[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 21 20:10:39 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
32cba63b by security tracker role at 2020-01-21T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,455 @@
+CVE-2020-7471
+ RESERVED
+CVE-2020-7470 (Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the ...)
+ TODO: check
+CVE-2020-7469
+ RESERVED
+CVE-2020-7468
+ RESERVED
+CVE-2020-7467
+ RESERVED
+CVE-2020-7466
+ RESERVED
+CVE-2020-7465
+ RESERVED
+CVE-2020-7464
+ RESERVED
+CVE-2020-7463
+ RESERVED
+CVE-2020-7462
+ RESERVED
+CVE-2020-7461
+ RESERVED
+CVE-2020-7460
+ RESERVED
+CVE-2020-7459
+ RESERVED
+CVE-2020-7458
+ RESERVED
+CVE-2020-7457
+ RESERVED
+CVE-2020-7456
+ RESERVED
+CVE-2020-7455
+ RESERVED
+CVE-2020-7454
+ RESERVED
+CVE-2020-7453
+ RESERVED
+CVE-2020-7452
+ RESERVED
+CVE-2020-7451
+ RESERVED
+CVE-2020-7450
+ RESERVED
+CVE-2020-7449
+ RESERVED
+CVE-2020-7448
+ RESERVED
+CVE-2020-7447
+ RESERVED
+CVE-2020-7446
+ RESERVED
+CVE-2020-7445
+ RESERVED
+CVE-2020-7444
+ RESERVED
+CVE-2020-7443
+ RESERVED
+CVE-2020-7442
+ RESERVED
+CVE-2020-7441
+ RESERVED
+CVE-2020-7440
+ RESERVED
+CVE-2020-7439
+ RESERVED
+CVE-2020-7438
+ RESERVED
+CVE-2020-7437
+ RESERVED
+CVE-2020-7436
+ RESERVED
+CVE-2020-7435
+ RESERVED
+CVE-2020-7434
+ RESERVED
+CVE-2020-7433
+ RESERVED
+CVE-2020-7432
+ RESERVED
+CVE-2020-7431
+ RESERVED
+CVE-2020-7430
+ RESERVED
+CVE-2020-7429
+ RESERVED
+CVE-2020-7428
+ RESERVED
+CVE-2020-7427
+ RESERVED
+CVE-2020-7426
+ RESERVED
+CVE-2020-7425
+ RESERVED
+CVE-2020-7424
+ RESERVED
+CVE-2020-7423
+ RESERVED
+CVE-2020-7422
+ RESERVED
+CVE-2020-7421
+ RESERVED
+CVE-2020-7420
+ RESERVED
+CVE-2020-7419
+ RESERVED
+CVE-2020-7418
+ RESERVED
+CVE-2020-7417
+ RESERVED
+CVE-2020-7416
+ RESERVED
+CVE-2020-7415
+ RESERVED
+CVE-2020-7414
+ RESERVED
+CVE-2020-7413
+ RESERVED
+CVE-2020-7412
+ RESERVED
+CVE-2020-7411
+ RESERVED
+CVE-2020-7410
+ RESERVED
+CVE-2020-7409
+ RESERVED
+CVE-2020-7408
+ RESERVED
+CVE-2020-7407
+ RESERVED
+CVE-2020-7406
+ RESERVED
+CVE-2020-7405
+ RESERVED
+CVE-2020-7404
+ RESERVED
+CVE-2020-7403
+ RESERVED
+CVE-2020-7402
+ RESERVED
+CVE-2020-7401
+ RESERVED
+CVE-2020-7400
+ RESERVED
+CVE-2020-7399
+ RESERVED
+CVE-2020-7398
+ RESERVED
+CVE-2020-7397
+ RESERVED
+CVE-2020-7396
+ RESERVED
+CVE-2020-7395
+ RESERVED
+CVE-2020-7394
