Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a168e0b9 by Moritz Muehlenhoff at 2020-03-24T08:30:59+01:00
"new" ruby issue, "new" bitcoin issues, NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -84529,7 +84529,7 @@ CVE-2018-18808 (The domain management component of 
TIBCO Software Inc.'s TIBCO J
 CVE-2018-18807 (The web application of the TIBCO Statistica component of TIBCO 
Softwar ...)
        NOT-FOR-US: TIBCO
 CVE-2017-18350 (bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based 
buffer over ...)
-       TODO: check
+       - bitcoin 0.15.1~dfsg-1
 CVE-2018-19132 (Squid before 4.4, when SNMP is enabled, allows a denial of 
service (Me ...)
        {DLA-1596-1}
        - squid 4.4-1 (low; bug #912294)
@@ -99497,13 +99497,13 @@ CVE-2018-13065 (** DISPUTED ** ModSecurity 3.0.0 has 
XSS via an onerror attribut
 CVE-2018-13064
        RESERVED
 CVE-2018-13063 (Easy!Appointments 1.3.0 has a Missing Authorization issue 
allowing ret ...)
-       TODO: check
+       NOT-FOR-US: Easy!Appointments
 CVE-2018-13062
        RESERVED
 CVE-2018-13061
        RESERVED
 CVE-2018-13060 (Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue. ...)
-       TODO: check
+       NOT-FOR-US: Easy!Appointments
 CVE-2018-13059
        RESERVED
 CVE-2018-13058
@@ -106455,7 +106455,7 @@ CVE-2018-10706 (An integer overflow in the 
transferMulti function of a smart con
 CVE-2018-10705 (The Owned smart contract implementation for Aurora DAO (AURA), 
an Ethe ...)
        NOT-FOR-US: Aurora DAD
 CVE-2018-10704 (yidashi yii2cmf 2.0 has XSS via the /search q parameter. ...)
-       TODO: check
+       NOT-FOR-US: yidashi yii2cmf
 CVE-2018-10703 (An issue was discovered on Moxa AWK-3121 1.14 devices. It 
provides fun ...)
        NOT-FOR-US: Moxa
 CVE-2018-10702 (An issue was discovered on Moxa AWK-3121 1.14 devices. It 
provides fun ...)
@@ -107930,7 +107930,7 @@ CVE-2018-10126 (LibTIFF 4.0.9 has a NULL pointer 
dereference in the jpeg_fdct_16
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2786
        NOTE: Crash in CLI tool, no security impact
 CVE-2018-10125 (Contao before 4.5.7 has XSS in the system log. ...)
-       TODO: check
+       NOT-FOR-US: Contao
 CVE-2018-10123 (p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote 
attackers to r ...)
        NOT-FOR-US: p910nd on Inteno IOPSYS
 CVE-2018-10122 (QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka 
chanzhi ...)
@@ -150488,7 +150488,7 @@ CVE-2017-12843 (Cyrus IMAP before 3.0.3 allows remote 
authenticated users to wri
        - cyrus-imapd-2.4 <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://github.com/cyrusimap/cyrus-imapd/commit/d734a23122155f3522a8cb6aef118223aa73cde0
 CVE-2017-12842 (Bitcoin Core before 0.14 allows an attacker to create an 
ostensibly va ...)
-       TODO: check
+       - bitcoin 0.14.2~dfsg-1~exp2
 CVE-2017-12841
        RESERVED
 CVE-2017-12840 (A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ 
client  ...)
@@ -156002,7 +156002,7 @@ CVE-2017-10994 (Foxit Reader before 8.3.1 and 
PhantomPDF before 8.3.1 have an Ar
 CVE-2017-10993 (Contao before 3.5.28 and 4.x before 4.4.1 allows remote 
attackers to i ...)
        NOT-FOR-US: Contao
 CVE-2017-10992 (In HPE Storage Essentials 9.5.0.142, there is Unauthenticated 
Java Des ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2017-10991 (The WP Statistics plugin through 12.0.9 for WordPress has XSS 
in the r ...)
        NOT-FOR-US: Wordpress plugin
 CVE-2017-10990
@@ -196191,7 +196191,7 @@ CVE-2016-6920 (Heap-based buffer overflow in the 
decode_block function in libavc
 CVE-2016-6919
        RESERVED
 CVE-2016-6918 (Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote 
attacke ...)
-       TODO: check
+       NOT-FOR-US: Lexmark
 CVE-2016-6917 (Buffer overflow in nvhost_job.c in the NVIDIA video driver for 
Android ...)
        NOT-FOR-US: Nvidia driver for Android
 CVE-2016-6916 (Integer overflow in nvhost_job.c in the NVIDIA video driver for 
Androi ...)
