Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9da912fb by security tracker role at 2019-12-20T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,69 @@
+CVE-2020-3939
+ RESERVED
+CVE-2020-3938
+ RESERVED
+CVE-2020-3937
+ RESERVED
+CVE-2020-3936
+ RESERVED
+CVE-2020-3935
+ RESERVED
+CVE-2020-3934
+ RESERVED
+CVE-2020-3933
+ RESERVED
+CVE-2020-3932
+ RESERVED
+CVE-2020-3931
+ RESERVED
+CVE-2020-3930
+ RESERVED
+CVE-2020-3929
+ RESERVED
+CVE-2020-3928
+ RESERVED
+CVE-2020-3927
+ RESERVED
+CVE-2020-3926
+ RESERVED
+CVE-2020-3925
+ RESERVED
+CVE-2020-3924
+ RESERVED
+CVE-2020-3923
+ RESERVED
+CVE-2020-3922
+ RESERVED
+CVE-2020-3921
+ RESERVED
+CVE-2020-3920
+ RESERVED
+CVE-2019-19916 (In Midori Browser 0.5.11 (on Windows 10), Content Security
Policy (CSP ...)
+ TODO: check
+CVE-2019-19915 (The "301 Redirects - Easy Redirect Manager" plugin before 2.45
for Wor ...)
+ TODO: check
+CVE-2019-19914
+ RESERVED
CVE-2019-19913
+ RESERVED
TODO: check
CVE-2019-19912
+ RESERVED
TODO: check
CVE-2019-19911
+ RESERVED
TODO: check
-CVE-2019-19910
+CVE-2019-19910 (The MinervaNeue Skin in MediaWiki from 2019-11-05 to
2019-12-13 (1.35 ...)
NOT-FOR-US: Mediawiki skin
-CVE-2019-19909
+CVE-2019-19909 (An issue was discovered in Public Knowledge Project (PKP)
pkp-lib befo ...)
NOT-FOR-US: Public Knowledge Project (PKP) pkp-lib
-CVE-2019-19908
+CVE-2019-19908 (phpMyChat-Plus 1.98 is vulnerable to reflected XSS via
JavaScript inje ...)
TODO: check
-CVE-2019-19907
+CVE-2019-19907 (HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano
Groupware Core ...)
- kopanocore <unfixed>
NOTE:
https://stash.kopano.io/projects/KC/repos/kopanocore/commits/4e02b420fff
CVE-2019-19904
+ RESERVED
TODO: check
CVE-2019-19903 (An issue was discovered in Backdrop CMS 1.14.x before 1.14.2.
It doesn ...)
- backdrop <itp> (bug #914257)
@@ -41,11 +91,12 @@ CVE-2019-19892
RESERVED
CVE-2019-19891
RESERVED
-CVE-2019-19906
+CVE-2019-19906 (cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write
leading ...)
+ {DLA-2044-1}
- cyrus-sasl2 <unfixed> (bug #947043)
NOTE: https://github.com/cyrusimap/cyrus-sasl/issues/587
NOTE: https://www.openldap.org/its/index.cgi/Incoming?id=9123
-CVE-2019-19905
+CVE-2019-19905 (NetHack before 3.6.4 is prone to a buffer overflow
vulnerability when ...)
- nethack <unfixed> (low; bug #947005)
[buster] - nethack <no-dsa> (Minor issue)
[stretch] - nethack <no-dsa> (Minor issue)
@@ -906,8 +957,8 @@ CVE-2019-19791
RESERVED
CVE-2019-19790 (Path traversal in RadChart in Telerik UI for ASP.NET AJAX
allows a rem ...)
NOT-FOR-US: Telerik UI for ASP.NET AJAX
-CVE-2019-19789
- RESERVED
+CVE-2019-19789 (3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS
Runtime Tool ...)
+ TODO: check
CVE-2019-19788 (Opera for Android before 54.0.2669.49432 is vulnerable to a
sandboxed ...)
NOT-FOR-US: Opera for Android
CVE-2019-19787 (ATasm 1.06 has a stack-based buffer overflow in the
get_signed_express ...)
@@ -2009,8 +2060,8 @@ CVE-2019-19749
RESERVED
CVE-2019-19748 (The Work Time Calendar app before 4.7.1 for Jira allows XSS.
...)
NOT-FOR-US: Work Time Calendar app for Jira
-CVE-2019-19747
- RESERVED
+CVE-2019-19747 (NeuVector 3.1 when configured to allow authentication via
Active Direc ...)
