Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e164a3e7 by security tracker role at 2020-02-06T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,223 @@
+CVE-2020-8775
+ RESERVED
+CVE-2020-8774
+ RESERVED
+CVE-2020-8773
+ RESERVED
+CVE-2020-8772 (The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a
missin ...)
+ TODO: check
+CVE-2020-8771 (The Time Capsule plugin before 1.21.16 for WordPress has an
authentica ...)
+ TODO: check
+CVE-2020-8770
+ RESERVED
+CVE-2020-8769
+ RESERVED
+CVE-2020-8768
+ RESERVED
+CVE-2020-8767
+ RESERVED
+CVE-2020-8766
+ RESERVED
+CVE-2020-8765
+ RESERVED
+CVE-2020-8764
+ RESERVED
+CVE-2020-8763
+ RESERVED
+CVE-2020-8762
+ RESERVED
+CVE-2020-8761
+ RESERVED
+CVE-2020-8760
+ RESERVED
+CVE-2020-8759
+ RESERVED
+CVE-2020-8758
+ RESERVED
+CVE-2020-8757
+ RESERVED
+CVE-2020-8756
+ RESERVED
+CVE-2020-8755
+ RESERVED
+CVE-2020-8754
+ RESERVED
+CVE-2020-8753
+ RESERVED
+CVE-2020-8752
+ RESERVED
+CVE-2020-8751
+ RESERVED
+CVE-2020-8750
+ RESERVED
+CVE-2020-8749
+ RESERVED
+CVE-2020-8748
+ RESERVED
+CVE-2020-8747
+ RESERVED
+CVE-2020-8746
+ RESERVED
+CVE-2020-8745
+ RESERVED
+CVE-2020-8744
+ RESERVED
+CVE-2020-8743
+ RESERVED
+CVE-2020-8742
+ RESERVED
+CVE-2020-8741
+ RESERVED
+CVE-2020-8740
+ RESERVED
+CVE-2020-8739
+ RESERVED
+CVE-2020-8738
+ RESERVED
+CVE-2020-8737
+ RESERVED
+CVE-2020-8736
+ RESERVED
+CVE-2020-8735
+ RESERVED
+CVE-2020-8734
+ RESERVED
+CVE-2020-8733
+ RESERVED
+CVE-2020-8732
+ RESERVED
+CVE-2020-8731
+ RESERVED
+CVE-2020-8730
+ RESERVED
+CVE-2020-8729
+ RESERVED
+CVE-2020-8728
+ RESERVED
+CVE-2020-8727
+ RESERVED
+CVE-2020-8726
+ RESERVED
+CVE-2020-8725
+ RESERVED
+CVE-2020-8724
+ RESERVED
+CVE-2020-8723
+ RESERVED
+CVE-2020-8722
+ RESERVED
+CVE-2020-8721
+ RESERVED
+CVE-2020-8720
+ RESERVED
+CVE-2020-8719
+ RESERVED
+CVE-2020-8718
+ RESERVED
+CVE-2020-8717
+ RESERVED
+CVE-2020-8716
+ RESERVED
+CVE-2020-8715
+ RESERVED
+CVE-2020-8714
+ RESERVED
+CVE-2020-8713
+ RESERVED
+CVE-2020-8712
+ RESERVED
+CVE-2020-8711
+ RESERVED
+CVE-2020-8710
+ RESERVED
+CVE-2020-8709
+ RESERVED
+CVE-2020-8708
+ RESERVED
+CVE-2020-8707
+ RESERVED
+CVE-2020-8706
+ RESERVED
+CVE-2020-8705
+ RESERVED
+CVE-2020-8704
+ RESERVED
+CVE-2020-8703
+ RESERVED
+CVE-2020-8702
+ RESERVED
+CVE-2020-8701
+ RESERVED
+CVE-2020-8700
+ RESERVED
+CVE-2020-8699
+ RESERVED
+CVE-2020-8698
+ RESERVED
+CVE-2020-8697
+ RESERVED
+CVE-2020-8696
+ RESERVED
+CVE-2020-8695
+ RESERVED
+CVE-2020-8694
+ RESERVED