@@ -211188,7 +211188,10 @@ CVE-2016-2339 (An exploitable heap overflow 
vulnerability exists in the Fiddle::
        NOTE: Fixed by: 
https://github.com/ruby/ruby/commit/de577357e80fa15f5cf13a81aa3decc783ea929e
        NOTE: Fixed by: 
https://github.com/ruby/ruby/commit/4977af3c3d54d27167bfc237f1b2802c40bddc10
 CVE-2016-2338 (An exploitable heap overflow vulnerability exists in the 
Psych::Emitte ...)
-       TODO: check
+       - ruby2.3 2.3.0-1
+       - ruby2.1 <removed>
+       NOTE: https://talosintelligence.com/reports/TALOS-2016-0032
+       NOTE: 
https://git.ruby-lang.org/ruby.git/commit/?id=db48c307944a9a18877236bdf9e9b778875f38ed
 CVE-2016-2337 (Type confusion exists in _cancel_eval Ruby's TclTkIp class 
method. Att ...)
        {DLA-1480-1}
        - ruby2.3 2.3.0-1
@@ -233071,7 +233074,7 @@ CVE-2015-3643 (usb-creator before 0.2.38.3ubuntu0.1 
on Ubuntu 12.04 LTS, before
 CVE-2015-3642 (The TLS and DTLS processing functionality in Citrix NetScaler 
Applicat ...)
        NOT-FOR-US: Citrix
 CVE-2015-3641 (bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to 
cause a den ...)
-       TODO: check
+       - bitcoin 0.10.2-1
 CVE-2015-3640 (phpMyBackupPro 2.5 and earlier does not properly escape the "." 
charac ...)
        NOT-FOR-US: phpMyBackupPro
 CVE-2015-3639 (phpMyBackupPro 2.5 and earlier does not properly sanitize input 
string ...)
@@ -262230,11 +262233,11 @@ CVE-2014-2725
 CVE-2014-2724
        RESERVED
 CVE-2014-2723 (In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific 
remote  ...)
-       TODO: check
+       NOT-FOR-US: Fortinet
 CVE-2014-2722 (In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific 
remote  ...)
-       TODO: check
+       NOT-FOR-US: Fortinet
 CVE-2014-2721 (In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific 
remote  ...)
-       TODO: check
+       NOT-FOR-US: Fortinet
 CVE-2014-2720 (IZArc 4.1.8 displays a file's name on the basis of a ZIP 
archive's Cen ...)
        NOT-FOR-US: IZArc Archiver
 CVE-2014-2719 (Advanced_System_Content.asp in the ASUS RT series routers with 
firmwar ...)
@@ -274972,7 +274975,7 @@ CVE-2013-5108 (Multiple cross-site scripting (XSS) 
vulnerabilities in the xn fun
 CVE-2013-5107 (Directory traversal vulnerability in RockMongo 1.1.5 and 
earlier allow ...)
        - rockmongo <itp> (bug #702961)
 CVE-2013-5106 (A Code Execution vulnerability exists in select.py when using 
python-m ...)
-       TODO: check
+       NOT-FOR-US: python vim mode, different from src:python-mode, which is 
for a nicer editor
 CVE-2013-5105
        RESERVED
 CVE-2013-5104
@@ -279061,7 +279064,7 @@ CVE-2013-3630 (Moodle through 2.5.2 allows remote 
authenticated administrators t
 CVE-2013-3629 (ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution ...)
        NOT-FOR-US: ISPConfig
 CVE-2013-3628 (Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability 
...)
-       TODO: check
+       NOTE: Historic Zabbix issue
 CVE-2013-3627 (FrameworkService.exe in McAfee Framework Service in McAfee 
Managed Age ...)
        NOT-FOR-US: McAfee
 CVE-2013-3626 (Directory traversal vulnerability in the Session Server in 
Attachmate  ...)
@@ -311207,7 +311210,7 @@ CVE-2011-3271 (Unspecified vulnerability in the Smart 
Install functionality in C
 CVE-2011-3270 (Unspecified vulnerability in Cisco IOS 12.2SB before 
12.2(33)SB10 and  ...)
        NOT-FOR-US: Cisco
 CVE-2011-3269 (Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 
2011-11-15 allo ...)
-       TODO: check
+       NOT-FOR-US: Lexmark
 CVE-2011-3268 (Buffer overflow in the crypt function in PHP before 5.3.7 
allows conte ...)
        - php5 5.3.8-1
        [squeeze] - php5 <not-affected> (Only affected 5.3.7)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a168e0b900a8d50743d89d8b235562fa7d71ef9c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a168e0b900a8d50743d89d8b235562fa7d71ef9c
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to