Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fa57686d by security tracker role at 2020-02-18T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,459 @@
+CVE-2020-9271 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user
creation via s ...)
+ TODO: check
+CVE-2020-9270 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password
reset via ...)
+ TODO: check
+CVE-2020-9269 (SOPlanning 1.45 is vulnerable to authenticated SQL Injection
that lead ...)
+ TODO: check
+CVE-2020-9268 (SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy
clause, ...)
+ TODO: check
+CVE-2020-9267 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for
arbitra ...)
+ TODO: check
+CVE-2020-9266 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for
arbitra ...)
+ TODO: check
+CVE-2020-9265 (phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections
against t ...)
+ TODO: check
+CVE-2020-9264 (ESET Archive Support Module before 1296 allows virus-detection
bypass ...)
+ TODO: check
+CVE-2020-9263
+ RESERVED
+CVE-2020-9262
+ RESERVED
+CVE-2020-9261
+ RESERVED
+CVE-2020-9260
+ RESERVED
+CVE-2020-9259
+ RESERVED
+CVE-2020-9258
+ RESERVED
+CVE-2020-9257
+ RESERVED
+CVE-2020-9256
+ RESERVED
+CVE-2020-9255
+ RESERVED
+CVE-2020-9254
+ RESERVED
+CVE-2020-9253
+ RESERVED
+CVE-2020-9252
+ RESERVED
+CVE-2020-9251
+ RESERVED
+CVE-2020-9250
+ RESERVED
+CVE-2020-9249
+ RESERVED
+CVE-2020-9248
+ RESERVED
+CVE-2020-9247
+ RESERVED
+CVE-2020-9246
+ RESERVED
+CVE-2020-9245
+ RESERVED
+CVE-2020-9244
+ RESERVED
+CVE-2020-9243
+ RESERVED
+CVE-2020-9242
+ RESERVED
+CVE-2020-9241
+ RESERVED
+CVE-2020-9240
+ RESERVED
+CVE-2020-9239
+ RESERVED
+CVE-2020-9238
+ RESERVED
+CVE-2020-9237
+ RESERVED
+CVE-2020-9236
+ RESERVED
+CVE-2020-9235
+ RESERVED
+CVE-2020-9234
+ RESERVED
+CVE-2020-9233
+ RESERVED
+CVE-2020-9232
+ RESERVED
+CVE-2020-9231
+ RESERVED
+CVE-2020-9230
+ RESERVED
+CVE-2020-9229
+ RESERVED
+CVE-2020-9228
+ RESERVED
+CVE-2020-9227
+ RESERVED
+CVE-2020-9226
+ RESERVED
+CVE-2020-9225
+ RESERVED
+CVE-2020-9224
+ RESERVED
+CVE-2020-9223
+ RESERVED
+CVE-2020-9222
+ RESERVED
+CVE-2020-9221
+ RESERVED
+CVE-2020-9220
+ RESERVED
+CVE-2020-9219
+ RESERVED
+CVE-2020-9218
+ RESERVED
+CVE-2020-9217
+ RESERVED
+CVE-2020-9216
+ RESERVED
+CVE-2020-9215
+ RESERVED
+CVE-2020-9214
+ RESERVED
+CVE-2020-9213
+ RESERVED
+CVE-2020-9212
+ RESERVED
+CVE-2020-9211
+ RESERVED
+CVE-2020-9210
+ RESERVED
+CVE-2020-9209
+ RESERVED
+CVE-2020-9208
+ RESERVED
+CVE-2020-9207
+ RESERVED
+CVE-2020-9206
+ RESERVED
+CVE-2020-9205
+ RESERVED
+CVE-2020-9204
+ RESERVED
+CVE-2020-9203
