Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8579666b by security tracker role at 2020-01-28T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,451 @@
+CVE-2020-8315 (In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and
3.8 thr ...)
+ TODO: check
+CVE-2020-8314
+ RESERVED
+CVE-2020-8313
+ RESERVED
+CVE-2020-8312
+ RESERVED
+CVE-2020-8311
+ RESERVED
+CVE-2020-8310
+ RESERVED
+CVE-2020-8309
+ RESERVED
+CVE-2020-8308
+ RESERVED
+CVE-2020-8307
+ RESERVED
+CVE-2020-8306
+ RESERVED
+CVE-2020-8305
+ RESERVED
+CVE-2020-8304
+ RESERVED
+CVE-2020-8303
+ RESERVED
+CVE-2020-8302
+ RESERVED
+CVE-2020-8301
+ RESERVED
+CVE-2020-8300
+ RESERVED
+CVE-2020-8299
+ RESERVED
+CVE-2020-8298
+ RESERVED
+CVE-2020-8297
+ RESERVED
+CVE-2020-8296
+ RESERVED
+CVE-2020-8295
+ RESERVED
+CVE-2020-8294
+ RESERVED
+CVE-2020-8293
+ RESERVED
+CVE-2020-8292
+ RESERVED
+CVE-2020-8291
+ RESERVED
+CVE-2020-8290
+ RESERVED
+CVE-2020-8289
+ RESERVED
+CVE-2020-8288
+ RESERVED
+CVE-2020-8287
+ RESERVED
+CVE-2020-8286
+ RESERVED
+CVE-2020-8285
+ RESERVED
+CVE-2020-8284
+ RESERVED
+CVE-2020-8283
+ RESERVED
+CVE-2020-8282
+ RESERVED
+CVE-2020-8281
+ RESERVED
+CVE-2020-8280
+ RESERVED
+CVE-2020-8279
+ RESERVED
+CVE-2020-8278
+ RESERVED
+CVE-2020-8277
+ RESERVED
+CVE-2020-8276
+ RESERVED
+CVE-2020-8275
+ RESERVED
+CVE-2020-8274
+ RESERVED
+CVE-2020-8273
+ RESERVED
+CVE-2020-8272
+ RESERVED
+CVE-2020-8271
+ RESERVED
+CVE-2020-8270
+ RESERVED
+CVE-2020-8269
+ RESERVED
+CVE-2020-8268
+ RESERVED
+CVE-2020-8267
+ RESERVED
+CVE-2020-8266
+ RESERVED
+CVE-2020-8265
+ RESERVED
+CVE-2020-8264
+ RESERVED
+CVE-2020-8263
+ RESERVED
+CVE-2020-8262
+ RESERVED
+CVE-2020-8261
+ RESERVED
+CVE-2020-8260
+ RESERVED
+CVE-2020-8259
+ RESERVED
+CVE-2020-8258
+ RESERVED
+CVE-2020-8257
+ RESERVED
+CVE-2020-8256
+ RESERVED
+CVE-2020-8255
+ RESERVED
+CVE-2020-8254
+ RESERVED
+CVE-2020-8253
+ RESERVED
+CVE-2020-8252
+ RESERVED
+CVE-2020-8251
+ RESERVED
+CVE-2020-8250
+ RESERVED
+CVE-2020-8249
+ RESERVED
+CVE-2020-8248
+ RESERVED
+CVE-2020-8247
+ RESERVED
+CVE-2020-8246
+ RESERVED
+CVE-2020-8245
+ RESERVED
+CVE-2020-8244
+ RESERVED
+CVE-2020-8243
+ RESERVED
+CVE-2020-8242
+ RESERVED
+CVE-2020-8241
+ RESERVED
+CVE-2020-8240
+ RESERVED
+CVE-2020-8239
+ RESERVED
+CVE-2020-8238
+ RESERVED
+CVE-2020-8237
+ RESERVED
+CVE-2020-8236
+ RESERVED
+CVE-2020-8235
+ RESERVED
+CVE-2020-8234
+ RESERVED
+CVE-2020-8233
+ RESERVED
+CVE-2020-8232
+ RESERVED
+CVE-2020-8231
+ RESERVED
+CVE-2020-8230
+ RESERVED
+CVE-2020-8229
+ RESERVED
+CVE-2020-8228
+ RESERVED
+CVE-2020-8227
+ RESERVED
+CVE-2020-8226
+ RESERVED
+CVE-2020-8225
+ RESERVED
+CVE-2020-8224
+ RESERVED
+CVE-2020-8223
+ RESERVED
+CVE-2020-8222
+ RESERVED
+CVE-2020-8221
+ RESERVED
+CVE-2020-8220
+ RESERVED
+CVE-2020-8219
+ RESERVED
+CVE-2020-8218
+ RESERVED
