Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b14ea558 by security tracker role at 2020-01-14T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,191 @@
+CVE-2020-7052
+ RESERVED
+CVE-2020-7051
+ RESERVED
+CVE-2020-7050
+ RESERVED
+CVE-2020-7049
+ RESERVED
+CVE-2020-7048
+ RESERVED
+CVE-2020-7047
+ RESERVED
+CVE-2020-7046
+ RESERVED
+CVE-2020-7045
+ RESERVED
+CVE-2020-7044
+ RESERVED
+CVE-2020-7043
+ RESERVED
+CVE-2020-7042
+ RESERVED
+CVE-2020-7041
+ RESERVED
+CVE-2020-7040
+ RESERVED
+CVE-2020-7039
+ RESERVED
+CVE-2020-7038
+ RESERVED
+CVE-2020-7037
+ RESERVED
+CVE-2020-7036
+ RESERVED
+CVE-2020-7035
+ RESERVED
+CVE-2020-7034
+ RESERVED
+CVE-2020-7033
+ RESERVED
+CVE-2020-7032
+ RESERVED
+CVE-2020-7031
+ RESERVED
+CVE-2020-7030
+ RESERVED
+CVE-2020-7029
+ RESERVED
+CVE-2020-7028
+ RESERVED
+CVE-2020-7027
+ RESERVED
+CVE-2020-7026
+ RESERVED
+CVE-2020-7025
+ RESERVED
+CVE-2020-7024
+ RESERVED
+CVE-2020-7023
+ RESERVED
+CVE-2020-7022
+ RESERVED
+CVE-2020-7021
+ RESERVED
+CVE-2020-7020
+ RESERVED
+CVE-2020-7019
+ RESERVED
+CVE-2020-7018
+ RESERVED
+CVE-2020-7017
+ RESERVED
+CVE-2020-7016
+ RESERVED
+CVE-2020-7015
+ RESERVED
+CVE-2020-7014
+ RESERVED
+CVE-2020-7013
+ RESERVED
+CVE-2020-7012
+ RESERVED
+CVE-2020-7011
+ RESERVED
+CVE-2020-7010
+ RESERVED
+CVE-2020-7009
+ RESERVED
+CVE-2020-7008
+ RESERVED
+CVE-2020-7007
+ RESERVED
+CVE-2020-7006
+ RESERVED
+CVE-2020-7005
+ RESERVED
+CVE-2020-7004
+ RESERVED
+CVE-2020-7003
+ RESERVED
+CVE-2020-7002
+ RESERVED
+CVE-2020-7001
+ RESERVED
+CVE-2020-7000
+ RESERVED
+CVE-2020-6999
+ RESERVED
+CVE-2020-6998
+ RESERVED
+CVE-2020-6997
+ RESERVED
+CVE-2020-6996
+ RESERVED
+CVE-2020-6995
+ RESERVED
+CVE-2020-6994
+ RESERVED
+CVE-2020-6993
+ RESERVED
+CVE-2020-6992
+ RESERVED
+CVE-2020-6991
+ RESERVED
+CVE-2020-6990
+ RESERVED
+CVE-2020-6989
+ RESERVED
+CVE-2020-6988
+ RESERVED
+CVE-2020-6987
+ RESERVED
+CVE-2020-6986
+ RESERVED
+CVE-2020-6985
+ RESERVED
+CVE-2020-6984
+ RESERVED
+CVE-2020-6983
+ RESERVED
+CVE-2020-6982
+ RESERVED
+CVE-2020-6981
+ RESERVED
+CVE-2020-6980
+ RESERVED
+CVE-2020-6979
+ RESERVED
+CVE-2020-6978
+ RESERVED
+CVE-2020-6977
+ RESERVED
+CVE-2020-6976
+ RESERVED
+CVE-2020-6975
+ RESERVED
+CVE-2020-6974
+ RESERVED
+CVE-2020-6973
+ RESERVED
+CVE-2020-6972
+ RESERVED
+CVE-2020-6971
+ RESERVED
+CVE-2020-6970
+ RESERVED
+CVE-2020-6969
+ RESERVED
+CVE-2020-6968
+ RESERVED
+CVE-2020-6967
+ RESERVED
+CVE-2020-6966
+ RESERVED
+CVE-2020-6965
+ RESERVED
+CVE-2020-6964
+ RESERVED
+CVE-2020-6963
+ RESERVED
+CVE-2020-6962
+ RESERVED
+CVE-2020-6961
+ RESERVED
+CVE-2020-6960
+ RESERVED
+CVE-2020-6959
+ RESERVED
CVE-2020-6958 (An XXE vulnerability in JnlpSupport in Yet Another Java Service
Wrappe ...)