+ RESERVED
+CVE-2020-7393
+ RESERVED
+CVE-2020-7392
+ RESERVED
+CVE-2020-7391
+ RESERVED
+CVE-2020-7390
+ RESERVED
+CVE-2020-7389
+ RESERVED
+CVE-2020-7388
+ RESERVED
+CVE-2020-7387
+ RESERVED
+CVE-2020-7386
+ RESERVED
+CVE-2020-7385
+ RESERVED
+CVE-2020-7384
+ RESERVED
+CVE-2020-7383
+ RESERVED
+CVE-2020-7382
+ RESERVED
+CVE-2020-7381
+ RESERVED
+CVE-2020-7380
+ RESERVED
+CVE-2020-7379
+ RESERVED
+CVE-2020-7378
+ RESERVED
+CVE-2020-7377
+ RESERVED
+CVE-2020-7376
+ RESERVED
+CVE-2020-7375
+ RESERVED
+CVE-2020-7374
+ RESERVED
+CVE-2020-7373
+ RESERVED
+CVE-2020-7372
+ RESERVED
+CVE-2020-7371
+ RESERVED
+CVE-2020-7370
+ RESERVED
+CVE-2020-7369
+ RESERVED
+CVE-2020-7368
+ RESERVED
+CVE-2020-7367
+ RESERVED
+CVE-2020-7366
+ RESERVED
+CVE-2020-7365
+ RESERVED
+CVE-2020-7364
+ RESERVED
+CVE-2020-7363
+ RESERVED
+CVE-2020-7362
+ RESERVED
+CVE-2020-7361
+ RESERVED
+CVE-2020-7360
+ RESERVED
+CVE-2020-7359
+ RESERVED
+CVE-2020-7358
+ RESERVED
+CVE-2020-7357
+ RESERVED
+CVE-2020-7356
+ RESERVED
+CVE-2020-7355
+ RESERVED
+CVE-2020-7354
+ RESERVED
+CVE-2020-7353
+ RESERVED
+CVE-2020-7352
+ RESERVED
+CVE-2020-7351
+ RESERVED
+CVE-2020-7350
+ RESERVED
+CVE-2020-7349
+ RESERVED
+CVE-2020-7348
+ RESERVED
+CVE-2020-7347
+ RESERVED
+CVE-2020-7346
+ RESERVED
+CVE-2020-7345
+ RESERVED
+CVE-2020-7344
+ RESERVED
+CVE-2020-7343
+ RESERVED
+CVE-2020-7342
+ RESERVED
+CVE-2020-7341
+ RESERVED
+CVE-2020-7340
+ RESERVED
+CVE-2020-7339
+ RESERVED
+CVE-2020-7338
+ RESERVED
+CVE-2020-7337
+ RESERVED
+CVE-2020-7336
+ RESERVED
+CVE-2020-7335
+ RESERVED
+CVE-2020-7334
+ RESERVED
+CVE-2020-7333
+ RESERVED
+CVE-2020-7332
+ RESERVED
+CVE-2020-7331
+ RESERVED
+CVE-2020-7330
+ RESERVED
+CVE-2020-7329
+ RESERVED
+CVE-2020-7328
+ RESERVED
+CVE-2020-7327
+ RESERVED
+CVE-2020-7326
+ RESERVED
+CVE-2020-7325
+ RESERVED
+CVE-2020-7324
+ RESERVED
+CVE-2020-7323
+ RESERVED
+CVE-2020-7322
+ RESERVED
+CVE-2020-7321
+ RESERVED
+CVE-2020-7320
+ RESERVED
+CVE-2020-7319
+ RESERVED
+CVE-2020-7318
+ RESERVED
+CVE-2020-7317
+ RESERVED
+CVE-2020-7316
+ RESERVED
+CVE-2020-7315
+ RESERVED
+CVE-2020-7314
+ RESERVED
+CVE-2020-7313
+ RESERVED
+CVE-2020-7312
+ RESERVED
+CVE-2020-7311
+ RESERVED
+CVE-2020-7310
+ RESERVED
+CVE-2020-7309
+ RESERVED
+CVE-2020-7308
+ RESERVED
+CVE-2020-7307
+ RESERVED
+CVE-2020-7306
+ RESERVED
+CVE-2020-7305
+ RESERVED