+CVE-2020-8217
+ RESERVED
+CVE-2020-8216
+ RESERVED
+CVE-2020-8215
+ RESERVED
+CVE-2020-8214
+ RESERVED
+CVE-2020-8213
+ RESERVED
+CVE-2020-8212
+ RESERVED
+CVE-2020-8211
+ RESERVED
+CVE-2020-8210
+ RESERVED
+CVE-2020-8209
+ RESERVED
+CVE-2020-8208
+ RESERVED
+CVE-2020-8207
+ RESERVED
+CVE-2020-8206
+ RESERVED
+CVE-2020-8205
+ RESERVED
+CVE-2020-8204
+ RESERVED
+CVE-2020-8203
+ RESERVED
+CVE-2020-8202
+ RESERVED
+CVE-2020-8201
+ RESERVED
+CVE-2020-8200
+ RESERVED
+CVE-2020-8199
+ RESERVED
+CVE-2020-8198
+ RESERVED
+CVE-2020-8197
+ RESERVED
+CVE-2020-8196
+ RESERVED
+CVE-2020-8195
+ RESERVED
+CVE-2020-8194
+ RESERVED
+CVE-2020-8193
+ RESERVED
+CVE-2020-8192
+ RESERVED
+CVE-2020-8191
+ RESERVED
+CVE-2020-8190
+ RESERVED
+CVE-2020-8189
+ RESERVED
+CVE-2020-8188
+ RESERVED
+CVE-2020-8187
+ RESERVED
+CVE-2020-8186
+ RESERVED
+CVE-2020-8185
+ RESERVED
+CVE-2020-8184
+ RESERVED
+CVE-2020-8183
+ RESERVED
+CVE-2020-8182
+ RESERVED
+CVE-2020-8181
+ RESERVED
+CVE-2020-8180
+ RESERVED
+CVE-2020-8179
+ RESERVED
+CVE-2020-8178
+ RESERVED
+CVE-2020-8177
+ RESERVED
+CVE-2020-8176
+ RESERVED
+CVE-2020-8175
+ RESERVED
+CVE-2020-8174
+ RESERVED
+CVE-2020-8173
+ RESERVED
+CVE-2020-8172
+ RESERVED
+CVE-2020-8171
+ RESERVED
+CVE-2020-8170
+ RESERVED
+CVE-2020-8169
+ RESERVED
+CVE-2020-8168
+ RESERVED
+CVE-2020-8167
+ RESERVED
+CVE-2020-8166
+ RESERVED
+CVE-2020-8165
+ RESERVED
+CVE-2020-8164
+ RESERVED
+CVE-2020-8163
+ RESERVED
+CVE-2020-8162
+ RESERVED
+CVE-2020-8161
+ RESERVED
+CVE-2020-8160
+ RESERVED
+CVE-2020-8159
+ RESERVED
+CVE-2020-8158
+ RESERVED
+CVE-2020-8157
+ RESERVED
+CVE-2020-8156
+ RESERVED
+CVE-2020-8155
+ RESERVED
+CVE-2020-8154
+ RESERVED
+CVE-2020-8153
+ RESERVED
+CVE-2020-8152
+ RESERVED
+CVE-2020-8151
+ RESERVED
+CVE-2020-8150
+ RESERVED
+CVE-2020-8149
+ RESERVED
+CVE-2020-8148
+ RESERVED
+CVE-2020-8147
+ RESERVED
+CVE-2020-8146
+ RESERVED
+CVE-2020-8145
+ RESERVED
+CVE-2020-8144
+ RESERVED
+CVE-2020-8143
+ RESERVED
+CVE-2020-8142
+ RESERVED
+CVE-2020-8141
+ RESERVED
+CVE-2020-8140
+ RESERVED
+CVE-2020-8139
+ RESERVED
+CVE-2020-8138
+ RESERVED
+CVE-2020-8137
+ RESERVED
+CVE-2020-8136
+ RESERVED
+CVE-2020-8135
+ RESERVED
+CVE-2020-8134
+ RESERVED
+CVE-2020-8133
+ RESERVED
+CVE-2020-8132
+ RESERVED
+CVE-2020-8131
+ RESERVED
+CVE-2020-8130
+ RESERVED
+CVE-2020-8129
+ RESERVED
+CVE-2020-8128
+ RESERVED
+CVE-2020-8127
+ RESERVED
+CVE-2020-8126
+ RESERVED
+CVE-2020-8125
+ RESERVED
+CVE-2020-8124
+ RESERVED
+CVE-2020-8123
+ RESERVED
+CVE-2020-8122
+ RESERVED
+CVE-2020-8121
+ RESERVED
+CVE-2020-8120
+ RESERVED
+CVE-2020-8119
+ RESERVED
+CVE-2020-8118
+ RESERVED
+CVE-2020-8117
+ RESERVED
+CVE-2020-8116
+ RESERVED
+CVE-2020-8115
+ RESERVED
+CVE-2020-8114
+ RESERVED
+CVE-2020-8113
+ RESERVED
+CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1
through ...)
