHelper (org.hibernate.validator.util.ReflectionHelper)
NOTE: have in Debian. Known fixed versions are 4.2.1, 4.3.2, and 5.1.2.
NOTE: Upstream ticket: https://hibernate.atlassian.net/browse/HV-912
CVE-2014-3557
- RESERVED
+ REJECTED
CVE-2014-3556 (The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMT ...)
- nginx 1.6.1-1 (bug #757196)
[wheezy] - nginx <not-affected> (Affects 1.5.6 - 1.7.3)
@@ -255825,8 +255854,7 @@ CVE-2014-3486 (The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) t
NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2014-3485 (The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterpri ...)
NOT-FOR-US: ovirt-engine-api / RHEV
-CVE-2014-3484 [stack-based buffer overflow]
- RESERVED
+CVE-2014-3484 (Multiple stack-based buffer overflows in the __dn_expand function in n ...)
- musl 1.1.4-1 (bug #750815)
CVE-2014-3483 (SQL injection vulnerability in activerecord/lib/active_record/connecti ...)
{DSA-2982-1}
@@ -264384,8 +264412,8 @@ CVE-2013-7116
REJECTED
CVE-2013-7115
REJECTED
-CVE-2013-7109
- RESERVED
+CVE-2013-7109 (OpenStack Swift as of 2013-12-15 mishandles PYTHON_EGG_CACHE ...)
+ TODO: check
CVE-2013-7105 (Buffer overflow in the Interstage HTTP Server log functionality, as us ...)
NOT-FOR-US: Fujitsu Interstage HTTP Server
CVE-2013-7104 (McAfee Email Gateway 7.6 allows remote authenticated administrators to ...)
@@ -279011,8 +279039,7 @@ CVE-2013-2019 (Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows r
- boinc 6.13.6+dfsg-1 (low)
[squeeze] - boinc <no-dsa> (Minor issue)
NOTE: http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=9a4140ae30a72e5175f3f31646d91f2d58df7156
-CVE-2013-2018 [SQL injections in the server-side scheduler code]
- RESERVED
+CVE-2013-2018 (Multiple SQL injection vulnerabilities in BOINC allow remote attackers ...)
- boinc 7.0.65+dfsg-1 (low)
[squeeze] - boinc <not-affected> (Vulnerable code not present)
[wheezy] - boinc <no-dsa> (Minor issue)
@@ -287732,30 +287759,25 @@ CVE-2012-5368 (phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtain
- phpmyadmin <not-affected> (Only affects 3.5.x, not packaged yet, see #691728)
CVE-2012-5367 (Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow r ...)
NOT-FOR-US: OrangeHRM
-CVE-2012-5366
- RESERVED
+CVE-2012-5366 (The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 ...)
NOT-FOR-US: Mac OS X
-CVE-2012-5365
- RESERVED
+CVE-2012-5365 (The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year ...)
- kfreebsd-8 <removed> (low; bug #690986)
- kfreebsd-9 <removed> (low)
[squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
[squeeze] - kfreebsd-9 <no-dsa> (Minor issue)
[wheezy] - kfreebsd-8 <no-dsa> (Minor issue)
[wheezy] - kfreebsd-9 <no-dsa> (Minor issue)
-CVE-2012-5364
- RESERVED
+CVE-2012-5364 (The IPv6 implementation in Microsoft Windows 7 and earlier allows remo ...)
NOT-FOR-US: Microsoft Windows
-CVE-2012-5363
- RESERVED
+CVE-2012-5363 (The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year ...)
- kfreebsd-8 <removed> (low; bug #690986)
[squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
[squeeze] - kfreebsd-9 <no-dsa> (Minor issue)
[wheezy] - kfreebsd-8 <no-dsa> (Minor issue)
[wheezy] - kfreebsd-9 <no-dsa> (Minor issue)
- kfreebsd-9 <removed> (low)
-CVE-2012-5362
- RESERVED
+CVE-2012-5362 (The IPv6 implementation in Microsoft Windows 7 and earlier allows remo ...)