+ TODO: check
CVE-2019-19746 (make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a
segmentation fau ...)
- fig2dev <unfixed> (unimportant; bug #946628)
- transfig <removed> (unimportant)
@@ -3382,12 +3433,12 @@ CVE-2019-19695
RESERVED
CVE-2019-19694
RESERVED
-CVE-2019-19693
- RESERVED
-CVE-2019-19692
- RESERVED
-CVE-2019-19691
- RESERVED
+CVE-2019-19693 (The Trend Micro Security 2020 consumer family of products
contains a v ...)
+ TODO: check
+CVE-2019-19692 (Trend Micro Apex One (2019) is affected by a cross-site
scripting (XSS ...)
+ TODO: check
+CVE-2019-19691 (A vulnerability in Trend Micro Apex One and OfficeScan XG
could allow ...)
+ TODO: check
CVE-2019-19690 (Trend Micro Mobile Security for Android (Consumer) versions
10.3.1 and ...)
NOT-FOR-US: Trend Micro
CVE-2019-19689 (Trend Micro HouseCall for Home Networks (versions below
5.3.0.1063) co ...)
@@ -5833,14 +5884,11 @@ CVE-2019-19343
RESERVED
- undertow <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780445
-CVE-2019-19342
- RESERVED
+CVE-2019-19342 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2
and 3.5 ...)
NOT-FOR-US: Ansible Tower
-CVE-2019-19341
- RESERVED
+CVE-2019-19341 (A flaw was found in Ansible Tower, versions 3.6.x before
3.6.2, where ...)
NOT-FOR-US: Ansible Tower
-CVE-2019-19340
- RESERVED
+CVE-2019-19340 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2
and 3.5 ...)
NOT-FOR-US: Ansible Tower
CVE-2019-19339
RESERVED
@@ -6175,12 +6223,12 @@ CVE-2019-19236
RESERVED
CVE-2019-19235 (AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows
10 note ...)
NOT-FOR-US: ASUS
-CVE-2019-19234
- RESERVED
+CVE-2019-19234 (In Sudo through 1.8.29, the fact that a user has been blocked
(e.g., b ...)
+ TODO: check
CVE-2019-19233
RESERVED
-CVE-2019-19232
- RESERVED
+CVE-2019-19232 (In Sudo through 1.8.29, an attacker with access to a Runas ALL
sudoer ...)
+ TODO: check
CVE-2019-19231
RESERVED
CVE-2019-19230 (An unsafe deserialization vulnerability exists in CA Release
Automatio ...)
@@ -6384,8 +6432,8 @@ CVE-2019-19143
RESERVED
CVE-2019-19142
RESERVED
-CVE-2019-19141
- RESERVED
+CVE-2019-19141 (The Camera Upload functionality in Plex Media Server through
1.18.2.20 ...)
+ TODO: check
CVE-2019-19140
RESERVED
CVE-2019-19139
@@ -6887,8 +6935,7 @@ CVE-2019-18957 (Microstrategy Library in MicroStrategy
before 2019 before 11.1.3
NOT-FOR-US: Microstrategy Library
CVE-2019-18956 (Divisa Proxia Suite 9 < 9.12.16, 9.11.19, 9.10.26, 9.9.8,
9.8.43 an ...)
NOT-FOR-US: Divisa Proxia Suite
-CVE-2019-18955
- RESERVED
+CVE-2019-18955 (The web console in Lansweeper 7.2.105.2 has XSS via the URL
path. Prod ...)
NOT-FOR-US: Lansweeper
CVE-2019-18954 (Pomelo v2.2.5 allows external control of critical state data.
A malici ...)
NOT-FOR-US: Pomelo
@@ -9888,8 +9935,7 @@ CVE-2019-18617
RESERVED
CVE-2019-18616
RESERVED
-CVE-2019-18615
- RESERVED
+CVE-2019-18615 (In CloudVision Portal (CVP) for all releases in the 2018.2
Train, unde ...)
NOT-FOR-US: CloudVision Portal
CVE-2019-18614
RESERVED
@@ -10911,8 +10957,8 @@ CVE-2019-18265
RESERVED
CVE-2019-18264
RESERVED
-CVE-2019-18263
- RESERVED
+CVE-2019-18263 (An issue was found in Philips Veradius Unity, Pulsera, and
Endura Dual ...)
+ TODO: check
CVE-2019-18262
RESERVED
CVE-2019-18261 (In Omron PLC CS series, all versions, Omron PLC CJ series, all
version ...)