+CVE-2020-7304
+ RESERVED
+CVE-2020-7303
+ RESERVED
+CVE-2020-7302
+ RESERVED
+CVE-2020-7301
+ RESERVED
+CVE-2020-7300
+ RESERVED
+CVE-2020-7299
+ RESERVED
+CVE-2020-7298
+ RESERVED
+CVE-2020-7297
+ RESERVED
+CVE-2020-7296
+ RESERVED
+CVE-2020-7295
+ RESERVED
+CVE-2020-7294
+ RESERVED
+CVE-2020-7293
+ RESERVED
+CVE-2020-7292
+ RESERVED
+CVE-2020-7291
+ RESERVED
+CVE-2020-7290
+ RESERVED
+CVE-2020-7289
+ RESERVED
+CVE-2020-7288
+ RESERVED
+CVE-2020-7287
+ RESERVED
+CVE-2020-7286
+ RESERVED
+CVE-2020-7285
+ RESERVED
+CVE-2020-7284
+ RESERVED
+CVE-2020-7283
+ RESERVED
+CVE-2020-7282
+ RESERVED
+CVE-2020-7281
+ RESERVED
+CVE-2020-7280
+ RESERVED
+CVE-2020-7279
+ RESERVED
+CVE-2020-7278
+ RESERVED
+CVE-2020-7277
+ RESERVED
+CVE-2020-7276
+ RESERVED
+CVE-2020-7275
+ RESERVED
+CVE-2020-7274
+ RESERVED
+CVE-2020-7273
+ RESERVED
+CVE-2020-7272
+ RESERVED
+CVE-2020-7271
+ RESERVED
+CVE-2020-7270
+ RESERVED
+CVE-2020-7269
+ RESERVED
+CVE-2020-7268
+ RESERVED
+CVE-2020-7267
+ RESERVED
+CVE-2020-7266
+ RESERVED
+CVE-2020-7265
+ RESERVED
+CVE-2020-7264
+ RESERVED
+CVE-2020-7263
+ RESERVED
+CVE-2020-7262
+ RESERVED
+CVE-2020-7261
+ RESERVED
+CVE-2020-7260
+ RESERVED
+CVE-2020-7259
+ RESERVED
+CVE-2020-7258
+ RESERVED
+CVE-2020-7257
+ RESERVED
+CVE-2020-7256
+ RESERVED
+CVE-2020-7255
+ RESERVED
+CVE-2020-7254
+ RESERVED
+CVE-2020-7253
+ RESERVED
+CVE-2020-7252
+ RESERVED
+CVE-2020-7251
+ RESERVED
+CVE-2020-7250
+ RESERVED
CVE-2020-7249 (SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on th ...)
NOT-FOR-US: SMC D3G0804W devices
CVE-2020-7248
RESERVED
CVE-2020-7247
RESERVED
-CVE-2020-7246
- RESERVED
+CVE-2020-7246 (A remote code execution (RCE) vulnerability exists in qdPM 9.1 and ear ...)
+ TODO: check
CVE-2020-7245
RESERVED
CVE-2020-7244 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...)
@@ -51,12 +495,12 @@ CVE-2020-7231 (Evoko Home 1.31 devices provide different error messages for fail
NOT-FOR-US: Evoko Home devices
CVE-2019-20381 (TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the ...)
TODO: check
-CVE-2016-11018
- RESERVED
+CVE-2016-11018 (An issue was discovered in the Huge-IT gallery-images plugin before 1. ...)
+ TODO: check
CVE-2020-7230
RESERVED
-CVE-2020-7229
- RESERVED
+CVE-2020-7229 (An issue was discovered in Simplejobscript.com SJS before 1.65. There ...)
