[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Nov 6 08:10:24 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
186858bd by security tracker role at 2020-11-06T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2020-28266
+ RESERVED
+CVE-2020-28265
+ RESERVED
+CVE-2020-28264
+ RESERVED
+CVE-2020-28263
+ RESERVED
+CVE-2020-28262
+ RESERVED
+CVE-2020-28261
+ RESERVED
+CVE-2020-28260
+ RESERVED
+CVE-2020-28259
+ RESERVED
+CVE-2020-28258
+ RESERVED
+CVE-2020-28257
+ RESERVED
+CVE-2020-28256
+ RESERVED
+CVE-2020-28255
+ RESERVED
+CVE-2020-28254
+ RESERVED
+CVE-2020-28253
+ RESERVED
+CVE-2020-28252
+ RESERVED
+CVE-2020-28251
+ RESERVED
+CVE-2020-28250 (Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user ...)
+ TODO: check
+CVE-2020-28249 (Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note. ...)
+ TODO: check
+CVE-2020-28248
+ RESERVED
+CVE-2020-28247
+ RESERVED
+CVE-2020-28246
+ RESERVED
+CVE-2020-28245
+ RESERVED
+CVE-2020-28244
+ RESERVED
+CVE-2020-28243
+ RESERVED
+CVE-2020-28242 (An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 1 ...)
+ TODO: check
+CVE-2020-28241 (libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_en ...)
+ TODO: check
+CVE-2020-28240
+ RESERVED
+CVE-2020-28239
+ RESERVED
CVE-2020-28238
RESERVED
CVE-2020-28237
@@ -82,8 +138,8 @@ CVE-2020-28198
RESERVED
CVE-2020-28197
RESERVED
-CVE-2020-28196
- RESERVED
+CVE-2020-28196 (MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allow ...)
+ TODO: check
CVE-2020-28195
RESERVED
CVE-2020-28194
@@ -386,8 +442,7 @@ CVE-2020-28048
RESERVED
CVE-2020-28047 (AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scr ...)
NOT-FOR-US: AudimexEE
-CVE-2020-27347 [tmux buffer overflow in CSI parsing]
- RESERVED
+CVE-2020-27347 (The function input_csi_dispatch_sgr_colon() in file input.c contained ...)
- tmux 3.1c-1
[buster] - tmux <not-affected> (Vulnerable code introduced later)
[stretch] - tmux <not-affected> (Vulnerable code introduced later)
@@ -5696,8 +5751,8 @@ CVE-2020-25839
RESERVED
CVE-2020-25838
RESERVED
-CVE-2020-25837
- RESERVED
+CVE-2020-25837 (Sensitive information disclosure vulnerability in Micro Focus Self Ser ...)
+ TODO: check
CVE-2020-25836
RESERVED
CVE-2020-25835
@@ -6122,10 +6177,10 @@ CVE-2020-25664
RESERVED
CVE-2020-25663
RESERVED
-CVE-2020-25662
- RESERVED
-CVE-2020-25661
- RESERVED
+CVE-2020-25662 (A Red Hat only CVE-2020-12352 regression issue was found in the way th ...)
+ TODO: check
+CVE-2020-25661 (A Red Hat only CVE-2020-12351 regression issue was found in the way th ...)
+ TODO: check
CVE-2020-25660
RESERVED
CVE-2020-25659 [bleichenbacher timing oracle attack against RSA decryption]
@@ -8891,34 +8946,34 @@ CVE-2020-24441
RESERVED
CVE-2020-24440
RESERVED
-CVE-2020-24439
- RESERVED
-CVE-2020-24438
- RESERVED
-CVE-2020-24437
- RESERVED
-CVE-2020-24436
- RESERVED
-CVE-2020-24435
- RESERVED
-CVE-2020-24434
- RESERVED
-CVE-2020-24433
- RESERVED
-CVE-2020-24432
- RESERVED
-CVE-2020-24431
- RESERVED
-CVE-2020-24430
- RESERVED
-CVE-2020-24429
- RESERVED
-CVE-2020-24428
- RESERVED
-CVE-2020-24427
- RESERVED
-CVE-2020-24426
- RESERVED
+CVE-2020-24439 (Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 202 ...)
+ TODO: check
+CVE-2020-24438 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...)
+ TODO: check
+CVE-2020-24437 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...)
+ TODO: check
+CVE-2020-24436 (Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 ( ...)
+ TODO: check
+CVE-2020-24435 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...)