+ TODO: check
+CVE-2020-8111
+ RESERVED
+CVE-2020-8110
+ RESERVED
+CVE-2020-8109
+ RESERVED
+CVE-2020-8108
+ RESERVED
+CVE-2020-8107
+ RESERVED
+CVE-2020-8106
+ RESERVED
+CVE-2020-8105
+ RESERVED
+CVE-2020-8104
+ RESERVED
+CVE-2020-8103
+ RESERVED
+CVE-2020-8102
+ RESERVED
+CVE-2020-8101
+ RESERVED
+CVE-2020-8100
+ RESERVED
+CVE-2020-8099
+ RESERVED
+CVE-2020-8098
+ RESERVED
+CVE-2020-8097
+ RESERVED
+CVE-2020-8096
+ RESERVED
+CVE-2020-8095
+ RESERVED
+CVE-2020-8094
+ RESERVED
+CVE-2020-8093
+ RESERVED
+CVE-2020-8092
+ RESERVED
CVE-2020-8091 (svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could
allow a ...)
NOT-FOR-US: TYPO3
CVE-2020-8090 (The Username field in the Storage Service settings of A1 WLAN
Box ADB ...)
@@ -28,8 +476,8 @@ CVE-2019-20435 (An issue was discovered in WSO2 API Manager
2.6.0. A reflected X
NOT-FOR-US: WSO2
CVE-2019-20434 (An issue was discovered in WSO2 API Manager 2.6.0. A potential
Reflect ...)
NOT-FOR-US: WSO2
-CVE-2020-8086
- RESERVED
+CVE-2020-8086 (The mod_auth_ldap and mod_auth_ldap2 Community Modules through
2020-01 ...)
+ TODO: check
CVE-2020-8085
RESERVED
CVE-2020-8084
@@ -371,8 +819,8 @@ CVE-2020-7936 (An open redirect on the login form (and
possibly other places) in
NOT-FOR-US: Plone
CVE-2020-7935
RESERVED
-CVE-2020-7934
- RESERVED
+CVE-2020-7934 (In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name,
Middle Name, ...)
+ TODO: check
CVE-2020-7933
RESERVED
CVE-2020-7932
@@ -722,8 +1170,8 @@ CVE-2020-7801
RESERVED
CVE-2020-7800
RESERVED
-CVE-2020-7799
- RESERVED
+CVE-2020-7799 (An issue was discovered in FusionAuth before 1.11.0. An
authenticated ...)
+ TODO: check
CVE-2020-7798
RESERVED
CVE-2020-7797
@@ -1843,7 +2291,7 @@ CVE-2020-7247
RESERVED
CVE-2020-7246 (A remote code execution (RCE) vulnerability exists in qdPM 9.1
and ear ...)
NOT-FOR-US: qdPM
-CVE-2020-7245 (Incorrect username validation in the registration processes of
CTFd th ...)
+CVE-2020-7245 (Incorrect username validation in the registration process of
CTFd v2.0 ...)
NOT-FOR-US: CTFd
CVE-2020-7244 (Comtech Stampede FX-1010 7.4.3 devices allow remote
authenticated admi ...)
NOT-FOR-US: Comtech Stampede FX-1010 devices
@@ -2701,6 +3149,7 @@ CVE-2020-6853
CVE-2020-6852
RESERVED
CVE-2020-6851 (OpenJPEG through 2.3.1 has a heap-based buffer overflow in
opj_t1_clbl ...)
+ {DLA-2081-1}
- openjpeg2 <unfixed> (bug #950000)
[buster] - openjpeg2 <no-dsa> (Minor issue)
[stretch] - openjpeg2 <no-dsa> (Minor issue)
@@ -6192,18 +6641,18 @@ CVE-2020-5216 (In Secure Headers (RubyGem
secure_headers), a directive injection
NOTE:
https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0
CVE-2020-5215
RESERVED
-CVE-2020-5214
- RESERVED
-CVE-2020-5213
- RESERVED
-CVE-2020-5212
- RESERVED
-CVE-2020-5211
- RESERVED
-CVE-2020-5210
- RESERVED
-CVE-2020-5209
- RESERVED
+CVE-2020-5214 (In NetHack before 3.6.5, detecting an unknown configuration
file optio ...)