+ TODO: check
CVE-2020-7228
RESERVED
CVE-2020-7227 (Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosur ...)
@@ -87,12 +531,11 @@ CVE-2020-7215 (An issue was discovered in Gallagher Command Centre 7.x before 7.
NOT-FOR-US: Gallagher Command Centre
CVE-2020-7214
RESERVED
-CVE-2020-7213
- RESERVED
+CVE-2020-7213 (Parallels 13 uses cleartext HTTP as part of the update process, allowi ...)
+ TODO: check
CVE-2020-7212
RESERVED
-CVE-2020-7211
- RESERVED
+CVE-2020-7211 (tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ ...)
- libslirp <unfixed> (unimportant)
NOTE: https://bugs.launchpad.net/qemu/+bug/1812451
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4
@@ -846,8 +1289,8 @@ CVE-2020-6859 (Multiple Insecure Direct Object Reference vulnerabilities in incl
NOT-FOR-US: Ultimate Member plugin for WordPress
CVE-2020-6858
RESERVED
-CVE-2020-6857
- RESERVED
+CVE-2020-6857 (CarbonFTP v1.4 uses insecure proprietary password encryption with a ha ...)
+ TODO: check
CVE-2020-6856
RESERVED
CVE-2020-6855
@@ -863,8 +1306,8 @@ CVE-2020-6851 (OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1
NOTE: https://github.com/uclouvain/openjpeg/issues/1228
CVE-2020-6850
RESERVED
-CVE-2020-6849
- RESERVED
+CVE-2020-6849 (The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allo ...)
+ TODO: check
CVE-2020-6848 (Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Na ...)
NOT-FOR-US: Axper Vision II 4 devices
CVE-2020-6847 (OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is exec ...)
@@ -4363,8 +4806,7 @@ CVE-2020-5204 (In uftpd before 2.11, there is a buffer overflow vulnerability in
NOT-FOR-US: uftpd
CVE-2020-5203
RESERVED
-CVE-2020-5202
- RESERVED
+CVE-2020-5202 (apt-cacher-ng through 3.3 allows local users to obtain sensitive infor ...)
- apt-cacher-ng 3.3.1-1
[buster] - apt-cacher-ng <no-dsa> (Minor issue)
[stretch] - apt-cacher-ng <no-dsa> (Minor issue)
@@ -11205,7 +11647,7 @@ CVE-2020-2606 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of
NOT-FOR-US: Oracle
CVE-2020-2605 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
NOT-FOR-US: Oracle
-CVE-2020-2604 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
+CVE-2020-2604 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
{DSA-4605-1}
- openjdk-13 13.0.2+8-1
- openjdk-11 11.0.6+10-1
@@ -12828,8 +13270,8 @@ CVE-2019-19594 (reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adob
NOT-FOR-US: Adobe Stock API integration for PrestaShop
CVE-2019-19593
RESERVED
-CVE-2019-19592
- RESERVED
+CVE-2019-19592 (Jama Connect 8.44.0 has XSS via the "Import File and Destination" tab ...)
+ TODO: check
CVE-2019-19591
RESERVED
CVE-2019-19590 (In radare2 through 4.0, there is an integer overflow for the variable ...)
@@ -13438,8 +13880,8 @@ CVE-2020-1842
RESERVED
CVE-2020-1841
RESERVED
-CVE-2020-1840
- RESERVED
+CVE-2020-1840 (HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E ...)
+ TODO: check
CVE-2020-1839
RESERVED
CVE-2020-1838
@@ -13669,8 +14111,8 @@ CVE-2019-19413
RESERVED
CVE-2019-19412
RESERVED
-CVE-2019-19411
- RESERVED
+CVE-2019-19411 (USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R00 ...)
+ TODO: check
CVE-2019-19410
RESERVED
CVE-2019-19409
@@ -13766,8 +14208,8 @@ CVE-2019-19394
RESERVED
CVE-2019-19393
RESERVED
-CVE-2019-19392
- RESERVED
+CVE-2019-19392 (The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly Dot ...)