NOT-FOR-US: Yet Another Java Service Wrapper (YAJSW)
CVE-2020-6957
@@ -1386,16 +1574,16 @@ CVE-2020-6309
RESERVED
CVE-2020-6308
RESERVED
-CVE-2020-6307
- RESERVED
-CVE-2020-6306
- RESERVED
-CVE-2020-6305
- RESERVED
-CVE-2020-6304
- RESERVED
-CVE-2020-6303
- RESERVED
+CVE-2020-6307 (Automated Note Search Tool (update provided in SAP Basis 7.0,
7.01, 7. ...)
+ TODO: check
+CVE-2020-6306 (Missing authorization check in a transaction within SAP Leasing
(updat ...)
+ TODO: check
+CVE-2020-6305 (PI Rest Adapter of SAP Process Integration (update provided in
SAP_XIA ...)
+ TODO: check
+CVE-2020-6304 (Improper input validation in SAP NetWeaver Internet
Communication Mana ...)
+ TODO: check
+CVE-2020-6303 (SAP Disclosure Management, before version 10.1, does not
validate user ...)
+ TODO: check
CVE-2020-6302
RESERVED
CVE-2020-6301
@@ -1671,8 +1859,8 @@ CVE-2020-6175
RESERVED
CVE-2020-6174
RESERVED
-CVE-2020-6173
- RESERVED
+CVE-2020-6173 (TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows
Uncontrolle ...)
+ TODO: check
CVE-2020-6172
RESERVED
CVE-2020-6171
@@ -2321,12 +2509,12 @@ CVE-2020-5855
RESERVED
CVE-2020-5854
RESERVED
-CVE-2020-5853
- RESERVED
-CVE-2020-5852
- RESERVED
-CVE-2020-5851
- RESERVED
+CVE-2020-5853 (In BIG-IP APM portal access on versions 15.0.0-15.1.0,
14.0.0-14.1.2.3 ...)
+ TODO: check
+CVE-2020-5852 (Undisclosed traffic patterns received may cause a disruption of
servic ...)
+ TODO: check
+CVE-2020-5851 (On impacted versions and platforms the Trusted Platform Module
(TPM) s ...)
+ TODO: check
CVE-2020-5850
RESERVED
CVE-2020-5849
@@ -3013,8 +3201,8 @@ CVE-2020-5511 (PHPGurukul Small CRM v2.0 was found
vulnerable to authentication
NOT-FOR-US: PHPGurukul Small CRM
CVE-2020-5510 (PHPGurukul Hostel Management System v2.0 allows SQL injection
via the ...)
NOT-FOR-US: PHPGurukul Hostel Management System
-CVE-2020-5509
- RESERVED
+CVE-2020-5509 (PHPGurukul Car Rental Project v1.0 allows Remote Code Execution
via an ...)
+ TODO: check
CVE-2020-5508
RESERVED
CVE-2019-20355
@@ -3065,8 +3253,8 @@ CVE-2020-5507
RESERVED
CVE-2020-5506
RESERVED
-CVE-2020-5505
- RESERVED
+CVE-2020-5505 (Freelancy v1.0.0 allows remote command execution via the
"file":"data: ...)
+ TODO: check
CVE-2020-5504 (In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection
exists ...)
{DLA-2060-1}
- phpmyadmin <unfixed> (bug #948718)
@@ -3945,20 +4133,20 @@ CVE-2020-5197 (An issue was discovered in GitLab
Community Edition (CE) and Ente
[experimental] - gitlab 12.6.2-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
-CVE-2020-5196
- RESERVED
+CVE-2020-5196 (Cerberus FTP Server Enterprise Edition prior to versions 11.0.3
and 10 ...)
+ TODO: check
CVE-2020-5195 (Reflected XSS through an IMG element in Cerberus FTP Server
prior to v ...)