+ TODO: check
+CVE-2020-24434 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...)
+ TODO: check
+CVE-2020-24433 (Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.00 ...)
+ TODO: check
+CVE-2020-24432 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...)
+ TODO: check
+CVE-2020-24431 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...)
+ TODO: check
+CVE-2020-24430 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...)
+ TODO: check
+CVE-2020-24429 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...)
+ TODO: check
+CVE-2020-24428 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...)
+ TODO: check
+CVE-2020-24427 (Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 ( ...)
+ TODO: check
+CVE-2020-24426 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...)
+ TODO: check
CVE-2020-24425 (Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled ...)
NOT-FOR-US: Adobe
CVE-2020-24424 (Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncont ...)
@@ -22824,8 +22879,7 @@ CVE-2020-17512
RESERVED
CVE-2020-17511
RESERVED
-CVE-2020-17510 [Authentication Bypass Vulnerability]
- RESERVED
+CVE-2020-17510 (Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a spec ...)
- shiro <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/7
CVE-2020-17509
@@ -26827,8 +26881,7 @@ CVE-2020-15709 (Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0
[buster] - software-properties <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/08/03/1
NOTE: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1890286
-CVE-2020-15708 [incorrect permissions on the UNIX domain socket allows local attacker to escalate privileges]
- RESERVED
+CVE-2020-15708 (Ubuntu's packaging of libvirt in 20.04 LTS created a control socket wi ...)
- libvirt <not-affected> (Ubuntu specific issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1866270#c2
NOTE: Debian used to use polkit in 1.2.9-rc1-1 and only later on
@@ -32840,10 +32893,10 @@ CVE-2020-13539
RESERVED
CVE-2020-13538
RESERVED
-CVE-2020-13537
- RESERVED
-CVE-2020-13536
- RESERVED
+CVE-2020-13537 (An exploitable local privilege elevation vulnerability exists in the f ...)
+ TODO: check
+CVE-2020-13536 (An exploitable local privilege elevation vulnerability exists in the f ...)
+ TODO: check
CVE-2020-13535
RESERVED
CVE-2020-13534
@@ -44575,11 +44628,13 @@ CVE-2020-9500 (Some products of Dahua have Denial of Service vulnerabilities. Af
CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After the su ...)
NOT-FOR-US: Dahua
CVE-2020-9498 (Apache Guacamole 1.1.0 and older may mishandle pointers involved inpro ...)
+ {DLA-2435-1}
- guacamole-server <unfixed> (bug #964195)
NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/3
NOTE: https://research.checkpoint.com/2020/apache-guacamole-rce/
NOTE: Fixed by https://github.com/apache/guacamole-server/commit/a0e11dc81727528224d28466903454e1cb0266bb
CVE-2020-9497 (Apache Guacamole 1.1.0 and older do not properly validate datareceived ...)
+ {DLA-2435-1}
- guacamole-server <unfixed> (bug #964195)
NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/2
NOTE: https://research.checkpoint.com/2020/apache-guacamole-rce/
@@ -50235,8 +50290,8 @@ CVE-2020-7209 (LinuxKI v6.0-1 and earlier is vulnerable to an remote code execut
NOT-FOR-US: LinuxKI
CVE-2020-7208 (LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved i ...)
NOT-FOR-US: LinuxKI
-CVE-2020-7207
- RESERVED
+CVE-2020-7207 (A local elevation of privilege using physical access security vulnerab ...)
+ TODO: check
CVE-2020-7206 (HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has ...)
NOT-FOR-US: HP nagios plugin for iLO
CVE-2020-7205 (A potential security vulnerability has been identified in HPE Intellig ...)
@@ -51034,8 +51089,8 @@ CVE-2020-6879
RESERVED
CVE-2020-6878
RESERVED
-CVE-2020-6877
- RESERVED
+CVE-2020-6877 (A ZTE product is impacted by an information leak vulnerability. An att ...)
+ TODO: check
CVE-2020-6876 (A ZTE product is impacted by an XSS vulnerability. The vulnerability i ...)
NOT-FOR-US: ZTE
CVE-2020-6875 (A ZTE product is impacted by the improper access control vulnerability ...)
@@ -53447,8 +53502,8 @@ CVE-2020-6017
RESERVED
CVE-2020-6016
RESERVED
-CVE-2020-6015
- RESERVED
+CVE-2020-6015 (Check Point Endpoint Security for Windows before E84.10 can reach deni ...)