+ TODO: check
CVE-2019-19391 (** DISPUTED ** In LuaJIT through 2.0.5, as used in Moonjit before 2.1. ...)
- luajit <unfixed> (bug #946053; unimportant)
NOTE: https://github.com/LuaJIT/LuaJIT/pull/526
@@ -14022,8 +14464,7 @@ CVE-2019-19346
RESERVED
CVE-2019-19345
RESERVED
-CVE-2019-19344 [Use after free during DNS zone scavenging in Samba AD DC]
- RESERVED
+CVE-2019-19344 (There is a use-after-free issue in all samba 4.9.x versions before 4.9 ...)
- samba <unfixed>
[buster] - samba <no-dsa> (Minor issue)
[stretch] - samba <not-affected> (Only affects Samba 4.9 onwards)
@@ -15131,8 +15572,7 @@ CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt
CVE-2019-18933 (In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new ...)
NOT-FOR-US: Zulip
-CVE-2019-18932 [sarg: insecure usage of /tmp/sarg allows privilege escalation / DoS attack vector]
- RESERVED
+CVE-2019-18932 (log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows ...)
- sarg <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/6
NOTE: The sarg-reports as shipped in Debian has already safe use of mktemp for
@@ -22374,7 +22814,7 @@ CVE-2019-17362 (In LibTomCrypt through 1.18.2, the der_decode_utf8_string functi
[stretch] - libtomcrypt <no-dsa> (Minor issue)
NOTE: https://github.com/libtom/libtomcrypt/issues/507
NOTE: https://github.com/libtom/libtomcrypt/pull/508
-CVE-2019-17361 (In SaltStack Salt through 2019.2.0, the salt-api NEST API with the ssh ...)
+CVE-2019-17361 (In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh ...)
- salt <unfixed> (bug #949222)
NOTE: https://github.com/saltstack/salt/commit/bca115f3f00fbde564dd2f12bf036b5d2fd08387
CVE-2019-17360 (A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 a ...)
@@ -22390,8 +22830,7 @@ CVE-2019-17358 (Cacti through 1.2.7 is affected by multiple instances of lib/fun
- cacti 1.2.8+ds1-1 (bug #947375)
NOTE: https://github.com/Cacti/cacti/issues/3026
NOTE: https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8
-CVE-2019-17357
- RESERVED
+CVE-2019-17357 (Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injec ...)
- cacti 1.2.8+ds1-1 (bug #947374)
[buster] - cacti 1.2.2+ds1-2+deb10u2
[stretch] - cacti <not-affected> (Vulnerable code not present)
@@ -29561,8 +30000,7 @@ CVE-2019-14909 (A vulnerability was found in Keycloak 7.x where the user federat
NOT-FOR-US: Keycloak
CVE-2019-14908
RESERVED
-CVE-2019-14907 [Crash after failed character conversion at log level 3 or above]
- RESERVED
+CVE-2019-14907 (All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11 ...)
- samba <unfixed>
[buster] - samba <no-dsa> (Minor issue)
[stretch] - samba <no-dsa> (Minor issue)
@@ -29585,8 +30023,7 @@ CVE-2019-14904 [vulnerability in solaris_zone module via crafted solaris zone]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776944
CVE-2019-14903
RESERVED
-CVE-2019-14902 [Replication of ACLs set to inherit down a subtree on AD Directory not automatic]
- RESERVED
+CVE-2019-14902 (There is an issue in all samba 4.11.x versions before 4.11.5, all samb ...)
- samba <unfixed>
[buster] - samba <no-dsa> (Minor issue)
[stretch] - samba <no-dsa> (Minor issue)
@@ -30122,14 +30559,14 @@ CVE-2019-14770 (In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, s
- backdrop <itp> (bug #914257)
CVE-2019-14769 (Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't suf ...)