+ RESERVED
+CVE-2020-9202
+ RESERVED
+CVE-2020-9201
+ RESERVED
+CVE-2020-9200
+ RESERVED
+CVE-2020-9199
+ RESERVED
+CVE-2020-9198
+ RESERVED
+CVE-2020-9197
+ RESERVED
+CVE-2020-9196
+ RESERVED
+CVE-2020-9195
+ RESERVED
+CVE-2020-9194
+ RESERVED
+CVE-2020-9193
+ RESERVED
+CVE-2020-9192
+ RESERVED
+CVE-2020-9191
+ RESERVED
+CVE-2020-9190
+ RESERVED
+CVE-2020-9189
+ RESERVED
+CVE-2020-9188
+ RESERVED
+CVE-2020-9187
+ RESERVED
+CVE-2020-9186
+ RESERVED
+CVE-2020-9185
+ RESERVED
+CVE-2020-9184
+ RESERVED
+CVE-2020-9183
+ RESERVED
+CVE-2020-9182
+ RESERVED
+CVE-2020-9181
+ RESERVED
+CVE-2020-9180
+ RESERVED
+CVE-2020-9179
+ RESERVED
+CVE-2020-9178
+ RESERVED
+CVE-2020-9177
+ RESERVED
+CVE-2020-9176
+ RESERVED
+CVE-2020-9175
+ RESERVED
+CVE-2020-9174
+ RESERVED
+CVE-2020-9173
+ RESERVED
+CVE-2020-9172
+ RESERVED
+CVE-2020-9171
+ RESERVED
+CVE-2020-9170
+ RESERVED
+CVE-2020-9169
+ RESERVED
+CVE-2020-9168
+ RESERVED
+CVE-2020-9167
+ RESERVED
+CVE-2020-9166
+ RESERVED
+CVE-2020-9165
+ RESERVED
+CVE-2020-9164
+ RESERVED
+CVE-2020-9163
+ RESERVED
+CVE-2020-9162
+ RESERVED
+CVE-2020-9161
+ RESERVED
+CVE-2020-9160
+ RESERVED
+CVE-2020-9159
+ RESERVED
+CVE-2020-9158
+ RESERVED
+CVE-2020-9157
+ RESERVED
+CVE-2020-9156
+ RESERVED
+CVE-2020-9155
+ RESERVED
+CVE-2020-9154
+ RESERVED
+CVE-2020-9153
+ RESERVED
+CVE-2020-9152
+ RESERVED
+CVE-2020-9151
+ RESERVED
+CVE-2020-9150
+ RESERVED
+CVE-2020-9149
+ RESERVED
+CVE-2020-9148
+ RESERVED
+CVE-2020-9147
+ RESERVED
+CVE-2020-9146
+ RESERVED
+CVE-2020-9145
+ RESERVED
+CVE-2020-9144
+ RESERVED
+CVE-2020-9143
+ RESERVED
+CVE-2020-9142
+ RESERVED
+CVE-2020-9141
+ RESERVED
+CVE-2020-9140
+ RESERVED
+CVE-2020-9139
+ RESERVED
+CVE-2020-9138
+ RESERVED
+CVE-2020-9137
+ RESERVED
+CVE-2020-9136
+ RESERVED
+CVE-2020-9135
+ RESERVED
+CVE-2020-9134
+ RESERVED
+CVE-2020-9133
+ RESERVED
+CVE-2020-9132
+ RESERVED
+CVE-2020-9131
+ RESERVED
+CVE-2020-9130
+ RESERVED
+CVE-2020-9129
+ RESERVED
+CVE-2020-9128
+ RESERVED
+CVE-2020-9127
+ RESERVED
+CVE-2020-9126
+ RESERVED
+CVE-2020-9125
+ RESERVED
+CVE-2020-9124
+ RESERVED
+CVE-2020-9123
+ RESERVED
+CVE-2020-9122
+ RESERVED
+CVE-2020-9121
+ RESERVED
+CVE-2020-9120
+ RESERVED
+CVE-2020-9119
+ RESERVED
+CVE-2020-9118
+ RESERVED
+CVE-2020-9117
+ RESERVED
+CVE-2020-9116
+ RESERVED
+CVE-2020-9115
+ RESERVED
+CVE-2020-9114
+ RESERVED
+CVE-2020-9113
+ RESERVED
+CVE-2020-9112
+ RESERVED
+CVE-2020-9111
+ RESERVED
+CVE-2020-9110
+ RESERVED
+CVE-2020-9109
+ RESERVED
+CVE-2020-9108
+ RESERVED
+CVE-2020-9107
+ RESERVED
+CVE-2020-9106
+ RESERVED
+CVE-2020-9105
+ RESERVED