+ TODO: check
CVE-2020-6014 (Check Point Endpoint Security Client for Windows, with Anti-Bot or Thr ...)
NOT-FOR-US: Check Point Endpoint Security Client
CVE-2020-6013 (ZoneAlarm Firewall and Antivirus products before version 15.8.109.1843 ...)
@@ -53620,22 +53675,22 @@ CVE-2020-5948
RESERVED
CVE-2020-5947
RESERVED
-CVE-2020-5946
- RESERVED
-CVE-2020-5945
- RESERVED
-CVE-2020-5944
- RESERVED
-CVE-2020-5943
- RESERVED
-CVE-2020-5942
- RESERVED
-CVE-2020-5941
- RESERVED
-CVE-2020-5940
- RESERVED
-CVE-2020-5939
- RESERVED
+CVE-2020-5946 (In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0 ...)
+ TODO: check
+CVE-2020-5945 (In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2 ...)
+ TODO: check
+CVE-2020-5944 (In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pag ...)
+ TODO: check
+CVE-2020-5943 (In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP objec ...)
+ TODO: check
+CVE-2020-5942 (In BIG-IP PEM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2 ...)
+ TODO: check
+CVE-2020-5941 (On BIG-IP versions 16.0.0-16.0.0.1 and 15.1.0-15.1.0.5, using the RESO ...)
+ TODO: check
+CVE-2020-5940 (In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a s ...)
+ TODO: check
+CVE-2020-5939 (In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0- ...)
+ TODO: check
CVE-2020-5938 (On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when ...)
NOT-FOR-US: F5 BIG-IP
CVE-2020-5937 (On BIG-IP AFM 15.1.0-15.1.0.5, the Traffic Management Microkernel (TMM ...)
@@ -53926,8 +53981,8 @@ CVE-2020-5795
RESERVED
CVE-2020-5794
RESERVED
-CVE-2020-5793
- RESERVED
+CVE-2020-5793 (A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows &a ...)
+ TODO: check
CVE-2020-5792 (Improper neutralization of argument delimiters in a command in Nagios ...)
NOT-FOR-US: Nagios XI
CVE-2020-5791 (Improper neutralization of special elements used in an OS command in N ...)
@@ -54178,8 +54233,8 @@ CVE-2020-5669
RESERVED
CVE-2020-5668
RESERVED
-CVE-2020-5667
- RESERVED
+CVE-2020-5667 (Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS ...)
+ TODO: check
CVE-2020-5666
RESERVED
CVE-2020-5665
@@ -54214,20 +54269,20 @@ CVE-2020-5651 (SQL injection vulnerability in Simple Download Monitor 3.8.8 and
NOT-FOR-US: Simple Download Monitor
CVE-2020-5650 (Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 an ...)
NOT-FOR-US: Simple Download Monitor
-CVE-2020-5649
- RESERVED
-CVE-2020-5648
- RESERVED
-CVE-2020-5647
- RESERVED
-CVE-2020-5646
- RESERVED
-CVE-2020-5645
- RESERVED
-CVE-2020-5644
- RESERVED
-CVE-2020-5643
- RESERVED
+CVE-2020-5649 (Resource management error vulnerability in TCP/IP function included in ...)
+ TODO: check
+CVE-2020-5648 (Improper neutralization of argument delimiters in a command ('Argument ...)
+ TODO: check
+CVE-2020-5647 (Improper access control vulnerability in TCP/IP function included in t ...)
+ TODO: check
+CVE-2020-5646 (NULL pointer dereferences vulnerability in TCP/IP function included in ...)
+ TODO: check
+CVE-2020-5645 (Session fixation vulnerability in TCP/IP function included in the firm ...)
+ TODO: check
+CVE-2020-5644 (Buffer overflow vulnerability in TCP/IP function included in the firmw ...)
+ TODO: check
+CVE-2020-5643 (Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0. ...)
+ TODO: check
CVE-2020-5642 (Cross-site request forgery (CSRF) vulnerability in Live Chat - Live su ...)