+CVE-2020-8693
+ RESERVED
+CVE-2020-8692
+ RESERVED
+CVE-2020-8691
+ RESERVED
+CVE-2020-8690
+ RESERVED
+CVE-2020-8689
+ RESERVED
+CVE-2020-8688
+ RESERVED
+CVE-2020-8687
+ RESERVED
+CVE-2020-8686
+ RESERVED
+CVE-2020-8685
+ RESERVED
+CVE-2020-8684
+ RESERVED
+CVE-2020-8683
+ RESERVED
+CVE-2020-8682
+ RESERVED
+CVE-2020-8681
+ RESERVED
+CVE-2020-8680
+ RESERVED
+CVE-2020-8679
+ RESERVED
+CVE-2020-8678
+ RESERVED
+CVE-2020-8677
+ RESERVED
+CVE-2020-8676
+ RESERVED
+CVE-2020-8675
+ RESERVED
+CVE-2020-8674
+ RESERVED
+CVE-2020-8673
+ RESERVED
+CVE-2020-8672
+ RESERVED
+CVE-2020-8671
+ RESERVED
+CVE-2020-8670
+ RESERVED
+CVE-2020-8669
+ RESERVED
+CVE-2020-8668
+ RESERVED
+CVE-2014-10400 (The session.lua library in CGILua 5.0.x uses sequential
session IDs, w ...)
+ TODO: check
+CVE-2014-10399 (The session.lua library in CGILua 5.1.x uses the same ID for
each sess ...)
+ TODO: check
CVE-2020-8667
RESERVED
CVE-2020-8666
@@ -18,8 +238,8 @@ CVE-2020-8659
RESERVED
CVE-2020-8658 (The BestWebSoft Htaccess plugin through 1.8.1 for WordPress
allows wp- ...)
NOT-FOR-US: BestWebSoft Htaccess plugin for WordPress
-CVE-2020-8657
- RESERVED
+CVE-2020-8657 (An issue was discovered in EyesOfNetwork 5.3. The installation
uses th ...)
+ TODO: check
CVE-2020-8656
RESERVED
CVE-2020-8655
@@ -62,8 +282,8 @@ CVE-2020-8638
RESERVED
CVE-2020-8637
RESERVED
-CVE-2020-8636
- RESERVED
+CVE-2020-8636 (An issue was discovered in OpServices OpMon 9.3.2 that allows
Remote C ...)
+ TODO: check
CVE-2020-8635
RESERVED
CVE-2020-8634
@@ -122,8 +342,7 @@ CVE-2020-8610
RESERVED
CVE-2020-8609
RESERVED
-CVE-2020-8608
- RESERVED
+CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses
snprintf ...)
- libslirp <unfixed>
- qemu 1:4.1-2
- qemu-kvm <removed>
@@ -1580,10 +1799,10 @@ CVE-2020-7955 (HashiCorp Consul and Consul Enterprise
1.4.1 through 1.6.2 did no
- consul <unfixed> (bug #950736)
NOTE: https://github.com/hashicorp/consul/issues/7160
NOTE: Fixed in 1.6.3.
-CVE-2020-7954
- RESERVED
-CVE-2020-7953
- RESERVED
+CVE-2020-7954 (An issue was discovered in OpServices OpMon 9.3.2. Starting
from the a ...)
+ TODO: check
+CVE-2020-7953 (An issue was discovered in OpServices OpMon 9.3.2. Without
authenticat ...)
+ TODO: check
CVE-2020-7952 (rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote
attacke ...)
NOT-FOR-US: rendersystemdx9.dll in Valve Dota 2
CVE-2020-7951 (meshsystem.dll in Valve Dota 2 before 7.23e allows remote
attackers to ...)