+ TODO: check
+CVE-2020-5213 (In NetHack before 3.6.5, too long of a value for the SYMBOL
configurat ...)
+ TODO: check
+CVE-2020-5212 (In NetHack before 3.6.5, an extremely long value for the
MENUCOLOR con ...)
+ TODO: check
+CVE-2020-5211 (In NetHack before 3.6.5, an invalid extended command in value
for the ...)
+ TODO: check
+CVE-2020-5210 (In NetHack before 3.6.5, an invalid argument to the -w command
line op ...)
+ TODO: check
+CVE-2020-5209 (In NetHack before 3.6.5, unknown options starting with -de and
-i can ...)
+ TODO: check
CVE-2020-5208
RESERVED
CVE-2020-5207 (In Ktor before 1.3.0, request smuggling is possible when
running behin ...)
@@ -8655,8 +9104,8 @@ CVE-2020-4209
RESERVED
CVE-2020-4208
RESERVED
-CVE-2020-4207
- RESERVED
+CVE-2020-4207 (IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and
5.0.0.2 ...)
+ TODO: check
CVE-2020-4206
RESERVED
CVE-2020-4205
@@ -14973,8 +15422,8 @@ CVE-2020-1942
RESERVED
CVE-2020-1941
RESERVED
-CVE-2020-1940
- RESERVED
+CVE-2020-1940 (The optional initial password change and password expiration
features ...)
+ TODO: check
CVE-2020-1939
RESERVED
CVE-2020-1938
@@ -24300,8 +24749,8 @@ CVE-2019-17352 (In JFinal cos before 2019-08-13, as
used in JFinal 4.4, there is
NOT-FOR-US: JFinal
CVE-2019-17339
RESERVED
-CVE-2019-17338
- RESERVED
+CVE-2019-17338 (The user interface component of TIBCO Software Inc.'s TIBCO
Patterns - ...)
+ TODO: check
CVE-2019-17337 (The Spotfire library component of TIBCO Software Inc.'s TIBCO
Spotfire ...)
NOT-FOR-US: TIBCO
CVE-2019-17336 (The Data access layer component of TIBCO Software Inc.'s TIBCO
Spotfir ...)
@@ -24829,8 +25278,8 @@ CVE-2019-17098
RESERVED
CVE-2019-17097
RESERVED
-CVE-2019-17096
- RESERVED
+CVE-2019-17096 (A OS Command Injection vulnerability in the bootstrap stage of
Bitdefe ...)
+ TODO: check
CVE-2019-17095 (A command injection vulnerability has been discovered in the
bootstrap ...)
NOT-FOR-US: Bitdefender BOX 2
CVE-2019-17094 (A Stack-based Buffer Overflow vulnerability in
libbelkin_api.so compon ...)
@@ -37993,7 +38442,7 @@ CVE-2019-13128 (An issue was discovered on D-Link
DIR-823G devices with firmware
NOT-FOR-US: D-Link
CVE-2019-13127 (An issue was discovered in mxGraph through 4.0.0, related to
the "draw ...)
NOT-FOR-US: mxGraph
-CVE-2019-13126 (An integer overflow in NATS Server 2.0.0 allows a remote
attacker to c ...)
+CVE-2019-13126 (An integer overflow in NATS Server before 2.0.2 allows a
remote attack ...)
NOT-FOR-US: NATS Server
CVE-2019-13125 (HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers
to evad ...)
NOT-FOR-US: Tencent
@@ -61419,8 +61868,8 @@ CVE-2019-4709
RESERVED
CVE-2019-4708
RESERVED
-CVE-2019-4707
- RESERVED
+CVE-2019-4707 (IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to
an XML ...)
+ TODO: check
CVE-2019-4706
RESERVED
CVE-2019-4705
@@ -61475,8 +61924,8 @@ CVE-2019-4681
RESERVED
CVE-2019-4680
RESERVED
-CVE-2019-4679
- RESERVED
+CVE-2019-4679 (IBM Content Navigator 3.0CD could allow an authenticated user
to gain ...)
+ TODO: check
CVE-2019-4678
RESERVED
CVE-2019-4677
@@ -61555,24 +62004,24 @@ CVE-2019-4641
RESERVED
CVE-2019-4640
RESERVED
-CVE-2019-4639
- RESERVED
-CVE-2019-4638
- RESERVED
-CVE-2019-4637
- RESERVED
-CVE-2019-4636
- RESERVED
-CVE-2019-4635
- RESERVED
+CVE-2019-4639 (IBM Security Secret Server 10.7 uses weaker than expected
cryptographi ...)