@@ -12093,8 +12139,7 @@ CVE-2019-18183
RESERVED
CVE-2019-18182
RESERVED
-CVE-2019-18181
- RESERVED
+CVE-2019-18181 (In CloudVision Portal all releases in the 2018.1 and 2018.2
Code train ...)
TODO: check
CVE-2019-18180 (Improper Check for filenames with overly long extensions in
PostMaster ...)
- otrs2 <unfixed> (bug #945251)
@@ -13184,8 +13229,7 @@ CVE-2019-17635
RESERVED
CVE-2019-17634
RESERVED
-CVE-2019-17633
- RESERVED
+CVE-2019-17633 (For Eclipse Che versions 6.16 to 7.3.0, with both
authentication and T ...)
NOT-FOR-US: Eclipse Che
CVE-2019-17632 (In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022,
and 9.4. ...)
- jetty9 <unfixed>
@@ -13395,8 +13439,8 @@ CVE-2019-17573
RESERVED
CVE-2019-17572
RESERVED
-CVE-2019-17571
- RESERVED
+CVE-2019-17571 (Included in Log4j 1.2 is a SocketServer class that is
vulnerable to de ...)
+ TODO: check
CVE-2019-17570
RESERVED
CVE-2019-17569
@@ -13635,8 +13679,8 @@ CVE-2019-17529 (An issue was discovered in Bento4
1.5.1.0. There is a heap-based
NOT-FOR-US: Bento4
CVE-2019-17528 (An issue was discovered in Bento4 1.5.1.0. There is a SEGV in
the func ...)
NOT-FOR-US: Bento4
-CVE-2019-17527
- RESERVED
+CVE-2019-17527 (dataForDepandantField in models/custormfields.php in the JS
JOBS FREE ...)
+ TODO: check
CVE-2019-17526 (** DISPUTED ** An issue was discovered in SageMath Sage Cell
Server th ...)
NOT-FOR-US: Sage Cell Server (not part of SafeMath as packaged in
Debian)
CVE-2019-17525
@@ -13879,8 +13923,8 @@ CVE-2019-17442
RESERVED
CVE-2019-17441
RESERVED
-CVE-2019-17440
- RESERVED
+CVE-2019-17440 (Improper restriction of communications to Log Forwarding Card
(LFC) on ...)
+ TODO: check
CVE-2019-17439
RESERVED
CVE-2019-17438
@@ -15308,8 +15352,8 @@ CVE-2019-16873 (Portainer before 1.22.1 has XSS (issue
1 of 2). ...)
NOT-FOR-US: Portainer
CVE-2019-16872 (Portainer before 1.22.1 has Incorrect Access Control (issue 1
of 4). ...)
NOT-FOR-US: Portainer
-CVE-2019-16871
- RESERVED
+CVE-2019-16871 (Beckhoff Embedded Windows PLCs through 3.1.4024.0, and
Beckhoff Twinca ...)
+ TODO: check
CVE-2019-16870
RESERVED
CVE-2019-16869 (Netty before 4.1.42.Final mishandles whitespace before the
colon in HT ...)
@@ -16377,70 +16421,49 @@ CVE-2019-16467
RESERVED
CVE-2019-16466
RESERVED
-CVE-2019-16465
- RESERVED
+CVE-2019-16465 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16464
- RESERVED
+CVE-2019-16464 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16463
- RESERVED
+CVE-2019-16463 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16462
- RESERVED
+CVE-2019-16462 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16461
- RESERVED
+CVE-2019-16461 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16460
- RESERVED
+CVE-2019-16460 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16459
- RESERVED
+CVE-2019-16459 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16458
- RESERVED
+CVE-2019-16458 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16457
- RESERVED
+CVE-2019-16457 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16456
- RESERVED
+CVE-2019-16456 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16455
- RESERVED
+CVE-2019-16455 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16454
- RESERVED
+CVE-2019-16454 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16453
- RESERVED
+CVE-2019-16453 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16452
- RESERVED
+CVE-2019-16452 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16451
- RESERVED
+CVE-2019-16451 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16450
- RESERVED
+CVE-2019-16450 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16449
- RESERVED
+CVE-2019-16449 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16448
- RESERVED
+CVE-2019-16448 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
NOT-FOR-US: Adobe
CVE-2019-16447
RESERVED
-CVE-2019-16446
- RESERVED
+CVE-2019-16446 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16445
- RESERVED
+CVE-2019-16445 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
NOT-FOR-US: Adobe
-CVE-2019-16444
- RESERVED
+CVE-2019-16444 (Adobe Acrobat and Reader versions , 2019.021.20056 and
earlier, 2017.0 ...)