NOT-FOR-US: Live Chat
CVE-2020-5641
@@ -132578,97 +132633,97 @@ CVE-2018-16938
CVE-2018-16937
RESERVED
CVE-2018-16936
- RESERVED
+ REJECTED
CVE-2018-16935
- RESERVED
+ REJECTED
CVE-2018-16934
- RESERVED
+ REJECTED
CVE-2018-16933
- RESERVED
+ REJECTED
CVE-2018-16932
- RESERVED
+ REJECTED
CVE-2018-16931
- RESERVED
+ REJECTED
CVE-2018-16930
- RESERVED
+ REJECTED
CVE-2018-16929
- RESERVED
+ REJECTED
CVE-2018-16928
- RESERVED
+ REJECTED
CVE-2018-16927
- RESERVED
+ REJECTED
CVE-2018-16926
- RESERVED
+ REJECTED
CVE-2018-16925
- RESERVED
+ REJECTED
CVE-2018-16924
- RESERVED
+ REJECTED
CVE-2018-16923
- RESERVED
+ REJECTED
CVE-2018-16922
- RESERVED
+ REJECTED
CVE-2018-16921
- RESERVED
+ REJECTED
CVE-2018-16920
- RESERVED
+ REJECTED
CVE-2018-16919
- RESERVED
+ REJECTED
CVE-2018-16918
- RESERVED
+ REJECTED
CVE-2018-16917
- RESERVED
+ REJECTED
CVE-2018-16916
- RESERVED
+ REJECTED
CVE-2018-16915
- RESERVED
+ REJECTED
CVE-2018-16914
- RESERVED
+ REJECTED
CVE-2018-16913
- RESERVED
+ REJECTED
CVE-2018-16912
- RESERVED
+ REJECTED
CVE-2018-16911
- RESERVED
+ REJECTED
CVE-2018-16910
- RESERVED
+ REJECTED
CVE-2018-16909
- RESERVED
+ REJECTED
CVE-2018-16908
- RESERVED
+ REJECTED
CVE-2018-16907
- RESERVED
+ REJECTED
CVE-2018-16906
- RESERVED
+ REJECTED
CVE-2018-16905
- RESERVED
+ REJECTED
CVE-2018-16904
- RESERVED
+ REJECTED
CVE-2018-16903
- RESERVED
+ REJECTED
CVE-2018-16902
- RESERVED
+ REJECTED
CVE-2018-16901
- RESERVED
+ REJECTED
CVE-2018-16900
- RESERVED
+ REJECTED
CVE-2018-16899
- RESERVED
+ REJECTED
CVE-2018-16898
- RESERVED
+ REJECTED
CVE-2018-16897
- RESERVED
+ REJECTED
CVE-2018-16896
- RESERVED
+ REJECTED
CVE-2018-16895
- RESERVED
+ REJECTED
CVE-2018-16894
- RESERVED
+ REJECTED
CVE-2018-16893
- RESERVED
+ REJECTED
CVE-2018-16892
- RESERVED
+ REJECTED
CVE-2018-16891
- RESERVED
+ REJECTED
CVE-2018-16890 (libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap ...)
{DSA-4386-1 DLA-1672-1}
- curl 7.64.0-1
@@ -177498,105 +177553,105 @@ CVE-2018-1041 (A vulnerability was found in the way RemoteMessageChannel, introd
[wheezy] - libjboss-remoting-java <ignored> (unimportant leaf package)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1530457
CVE-2017-17380
- RESERVED
+ REJECTED
CVE-2017-17379
- RESERVED
+ REJECTED
CVE-2017-17378
- RESERVED
+ REJECTED
CVE-2017-17377
- RESERVED
+ REJECTED
CVE-2017-17376
- RESERVED
+ REJECTED
CVE-2017-17375
- RESERVED
+ REJECTED
CVE-2017-17374
- RESERVED
+ REJECTED
CVE-2017-17373
- RESERVED
+ REJECTED
CVE-2017-17372
- RESERVED
+ REJECTED
CVE-2017-17371
- RESERVED
+ REJECTED
CVE-2017-17370
- RESERVED
+ REJECTED
CVE-2017-17369
- RESERVED
+ REJECTED
CVE-2017-17368
- RESERVED
+ REJECTED
CVE-2017-17367
- RESERVED
+ REJECTED
CVE-2017-17366
- RESERVED
+ REJECTED
CVE-2017-17365
- RESERVED
+ REJECTED
CVE-2017-17364
- RESERVED
+ REJECTED
CVE-2017-17363
- RESERVED
+ REJECTED
CVE-2017-17362
- RESERVED
+ REJECTED
CVE-2017-17361
- RESERVED
+ REJECTED
CVE-2017-17360
- RESERVED
+ REJECTED
CVE-2017-17359
- RESERVED
+ REJECTED
CVE-2017-17358
- RESERVED
+ REJECTED
CVE-2017-17357
- RESERVED
+ REJECTED
CVE-2017-17356
- RESERVED
+ REJECTED
CVE-2017-17355