+ TODO: check
+CVE-2019-4638 (IBM Security Secret Server 10.7 does not set the secure
attribute on a ...)
+ TODO: check
+CVE-2019-4637 (IBM Security Secret Server 10.7 uses incomplete blacklisting
for input ...)
+ TODO: check
+CVE-2019-4636 (IBM Security Secret Server 10.7 could disclose sensitive
information t ...)
+ TODO: check
+CVE-2019-4635 (IBM Security Secret Server 10.7 could allow a privileged user
to perfo ...)
+ TODO: check
CVE-2019-4634
RESERVED
-CVE-2019-4633
- RESERVED
-CVE-2019-4632
- RESERVED
-CVE-2019-4631
- RESERVED
+CVE-2019-4633 (IBM Security Secret Server 10.7 could allow an attacker to
obtain sens ...)
+ TODO: check
+CVE-2019-4632 (IBM Security Secret Server 10.7 is vulnerable to cross-site
scripting. ...)
+ TODO: check
+CVE-2019-4631 (IBM Security Secret Server 10.7 could allow a remote attacker
to condu ...)
+ TODO: check
CVE-2019-4630
RESERVED
CVE-2019-4629
@@ -61593,8 +62042,8 @@ CVE-2019-4622
RESERVED
CVE-2019-4621 (IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0
through 2 ...)
NOT-FOR-US: IBM
-CVE-2019-4620
- RESERVED
+CVE-2019-4620 (IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker
to bypas ...)
+ TODO: check
CVE-2019-4619
RESERVED
CVE-2019-4618
@@ -61605,8 +62054,8 @@ CVE-2019-4616
RESERVED
CVE-2019-4615
RESERVED
-CVE-2019-4614
- RESERVED
+CVE-2019-4614 (IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting
to a Que ...)
+ TODO: check
CVE-2019-4613
RESERVED
CVE-2019-4612 (IBM Planning Analytics 2.0 is vulnerable to malicious file
upload in t ...)
@@ -61697,8 +62146,8 @@ CVE-2019-4570 (IBM Tivoli Netcool Impact 7.1.0 through
7.1.0.16 generates an err
NOT-FOR-US: IBM
CVE-2019-4569 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.16 is
vulnerable to cr ...)
NOT-FOR-US: IBM
-CVE-2019-4568
- RESERVED
+CVE-2019-4568 (IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a
remote attac ...)
+ TODO: check
CVE-2019-4567
RESERVED
CVE-2019-4566 (IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user
credentia ...)
@@ -213723,8 +214172,7 @@ CVE-2015-7852 (ntpq in NTP 4.2.x before 4.2.8p4, and
4.3.x before 4.3.77 allows
- ntp 1:4.2.8p4+dfsg-1
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE:
https://github.com/ntp-project/ntp/commit/07a5b8141e354a998a52994c3c9cd547927e56ce
-CVE-2015-7851
- RESERVED
+CVE-2015-7851 (Directory traversal vulnerability in the save_config function
in ntpd ...)
{DSA-3388-1 DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
[jessie] - ntp <no-dsa> (Vulnerability only affects VMS)
@@ -213879,16 +214327,14 @@ CVE-2013-7445 (The Direct Rendering Manager (DRM)
subsystem in the Linux kernel
[jessie] - linux-4.9 <ignored> (Minor issue, requires invasive changes)
- linux-2.6 <removed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=60533
-CVE-2015-8011 [lldpd: buffer overflow when handling management address TLV]
- RESERVED
+CVE-2015-8011 (Buffer overflow in the lldp_decode function in
daemon/protocols/lldp.c ...)
- lldpd 0.7.19-1
[jessie] - lldpd 0.7.11-2+deb8u1
[wheezy] - lldpd <not-affected> (Vulnerable code not present)
[squeeze] - lldpd <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
NOTE: http://www.openwall.com/lists/oss-security/2015/10/16/2
-CVE-2015-8012 [lldpd: asserts triggered by malformed packets]
- RESERVED
+CVE-2015-8012 (lldpd before 0.8.0 allows remote attackers to cause a denial of
servic ...)
- lldpd 0.7.19-1
[jessie] - lldpd 0.7.11-2+deb8u1
[wheezy] - lldpd <not-affected> (Vulnerable code not present)
@@ -251351,8 +251797,7 @@ CVE-2014-3858
RESERVED
CVE-2014-3857 (Multiple SQL injection vulnerabilities in Kerio Control
Statistics in ...)