NOT-FOR-US: Cerberus FTP Server
-CVE-2020-5194
- RESERVED
+CVE-2020-5194 (The zip API endpoint in Cerberus FTP Server 8 allows an
authenticated ...)
+ TODO: check
CVE-2019-20225 (MyBB before 1.8.22 allows an open redirect on login. ...)
NOT-FOR-US: MyBB
CVE-2013-7486 (Cross-site scripting (XSS) vulnerability in the backend in
Open-Xchang ...)
NOT-FOR-US: Open-Xchange App Suite
CVE-2013-7485 (Cross-site scripting (XSS) vulnerability in the backend in
Open-Xchang ...)
NOT-FOR-US: Open-Xchange App Suite
-CVE-2020-5193
- RESERVED
+CVE-2020-5193 (PHPGurukul Hospital Management System in PHP v4.0 suffers from
multipl ...)
+ TODO: check
CVE-2020-5192 (PHPGurukul Hospital Management System in PHP v4.0 suffers from
multipl ...)
NOT-FOR-US: PHPGurukul Hospital Management System
CVE-2020-5191 (PHPGurukul Hospital Management System in PHP v4.0 suffers from
multipl ...)
@@ -3983,8 +4171,8 @@ CVE-2020-5182
RESERVED
CVE-2020-5181
RESERVED
-CVE-2020-5180
- RESERVED
+CVE-2020-5180 (Viscosity 1.8.2 on Windows and macOS allows an unprivileged
user to se ...)
+ TODO: check
CVE-2019-20224 (netflow_get_stats in functions_netflow.php in Pandora FMS
7.0NG allows ...)
NOT-FOR-US: Pandora FMS
CVE-2019-20223 (In Support Incident Tracker (SiT!) 3.67, the id parameter is
affected ...)
@@ -8166,7 +8354,7 @@ CVE-2019-20042 (In wp-includes/formatting.php in
WordPress 3.7 to 5.3.0, the fun
NOTE:
https://github.com/WordPress/wordpress-develop/commit/1f7f3f1f59567e2504f0fbebd51ccf004b3ccb1d
NOTE:
https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
CVE-2019-20041 (wp_kses_bad_protocol in wp-includes/kses.php in WordPress
before 5.3.1 ...)
- {DSA-4599-1}
+ {DSA-4599-1 DLA-2067-1}
- wordpress 5.3.2+dfsg1-1 (bug #946905)
NOTE:
https://github.com/WordPress/wordpress-develop/commit/b1975463dd995da19bb40d3fa0786498717e3c53
NOTE:
https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
@@ -12224,8 +12412,8 @@ CVE-2019-19550
RESERVED
CVE-2019-19549
RESERVED
-CVE-2019-19548
- RESERVED
+CVE-2019-19548 (Norton Power Eraser, prior to 5.3.0.67, may be susceptible to
a privil ...)
+ TODO: check
CVE-2019-19547 (Symantec Endpoint Detection and Response (SEDR), prior to
4.3.0, may b ...)
NOT-FOR-US: Symantec
CVE-2019-19546 (Norton Password Manager, prior to 6.6.2.5, may be susceptible
to an in ...)
@@ -32567,8 +32755,7 @@ CVE-2019-13724 (Out of bounds memory access in
WebBluetooth in Google Chrome pri
CVE-2019-13723 (Use after free in WebBluetooth in Google Chrome prior to
78.0.3904.108 ...)
{DSA-4575-1}
- chromium 78.0.3904.108-1
-CVE-2019-13722
- RESERVED
+CVE-2019-13722 (Inappropriate implementation in WebRTC in Google Chrome prior
to 79.0. ...)
- firefox <not-affected> (Windows-specific)
- firefox-esr <not-affected> (Windows-specific)
- thunderbird <not-affected> (Windows-specific)
@@ -34112,8 +34299,8 @@ CVE-2019-13539 (Medtronic Valleylab Exchange Client
version 3.4 and below, Valle
NOT-FOR-US: Medtronic
CVE-2019-13538 (3S-Smart Software Solutions GmbH CODESYS V3 Library Manager,
all versi ...)