- RESERVED
+ REJECTED
CVE-2017-17354
- RESERVED
+ REJECTED
CVE-2017-17353
- RESERVED
+ REJECTED
CVE-2017-17352
- RESERVED
+ REJECTED
CVE-2017-17351
- RESERVED
+ REJECTED
CVE-2017-17350
- RESERVED
+ REJECTED
CVE-2017-17349
- RESERVED
+ REJECTED
CVE-2017-17348
- RESERVED
+ REJECTED
CVE-2017-17347
- RESERVED
+ REJECTED
CVE-2017-17346
- RESERVED
+ REJECTED
CVE-2017-17345
- RESERVED
+ REJECTED
CVE-2017-17344
- RESERVED
+ REJECTED
CVE-2017-17343
- RESERVED
+ REJECTED
CVE-2017-17342
- RESERVED
+ REJECTED
CVE-2017-17341
- RESERVED
+ REJECTED
CVE-2017-17340
- RESERVED
+ REJECTED
CVE-2017-17339
- RESERVED
+ REJECTED
CVE-2017-17338
- RESERVED
+ REJECTED
CVE-2017-17337
- RESERVED
+ REJECTED
CVE-2017-17336
- RESERVED
+ REJECTED
CVE-2017-17335
- RESERVED
+ REJECTED
CVE-2017-17334
- RESERVED
+ REJECTED
CVE-2017-17333
- RESERVED
+ REJECTED
CVE-2017-17332
- RESERVED
+ REJECTED
CVE-2017-17331
- RESERVED
+ REJECTED
CVE-2017-17330 (Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; V200 ...)
NOT-FOR-US: Huawei
CVE-2017-17329 (Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. Th ...)
@@ -186274,95 +186329,95 @@ CVE-2017-15185 (plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_blo
[wheezy] - libmp3splt <no-dsa> (Minor issue)
NOTE: https://anonscm.debian.org/cgit/users/ron/mp3splt.git/commit/?id=18f018cd774cb931116ce06a520dc0c5f9443932
CVE-2017-15184
- RESERVED
+ REJECTED
CVE-2017-15183
- RESERVED
+ REJECTED
CVE-2017-15182
- RESERVED
+ REJECTED
CVE-2017-15181
- RESERVED
+ REJECTED
CVE-2017-15180
- RESERVED
+ REJECTED
CVE-2017-15179
- RESERVED
+ REJECTED
CVE-2017-15178
- RESERVED
+ REJECTED
CVE-2017-15177
- RESERVED
+ REJECTED
CVE-2017-15176
- RESERVED
+ REJECTED
CVE-2017-15175
- RESERVED
+ REJECTED
CVE-2017-15174
- RESERVED
+ REJECTED
CVE-2017-15173
- RESERVED
+ REJECTED
CVE-2017-15172
- RESERVED
+ REJECTED
CVE-2017-15171
- RESERVED
+ REJECTED
CVE-2017-15170
- RESERVED
+ REJECTED
CVE-2017-15169
- RESERVED
+ REJECTED
CVE-2017-15168
- RESERVED
+ REJECTED
CVE-2017-15167
- RESERVED
+ REJECTED
CVE-2017-15166
- RESERVED
+ REJECTED
CVE-2017-15165
- RESERVED
+ REJECTED
CVE-2017-15164
- RESERVED
+ REJECTED
CVE-2017-15163
- RESERVED
+ REJECTED
CVE-2017-15162
- RESERVED
+ REJECTED
CVE-2017-15161
- RESERVED
+ REJECTED
CVE-2017-15160
- RESERVED
+ REJECTED
CVE-2017-15159
- RESERVED
+ REJECTED
CVE-2017-15158
- RESERVED
+ REJECTED
CVE-2017-15157
- RESERVED
+ REJECTED
CVE-2017-15156
- RESERVED
+ REJECTED
CVE-2017-15155
- RESERVED
+ REJECTED
CVE-2017-15154
- RESERVED
+ REJECTED
CVE-2017-15153
- RESERVED
+ REJECTED
CVE-2017-15152
- RESERVED
+ REJECTED
CVE-2017-15151
- RESERVED
+ REJECTED
CVE-2017-15150
- RESERVED
+ REJECTED
CVE-2017-15149
- RESERVED
+ REJECTED
CVE-2017-15148
- RESERVED
+ REJECTED
CVE-2017-15147
- RESERVED
+ REJECTED
CVE-2017-15146
- RESERVED
+ REJECTED
CVE-2017-15145
- RESERVED
+ REJECTED
CVE-2017-15144
- RESERVED
+ REJECTED
CVE-2017-15143
- RESERVED
+ REJECTED
CVE-2017-15142
- RESERVED
+ REJECTED
CVE-2017-15141
- RESERVED
+ REJECTED
CVE-2017-15140
- RESERVED
+ REJECTED
CVE-2017-15139 (A vulnerability was found in openstack-cinder releases up to and inclu ...)