NOT-FOR-US: Kerio Control
-CVE-2014-3856
- RESERVED
+CVE-2014-3856 (The funced function in fish (aka fish-shell) 1.23.0 before
2.1.1 does ...)
- fish 2.1.1-1 (low; bug #746259)
[squeeze] - fish <no-dsa> (Minor issue)
[wheezy] - fish <no-dsa> (Minor issue)
@@ -252796,8 +253241,8 @@ CVE-2014-3447 (BSS Continuity CMS 4.2.22640.0 has a
Remote Denial Of Service vul
NOT-FOR-US: BSS Continuity CMS
CVE-2014-3446 (SQL injection vulnerability in
wcm/system/pages/admin/getnode.aspx in ...)
NOT-FOR-US: BSS Continuity CMS
-CVE-2014-3445
- RESERVED
+CVE-2014-3445 (backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not
require ...)
+ TODO: check
CVE-2014-3730 (The django.util.http.is_safe_url function in Django 1.4 before
1.4.13, ...)
{DSA-2934-1}
- python-django 1.6.5-1
@@ -253658,8 +254103,7 @@ CVE-2014-3209 (The ldns-keygen tool in ldns 1.6.x
uses the current umask to set
- ldns 1.6.17-4 (low; bug #746758)
[squeeze] - ldns <no-dsa> (Minor issue)
[wheezy] - ldns 1.6.13-1+deb7u1
-CVE-2014-3230 [HTTPS_CA_DIR or HTTPS_CA_FILE disables peer certificate
verification for IO::Socket::SSL]
- RESERVED
+CVE-2014-3230 (The libwww-perl LWP::Protocol::https module 6.04 through 6.06
for Perl ...)
- liblwp-protocol-https-perl 6.04-3 (bug #746579)
[wheezy] - liblwp-protocol-https-perl <not-affected> (Introduced by
bcc46ce2dab53d2e2baa583f2243d6fc7d36dcc8 in 6.04)
NOTE: Introduced by
https://github.com/dagolden/lwp-protocol-https/commit/bcc46ce2dab53d2e2baa583f2243d6fc7d36dcc8
@@ -254151,8 +254595,7 @@ CVE-2014-2917
RESERVED
CVE-2014-2916 (Cross-site request forgery (CSRF) vulnerability in the
subscription pa ...)
NOT-FOR-US: subscription page editor
-CVE-2014-2914 [remote code execution]
- RESERVED
+CVE-2014-2914 (fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict
access to t ...)
- fish 2.1.1-1 (bug #746259)
[wheezy] - fish <not-affected> (Web interface not yet present)
[squeeze] - fish <not-affected> (Web interface not yet present)
@@ -254167,8 +254610,7 @@ CVE-2014-2909 (CRLF injection vulnerability in the
integrated web server on Siem
NOT-FOR-US: Siemens
CVE-2014-2908 (Cross-site scripting (XSS) vulnerability in the integrated web
server ...)
NOT-FOR-US: Siemens
-CVE-2014-2906 [unsafe temporary file creationg leading to privilege escalation]
- RESERVED
+CVE-2014-2906 (The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1
does no ...)
- fish 2.1.1-1 (low; bug #746259)
[squeeze] - fish <no-dsa> (Minor issue)
[wheezy] - fish <no-dsa> (Minor issue)
@@ -254274,14 +254716,11 @@ CVE-2014-2900 (wolfSSL CyaSSL before 2.9.4 does not
properly validate X.509 cert
- cyassl 2.9.4+dfsg-1
CVE-2014-2899 (wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a
denial ...)
- cyassl 2.9.4+dfsg-1
-CVE-2014-2898
- RESERVED
+CVE-2014-2898 (wolfSSL CyaSSL before 2.9.4 allows remote attackers to have
unspecifie ...)
- cyassl 2.9.4+dfsg-1
-CVE-2014-2897
- RESERVED
+CVE-2014-2897 (The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before
2.9.4 does ...)
- cyassl 2.9.4+dfsg-1
-CVE-2014-2896
- RESERVED
+CVE-2014-2896 (The DoAlert function in the (1) TLS and (2) DTLS
implementations in wo ...)
- cyassl 2.9.4+dfsg-1
CVE-2014-2890 (Cross-site scripting (XSS) vulnerability in the wrap_html
function in ...)
