Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
81704651 by Moritz Muehlenhoff at 2020-02-20T14:08:05+01:00
NFUs, vintage nvidia bug
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -264631,7 +264631,7 @@ CVE-2013-7004 (D-Link DSR-150 with firmware before
1.08B44; DSR-150N with firmwa
CVE-2013-7003 (Multiple cross-site scripting (XSS) vulnerabilities in
LiveZilla befor ...)
NOT-FOR-US: LiveZilla
CVE-2012-6614 (D-Link DSR-250N devices before 1.08B31 allow remote
authenticated user ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2012-6613 (D-Link DSR-250N devices with firmware 1.05B73_WW allow
Persistent Root ...)
NOT-FOR-US: D-Link
CVE-2014-0365
@@ -266217,7 +266217,7 @@ CVE-2013-6871
CVE-2013-6870 (Cross-site scripting (XSS) vulnerability in Splunk Web in
Splunk befor ...)
NOT-FOR-US: Splunk Web
CVE-2012-6611 (An issue was discovered in Polycom Web Management Interface
G3/HDX 800 ...)
- TODO: check
+ NOT-FOR-US: Polycom
CVE-2012-6610 (Polycom HDX Video End Points before 3.0.4 and UC APL before
2.7.1.J al ...)
NOT-FOR-US: Polycom HDX Video End Points
CVE-2012-6609 (Directory traversal vulnerability in a_getlog.cgi in Polycom
HDX Video ...)
@@ -279849,7 +279849,7 @@ CVE-2013-1762 (stunnel 4.21 through 4.54, when
CONNECT protocol negotiation and
CVE-2013-1761
RESERVED
CVE-2013-1760 (The Bug Genie before 3.2.6 has Multiple XSS and HTML Injection
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Bug Genie
CVE-2013-1759 (Cross-site scripting (XSS) vulnerability in the Responsive Logo
Slides ...)
NOT-FOR-US: WordPress plugin responsive-logo-slideshow
CVE-2013-1758 (Cross-site scripting (XSS) vulnerability in the Marekkis
Watermark plu ...)
@@ -280466,7 +280466,7 @@ CVE-2013-1635 (ext/soap/soap.c in PHP before 5.3.22
and 5.4.x before 5.4.13 does
NOTE: open_basedir not supported
NOTE:
http://git.php.net/?p=php-src.git;a=commitdiff;h=702b436ef470cc02f8e2cc21f2fadeee42103c74
CVE-2013-1634 (A denial of service vulnerability exists in some motherboard
implement ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2013-1633 (easy_install in setuptools before 0.7 uses HTTP to retrieve
packages f ...)
- distribute <unfixed> (unimportant)
NOTE: Lack of a security feature, not a vulnerability
@@ -295425,7 +295425,7 @@ CVE-2012-2454
CVE-2012-2453
RESERVED
CVE-2012-2452 (Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx
1.x be ...)
- TODO: check
+ NOT-FOR-US: pragmaMx
CVE-2012-2450 (VMware Workstation 8.x before 8.0.3, VMware Player 4.x before
4.0.3, V ...)
NOT-FOR-US: VMware
CVE-2012-2449 (VMware Workstation 8.x before 8.0.3, VMware Player 4.x before
4.0.3, V ...)
@@ -296974,7 +296974,7 @@ CVE-2012-1934 (SQL injection vulnerability in
admin/country/edit.php in Newscoop
CVE-2012-1933 (Multiple PHP remote file inclusion vulnerabilities in Newscoop
3.5.x b ...)
- newscoop <itp> (bug #604113)
CVE-2012-1932 (A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and
earlie ...)
- TODO: check
+ NOT-FOR-US: Wolf CMS
CVE-2007-6753 (Untrusted search path vulnerability in Shell32.dll in Microsoft
Window ...)
NOT-FOR-US: Microsoft Windows
CVE-2012-1931 (Opera before 11.62 on UNIX, when used in conjunction with an
unspecifi ...)
@@ -297939,7 +297939,7 @@ CVE-2012-1502 (Double free vulnerability in the
PyPAM_conv in PAMmodule.c in PyP
CVE-2012-1501
REJECTED
CVE-2012-1500 (Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3
and Gre ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2012-1499 (The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows
remote attac ...)
- openjpeg <not-affected> (vulnerable code introduced after 1.3)
CVE-2012-1498 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Webfolio ...)
@@ -299224,7 +299224,7 @@ CVE-2012-0953
CVE-2012-0952
RESERVED
CVE-2012-0951 (A Memory Corruption Vulnerability exists in NVIDIA Graphics
Drivers 29 ...)
- TODO: check
+ - nvidia-graphics-drivers 295.53-1
CVE-2012-0950 (The Apport hook (DistUpgradeApport.py) in Update Manager, as
used by U ...)
- update-manager <not-affected> (Ubuntu-specific)
CVE-2012-0949 (The Apport hook in Update Manager as used by Ubuntu 12.04 LTS,
11.10, ...)
@@ -306811,7 +306811,7 @@ CVE-2011-3338
CVE-2011-3337 (eEye Audit ID 2499 in eEye Digital Security Audits 2406 through
2423 f ...)
NOT-FOR-US: eEye Digital Security Audits
CVE-2011-3336 (regcomp in the BSD implementation of libc is vulnerable to
denial of s ...)
- TODO: check
+ NOT-FOR-US: BSD
CVE-2011-3335
RESERVED
CVE-2011-3334
@@ -309811,7 +309811,7 @@ CVE-2011-2345 (The NPAPI implementation in Google
Chrome before 12.0.742.112 doe
CVE-2011-2344 (Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a
cleartext H ...)
NOT-FOR-US: Android SDK
CVE-2011-2343 (The Bluetooth stack in Android before 2.3.6 allows a physically
proxim ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2011-2341 (WebKit, as used in Apple iTunes before 10.5, allows
man-in-the-middle ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
CVE-2011-2340
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8170465163037bbdeb181f91474f6a1497244d0d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8170465163037bbdeb181f91474f6a1497244d0d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