@@ -1688,8 +1907,8 @@ CVE-2019-20401 (Various installation setup resources in
Jira before version 8.5.
NOT-FOR-US: Atlassian
CVE-2019-20400 (The usage of Tomcat in Jira before version 8.5.2 allows local
attacker ...)
NOT-FOR-US: Atlassian
-CVE-2020-7920
- RESERVED
+CVE-2020-7920 (pmm-server in Percona Monitoring and Management (PMM) 2.2.x
before 2.2 ...)
+ TODO: check
CVE-2020-7919
RESERVED
- golang-1.14 1.14~rc1-1
@@ -3993,10 +4212,10 @@ CVE-2020-6858
RESERVED
CVE-2020-6857 (CarbonFTP v1.4 uses insecure proprietary password encryption
with a ha ...)
NOT-FOR-US: CarbonFTP
-CVE-2020-6856
- RESERVED
-CVE-2020-6855
- RESERVED
+CVE-2020-6856 (An XML External Entity (XEE) vulnerability exists in the JOC
Cockpit c ...)
+ TODO: check
+CVE-2020-6855 (A large or infinite loop vulnerability in the JOC Cockpit
component of ...)
+ TODO: check
CVE-2020-6854 (A cross-site scripting (XSS) vulnerability in the JOC Cockpit
componen ...)
NOT-FOR-US: JOC Cockpit, different from src:cockpit
CVE-2020-6853
@@ -4199,8 +4418,8 @@ CVE-2020-6769
RESERVED
CVE-2020-6768
RESERVED
-CVE-2020-6767
- RESERVED
+CVE-2020-6767 (A path traversal vulnerability in the Bosch Video Management
System (B ...)
+ TODO: check
CVE-2020-6766
RESERVED
CVE-2020-6765
@@ -6186,12 +6405,12 @@ CVE-2020-5858
RESERVED
CVE-2020-5857
RESERVED
-CVE-2020-5856
- RESERVED
-CVE-2020-5855
- RESERVED
-CVE-2020-5854
- RESERVED
+CVE-2020-5856 (On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing
specif ...)
+ TODO: check
+CVE-2020-5855 (When the Windows Logon Integration feature is configured for
all versi ...)
+ TODO: check
+CVE-2020-5854 (On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1,
13.1.0-13.1 ...)
+ TODO: check
CVE-2020-5853 (In BIG-IP APM portal access on versions 15.0.0-15.1.0,
14.0.0-14.1.2.3 ...)
NOT-FOR-US: F5 BIG-IP
CVE-2020-5852 (Undisclosed traffic patterns received may cause a disruption of
servic ...)
@@ -6458,8 +6677,8 @@ CVE-2020-5722
RESERVED
CVE-2020-5721
RESERVED
-CVE-2020-5720
- RESERVED
+CVE-2020-5720 (MikroTik WinBox before 3.21 is vulnerable to a path traversal
vulnerab ...)
+ TODO: check
CVE-2020-5719
RESERVED
CVE-2020-5718
@@ -6842,8 +7061,8 @@ CVE-2020-5530
RESERVED
CVE-2020-5529
RESERVED
-CVE-2020-5528
- RESERVED
+CVE-2020-5528 (Cross-site scripting vulnerability in Movable Type series
(Movable Typ ...)
+ TODO: check
CVE-2020-5527
RESERVED
CVE-2020-5526 (The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS
2.0.0 to 2. ...)
@@ -7333,12 +7552,12 @@ CVE-2020-5321
RESERVED
CVE-2020-5320
RESERVED
-CVE-2020-5319
- RESERVED
-CVE-2020-5318
- RESERVED
-CVE-2020-5317
- RESERVED
+CVE-2020-5319 (Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA
versions prio ...)
+ TODO: check
+CVE-2020-5318 (Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and
8.0.0.7 co ...)
+ TODO: check
+CVE-2020-5317 (Dell EMC ECS versions prior to 3.4.0.1 contain an XSS
vulnerability. A ...)