+CVE-2020-9104
+ RESERVED
+CVE-2020-9103
+ RESERVED
+CVE-2020-9102
+ RESERVED
+CVE-2020-9101
+ RESERVED
+CVE-2020-9100
+ RESERVED
+CVE-2020-9099
+ RESERVED
+CVE-2020-9098
+ RESERVED
+CVE-2020-9097
+ RESERVED
+CVE-2020-9096
+ RESERVED
+CVE-2020-9095
+ RESERVED
+CVE-2020-9094
+ RESERVED
+CVE-2020-9093
+ RESERVED
+CVE-2020-9092
+ RESERVED
+CVE-2020-9091
+ RESERVED
+CVE-2020-9090
+ RESERVED
+CVE-2020-9089
+ RESERVED
+CVE-2020-9088
+ RESERVED
+CVE-2020-9087
+ RESERVED
+CVE-2020-9086
+ RESERVED
+CVE-2020-9085
+ RESERVED
+CVE-2020-9084
+ RESERVED
+CVE-2020-9083
+ RESERVED
+CVE-2020-9082
+ RESERVED
+CVE-2020-9081
+ RESERVED
+CVE-2020-9080
+ RESERVED
+CVE-2020-9079
+ RESERVED
+CVE-2020-9078
+ RESERVED
+CVE-2020-9077
+ RESERVED
+CVE-2020-9076
+ RESERVED
+CVE-2020-9075
+ RESERVED
+CVE-2020-9074
+ RESERVED
+CVE-2020-9073
+ RESERVED
+CVE-2020-9072
+ RESERVED
+CVE-2020-9071
+ RESERVED
+CVE-2020-9070
+ RESERVED
+CVE-2020-9069
+ RESERVED
+CVE-2020-9068
+ RESERVED
+CVE-2020-9067
+ RESERVED
+CVE-2020-9066
+ RESERVED
+CVE-2020-9065
+ RESERVED
+CVE-2020-9064
+ RESERVED
+CVE-2020-9063
+ RESERVED
+CVE-2020-9062
+ RESERVED
+CVE-2020-9061
+ RESERVED
+CVE-2020-9060
+ RESERVED
+CVE-2020-9059
+ RESERVED
+CVE-2020-9058
+ RESERVED
+CVE-2020-9057
+ RESERVED
+CVE-2020-9056
+ RESERVED
+CVE-2020-9055
+ RESERVED
+CVE-2020-9054
+ RESERVED
+CVE-2020-9053
+ RESERVED
+CVE-2020-9052
+ RESERVED
+CVE-2020-9051
+ RESERVED
+CVE-2020-9050
+ RESERVED
+CVE-2020-9049
+ RESERVED
+CVE-2020-9048
+ RESERVED
+CVE-2020-9047
+ RESERVED
+CVE-2020-9046
+ RESERVED
+CVE-2020-9045
+ RESERVED
+CVE-2020-9044
+ RESERVED
CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows
disclosure of t ...)
NOT-FOR-US: wpCentral plugin for WordPress
CVE-2020-9042
@@ -132,7 +588,7 @@ CVE-2020-9000
CVE-2020-8999
RESERVED
CVE-2020-8998
- RESERVED
+ REJECTED
CVE-2020-8997 (Abbott FreeStyle Libre 14-day before February 2020 and
FreeStyle Libre ...)
NOT-FOR-US: Abbott FreeStyle Libre
CVE-2020-8996 (AnyShare Cloud 6.0.9 allows authenticated directory traversal
to read ...)
@@ -3585,8 +4041,8 @@ CVE-2020-7452
RESERVED
CVE-2020-7451
RESERVED
-CVE-2020-7450
- RESERVED
+CVE-2020-7450 (In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before
12.1-RELEAS ...)
+ TODO: check
CVE-2020-7449
RESERVED
CVE-2020-7448
@@ -4907,10 +5363,10 @@ CVE-2020-6847 (OpenTrade through 0.2.0 has a DOM-based
XSS vulnerability that is
NOT-FOR-US: OpenTrade
CVE-2020-6846
RESERVED
-CVE-2020-6845
- RESERVED
-CVE-2020-6844
- RESERVED
+CVE-2020-6845 (An issue was discovered in TopManage OLK 2020. As there is no
ReadOnly ...)
