[Git][security-tracker-team/security-tracker][master] "new" ruby issue, "new" bitcoin issues, NFUs
Moritz Muehlenhoff
jmm at debian.org
Tue Mar 24 07:31:26 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a168e0b9 by Moritz Muehlenhoff at 2020-03-24T08:30:59+01:00
"new" ruby issue, "new" bitcoin issues, NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -84529,7 +84529,7 @@ CVE-2018-18808 (The domain management component of TIBCO Software Inc.'s TIBCO J
CVE-2018-18807 (The web application of the TIBCO Statistica component of TIBCO Softwar ...)
NOT-FOR-US: TIBCO
CVE-2017-18350 (bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer over ...)
- TODO: check
+ - bitcoin 0.15.1~dfsg-1
CVE-2018-19132 (Squid before 4.4, when SNMP is enabled, allows a denial of service (Me ...)
{DLA-1596-1}
- squid 4.4-1 (low; bug #912294)
@@ -99497,13 +99497,13 @@ CVE-2018-13065 (** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribut
CVE-2018-13064
RESERVED
CVE-2018-13063 (Easy!Appointments 1.3.0 has a Missing Authorization issue allowing ret ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2018-13062
RESERVED
CVE-2018-13061
RESERVED
CVE-2018-13060 (Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue. ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2018-13059
RESERVED
CVE-2018-13058
@@ -106455,7 +106455,7 @@ CVE-2018-10706 (An integer overflow in the transferMulti function of a smart con
CVE-2018-10705 (The Owned smart contract implementation for Aurora DAO (AURA), an Ethe ...)
NOT-FOR-US: Aurora DAD
CVE-2018-10704 (yidashi yii2cmf 2.0 has XSS via the /search q parameter. ...)
- TODO: check
+ NOT-FOR-US: yidashi yii2cmf
CVE-2018-10703 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...)
NOT-FOR-US: Moxa
CVE-2018-10702 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...)
@@ -107930,7 +107930,7 @@ CVE-2018-10126 (LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2786
NOTE: Crash in CLI tool, no security impact
CVE-2018-10125 (Contao before 4.5.7 has XSS in the system log. ...)
- TODO: check
+ NOT-FOR-US: Contao
CVE-2018-10123 (p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to r ...)
NOT-FOR-US: p910nd on Inteno IOPSYS
CVE-2018-10122 (QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhi ...)
@@ -150488,7 +150488,7 @@ CVE-2017-12843 (Cyrus IMAP before 3.0.3 allows remote authenticated users to wri
- cyrus-imapd-2.4 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/d734a23122155f3522a8cb6aef118223aa73cde0
CVE-2017-12842 (Bitcoin Core before 0.14 allows an attacker to create an ostensibly va ...)
- TODO: check
+ - bitcoin 0.14.2~dfsg-1~exp2
CVE-2017-12841
RESERVED
CVE-2017-12840 (A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client ...)
@@ -156002,7 +156002,7 @@ CVE-2017-10994 (Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Ar
CVE-2017-10993 (Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to i ...)
NOT-FOR-US: Contao
CVE-2017-10992 (In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Des ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2017-10991 (The WP Statistics plugin through 12.0.9 for WordPress has XSS in the r ...)
NOT-FOR-US: Wordpress plugin
CVE-2017-10990
@@ -196191,7 +196191,7 @@ CVE-2016-6920 (Heap-based buffer overflow in the decode_block function in libavc
CVE-2016-6919
RESERVED
CVE-2016-6918 (Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attacke ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2016-6917 (Buffer overflow in nvhost_job.c in the NVIDIA video driver for Android ...)
NOT-FOR-US: Nvidia driver for Android
CVE-2016-6916 (Integer overflow in nvhost_job.c in the NVIDIA video driver for Androi ...)
@@ -211188,7 +211188,10 @@ CVE-2016-2339 (An exploitable heap overflow vulnerability exists in the Fiddle::
NOTE: Fixed by: https://github.com/ruby/ruby/commit/de577357e80fa15f5cf13a81aa3decc783ea929e
NOTE: Fixed by: https://github.com/ruby/ruby/commit/4977af3c3d54d27167bfc237f1b2802c40bddc10
CVE-2016-2338 (An exploitable heap overflow vulnerability exists in the Psych::Emitte ...)
- TODO: check
+ - ruby2.3 2.3.0-1
+ - ruby2.1 <removed>
+ NOTE: https://talosintelligence.com/reports/TALOS-2016-0032
+ NOTE: https://git.ruby-lang.org/ruby.git/commit/?id=db48c307944a9a18877236bdf9e9b778875f38ed
CVE-2016-2337 (Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Att ...)
{DLA-1480-1}
- ruby2.3 2.3.0-1
@@ -233071,7 +233074,7 @@ CVE-2015-3643 (usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before
CVE-2015-3642 (The TLS and DTLS processing functionality in Citrix NetScaler Applicat ...)
NOT-FOR-US: Citrix
CVE-2015-3641 (bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a den ...)
- TODO: check
+ - bitcoin 0.10.2-1
CVE-2015-3640 (phpMyBackupPro 2.5 and earlier does not properly escape the "." charac ...)
NOT-FOR-US: phpMyBackupPro
CVE-2015-3639 (phpMyBackupPro 2.5 and earlier does not properly sanitize input string ...)
@@ -262230,11 +262233,11 @@ CVE-2014-2725
CVE-2014-2724
RESERVED
CVE-2014-2723 (In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2014-2722 (In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2014-2721 (In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2014-2720 (IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Cen ...)
NOT-FOR-US: IZArc Archiver
CVE-2014-2719 (Advanced_System_Content.asp in the ASUS RT series routers with firmwar ...)
@@ -274972,7 +274975,7 @@ CVE-2013-5108 (Multiple cross-site scripting (XSS) vulnerabilities in the xn fun
CVE-2013-5107 (Directory traversal vulnerability in RockMongo 1.1.5 and earlier allow ...)
- rockmongo <itp> (bug #702961)
CVE-2013-5106 (A Code Execution vulnerability exists in select.py when using python-m ...)
- TODO: check
+ NOT-FOR-US: python vim mode, different from src:python-mode, which is for a nicer editor
CVE-2013-5105
RESERVED
CVE-2013-5104
@@ -279061,7 +279064,7 @@ CVE-2013-3630 (Moodle through 2.5.2 allows remote authenticated administrators t
CVE-2013-3629 (ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution ...)
NOT-FOR-US: ISPConfig
CVE-2013-3628 (Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability ...)
- TODO: check
+ NOTE: Historic Zabbix issue
CVE-2013-3627 (FrameworkService.exe in McAfee Framework Service in McAfee Managed Age ...)
NOT-FOR-US: McAfee
CVE-2013-3626 (Directory traversal vulnerability in the Session Server in Attachmate ...)
@@ -311207,7 +311210,7 @@ CVE-2011-3271 (Unspecified vulnerability in the Smart Install functionality in C
CVE-2011-3270 (Unspecified vulnerability in Cisco IOS 12.2SB before 12.2(33)SB10 and ...)
NOT-FOR-US: Cisco
CVE-2011-3269 (Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allo ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2011-3268 (Buffer overflow in the crypt function in PHP before 5.3.7 allows conte ...)
- php5 5.3.8-1
[squeeze] - php5 <not-affected> (Only affected 5.3.7)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a168e0b900a8d50743d89d8b235562fa7d71ef9c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a168e0b900a8d50743d89d8b235562fa7d71ef9c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200324/be5a2db5/attachment.html>
More information about the debian-security-tracker-commits
mailing list