+ TODO: check
CVE-2020-5316
RESERVED
CVE-2020-5315
@@ -12201,8 +12420,8 @@ CVE-2019-19802 (In Gallagher Command Centre Server
v8.10 prior to v8.10.1134(MR4
NOT-FOR-US: Gallagher Command Centre Server
CVE-2019-19801 (In Gallagher Command Centre Server versions of v8.10 prior to
v8.10.11 ...)
NOT-FOR-US: Gallagher Command Centre Server
-CVE-2019-19800
- RESERVED
+CVE-2019-19800 (Zoho ManageEngine Applications Manager 14 before 14520 allows
a remote ...)
+ TODO: check
CVE-2019-19799
RESERVED
CVE-2019-19798
@@ -24738,8 +24957,8 @@ CVE-2019-17654
RESERVED
CVE-2019-17653
RESERVED
-CVE-2019-17652
- RESERVED
+CVE-2019-17652 (A stack buffer overflow vulnerability in FortiClient for Linux
6.2.1 a ...)
+ TODO: check
CVE-2019-17651 (An Improper Neutralization of Input vulnerability in the
description a ...)
NOT-FOR-US: FortiSIEM
CVE-2019-17650 (An Improper Neutralization of Special Elements used in a
Command vulne ...)
@@ -29102,8 +29321,8 @@ CVE-2019-16154 (An improper neutralization of input
during web page generation i
NOT-FOR-US: FortiAuthenticator WEB UI
CVE-2019-16153 (A hard-coded password vulnerability in the Fortinet FortiSIEM
database ...)
NOT-FOR-US: Fortinet
-CVE-2019-16152
- RESERVED
+CVE-2019-16152 (A Denial of service (DoS) vulnerability in FortiClient for
Linux 6.2.1 ...)
+ TODO: check
CVE-2019-16151
RESERVED
CVE-2019-16150
@@ -30335,8 +30554,8 @@ CVE-2011-5329 (The redirection plugin before 2.2.9 for
WordPress has XSS in the
NOT-FOR-US: redirection plugin for WordPress
CVE-2019-15712 (An improper access control vulnerability in FortiMail admin
webUI 6.2. ...)
NOT-FOR-US: FortiMail admin webUI
-CVE-2019-15711
- RESERVED
+CVE-2019-15711 (A privilege escalation vulnerability in FortiClient for Linux
6.2.1 an ...)
+ TODO: check
CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.0
to 4.1.1, ...)
NOT-FOR-US: FortiExtender
CVE-2019-15709
@@ -41582,8 +41801,8 @@ CVE-2019-12428 [Mandatory External Authentication
Provider Sign-In Restrictions
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12427 (Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a
non-pers ...)
NOT-FOR-US: Zimbra Collaboration
-CVE-2019-12426
- RESERVED
+CVE-2019-12426 (an unauthenticated user could get access to information of
some backen ...)
+ TODO: check
CVE-2019-12425
RESERVED
CVE-2019-12424
@@ -46224,8 +46443,8 @@ CVE-2019-10791
RESERVED
CVE-2019-10790
RESERVED
-CVE-2019-10789
- RESERVED
+CVE-2019-10789 (All versions of curling.js are vulnerable to Command Injection
via the ...)
+ TODO: check
CVE-2019-10788 (im-metadata through 3.0.1 allows remote attackers to execute
arbitrary ...)
TODO: check
CVE-2019-10787 (im-resize through 2.3.2 allows remote attackers to execute
arbitrary c ...)
@@ -182151,8 +182370,7 @@ CVE-2016-9444 (named in ISC BIND 9.x before 9.9.9-P5,
9.10.x before 9.10.4-P5, a
[experimental] - bind9 1:9.10.4-P5-1
- bind9 1:9.10.3.dfsg.P4-11 (bug #851062)
NOTE: https://kb.isc.org/article/AA-01441/0
-CVE-2016-9928 [MCabber before 1.0.4 allows remote attackers to modify the
roster and intercept messages via a crafted roster-push IQ stanza]
- RESERVED
+CVE-2016-9928 (MCabber before 1.0.4 is vulnerable to roster push attacks,
which allow ...)