NOT-FOR-US: Adobe
CVE-2019-16443
RESERVED
@@ -16565,11 +16588,11 @@ CVE-2019-16390
RESERVED
CVE-2019-16389
RESERVED
-CVE-2019-16388 (PEGA Platform 8.3.0 is vulnerable to Information disclosure
via a dire ...)
+CVE-2019-16388 (** DISPUTED ** PEGA Platform 8.3.0 is vulnerable to
Information disclo ...)
NOT-FOR-US: PEGA Platform
-CVE-2019-16387 (PEGA Platform 8.3.0 is vulnerable to a direct
prweb/sso/random_token/! ...)
+CVE-2019-16387 (** DISPUTED ** PEGA Platform 8.3.0 is vulnerable to a direct
prweb/sso ...)
NOT-FOR-US: PEGA Platform
-CVE-2019-16386 (PEGA Platform 7.x and 8.x is vulnerable to Information
disclosure via ...)
+CVE-2019-16386 (** DISPUTED ** PEGA Platform 7.x and 8.x is vulnerable to
Information ...)
NOT-FOR-US: PEGA Platform
CVE-2019-16385
RESERVED
@@ -18030,18 +18053,18 @@ CVE-2019-15916 (An issue was discovered in the Linux
kernel before 5.0.1. There
[stretch] - linux 4.9.168-1
[jessie] - linux 3.16.70-1
NOTE:
https://git.kernel.org/linus/895a5e96dbd6386c8e78e5b78e067dcc67b7f0ab
-CVE-2019-15915
- RESERVED
-CVE-2019-15914
- RESERVED
-CVE-2019-15913
- RESERVED
-CVE-2019-15912
- RESERVED
-CVE-2019-15911
- RESERVED
-CVE-2019-15910
- RESERVED
+CVE-2019-15915 (An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM,
MCCGQ01LM, RTCG ...)
+ TODO: check
+CVE-2019-15914 (An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM,
MCCGQ01LM, WSDC ...)
+ TODO: check
+CVE-2019-15913 (An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM,
MCCGQ01LM, WSDC ...)
+ TODO: check
+CVE-2019-15912 (An issue was discovered on ASUS HG100, MW100, WS-101, TS-101,
AS-101, ...)
+ TODO: check
+CVE-2019-15911 (An issue was discovered on ASUS HG100, MW100, WS-101, TS-101,
AS-101, ...)
+ TODO: check
+CVE-2019-15910 (An issue was discovered on ASUS HG100, MW100, WS-101, TS-101,
AS-101, ...)
+ TODO: check
CVE-2019-15909
RESERVED
CVE-2019-15908
@@ -31185,8 +31208,7 @@ CVE-2019-11782
RESERVED
CVE-2019-11781
RESERVED
-CVE-2019-11780
- RESERVED
+CVE-2019-11780 (Improper access control in the computed fields system of the
framework ...)
NOT-FOR-US: Odoo
CVE-2019-11779 (In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious
MQTT cli ...)
{DSA-4570-1 DLA-1972-1}
@@ -32807,8 +32829,8 @@ CVE-2019-11296
RESERVED
CVE-2019-11295
RESERVED
-CVE-2019-11294
- RESERVED
+CVE-2019-11294 (Cloud Foundry Cloud Controller API (CAPI), version 1.88.0,
allows spac ...)
+ TODO: check
CVE-2019-11293 (Cloud Foundry UAA Release, versions prior to v74.10.0, when
set to log ...)
NOT-FOR-US: Cloud Foundry UAA Release
CVE-2019-11292
@@ -42235,14 +42257,14 @@ CVE-2019-8258 (UltraVNC revision 1198 has a heap
buffer overflow vulnerability i
NOT-FOR-US: UltraVNC
CVE-2019-8257
RESERVED
-CVE-2019-8256
- RESERVED
-CVE-2019-8255
- RESERVED
-CVE-2019-8254
- RESERVED
-CVE-2019-8253
- RESERVED
+CVE-2019-8256 (ColdFusion versions Update 6 and earlier have an insecure
inherited pe ...)
+ TODO: check
+CVE-2019-8255 (Brackets versions 1.14 and earlier have a command injection
vulnerabil ...)