- phpmyid <itp> (bug #492325)
@@ -255279,8 +255718,7 @@ CVE-2014-2532 (sshd in OpenSSH before 6.6 does not
properly support wildcards on
- openssh 1:6.6p1-1
NOTE: Default sshd_config in Debian has AcceptEnv LANG LC_*
NOTE:
http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2
-CVE-2014-2581 [credentials cache leak]
- RESERVED
+CVE-2014-2581 (Smb4K before 1.1.1 allows remote attackers to obtain
credentials via v ...)
- smb4k 1.1.2-1 (low; bug #742816)
[wheezy] - smb4k <no-dsa> (Minor issue)
[squeeze] - smb4k <no-dsa> (Minor issue)
@@ -262987,10 +263425,10 @@ CVE-2013-6870 (Cross-site scripting (XSS)
vulnerability in Splunk Web in Splunk
NOT-FOR-US: Splunk Web
CVE-2012-6611
RESERVED
-CVE-2012-6610
- RESERVED
-CVE-2012-6609
- RESERVED
+CVE-2012-6610 (Polycom HDX Video End Points before 3.0.4 and UC APL before
2.7.1.J al ...)
+ TODO: check
+CVE-2012-6609 (Directory traversal vulnerability in a_getlog.cgi in Polycom
HDX Video ...)
+ TODO: check
CVE-2012-6608 (Cross-site scripting (XSS) vulnerability in
xmlservices/E_book.php in ...)
NOT-FOR-US: Elastix
CVE-2013-6885 (The microcode on AMD 16h 00h through 0Fh processors does not
properly ...)
@@ -264097,8 +264535,7 @@ CVE-2013-6456 (The LXC driver (lxc/lxc_driver.c) in
libvirt 1.0.1 through 1.2.1
- libvirt 1.2.3-1 (bug #732394)
[wheezy] - libvirt <not-affected> (Vulnerable code not present,
introduced in v1.0.1)
[squeeze] - libvirt <not-affected> (Vulnerable code not present,
introduced in v1.0.1)
-CVE-2013-6455
- RESERVED
+CVE-2013-6455 (The CentralAuth extension for MediaWiki before 1.19.10, 1.2x
before 1. ...)
NOT-FOR-US: Mediawiki CentralAuth extension
CVE-2013-6454 (Cross-site scripting (XSS) vulnerability in MediaWiki before
1.19.10, ...)
{DSA-2891-1}
@@ -264115,8 +264552,7 @@ CVE-2013-6452 (Cross-site scripting (XSS)
vulnerability in MediaWiki before 1.19
- mediawiki 1:1.19.10+dfsg-1
[squeeze] - mediawiki <end-of-life>
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=57550
-CVE-2013-6451
- RESERVED
+CVE-2013-6451 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9
before 1. ...)
- mediawiki 1:1.19.10+dfsg-1
[squeeze] - mediawiki <end-of-life>
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=58088
@@ -268021,16 +268457,16 @@ CVE-2013-4867 (Electronic Arts Karotz Smart Rabbit
12.07.19.00 allows Python mod
NOT-FOR-US: Electronic Arts Karotz Smart Rabbit
CVE-2013-4866 (The LIXIL Corporation My SATIS Genius Toilet application for
Android h ...)
NOT-FOR-US: LIXIL Corporation My SATIS Genius Toilet application for
Android
-CVE-2013-4865
- RESERVED
-CVE-2013-4864
- RESERVED
-CVE-2013-4863
- RESERVED
-CVE-2013-4862
- RESERVED
-CVE-2013-4861
- RESERVED
+CVE-2013-4865 (Cross-site request forgery (CSRF) vulnerability in
upgrade_step2.sh in ...)
+ TODO: check
+CVE-2013-4864 (MiCasaVerde VeraLite with firmware 1.5.408 allows remote
attackers to ...)
+ TODO: check
+CVE-2013-4863 (The HomeAutomationGateway service in MiCasaVerde VeraLite with
firmwar ...)
+ TODO: check
+CVE-2013-4862 (MiCasaVerde VeraLite with firmware 1.5.408 does not properly
restrict ...)
+ TODO: check
+CVE-2013-4861 (Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in
MiCasa ...)
+ TODO: check
CVE-2013-4860 (Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier
does n ...)
NOT-FOR-US: Radio Thermostat
CVE-2013-4859 (INSTEON Hub 2242-222 lacks Web and API authentication ...)
@@ -268701,11 +269137,9 @@ CVE-2013-4584 (Perdition before 2.2 may have weak
security when handling outboun
- perdition 2.1-1 (low; bug #729028)
[wheezy] - perdition <no-dsa> (Minor issue)
[squeeze] - perdition <no-dsa> (Minor issue)
-CVE-2013-4583
- RESERVED
+CVE-2013-4583 (The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0
before 5.4 ...)