[experimental] - cinder 2:13.0.0-1
- cinder 2:13.0.0-2
@@ -260249,11 +260304,11 @@ CVE-2016-0746 (Use-after-free vulnerability in the resolver in nginx 0.6.18 thro
NOTE: https://github.com/nginx/nginx/commit/4b581a7c21e4328d059bf400a059c0458fc9f806 (release-1.9.10)
NOTE: https://github.com/nginx/nginx/commit/a3d42258d97ebd0b638c20976654d3edfbaf943f (release-1.9.10)
CVE-2016-0745
- RESERVED
+ REJECTED
CVE-2016-0744
- RESERVED
+ REJECTED
CVE-2016-0743
- RESERVED
+ REJECTED
CVE-2016-0742 (The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remo ...)
{DSA-3473-1 DLA-404-1}
- nginx 1.9.10-1 (bug #812806)
@@ -281691,13 +281746,13 @@ CVE-2015-1827 (The get_user_grouplist function in the extdom plug-in in FreeIPA
- freeipa <not-affected> (Only affects 4.1, see bug #781224)
NOTE: https://fedorahosted.org/freeipa/ticket/4908
CVE-2015-1826
- RESERVED
+ REJECTED
CVE-2015-1825
- RESERVED
+ REJECTED
CVE-2015-1824
- RESERVED
+ REJECTED
CVE-2015-1823
- RESERVED
+ REJECTED
CVE-2015-1822 (chrony before 1.31.1 does not initialize the last "next" pointer when ...)
{DSA-3222-1 DLA-193-1}
- chrony 1.30-2 (bug #782160)
@@ -288625,7 +288680,7 @@ CVE-2014-9018 (Icecast before 2.4.1 transmits the output of the on-connect scrip
[squeeze] - icecast2 <no-dsa> (Minor issue)
NOTE: https://trac.xiph.org/ticket/2089
CVE-2015-0300
- RESERVED
+ REJECTED
CVE-2015-0299 (Multiple cross-site scripting (XSS) vulnerabilities in Open Source Poi ...)
NOT-FOR-US: Open Source Point of Sale
CVE-2015-0298 (Cross-site scripting (XSS) vulnerability in the manager web interface ...)
@@ -292531,9 +292586,9 @@ CVE-2014-7858 (The check_login function in D-Link DNR-326 before 2.10 build 03 a
CVE-2014-7857 (D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build ...)
NOT-FOR-US: D-Link
CVE-2014-7856
- RESERVED
+ REJECTED
CVE-2014-7855
- RESERVED
+ REJECTED
CVE-2014-7854
RESERVED
CVE-2014-7853 (The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBo ...)
@@ -292679,7 +292734,7 @@ CVE-2014-7821 (OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 al
NOTE: Versions up to 2014.1.3 and 2014.2
NOTE: https://launchpad.net/bugs/1378450
CVE-2014-7820
- RESERVED
+ REJECTED
CVE-2014-7819 (Multiple directory traversal vulnerabilities in server.rb in Sprockets ...)
- ruby-sprockets 2.12.3-1
[wheezy] - ruby-sprockets <no-dsa> (Minor issue)
@@ -314529,15 +314584,15 @@ CVE-2013-6508
CVE-2013-6507
REJECTED
CVE-2013-6506
- RESERVED
+ REJECTED
CVE-2013-6505
- RESERVED
+ REJECTED
CVE-2013-6504
- RESERVED
+ REJECTED
CVE-2013-6503
- RESERVED
+ REJECTED
CVE-2013-6502
- RESERVED
+ REJECTED
CVE-2013-6501 (The default soap.wsdl_cache_dir setting in (1) php.ini-production and ...)