+ TODO: check
+CVE-2019-8254 (Adobe Photoshop CC versions before 20.0.8 and 21.0.x before
21.0.2 hav ...)
+ TODO: check
+CVE-2019-8253 (Adobe Photoshop CC versions before 20.0.8 and 21.0.x before
21.0.2 hav ...)
+ TODO: check
CVE-2019-8252
RESERVED
CVE-2019-8251
@@ -50898,12 +50920,12 @@ CVE-2019-4746
RESERVED
CVE-2019-4745
RESERVED
-CVE-2019-4744
- RESERVED
-CVE-2019-4743
- RESERVED
-CVE-2019-4742
- RESERVED
+CVE-2019-4744 (IBM Financial Transaction Manager 3.0 is vulnerable to
cross-site scri ...)
+ TODO: check
+CVE-2019-4743 (IBM Financial Transaction Manager 3.0 does not set the secure
attribut ...)
+ TODO: check
+CVE-2019-4742 (IBM Financial Transaction Manager 3.0 could allow a remote
attacker to ...)
+ TODO: check
CVE-2019-4741
RESERVED
CVE-2019-4740
@@ -50914,8 +50936,8 @@ CVE-2019-4738
RESERVED
CVE-2019-4737
RESERVED
-CVE-2019-4736
- RESERVED
+CVE-2019-4736 (IBM Financial Transaction Manager 3.0 is vulnerable to
cross-site requ ...)
+ TODO: check
CVE-2019-4735
RESERVED
CVE-2019-4734
@@ -51276,8 +51298,8 @@ CVE-2019-4557
RESERVED
CVE-2019-4556 (IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete
blacklisting fo ...)
NOT-FOR-US: IBM
-CVE-2019-4555
- RESERVED
+CVE-2019-4555 (IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site
scripti ...)
+ TODO: check
CVE-2019-4554
RESERVED
CVE-2019-4553
@@ -51924,8 +51946,8 @@ CVE-2019-4233
RESERVED
CVE-2019-4232
RESERVED
-CVE-2019-4231
- RESERVED
+CVE-2019-4231 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site
request ...)
+ TODO: check
CVE-2019-4230
RESERVED
CVE-2019-4229
@@ -87022,7 +87044,7 @@ CVE-2018-11118 (The RSS subsystem in ILIAS 5.1.x,
5.2.x, and 5.3.x before 5.3.5
NOT-FOR-US: ILIAS
CVE-2018-11117 (Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS
5.1.x, 5. ...)
NOT-FOR-US: ILIAS
-CVE-2018-11116 (OpenWrt mishandles access control in /etc/config/rpcd and the
/usr/sha ...)
+CVE-2018-11116 (** DISPUTED ** OpenWrt mishandles access control in
/etc/config/rpcd a ...)
NOT-FOR-US: OpenWrt
CVE-2018-11115
RESERVED
@@ -113065,8 +113087,8 @@ CVE-2018-1936 (IBM DB2 9.7, 10.1, 10.5, and 11.1
libdb2e.so.1 is vulnerable to a
NOT-FOR-US: IBM
CVE-2018-1935 (IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated
user to ...)
NOT-FOR-US: IBM
-CVE-2018-1934
- RESERVED
+CVE-2018-1934 (IBM Cognos Business Intelligence 10.2.2 is vulnerable to
cross-site re ...)
+ TODO: check
CVE-2018-1933 (IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to
cross-site s ...)
NOT-FOR-US: IBM
CVE-2018-1932 (IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a
vulnerability ...)
@@ -173796,8 +173818,7 @@ CVE-2016-1000231
RESERVED
CVE-2016-1000230
RESERVED
-CVE-2016-1000229
- RESERVED
+CVE-2016-1000229 (swagger-ui has XSS in key names ...)
NOT-FOR-US: nodejs swagger-ui
NOTE: https://github.com/swagger-api/swagger-ui/issues/1865
CVE-2016-1000228
@@ -180806,8 +180827,7 @@ CVE-2016-1000025
REJECTED
CVE-2016-1000024
RESERVED
-CVE-2016-1000022
- RESERVED
+CVE-2016-1000022 (negotiator before 0.6.1 is vulnerable to a regular
expression DoS ...)