+ TODO: check
+CVE-2020-6844 (In TopManage OLK 2020, login CSRF can be chained with another
vulnerab ...)
+ TODO: check
CVE-2020-6843 (Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS.
This i ...)
NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2020-6842
@@ -17387,13 +17843,13 @@ CVE-2020-1933 (A XSS vulnerability was found in
Apache NiFi 1.0.0 to 1.10.0. Mal
CVE-2020-1932 (An information disclosure issue was found in Apache Superset
0.34.0, 0 ...)
NOT-FOR-US: Apache Superset
CVE-2020-1931 (A command execution issue was found in Apache SpamAssassin
prior to 3. ...)
- {DSA-4615-1}
+ {DSA-4615-1 DLA-2107-1}
- spamassassin 3.4.4~rc1-1 (bug #950258)
NOTE:
https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt
NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/2
NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7784
(restricted)
CVE-2020-1930 (A command execution issue was found in Apache SpamAssassin
prior to 3. ...)
- {DSA-4615-1}
+ {DSA-4615-1 DLA-2107-1}
- spamassassin 3.4.4~rc1-1 (bug #950258)
NOTE:
https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt
NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/3
@@ -23325,8 +23781,8 @@ CVE-2019-18354
RESERVED
CVE-2019-18353
RESERVED
-CVE-2019-18352
- RESERVED
+CVE-2019-18352 (Improper access control exists on PHOENIX CONTACT FL NAT 2208
devices ...)
+ TODO: check
CVE-2019-18351
RESERVED
CVE-2019-18350 (In Ant Design Pro 4.0.0, reflected XSS in the user/login
redirect GET ...)
@@ -30611,6 +31067,7 @@ CVE-2019-15963
CVE-2019-15962 (A vulnerability in the CLI of Cisco TelePresence Collaboration
Endpoin ...)
NOT-FOR-US: Cisco
CVE-2019-15961 (A vulnerability in the email parsing module Clam AntiVirus
(ClamAV) So ...)
+ {DLA-2108-1}
- clamav 0.102.1+dfsg-1 (bug #945265)
[buster] - clamav 0.102.1+dfsg-0+deb10u1
[stretch] - clamav 0.102.1+dfsg-0+deb9u2
@@ -30885,8 +31342,8 @@ CVE-2019-15877
RESERVED
CVE-2019-15876
RESERVED
-CVE-2019-15875
- RESERVED
+CVE-2019-15875 (In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before
12.1-RELEAS ...)
+ TODO: check
CVE-2019-15874
RESERVED
CVE-2019-15873 (The profilegrid-user-profiles-groups-and-communities plugin
before 2.8 ...)
@@ -47323,16 +47780,16 @@ CVE-2019-10797
RESERVED
CVE-2019-10796
RESERVED
-CVE-2019-10795
- RESERVED
-CVE-2019-10794
- RESERVED
-CVE-2019-10793
- RESERVED
-CVE-2019-10792
- RESERVED
-CVE-2019-10791
- RESERVED
+CVE-2019-10795 (undefsafe before 2.0.3 is vulnerable to Prototype Pollution.
The 'a' f ...)
+ TODO: check
+CVE-2019-10794 (All versions of component-flatten are vulnerable to Prototype
Pollutio ...)
+ TODO: check
+CVE-2019-10793 (dot-object before 2.1.3 is vulnerable to Prototype Pollution.
The set ...)
+ TODO: check
+CVE-2019-10792 (bodymen before 1.1.1 is vulnerable to Prototype Pollution. The
handler ...)
+ TODO: check
+CVE-2019-10791 (promise-probe before 0.10.0 allows remote attackers to perform
a comma ...)
+ TODO: check
CVE-2019-10790 (taffy through 2.6.2 allows attackers to forge adding
additional proper ...)
TODO: check
CVE-2019-10789 (All versions of curling.js are vulnerable to Command Injection
via the ...)
@@ -62155,8 +62612,8 @@ CVE-2019-5615 (Users with Site-level permissions can
access files containing the
NOT-FOR-US: Rapid7 InsightVM
CVE-2019-5614
RESERVED
-CVE-2019-5613
- RESERVED
+CVE-2019-5613 (In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing
check in th ...)