- php5 <removed> (unimportant)
NOTE: Rendererd unexpoitable by kernel level hardening for tmp races
@@ -332716,13 +332771,13 @@ CVE-2012-6159
CVE-2012-6158
REJECTED
CVE-2012-6157
- RESERVED
+ REJECTED
CVE-2012-6156
- RESERVED
+ REJECTED
CVE-2012-6155
- RESERVED
+ REJECTED
CVE-2012-6154
- RESERVED
+ REJECTED
CVE-2012-6153 (http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient befor ...)
{DLA-222-1}
- commons-httpclient 3.1-10.2 (bug #692442)
@@ -334661,7 +334716,7 @@ CVE-2012-5557 (The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x befo
CVE-2012-5556 (Multiple cross-site request forgery (CSRF) vulnerabilities in the REST ...)
NOT-FOR-US: Drupal contributed-module
CVE-2012-5555
- RESERVED
+ REJECTED
CVE-2012-5554 (The default configuration for the Webform CiviCRM Integration module 7 ...)
NOT-FOR-US: Drupal contributed-module
CVE-2012-5553 (Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu ...)
@@ -334723,7 +334778,7 @@ CVE-2012-5529 (TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled,
- firebird2.5 2.5.2~svn+54698.ds4-2 (low; bug #693210)
- firebird2.1 <not-affected> (Only affects 2.5.x)
CVE-2012-5528
- RESERVED
+ REJECTED
CVE-2012-5527 (Claws Mail vCalendar plugin: credentials exposed on interface ...)
- claws-mail-extra-plugins 3.8.1-2 (unimportant; bug #693391)
NOTE: More of a plain bug than a security vulnerability
@@ -342947,15 +343002,15 @@ CVE-2010-5118
CVE-2010-5117
REJECTED
CVE-2010-5116
- RESERVED
+ REJECTED
CVE-2010-5115
- RESERVED
+ REJECTED
CVE-2010-5114
- RESERVED
+ REJECTED
CVE-2010-5113
- RESERVED
+ REJECTED
CVE-2010-5112
- RESERVED
+ REJECTED
CVE-2010-5111 (Multiple buffer overflows in readline.c in Echoping 6.0.2 allow remote ...)
- echoping 6.0.2-4 (low; bug #606808)
[squeeze] - echoping <no-dsa> (Minor issue)
@@ -348348,13 +348403,13 @@ CVE-2007-6751 (Cross-site scripting (XSS) vulnerability in the MailForm plugin b
CVE-2004-2776 (go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary co ...)
NOT-FOR-US: Montitorix
CVE-2004-2775
- RESERVED
+ REJECTED
CVE-2004-2774
- RESERVED
+ REJECTED
CVE-2004-2773
- RESERVED
+ REJECTED
CVE-2004-2772
- RESERVED
+ REJECTED
CVE-2004-2771 (The expand function in fio.c in Heirloom mailx 12.5 and earlier and BS ...)
{DSA-3105-1 DLA-114-1}
- heirloom-mailx 12.5-3.1 (bug #773417)
@@ -348365,11 +348420,11 @@ CVE-2003-1604 (The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c
- linux-2.6 <not-affected> (Fixed before initial upload of linux-2.6 in Debian)
NOTE: https://marc.info/?l=netfilter-devel&m=106668497403047&w=2
CVE-2003-1602
- RESERVED
+ REJECTED
CVE-2003-1601
- RESERVED
+ REJECTED
CVE-2003-1600
- RESERVED
+ REJECTED
CVE-2003-1599 (PHP remote file inclusion vulnerability in wp-links/links.all.php in W ...)
NOT-FOR-US: WordPress plugin wp-links
CVE-2003-1598 (SQL injection vulnerability in log.header.php in WordPress 0.7 and ear ...)
@@ -348384,11 +348439,11 @@ CVE-2002-2443 (schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka
NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637
NOTE: https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c
CVE-2002-2442
- RESERVED
+ REJECTED
CVE-2002-2441
- RESERVED
+ REJECTED
CVE-2002-2440
- RESERVED
+ REJECTED
CVE-2002-2439 (Integer overflow in the new[] operator in gcc before 4.8.0 allows atta ...)