{DLA-724-1}
- mcabber 0.10.2-1.1 (bug #845258)
[jessie] - mcabber <no-dsa> (Minor issue)
@@ -191330,15 +191548,13 @@ CVE-2016-7522 (The ReadPSDImage function in
MagickCore/locale.c in ImageMagick a
NOTE: https://github.com/ImageMagick/ImageMagick/issues/93
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/4b1b9c0522628887195bad3a6723f7000b0c9a58
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7523 [meta file out of bound access]
- RESERVED
+CVE-2016-7523 (coders/meta.c in ImageMagick allows remote attackers to cause a
denial ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832478)
NOTE: https://bugs.launchpad.net/bugs/1537420
NOTE: https://github.com/ImageMagick/ImageMagick/issues/94
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7524
- RESERVED
+CVE-2016-7524 (coders/meta.c in ImageMagick allows remote attackers to cause a
denial ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832478)
NOTE: https://bugs.launchpad.net/bugs/1537422
@@ -208465,8 +208681,7 @@ CVE-2016-1546 (The Apache HTTP Server 2.4.17 and
2.4.18, when mod_http2 is enabl
NOTE: Upsteam backport for 2.4.x:
http://svn.apache.org/viewvc?view=revision&revision=1734413
CVE-2016-1545
RESERVED
-CVE-2016-1544 [out of memory error due to unlimited incoming HTTP header
fields]
- RESERVED
+CVE-2016-1544 (nghttp2 before 1.7.1 allows remote attackers to cause a denial
of serv ...)
- nghttp2 1.7.1-1
[jessie] - nghttp2 <no-dsa> (Minor issue)
NOTE: Fix spread across multiple commits:
https://github.com/tatsuhiro-t/nghttp2/compare/v1.7.0...v1.7.1
@@ -220213,8 +220428,8 @@ CVE-2015-6002
RESERVED
CVE-2015-6001
RESERVED
-CVE-2015-6000
- RESERVED
+CVE-2015-6000 (Unrestricted file upload vulnerability in the
Settings_Vtiger_CompanyD ...)
+ TODO: check
CVE-2015-5999 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the D-Li ...)
NOT-FOR-US: D-Link DIR-816L Wireless Router
CVE-2015-5998 (Impero Education Pro before 5105 relies on the
-1|AUTHENTICATE\x02PASS ...)
@@ -229314,8 +229529,8 @@ CVE-2015-2911
RESERVED
CVE-2015-2910
RESERVED
-CVE-2015-2909
- RESERVED
+CVE-2015-2909 (Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and
DS2 dev ...)
+ TODO: check
CVE-2015-2908 (** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with
firmwar ...)
NOT-FOR-US: Mobile Devices (aka MDI) C4 OBD-II dongles
CVE-2015-2907 (** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with
firmwar ...)
@@ -242262,8 +242477,7 @@ CVE-2014-8273
RESERVED
CVE-2014-8272 (The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65,
iDRAC6 ...)
NOT-FOR-US: Dell iDRAC6
-CVE-2014-8271
- RESERVED
+CVE-2014-8271 (Buffer overflow in the Reclaim function in Tianocore EDK2
before SVN 1 ...)
NOT-FOR-US: uefi
CVE-2014-8270 (BMC Track-It! 11.3 allows remote attackers to gain privileges
and exec ...)
NOT-FOR-US: BMC Track-It!
@@ -255820,8 +256034,8 @@ CVE-2014-2877
RESERVED
CVE-2014-2876
RESERVED
-CVE-2014-2875
- RESERVED
+CVE-2014-2875 (The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2
uses wea ...)
+ TODO: check
CVE-2013-7369 (SQL injection vulnerability in an unspecified DLL in the
FSDBCom Activ ...)