+ TODO: check
CVE-2019-5612 (In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before
12.0-RELEAS ...)
- kfreebsd-10 <unfixed> (unimportant)
NOTE:
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:23.midi.asc
@@ -217352,8 +217809,7 @@ CVE-2015-7569 (SQL injection vulnerability in
"yeager/y.php/tab_USERLIST" in Yea
NOT-FOR-US: Yeager CMS
CVE-2015-7568 (SQL injection vulnerability in the password recovery feature in
Yeager ...)
NOT-FOR-US: Yeager CMS
-CVE-2015-7567
- RESERVED
+CVE-2015-7567 (SQL injection vulnerability in Yeager CMS 1.2.1 allows remote
attacker ...)
NOT-FOR-US: Yeager CMS
CVE-2015-7566 (The clie_5_attach function in drivers/usb/serial/visor.c in the
Linux ...)
{DSA-3448-1 DLA-412-1}
@@ -217601,24 +218057,21 @@ CVE-2015-7508 (Heap-based buffer overflow in the
bmp_decode_rle function in libn
- netsurf 3.2+dfsg-3 (bug #810491)
[jessie] - netsurf <no-dsa> (netsurf already relies only entirely
unsupported mozjs)
[wheezy] - netsurf <no-dsa> (netsurf already relies only entirely
unsupported mozjs)
-CVE-2015-7507 [out-of-bounds read]
- RESERVED
+CVE-2015-7507 (libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers
to cau ...)
- libnsbmp <removed>
[squeeze] - libnsbmp <no-dsa> (Library not used anywhere in Debian)
NOTE:
http://source.netsurf-browser.org/libnsbmp.git/commit/?id=49427b52ba41a1813e3822301612e2e170107efd
- netsurf 3.2+dfsg-3 (bug #810491)
[jessie] - netsurf <no-dsa> (netsurf already relies only entirely
unsupported mozjs)
[wheezy] - netsurf <no-dsa> (netsurf already relies only entirely
unsupported mozjs)
-CVE-2015-7506 [out-of-bounds read]
- RESERVED
+CVE-2015-7506 (The gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2
allows conte ...)
- libnsgif <removed>
[squeeze] - libnsgif <no-dsa> (Library not used anywhere in Debian)
NOTE:
http://source.netsurf-browser.org/libnsgif.git/commit/?id=088fa0819f1aeaf212a95caf7393a38c1640b5f0
- netsurf 3.2+dfsg-3 (bug #810491)
[jessie] - netsurf <no-dsa> (netsurf already relies only entirely
unsupported mozjs)
[wheezy] - netsurf <no-dsa> (netsurf already relies only entirely
unsupported mozjs)
-CVE-2015-7505 [stack overflow]
- RESERVED
+CVE-2015-7505 (Stack-based buffer overflow in the gif_next_LZW function in
libnsgif.c ...)
- libnsgif <removed>
[squeeze] - libnsgif <no-dsa> (Library not used anywhere in Debian)
NOTE:
http://source.netsurf-browser.org/libnsgif.git/commit/?id=a268d2c15252ac58c19f1b19771822c66bcf73b2
@@ -218921,8 +219374,8 @@ CVE-2015-6972 (Multiple cross-site scripting (XSS)
vulnerabilities in Ignite Rea
NOT-FOR-US: Openfire
CVE-2015-6971 (Lenovo System Update (formerly ThinkVantage System Update)
before 5.07 ...)
NOT-FOR-US: Lenovo
-CVE-2015-6970
- RESERVED
+CVE-2015-6970 (The web interface in Bosch Security Systems NBN-498 Dinion2X
Day/Night ...)
+ TODO: check
CVE-2015-6969 (Cross-site scripting (XSS) vulnerability in js/2k11.min.js in
the 2k11 ...)
- serendipity <removed>
CVE-2015-6968 (Multiple incomplete blacklist vulnerabilities in the
serendipity_isAct ...)
@@ -232425,7 +232878,7 @@ CVE-2009-5147 (DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2,
1.9.3, 2.0.0 before patchle
NOTE: Discussion http://seclists.org/oss-sec/2015/q3/220
NOTE: DL has been replaced in 2.2 with Fiddle which has the same
problem according to maintainer.