- gitlab <not-affected> (Fixed before initial upload to Debian)
-CVE-2013-4582 [Local file inclusion vulnerability]
- RESERVED
+CVE-2013-4582 (The (1) create_branch, (2) create_tag, (3) import_project, and
(4) for ...)
- gitlab <not-affected> (Fixed before initial upload to Debian)
CVE-2013-4581 (GitLab 5.0 before 5.4.2, Community Edition before 6.2.4,
Enterprise Ed ...)
- gitlab <not-affected> (Fixed before initial upload to Debian)
@@ -274062,8 +274496,8 @@ CVE-2013-2573
RESERVED
CVE-2013-2572
RESERVED
-CVE-2013-2571
- RESERVED
+CVE-2013-2571 (Iris 3.8 before build 1548, as used in Xpient point of sale
(POS) syst ...)
+ TODO: check
CVE-2013-2570
RESERVED
CVE-2013-2569
@@ -275680,8 +276114,7 @@ CVE-2013-2061 (The openvpn_decrypt function in
crypto.c in OpenVPN 2.3.0 and ear
[squeeze] - openvpn 2.1.3-2+squeeze2
[wheezy] - openvpn 2.2.1-8+deb7u1
NOTE:
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc
-CVE-2013-2060
- RESERVED
+CVE-2013-2060 (The download_from_url function in OpenShift Origin allows
remote attac ...)
NOT-FOR-US: OpenShift
CVE-2013-2059 (OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier,
Grizzly bef ...)
- keystone 2013.1.1-2 (bug #707598)
@@ -276220,8 +276653,7 @@ CVE-2013-1896 (mod_dav.c in the Apache HTTP Server
before 2.2.25 does not proper
[wheezy] - apache2 2.2.22-13+deb7u1
[squeeze] - apache2 2.2.16-6+squeeze12
NOTE: http://www.gossamer-threads.com/lists/apache/announce/427633
-CVE-2013-1895 [concurrency issue leading to auth bypass]
- RESERVED
+CVE-2013-1895 (The py-bcrypt module before 0.3 for Python does not properly
handle co ...)
- python-bcrypt 0.4-1 (bug #704030)
[squeeze] - python-bcrypt <not-affected> (thread support only
introduced after 0.1 release)
NOTE:
https://code.google.com/p/py-bcrypt/source/detail?r=b03cc5246ea21a839fd027da5616d8d470247558
@@ -277919,8 +278351,7 @@ CVE-2013-1438 (Unspecified vulnerability in dcraw
0.8.x through 0.8.9, as used i
- rawstudio <removed> (unimportant; bug #721237)
- rawtherapee <not-affected> (unimportant; bug #721238)
NOTE: Starting with 2:13.2+dfsg1-5 xbmc is a transitional package
-CVE-2013-1437 [Code execution when gathering version metadata]
- RESERVED
+CVE-2013-1437 (Eval injection vulnerability in the Module-Metadata module
before 1.00 ...)
- perl 5.18.1-2
[wheezy] - perl <not-affected> (Bug was introduced later)
[squeeze] - perl <not-affected> (Does not yet contain Module::Metadata)
@@ -281228,8 +281659,7 @@ CVE-2013-0296 (Race condition in pigz before 2.2.5
uses permissions derived from
[squeeze] - pigz 2.1.6-1+squeeze1
CVE-2013-0295 [CreateID() creates serialized packet IDs for RADIUS]
RESERVED
-CVE-2013-0294 [potentially predictable password hashing]
- RESERVED
+CVE-2013-0294 (packet.py in pyrad before 2.1 uses weak random numbers to
generate RAD ...)
- pyrad 2.0-2 (low; bug #700669)
[wheezy] - pyrad 1.2-1+deb7u2
[squeeze] - pyrad 1.2-1+deb6u1
@@ -282306,8 +282736,7 @@ CVE-2012-6116 (modules/certs/manifests/config.pp in
katello-configure before 1.3
NOTE: Candlepin
CVE-2012-6115 (The domain management tool (rhevm-manage-domains) in Red Hat
Enterpris ...)
NOTE: RHEV management tool
-CVE-2012-6114 [temp file vulnerability in git-extras]
- RESERVED
+CVE-2012-6114 (The git-changelog utility in git-extras 1.7.0 allows local
users to ov ...)
- git-extras 1.7.0-1.2 (bug #698490)
CVE-2012-6113 (The openssl_encrypt function in ext/openssl/openssl.c in PHP
5.3.9 thr ...)
- php5 5.4.0~beta2-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8579666be07cd6711dfd41df745f137de5db50a5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8579666be07cd6711dfd41df745f137de5db50a5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