NOT-FOR-US: 3S-Smart
-CVE-2019-13537
- RESERVED
+CVE-2019-13537 (The IEC870IP driver for AVEVA’s Vijeo Citect and Citect
SCADA an ...)
+ TODO: check
CVE-2019-13536 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple
heap-bas ...)
NOT-FOR-US: Delta Electronics TPEditor
CVE-2019-13535 (In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN)
version 2.1.0 ...)
@@ -37258,10 +37445,10 @@ CVE-2019-12400 (In version 2.0.3 Apache Santuario XML
Security for Java, a cachi
[stretch] - libxml-security-java <not-affected> (Vulnerable code
introduced in 2.0.3)
[jessie] - libxml-security-java <not-affected> (Vulnerable code
introduced in 2.0.3)
NOTE: http://santuario.apache.org/secadv.data/CVE-2019-12400.asc
-CVE-2019-12399
- RESERVED
-CVE-2019-12398
- RESERVED
+CVE-2019-12399 (When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0,
2.1.1, 2.2.0 ...)
+ TODO: check
+CVE-2019-12398 (In Apache Airflow before 1.10.5 when running with the
"classic" UI, a ...)
+ TODO: check
CVE-2019-12397 (Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is
vulnera ...)
NOT-FOR-US: Apache Ranger
CVE-2019-12396
@@ -40816,7 +41003,7 @@ CVE-2019-11137 (Insufficient input validation in system
firmware for Intel(R) Xe
CVE-2019-11136 (Insufficient access control in system firmware for Intel(R)
Xeon(R) Sc ...)
NOT-FOR-US: Intel
CVE-2019-11135 (TSX Asynchronous Abort condition on some CPUs utilizing
speculative ex ...)
- {DSA-4565-1 DSA-4564-1 DLA-2051-1 DLA-1990-1 DLA-1989-1}
+ {DSA-4602-1 DSA-4565-1 DSA-4564-1 DLA-2051-1 DLA-1990-1 DLA-1989-1}
- linux 5.3.9-2
- intel-microcode 3.20191112.1
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
@@ -41282,8 +41469,8 @@ CVE-2019-10997 (An issue was discovered on Phoenix
Contact AXC F 2152 (No.240426
NOT-FOR-US: Phoenix Contact
CVE-2019-10996 (Red Lion Controls Crimson, version 3.0 and prior and version
3.1 prior ...)
NOT-FOR-US: Red Lion Controls Crimson
-CVE-2019-10995
- RESERVED
+CVE-2019-10995 (ABB CP651 HMI products revision BSP UN30 v1.76 and prior
implement hid ...)
+ TODO: check
CVE-2019-10994 (Processing a specially crafted project file in LAquis SCADA
4.3.1.71 m ...)
NOT-FOR-US: LAquis SCADA
CVE-2019-10993 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple
untrusted pointe ...)
@@ -60107,8 +60294,8 @@ CVE-2019-3983 (Blink XT2 Sync Module firmware prior to
2.13.11 allows remote att
NOT-FOR-US: Blink XT2
CVE-2019-3982 (Nessus versions 8.6.0 and earlier were found to contain a
Denial of Se ...)
NOT-FOR-US: Nessus
-CVE-2019-3981
- RESERVED
+CVE-2019-3981 (MikroTik Winbox 3.20 and below is vulnerable to man in the
middle atta ...)
+ TODO: check
CVE-2019-3980 (The Solarwinds Dameware Mini Remote Client agent v12.1.0.89
supports s ...)
NOT-FOR-US: Solarwinds
CVE-2019-3979 (RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below
are vulne ...)
@@ -72645,8 +72832,7 @@ CVE-2019-0220 (A vulnerability was found in Apache HTTP
Server 2.4.0 to 2.4.38.
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0220
NOTE: https://svn.apache.org/r1855737
NOTE: https://svn.apache.org/r1855751
-CVE-2019-0219
- RESERVED
+CVE-2019-0219 (A website running in the InAppBrowser webview on Android could
execute ...)
NOT-FOR-US: Apache Cordova
CVE-2019-0218 (A vulnerability was discovered wherein a specially crafted URL
could e ...)
NOT-FOR-US: Apache Pony Mail
@@ -91679,7 +91865,7 @@ CVE-2018-12209 (Insufficient access control in User
Mode Driver in Intel(R) Grap
CVE-2018-12208 (Buffer overflow in HECI subsystem in Intel(R) CSME before
versions 11. ...)