NOT-FOR-US: F-Secure Anti-Virus
CVE-2012-6647 (The futex_wait_requeue_pi function in kernel/futex.c in the
Linux kern ...)
@@ -258381,8 +258595,7 @@ CVE-2014-2032 (Deadwood before 2.3.09, 3.x before
3.2.05, and as used in MaraDNS
CVE-2014-2031 (Deadwood before 2.3.09, 3.x before 3.2.05, and as used in
MaraDNS befo ...)
- maradns <not-affected> (Deadwood resolver not enabled)
NOTE:
https://github.com/samboy/MaraDNS/commit/f015495d221f1c2b2f10db38e87cecf3839d6093
-CVE-2014-2030
- RESERVED
+CVE-2014-2030 (Stack-based buffer overflow in the WritePSDImage function in
coders/ps ...)
{DSA-2898-1}
- imagemagick 8:6.7.7.10+dfsg-1 (bug #740250)
[squeeze] - imagemagick <not-affected> (CVE only for versions with
r1448 applied)
@@ -258408,8 +258621,7 @@ CVE-2014-1959 (lib/x509/verify.c in GnuTLS before
3.1.21 and 3.2.x before 3.2.11
- gnutls28 3.2.11-1
NOTE: https://gitlab.com/gnutls/gnutls/commit/b1abfe3d18
NOTE: introduced by
https://gitlab.com/gnutls/gnutls/commit/60ee8a0eb9975d123002b1cffbefd60a8cd5fae6
-CVE-2014-1958 [PSD Images Processing RLE Decoding Buffer Overflow
Vulnerability]
- RESERVED
+CVE-2014-1958 (Buffer overflow in the DecodePSDPixels function in coders/psd.c
in Ima ...)
{DSA-2898-1}
- imagemagick 8:6.7.7.10+dfsg-1 (bug #740250)
[squeeze] - imagemagick <not-affected> (DecodePSDPixels function is not
present)
@@ -270328,8 +270540,7 @@ CVE-2013-4574 (Cross-site scripting (XSS)
vulnerability in the TimeMediaHandler
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=56699
CVE-2013-4573 (Cross-site scripting (XSS) vulnerability in the
ZeroRatedMobileAccess ...)
NOT-FOR-US: mediawiki extension ZeroRatedMobileAccess
-CVE-2013-4572
- RESERVED
+CVE-2013-4572 (The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x
before ...)
{DSA-2891-1}
- mediawiki 1:1.19.8+dfsg-2.2 (bug #729629)
[squeeze] - mediawiki <end-of-life>
@@ -270570,8 +270781,7 @@ CVE-2013-4523 (Cross-site scripting (XSS)
vulnerability in message/lib.php in Mo
CVE-2013-4522 (lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10,
2.4.x b ...)
- moodle 2.5.3-1 (low)
[squeeze] - moodle <not-affected> (Vulnerable code not present)
-CVE-2013-4521
- RESERVED
+CVE-2013-4521 (RichFaces implementation in Nuxeo Platform 5.6.0 before HF27
and 5.8.0 ...)
NOT-FOR-US: Nuxeo
CVE-2013-4520 (xslt.c in libxslt before 1.1.25 allows context-dependent
attackers to ...)
- libxslt <not-affected> (The versions in wheezy and squeeze contain
the full patch)
@@ -271810,8 +272020,7 @@ CVE-2013-4168 (Cross-site scripting (XSS)
vulnerability in SmokePing 2.6.9 in th
NOTE:
https://github.com/oetiker/SmokePing/commit/bad9f9c28f0939b269f90072aa4cf41f20f15563
CVE-2013-4167 (Cross-site scripting (XSS) vulnerability in CMS Made Simple
(CMSMS) be ...)
- cmsms <itp> (bug #608888)
-CVE-2013-4166 [problem in GPG key selection when encrypting mail]
- RESERVED
+CVE-2013-4166 (The gpg_ctx_add_recipient function in camel/camel-gpg-context.c
in GNO ...)