NOT-FOR-US: Microsoft Windows
CVE-2012-5361 (Libavcodec in FFmpeg before 0.11 allows remote attackers to execute ar ...)
- ffmpeg 7:2.4.1-1
@@ -288074,7 +288096,7 @@ CVE-2012-5237 (The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the
- wireshark 1.8.2-2 (bug #689972)
[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
CVE-2012-5236 [Admin can decrypt user files]
- RESERVED
+ REJECTED
- owncloud 5.0.3+dfsg-1
[wheezy] - owncloud <no-dsa> (Low risk, requires entensive changes, will be fully fixed in 5.0)
NOTE: http://owncloud.org/about/security/advisories/CVE-2012-5236/
@@ -293327,8 +293349,8 @@ CVE-2012-3553 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk
- asterisk <not-affected> (Only affects Asterisk 10)
CVE-2012-3352
RESERVED
-CVE-2012-3351
- RESERVED
+CVE-2012-3351 (Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video ...)
+ TODO: check
CVE-2012-3350 (SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remo ...)
NOT-FOR-US: WebMatic
NOTE: http://seclists.org/bugtraq/2012/Jul/25
@@ -295075,8 +295097,8 @@ CVE-2012-2631 (Cross-site scripting (XSS) vulnerability in WEBLOGIC @WEB Shoppin
NOT-FOR-US: WEBLOGIC
CVE-2012-2630 (The Puella Magi Madoka Magica iP application 1.05 and earlier for Andr ...)
NOT-FOR-US: Puella Magi Madoka Magica iP (Android application)
-CVE-2012-2629
- RESERVED
+CVE-2012-2629 (Multiple cross-site request forgery (CSRF) and cross-site scripting (X ...)
+ TODO: check
CVE-2012-2628
RESERVED
CVE-2012-2627 (d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell So ...)
@@ -295143,7 +295165,7 @@ CVE-2012-2601 (SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch W
CVE-2012-2600
RESERVED
CVE-2012-2599
- RESERVED
+ REJECTED
CVE-2012-2598 (Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 t ...)
NOT-FOR-US: Siemens WinCC
CVE-2012-2597 (Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 ...)
@@ -301483,8 +301505,7 @@ CVE-2011-4917
NOTE: Minor info leak, unlikely to be fixed upstream
CVE-2011-4916
RESERVED
-CVE-2011-4915
- RESERVED
+CVE-2011-4915 (fs/proc/base.c in the Linux kernel through 3.1 allows local users to o ...)
- linux <unfixed> (unimportant)
- linux-2.6 <removed> (unimportant)
NOTE: Minor info leak, unlikely to be fixed upstream
@@ -309368,8 +309389,7 @@ CVE-2011-2500 (The host_reliable_addrinfo function in support/export/hostname.c
[squeeze] - nfs-utils <not-affected> (Introduced in 1.2.3)
CVE-2011-2499 (Mambo CMS through 4.6.5 has multiple XSS. ...)
NOT-FOR-US: Mambo CMS
-CVE-2011-2498
- RESERVED
+CVE-2011-2498 (The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged ...)
- linux-2.6 2.6.39-1 (low)
[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.36)
[lenny] - linux-2.6 <not-affected> (introduced in 2.6.36)
@@ -314592,8 +314612,7 @@ CVE-2011-0700 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress
{DSA-2190-1}
- wordpress 3.0.5+dfsg-1
[lenny] - wordpress <not-affected> (2.x version is not affected)
-CVE-2011-0699
- RESERVED
+CVE-2011-0699 (Integer signedness error in the btrfs_ioctl_space_info function in the ...)
- linux-2.6 2.6.37-2
[wheezy] - linux-2.6 <not-affected> (code introduced in .37)
[squeeze] - linux-2.6 <not-affected> (code introduced in .37)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e8011a508514a390c6170f120cccd6157d537a24
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e8011a508514a390c6170f120cccd6157d537a24
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200221/84fe4214/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list