NOT-FOR-US: Intel
CVE-2018-12207 (Improper invalidation for page table updates by a virtual
guest operat ...)
- {DSA-4564-1 DLA-1990-1}
+ {DSA-4602-1 DSA-4564-1 DLA-1990-1}
- linux 5.3.9-2
[jessie] - linux <ignored> (Untrusted guests are no longer supportable)
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
@@ -209346,8 +209532,7 @@ CVE-2015-8368 (ntopng (aka ntop) before 2.2 allows
remote authenticated users to
NOTE: fixed upstream in 2.2
NOTE: https://www.exploit-db.com/exploits/38836/
NOTE:
https://github.com/ntop/ntopng/commit/2e0620be3410f5e22c9aa47e261bc5a12be692c6
-CVE-2015-8367 [Memory objects are not intialized properly]
- RESERVED
+CVE-2015-8367 (The phase_one_correct function in Libraw before 0.17.1 allows
attacker ...)
- libraw 0.17.1-1 (bug #806809)
[jessie] - libraw 0.16.0-9+deb8u2
[wheezy] - libraw <not-affected> (Vulnerable code not present)
@@ -209366,8 +209551,7 @@ CVE-2015-8367 [Memory objects are not intialized
properly]
[wheezy] - xbmc <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
NOTE: Introduced by:
https://github.com/LibRaw/LibRaw/commit/7b1430c76a19c93f3cc755bb2ff9bda0ba9b4082
(0.15.0)
-CVE-2015-8366 [Index overflow in smal_decode_segment]
- RESERVED
+CVE-2015-8366 (Array index error in smal_decode_segment function in LibRaw
before 0.1 ...)
- libraw 0.17.1-1 (bug #806809)
[jessie] - libraw 0.16.0-9+deb8u2
[wheezy] - libraw <not-affected> (Vulnerable code not present)
@@ -221395,7 +221579,7 @@ CVE-2015-4109 (Multiple SQL injection vulnerabilities
in the ratings module in t
CVE-2015-4108 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Wing FTP ...)
NOT-FOR-US: Wing FTP Server
CVE-2015-4107
- RESERVED
+ REJECTED
CVE-2015-4106 (QEMU does not properly restrict write access to the PCI config
space f ...)
{DSA-3286-1 DSA-3284-1}
- qemu 1:2.3+dfsg-5 (bug #787547)
@@ -224288,8 +224472,7 @@ CVE-2015-3161 (The search bar code in
bkr/server/widgets.py in Beaker before 20.
NOT-FOR-US: Beaker (toolset for managing test labs, not src:beaker in
Debian)
CVE-2015-3160 (XML external entity (XXE) vulnerability in bkr/server/jobs.py
in Beake ...)
NOT-FOR-US: Beaker (toolset for managing test labs, not src:beaker in
Debian)
-CVE-2015-3159
- RESERVED
+CVE-2015-3159 (The abrt-action-install-debuginfo-to-abrt-cache help program in
Automa ...)
NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-3158 (The invokeNextValve function in
identity/federation/bindings/tomcat/id ...)
NOT-FOR-US: PicketLink
@@ -224323,11 +224506,9 @@ CVE-2015-3152 (Oracle MySQL before 5.7.3, Oracle
MySQL Connector/C (aka libmysql
NOTE: http://www.ocert.org/advisories/ocert-2015-003.html
NOTE:
http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/
NOTE: https://mariadb.atlassian.net/browse/MDEV-7937
-CVE-2015-3151 [abrt: directory traversals in several D-Bus methods implemented
by abrt-dbus]
- RESERVED
+CVE-2015-3151 (Directory traversal vulnerability in abrt-dbus in Automatic Bug
Report ...)
NOT-FOR-US: abrt is Red Hat / Fedora specific
-CVE-2015-3150 [abrt: abrt-dbus does not guard against crafted problem
directory path arguments]
- RESERVED
+CVE-2015-3150 (abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local
users to ...)
NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-3149 (The Hotspot component in OpenJDK8 as packaged in Red Hat
Enterprise Li ...)