- backdrop <itp> (bug #914257)
-CVE-2019-14768
- RESERVED
-CVE-2019-14767
- RESERVED
-CVE-2019-14766
- RESERVED
-CVE-2019-14765
- RESERVED
+CVE-2019-14768 (An Arbitrary File Upload issue in the file browser of DIMO YellowBox C ...)
+ TODO: check
+CVE-2019-14767 (In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence ...)
+ TODO: check
+CVE-2019-14766 (Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 ...)
+ TODO: check
+CVE-2019-14765 (Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBo ...)
+ TODO: check
CVE-2019-14764
RESERVED
CVE-2019-14763 (In the Linux kernel before 4.16.4, a double-locking error in drivers/u ...)
@@ -57228,29 +57665,29 @@ CVE-2019-5716 (In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. T
CVE-2019-5715 (All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versi ...)
NOT-FOR-US: SilverStripe
CVE-2019-5714
- RESERVED
+ REJECTED
CVE-2019-5713
- RESERVED
+ REJECTED
CVE-2019-5712
- RESERVED
+ REJECTED
CVE-2019-5711
- RESERVED
+ REJECTED
CVE-2019-5710
- RESERVED
+ REJECTED
CVE-2019-5709
- RESERVED
+ REJECTED
CVE-2019-5708
- RESERVED
+ REJECTED
CVE-2019-5707
- RESERVED
+ REJECTED
CVE-2019-5706
- RESERVED
+ REJECTED
CVE-2019-5705
- RESERVED
+ REJECTED
CVE-2019-5704
- RESERVED
+ REJECTED
CVE-2019-5703
- RESERVED
+ REJECTED
CVE-2019-5702 (NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vu ...)
NOT-FOR-US: NVIDIA
CVE-2019-5701 (NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vu ...)
@@ -61305,8 +61742,7 @@ CVE-2019-3866 (An information-exposure vulnerability was discovered where openst
CVE-2019-3865
RESERVED
NOT-FOR-US: Quay
-CVE-2019-3864
- RESERVED
+CVE-2019-3864 (A vulnerability was discovered in all quay-2 versions before quay-3.0. ...)
NOT-FOR-US: Quay
CVE-2019-3863 (A flaw was found in libssh2 before 1.8.1. A server could send a multip ...)
{DSA-4431-1 DLA-1730-1}
@@ -64988,7 +65424,7 @@ CVE-2019-2991 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2990 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
NOT-FOR-US: Oracle
-CVE-2019-2989 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
+CVE-2019-2989 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
{DSA-4548-1 DSA-4546-1 DLA-2023-1}
- openjdk-11 11.0.5+10-1
- openjdk-8 8u232-b09-1
@@ -214466,7 +214902,7 @@ CVE-2015-6910 (SQL injection vulnerability in Synology Video Station before 1.5-
CVE-2015-6909 (Cross-site scripting (XSS) vulnerability in the "Create download task ...)
NOT-FOR-US: Synology Download Station
CVE-2015-6907
- RESERVED
+ REJECTED
CVE-2015-6906
REJECTED
CVE-2015-6905
@@ -226215,8 +226651,8 @@ CVE-2015-2942 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2786 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 h ...)
NOT-FOR-US: MyBB
-CVE-2015-2784
- RESERVED
+CVE-2015-2784 (The papercrop gem before 0.3.0 for Ruby on Rails does not properly han ...)
+ TODO: check
CVE-2015-2783 (ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x b ...)
{DSA-3280-1 DLA-212-1}
- php5 5.6.9+dfsg-1
@@ -229025,7 +229461,7 @@ CVE-2015-1863 (Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allo
CVE-2015-1862 (The crash reporting feature in Abrt allows local users to gain privile ...)
NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-1861
- RESERVED
+ REJECTED
CVE-2015-1860 (Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase m ...)