- evolution <unfixed> (unimportant)
NOTE: Regular UI bug, not a security issue.
CVE-2013-4165 (The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1
provid ...)
@@ -282347,10 +282556,10 @@ CVE-2012-6343
RESERVED
CVE-2012-6342 (Cross-site request forgery (CSRF) vulnerability in
logout.action in At ...)
NOT-FOR-US: Atlassian Confluence
-CVE-2012-6341
- RESERVED
-CVE-2012-6340
- RESERVED
+CVE-2012-6341 (An Information Disclosure vulnerability exists in the my config
file i ...)
+ TODO: check
+CVE-2012-6340 (An Authentication vulnerability exists in NETGEAR WGR614 v7 and
v9 due ...)
+ TODO: check
CVE-2012-6339 (Multiple cross-site scripting (XSS) vulnerabilities in the
administrat ...)
NOT-FOR-US: Cerberus FTP Server
CVE-2012-6338
@@ -283435,14 +283644,14 @@ CVE-2012-6311
RESERVED
CVE-2012-6310
RESERVED
-CVE-2012-6309
- RESERVED
+CVE-2012-6309 (A vulnerability exists in Arctic Torrent 1.4 via unspecified
vectors i ...)
+ TODO: check
CVE-2012-6308
RESERVED
-CVE-2012-6307
- RESERVED
-CVE-2012-6306
- RESERVED
+CVE-2012-6307 (A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified
issue ...)
+ TODO: check
+CVE-2012-6306 (A vulnerability exists in HCView (aka Hardcoreview) 1.4 due to
a write ...)
+ TODO: check
CVE-2012-6305
RESERVED
CVE-2012-6304
@@ -283463,8 +283672,8 @@ CVE-2012-6299 (Unspecified vulnerability in CA
IdentityMinder r12.0 through CR16
NOT-FOR-US: CA IdentityMinder
CVE-2012-6298 (Unspecified vulnerability in CA IdentityMinder r12.0 through
CR16, r12 ...)
NOT-FOR-US: CA IdentityMinder
-CVE-2012-6297
- RESERVED
+CVE-2012-6297 (Command Injection vulnerability exists via a CSRF in DD-WRT
24-sp2 fro ...)
+ TODO: check
CVE-2012-6296
RESERVED
CVE-2012-6295
@@ -293549,8 +293758,8 @@ CVE-2012-2595 (Multiple cross-site scripting (XSS)
vulnerabilities in unspecifie
NOT-FOR-US: Siemens WinCC
CVE-2012-2594
RESERVED
-CVE-2012-2593
- RESERVED
+CVE-2012-2593 (Cross-site scripting (XSS) vulnerability in the administrative
interfa ...)
+ TODO: check
CVE-2012-2592 (Cross-site scripting (XSS) vulnerability in Axigen Mail Server
8.0.1 a ...)
NOT-FOR-US: AXIGEN Mail Server
CVE-2012-2591 (Multiple cross-site scripting (XSS) vulnerabilities in
EmailArchitect ...)
@@ -317004,8 +317213,8 @@ CVE-2010-3919 (Fenrir Grani 4.5 and earlier does not
prevent interaction between
NOT-FOR-US: Fenrir Grani
CVE-2010-3918 (Fenrir Sleipnir 2.9.6 and earlier does not prevent interaction
between ...)
NOT-FOR-US: Fenrir Sleipnir
-CVE-2010-3917
- RESERVED
+CVE-2010-3917 (Google Chrome before 3.0 does not properly handle XML
documents, which ...)
+ TODO: check
CVE-2010-3916 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro
Governm ...)
NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government
CVE-2010-3915 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro
Governm ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e164a3e756c0d3b9118bf1694264cc3ceaaed665
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e164a3e756c0d3b9118bf1694264cc3ceaaed665
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