- openjdk-8 <not-affected> (defective patch not applied)
@@ -224335,8 +224516,7 @@ CVE-2015-3148 (cURL and libcurl 7.10.6 through 7.41.0
do not properly re-use aut
{DSA-3232-1 DLA-211-1}
- curl 7.42.0-1
NOTE: http://curl.haxx.se/docs/adv_20150422B.html
-CVE-2015-3147
- RESERVED
+CVE-2015-3147 (daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool
(ABRT), w ...)
NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-3146 (The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet
handlers in ...)
- libssh 0.6.3-4.2 (bug #784404)
@@ -226765,8 +226945,7 @@ CVE-2015-2327 (PCRE before 8.36 mishandles the
/(((a\2)|(a*)\g<-1>))*/ pat
NOTE: https://bugs.exim.org/show_bug.cgi?id=1503
NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1495
NOTE: http://www.openwall.com/lists/oss-security/2015/05/31/5
-CVE-2015-2326 [heap buffer overflow in pcre_compile2()]
- RESERVED
+CVE-2015-2326 (The pcre_compile2 function in PCRE before 8.37 allows
context-dependen ...)
- pcre3 2:8.35-7.2 (bug #783285)
[jessie] - pcre3 2:8.35-3.3+deb8u1
[wheezy] - pcre3 <not-affected> (Vulnerable code introuced while
refactoring between 8.33 and 8.36)
@@ -226775,8 +226954,7 @@ CVE-2015-2326 [heap buffer overflow in
pcre_compile2()]
NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1529
NOTE: Reproduced invalid read in pcre3/2:8.35-3.3
NOTE: Issue introduced as a side effect of refactoring happened between
8.33 and 8.36
-CVE-2015-2325 [heap buffer overflow in compile_branch()]
- RESERVED
+CVE-2015-2325 (The compile_branch function in PCRE before 8.37 allows
context-depende ...)
- pcre3 2:8.35-7.2 (unimportant; bug #781795)
[jessie] - pcre3 2:8.35-3.3+deb8u1
NOTE: http://bugs.exim.org/show_bug.cgi?id=1591
@@ -228148,8 +228326,7 @@ CVE-2015-1871
RESERVED
CVE-2015-1870 (The event scripts in Automatic Bug Reporting Tool (ABRT) uses
world-re ...)
NOT-FOR-US: abrt is Red Hat / Fedora specific
-CVE-2015-1869
- RESERVED
+CVE-2015-1869 (The default event handling scripts in Automatic Bug Reporting
Tool (AB ...)
NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-1868 (The label decompression functionality in PowerDNS Recursor
3.5.x, 3.6. ...)
- pdns 3.4.4-1
@@ -232900,8 +233077,8 @@ CVE-2015-0559 (Multiple use-after-free
vulnerabilities in epan/dissectors/packet
[squeeze] - wireshark <not-affected> (Only affected 1.10)
[wheezy] - wireshark <not-affected> (Only affected 1.10)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-01.html
-CVE-2015-0558
- RESERVED
+CVE-2015-0558 (The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N
router with ...)
+ TODO: check
CVE-2015-0555 (Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX
control in ...)
NOT-FOR-US: Samsung
CVE-2015-0554 (The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N
router with ...)
@@ -234423,8 +234600,8 @@ CVE-2014-9213
RESERVED
CVE-2014-9212 (Multiple cross-site scripting (XSS) vulnerabilities in Altitude
uAgent ...)
NOT-FOR-US: Altitude uAgent
-CVE-2014-9211
- RESERVED
+CVE-2014-9211 (ClickDesk version 4.3 and below has persistent cross site
scripting ...)
+ TODO: check
CVE-2014-9210
REJECTED
CVE-2014-9209 (Untrusted search path vulnerability in the Clean Utility
application i ...)
@@ -239227,8 +239404,7 @@ CVE-2014-7845 (The generate_password function in
Moodle through 2.4.11, 2.5.x be
- moodle 2.7.5+dfsg-1 (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47050
-CVE-2014-7844
- RESERVED
+CVE-2014-7844 (BSD mailx 8.1.2 and earlier allows remote attackers to execute
arbitra ...)