- gcc-4.1 <removed>
[squeeze] - gcc-4.1 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
@@ -348411,35 +348466,35 @@ CVE-2002-2438
RESERVED
NOT-FOR-US: ancient linux 2.4 issue
CVE-2001-1592
- RESERVED
+ REJECTED
CVE-2001-1591
- RESERVED
+ REJECTED
CVE-2001-1590
- RESERVED
+ REJECTED
CVE-2001-1589
- RESERVED
+ REJECTED
CVE-2001-1588
- RESERVED
+ REJECTED
CVE-2000-1252
- RESERVED
+ REJECTED
CVE-2000-1251
- RESERVED
+ REJECTED
CVE-2000-1250
- RESERVED
+ REJECTED
CVE-2000-1249
- RESERVED
+ REJECTED
CVE-2000-1248
- RESERVED
+ REJECTED
CVE-1999-1598
- RESERVED
+ REJECTED
CVE-1999-1597
- RESERVED
+ REJECTED
CVE-1999-1596
- RESERVED
+ REJECTED
CVE-1999-1595
- RESERVED
+ REJECTED
CVE-1999-1594
- RESERVED
+ REJECTED
CVE-2012-0288
RESERVED
CVE-2011-5048 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Web Experie ...)
@@ -348649,15 +348704,15 @@ CVE-2011-4980
CVE-2011-4979
REJECTED
CVE-2011-4978
- RESERVED
+ REJECTED
CVE-2011-4977
- RESERVED
+ REJECTED
CVE-2011-4976
- RESERVED
+ REJECTED
CVE-2011-4975
- RESERVED
+ REJECTED
CVE-2011-4974
- RESERVED
+ REJECTED
CVE-2011-4973 (Authentication bypass vulnerability in mod_nss 1.0.8 allows remote att ...)
- libapache2-mod-nss 1.0.8-4 (low; bug #729626)
[wheezy] - libapache2-mod-nss <no-dsa> (Minor issue)
@@ -349105,27 +349160,27 @@ CVE-2009-5108
CVE-2009-5107
REJECTED
CVE-2009-5106
- RESERVED
+ REJECTED
CVE-2009-5105
- RESERVED
+ REJECTED
CVE-2009-5104
- RESERVED
+ REJECTED
CVE-2008-7308
- RESERVED
+ REJECTED
CVE-2008-7307
- RESERVED
+ REJECTED
CVE-2008-7306
- RESERVED
+ REJECTED
CVE-2008-7305
- RESERVED
+ REJECTED
CVE-2008-7304
- RESERVED
+ REJECTED
CVE-2007-6749
- RESERVED
+ REJECTED
CVE-2007-6748
- RESERVED
+ REJECTED
CVE-2007-6747
- RESERVED
+ REJECTED
CVE-2007-6746 (telepathy-idle before 0.1.15 does not verify (1) that the issuer is a ...)
- telepathy-idle 0.1.15-1 (low; bug #706094)
[wheezy] - telepathy-idle <no-dsa> (Minor issue)
@@ -349135,7 +349190,7 @@ CVE-2007-6745 (clamav 0.91.2 suffers from a floating point exception when using
[etch] - clamav <not-affected> (Vulnerable code not present)
[sarge] - clamav <not-affected> (Vulnerable code not present)
CVE-2006-7251
- RESERVED
+ REJECTED
CVE-2006-7250 (The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t ...)
{DSA-2454-1}
- openssl 1.0.0h-1
@@ -349147,11 +349202,11 @@ CVE-2006-7248
CVE-2006-7247 (SQL injection vulnerability in the Weblinks (com_weblinks) component f ...)
NOT-FOR-US: Joomla!
CVE-2005-4894
- RESERVED
+ REJECTED
CVE-2005-4893
- RESERVED
+ REJECTED
CVE-2005-4892
- RESERVED
+ REJECTED
CVE-2005-4891 (Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL inje ...)
NOT-FOR-US: Simple Machine Forum (SMF)
CVE-2011-4856 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 sen ...)
@@ -359248,9 +359303,9 @@ CVE-2011-1559 (Unspecified vulnerability in the IBM Web Interface for Content Ma
CVE-2011-1558 (Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Int ...)
NOT-FOR-US: IBM WEBi
CVE-2009-5070
- RESERVED
+ REJECTED
CVE-2009-5069
- RESERVED
+ REJECTED
CVE-2009-5068 (There is a file disclosure vulnerability in SMF (Simple Machines Forum ...)
NOT-FOR-US: Simple Machines Forum
CVE-2009-5067 (Directory traversal vulnerability in html2ps before 1.0b6 allows remot ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/186858bd9a5c1f89678b986d7f397e17f17e60e5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/186858bd9a5c1f89678b986d7f397e17f17e60e5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201106/ae404dd1/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list