CVE-2009-5146 [memory leak in hostname TLS extension]
- RESERVED
+ REJECTED
- openssl 0.9.8k-1
NOTE: Fixed by:
https://github.com/openssl/openssl/commit/7587347bc48e7e8a1e800e48bb0a658f1557c424
(OpenSSL_0_9_8k)
NOTE: Introduced by:
https://github.com/openssl/openssl/commit/865a90eb4f0b0e3abbdd9dc2d3a4d57595575315
(OpenSSL_0_9_8f)
@@ -235146,8 +235599,8 @@ CVE-2015-1430 (Buffer overflow in xymon 4.3.17-1. ...)
[wheezy] - xymon <not-affected> (Vulnerable code not present)
NOTE: Upstream patch: http://sourceforge.net/p/xymon/code/7483/
NOTE: http://www.openwall.com/lists/oss-security/2015/01/30/17
-CVE-2015-1425
- RESERVED
+CVE-2015-1425 (JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities
...)
+ TODO: check
CVE-2015-1424 (Cross-site request forgery (CSRF) vulnerability in Gecko CMS
2.2 and 2 ...)
NOT-FOR-US: Gecko CMS
CVE-2015-1423 (Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3
allow ...)
@@ -251385,12 +251838,10 @@ CVE-2014-4969
RESERVED
CVE-2014-4968 (The WebView class and use of the WebView.addJavascriptInterface
method ...)
NOT-FOR-US: Boat Browser application for Android
-CVE-2014-4967
- RESERVED
+CVE-2014-4967 (Multiple argument injection vulnerabilities in Ansible before
1.6.7 al ...)
- ansible 1.6.8+dfsg-1
NOTE:
https://github.com/ansible/ansible/commit/84759faa0950146a6bae8452580b4a4cede6d871
-CVE-2014-4966
- RESERVED
+CVE-2014-4966 (Ansible before 1.6.7 does not prevent inventory data with "{{"
and "lo ...)
- ansible 1.6.8+dfsg-1
NOTE:
https://github.com/ansible/ansible/commit/84759faa0950146a6bae8452580b4a4cede6d871
CVE-2014-4965 (Multiple cross-site scripting (XSS) vulnerabilities in Shopizer
1.1.5 ...)
@@ -252089,8 +252540,7 @@ CVE-2014-4662
RESERVED
CVE-2014-4661 (Cross-site scripting (XSS) vulnerability in HP Records Manager
before ...)
NOT-FOR-US: HP Records Manager
-CVE-2014-4651
- RESERVED
+CVE-2014-4651 (It was found that the jclouds scriptbuilder Statements class
wrote a t ...)
NOT-FOR-US: JClouds
CVE-2014-4647 (Stack-based buffer overflow in the loadExtensionFactory method
in the ...)
NOT-FOR-US: Embarcadero ER/Studio Data Architect
@@ -253988,8 +254438,8 @@ CVE-2014-3880 (The (1) execve and (2) fexecve system
calls in the FreeBSD kernel
[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
- kfreebsd-9 <removed>
- kfreebsd-10 10.0-6
-CVE-2014-3879
- RESERVED
+CVE-2014-3879 (OpenPAM Nummularia 9.2 through 10.0 does not properly handle
the error ...)
+ TODO: check
CVE-2014-3878 (Multiple cross-site scripting (XSS) vulnerabilities in the web
client ...)
NOT-FOR-US: IPSwitch IMail
CVE-2014-3877 (Incomplete blacklist vulnerability in Frams' Fast File EXchange
(F*EX, ...)
@@ -267297,8 +267747,8 @@ CVE-2013-6297
RESERVED
CVE-2013-6296
RESERVED
-CVE-2013-6295
- RESERVED
+CVE-2013-6295 (PrestaShop 1.5.5 vulnerable to privilege escalation via a
Salesman acc ...)
+ TODO: check
CVE-2013-6294
RESERVED
CVE-2013-6293
@@ -269086,8 +269536,8 @@ CVE-2013-5595 (The JavaScript engine in Mozilla
Firefox before 25.0, Firefox ESR
[wheezy] - iceape <end-of-life>
- icedove 17.0.10-1
- iceape <removed>
-CVE-2013-5594
- RESERVED
+CVE-2013-5594 (Mozilla Firefox before 25 allows modification of anonymous
content of ...)