{DLA-210-1}
- qt4-x11 4:4.8.6+git155-g716fbae+dfsg-2 (bug #783133)
@@ -239987,8 +240423,8 @@ CVE-2014-7862 (The DCPluginServelet servlet in ManageEngine Desktop Central and
NOT-FOR-US: ManageEngine
CVE-2014-7861 (The IOHIDSecurePromptClient function in Apple OS X does not properly v ...)
NOT-FOR-US: Apple OS X
-CVE-2011-5282
- RESERVED
+CVE-2011-5282 (mIRC prior to 7.22 has a message leak because chopping of outbound mes ...)
+ TODO: check
CVE-2008-7314
RESERVED
CVE-2014-7975 (The do_umount function in fs/namespace.c in the Linux kernel through 3 ...)
@@ -252951,8 +253387,8 @@ CVE-2014-2706 (Race condition in the mac80211 subsystem in the Linux kernel befo
NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1d147bfa64293b2723c4fec50922168658e613ba
CVE-2014-2686 (Ansible prior to 1.5.4 mishandles the evaluation of some strings. ...)
- ansible 1.5.4+dfsg-1
-CVE-2014-2680
- RESERVED
+CVE-2014-2680 (The update process in Xmind 3.4.1 and earlier allow remote attackers t ...)
+ TODO: check
CVE-2014-2679
RESERVED
CVE-2014-2677
@@ -283129,8 +283565,8 @@ CVE-2012-5192 (Directory traversal vulnerability in gmap/view_overlay.php in Bit
NOT-FOR-US: Bitweaver
CVE-2012-5191
RESERVED
-CVE-2012-5190
- RESERVED
+CVE-2012-5190 (Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability ...)
+ TODO: check
CVE-2012-5189
REJECTED
CVE-2012-5188 (Untrusted search path vulnerability in mora Downloader before 1.0.0.1 ...)
@@ -298638,8 +299074,7 @@ CVE-2011-4324 (The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux
- linux-2.6 <not-affected> (RHEL5-specific backport error)
CVE-2011-4323
REJECTED
-CVE-2011-4322
- RESERVED
+CVE-2011-4322 (websitebaker prior to and including 2.8.1 has an authentication error ...)
NOT-FOR-US: websitebaker
CVE-2011-4321 (The password reset functionality in Joomla! 1.5.x through 1.5.24 uses ...)
NOT-FOR-US: Joomla!
@@ -299352,11 +299787,9 @@ CVE-2011-4096 (The idnsGrokReply function in Squid before 3.1.16 does not proper
{DSA-2381-1}
- squid3 3.1.16-1
[lenny] - squid3 <not-affected> (no IPv6 support)
-CVE-2011-4095
- RESERVED
+CVE-2011-4095 (Jara 1.6 has an XSS vulnerability ...)
NOT-FOR-US: Jara
-CVE-2011-4094
- RESERVED
+CVE-2011-4094 (Jara 1.6 has a SQL injection vulnerability. ...)
NOT-FOR-US: Jara
CVE-2011-4093 (Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 ...)
- net6 1:1.3.14-1 (low; bug #647318)
@@ -303919,10 +304352,10 @@ CVE-2011-2671 (Unspecified vulnerability in Megalith 12th edition through 27th e
CVE-2011-2670 (Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of C ...)
- firefox <not-affected> (Fixed before initial upload renamed as src:firefox)
- firefox-esr <not-affected> (Fixed before initial upload renamed as src:firefox-esr)
-CVE-2011-2669
- RESERVED
-CVE-2011-2668
- RESERVED
+CVE-2011-2669 (Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue i ...)
+ TODO: check
+CVE-2011-2668 (Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the ...)
+ TODO: check
CVE-2011-2667 (Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Sec ...)
NOT-FOR-US: CA Gateway Security for HTTP
CVE-2011-2666 (The default configuration of the SIP channel driver in Asterisk Open S ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/32cba63be6ba0ec6e618ecf5d45a32878cbeb518
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/32cba63be6ba0ec6e618ecf5d45a32878cbeb518
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200121/1d675a9c/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list