{DSA-3105-1 DSA-3104-1 DLA-114-1 DLA-113-1}
- bsd-mailx 8.1.2-0.20141216cvs-1
- heirloom-mailx 12.5-3.1 (bug #773417)
@@ -245116,8 +245292,7 @@ CVE-2014-5244
RESERVED
CVE-2014-5239 (The Microsoft Outlook.com application before 7.8.2.12.49.7090
for Andr ...)
NOT-FOR-US: Microsoft
-CVE-2014-5238
- RESERVED
+CVE-2014-5238 (XML external entity (XXE) vulnerability in Open-Xchange (OX)
AppSuite ...)
NOT-FOR-US: Open-Xchange
CVE-2014-5237 (Server-side request forgery (SSRF) vulnerability in the
documentconver ...)
NOT-FOR-US: Open-Xchange
@@ -245553,8 +245728,7 @@ CVE-2014-5139 (The ssl_set_client_disabled function
in t1_lib.c in OpenSSL 1.0.1
{DSA-2998-1}
- openssl 1.0.1i-1
[squeeze] - openssl <not-affected> (vulnerable code not present)
-CVE-2014-5138
- RESERVED
+CVE-2014-5138 (Innovative Interfaces Sierra Library Services Platform 1.2_3
does not ...)
NOT-FOR-US: Sierra Library Services Platform
CVE-2014-5137 (Innovative Interfaces Sierra Library Services Platform 1.2_3
provides ...)
NOT-FOR-US: Sierra Library Services Platform
@@ -246855,13 +247029,11 @@ CVE-2014-4611 (Integer overflow in the LZ4
algorithm implementation, as used in
- lz4 0.0~r119-1
NOTE: Not exploitable for lz* compressed kernel images:
http://fastcompression.blogspot.fr/2014/06/debunking-lz4-20-years-old-bug-myth.html
NOTE: for lz4: https://code.google.com/p/lz4/issues/detail?id=52 and
https://code.google.com/p/lz4/source/detail?r=118
-CVE-2014-4610
- RESERVED
+CVE-2014-4610 (Integer overflow in the get_len function in libavutil/lzo.c in
FFmpeg ...)
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too
many checks missing)
NOTE: Fixed in
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee
-CVE-2014-4609
- RESERVED
+CVE-2014-4609 (Integer overflow in the get_len function in libavutil/lzo.c in
Libav b ...)
{DSA-2977-1}
- libav 6:10.2-1
NOTE:
http://git.libav.org/?p=libav.git;a=commit;h=ccda51b14c0fcae2fad73a24872dce75a7964996
@@ -253274,8 +253446,8 @@ CVE-2014-2273 (The hx170dec device driver in Huawei
P2-6011 before V100R001C00B0
NOT-FOR-US: Huawei Router
CVE-2014-2272
RESERVED
-CVE-2014-2271
- RESERVED
+CVE-2014-2271 (cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft
Office ...)
+ TODO: check
CVE-2014-2269 (modules/Users/ForgotPassword.php in vTiger 6.0 before Security
Patch 2 ...)
NOT-FOR-US: vTiger CRM
CVE-2014-2268 (views/Index.php in the Install module in vTiger 6.0 before
Security Pa ...)
@@ -257914,8 +258086,8 @@ CVE-2013-7190 (Multiple directory traversal
vulnerabilities in iScripts AutoHost
NOT-FOR-US: iScripts AutoHoster
CVE-2013-7186 (Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21)
allows remo ...)
NOT-FOR-US: Steinberg MyMp3PRO
-CVE-2013-7185
- RESERVED
+CVE-2013-7185 (PotPlayer 1.5.40688: .avi File Memory Corruption ...)
+ TODO: check
CVE-2013-7184 (Gretech GOM Media Player 2.2.56.5158 and earlier allows remote
attacke ...)
NOT-FOR-US: Gretech GOM Media Player
CVE-2013-7183 (cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows
remote att ...)
@@ -270928,8 +271100,8 @@ CVE-2013-2775
RESERVED
CVE-2013-2774
RESERVED
-CVE-2013-2773
- RESERVED
+CVE-2013-2773 (Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate
Arbitr ...)
+ TODO: check
CVE-2013-2772
RESERVED
CVE-2013-2771
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b14ea5588d4b0d8334d4379c4ed200da81b2613c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b14ea5588d4b0d8334d4379c4ed200da81b2613c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