- node-negotiator 0.6.1-1 (unimportant)
NOTE: https://nodesecurity.io/advisories/106
NOTE:
https://github.com/distributedweaknessfiling/DWF-Database/commit/5e607a0cad2769db2be5aafc4d9b1ec49bd7bbbc
@@ -201840,8 +201860,7 @@ CVE-2015-8315 (The ms package before 0.7.1 for
Node.js allows attackers to cause
- node-ms <not-affected> (Fixed before initial upload to Debian)
CVE-2015-8314
RESERVED
-CVE-2015-8313 [fail to check the first byte of the padding in CBC modes]
- RESERVED
+CVE-2015-8313 (GnuTLS incorrectly validates the first byte of padding in CBC
modes ...)
{DSA-3408-1 DLA-364-1}
- gnutls28 <not-affected> (Vulnerable code not present)
- gnutls26 <removed>
@@ -252138,7 +252157,7 @@ CVE-2014-0085 (JBoss Fuse did not enable encrypted
passwords by default in its u
NOT-FOR-US: Fuse Fabric
CVE-2014-0084 (Ruby gem openshift-origin-node before 2014-02-14 does not
contain a cr ...)
NOT-FOR-US: rubygem-openshift-origin-node
-CVE-2014-0083 (The Ruby net-ldap gem before 0.16.2 uses a weak salt when
generating S ...)
+CVE-2014-0083 (The Ruby net-ldap gem before 0.11 uses a weak salt when
generating SSH ...)
- ruby-net-ldap <not-affected> (SSHA support not present)
NOTE: SSHA support only from version v0.5.0, see #742706
CVE-2014-0082 (actionpack/lib/action_view/template/text.rb in Action View in
Ruby on ...)
@@ -271922,8 +271941,7 @@ CVE-2012-6112 (classes/GoogleSpell.php in the PHP
Spellchecker (aka Google Spell
NOTE: http://www.tinymce.com/develop/changelog/?type=phpspell
NOTE: patch:
https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
NOTE: http://www.tinymce.com/forum/viewtopic.php?id=30036
-CVE-2012-6111 [gnome-keyring does not discard stored secrets in some cases]
- RESERVED
+CVE-2012-6111 (gnome-keyring does not discard stored secrets when using
gnome_keyring ...)
- gnome-keyring 3.8.2-1 (low; bug #697896)
[squeeze] - gnome-keyring <no-dsa> (Minor issue)
[wheezy] - gnome-keyring <no-dsa> (Minor issue)
@@ -271983,8 +272001,7 @@ CVE-2012-6096 (Multiple stack-based buffer overflows
in the get_history function
CVE-2012-6095 (ProFTPD before 1.3.5rc1, when using the UserOwner directive,
allows lo ...)
{DSA-2606-1}
- proftpd-dfsg 1.3.4a-3 (bug #697524)
-CVE-2012-6094
- RESERVED
+CVE-2012-6094 (cups (Common Unix Printing System) 'Listen localhost:631'
option not h ...)
- cups <not-affected> (systemd patch not applied in Debian, see bug
#697584)
CVE-2012-6093 (The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x
before 4. ...)
- qt4-x11 <not-affected> (Only affects environments where a different
OpenSSL is used, doesn't apply to Debian; bug #697582)
@@ -273454,8 +273471,7 @@ CVE-2012-5641 (Directory traversal vulnerability in
the partition2 function in m
CVE-2012-5640 (thttpd has a local DoS vulnerability via specially-crafted
.htpasswd f ...)
- thttpd <removed> (low)
[squeeze] - thttpd <no-dsa> (Minor issue)
-CVE-2012-5639
- RESERVED
+CVE-2012-5639 (LibreOffice and OpenOffice automatically open embedded content
...)
- libreoffice <unfixed> (unimportant)
[wheezy] - libreoffice <ignored> (Minor issue)
- openoffice.org 1:3.3.0-1 (unimportant)
@@ -279520,8 +279536,7 @@ CVE-2012-3411 (Dnsmasq before 2.63test1, when used
with certain libvirt configur
CVE-2012-3410 (Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash
before 4.2 ...)
- bash 4.2-4 (low; bug #681278)
[squeeze] - bash <no-dsa> (Minor issue)
-CVE-2012-3409
- RESERVED
+CVE-2012-3409 (ecryptfs-utils: suid helper does not restrict mounting
filesystems wit ...)
- ecryptfs-utils 99-1 (bug #682220)
[squeeze] - ecryptfs-utils <not-affected> (home src/dest mountpoints
hardcoded in that version)
CVE-2012-3408 (lib/puppet/network/authstore.rb in Puppet before 2.7.18, and
Puppet En ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9da912fb4daf890441dc6904792324d454d788cb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9da912fb4daf890441dc6904792324d454d788cb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