+ TODO: check
CVE-2013-5593 (The SELECT element implementation in Mozilla Firefox before
25.0, Fire ...)
- iceweasel 24.1.0esr-1
[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
@@ -271881,8 +272331,7 @@ CVE-2013-4456
RESERVED
CVE-2013-4455 (Katello Installer before 0.0.18 uses world-readable permissions
for /e ...)
NOT-FOR-US: Katello
-CVE-2013-4454
- RESERVED
+CVE-2013-4454 (WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple
Security Bypas ...)
NOT-FOR-US: WordPress plugin
CVE-2013-4453 (Cross-site scripting (XSS) vulnerability in templates/login.php
in LDA ...)
- ldap-account-manager 4.4-1 (medium; bug #726976)
@@ -272686,14 +273135,11 @@ CVE-2013-4230 (The mm_webform submodule in the
Monster Menus module 6.x-6.x befo
NOT-FOR-US: Monster Menus Drupal contributed module
CVE-2013-4229 (Cross-site scripting (XSS) vulnerability in the Monster Menus
module 7 ...)
NOT-FOR-US: Monster Menus Drupal contributed module
-CVE-2013-4228
- RESERVED
+CVE-2013-4228 (The OG access fields (visibility fields) implementation in
Organic Gro ...)
NOT-FOR-US: Organic Group Drupal contributed module
-CVE-2013-4227
- RESERVED
+CVE-2013-4227 (Cross-site request forgery (CSRF) vulnerability in the
persona_xsrf_to ...)
NOT-FOR-US: Persona Drupal contributed module
-CVE-2013-4226
- RESERVED
+CVE-2013-4226 (The Authenticated User Page Caching (Authcache) module 7.x-1.x
before ...)
NOT-FOR-US: Authenticated User Page Caching Drupal contributed module
CVE-2013-4225 (The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4
and 7. ...)
NOT-FOR-US: RESTful Web Services (RESTWS) Drupal cotributed module
@@ -274888,8 +275334,8 @@ CVE-2013-3325 (Adobe Flash Player before 10.3.183.86
and 11.x before 11.7.700.20
NOT-FOR-US: Adobe Flash Player
CVE-2013-3324 (Adobe Flash Player before 10.3.183.86 and 11.x before
11.7.700.202 on ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2013-3323
- RESERVED
+CVE-2013-3323 (A Privilege Escalation Vulnerability exists in IBM Maximo Asset
Manage ...)
+ TODO: check
CVE-2013-3322 (NetApp OnCommand System Manager 2.1 and earlier allows remote
attacker ...)
NOT-FOR-US: NetApp OnCommand System Manager
CVE-2013-3321 (NetApp OnCommand System Manager 2.1 and earlier allows remote
attacker ...)
@@ -276467,8 +276913,8 @@ CVE-2013-2681 (Cisco Linksys E4200 1.0.05 Build 7
devices contain a Security Byp
NOT-FOR-US: Cisco
CVE-2013-2680 (Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in
cleartex ...)
NOT-FOR-US: Cisco
-CVE-2013-2679
- RESERVED
+CVE-2013-2679 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco
Linksys E ...)
+ TODO: check
CVE-2013-2678 (Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File
Includ ...)
NOT-FOR-US: Cisco
CVE-2013-2677
@@ -299267,8 +299713,8 @@ CVE-2012-0720 (Cross-site scripting (XSS)
vulnerability in the Integration Solut
NOT-FOR-US: IBM WebSphere Application
CVE-2012-0719 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint
Manage ...)
NOT-FOR-US: IBM Tivoli Endpoint Manager
-CVE-2012-0718
- RESERVED
+CVE-2012-0718 (IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on
cookie ...)
+ TODO: check
CVE-2012-0717 (IBM WebSphere Application Server 7.0 before 7.0.0.23, when a
certain S ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-0716 (Cross-site scripting (XSS) vulnerability in the Administration
Console ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa57686d166b643ddcf5158a2dc3f00b5010e22e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa57686d166b643ddcf5158a2dc3f00b5010e22e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
