[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ba5a49ae by Salvatore Bonaccorso at 2024-03-09T17:50:49+01:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -416,7 +416,7 @@ CVE-2024-27923 (Grav is a content management system (CMS). Prior to version 1.7. CVE-2024-27922 (TOMP Bare Server implements the TompHTTP bare server. A vulnerability ...) NOT-FOR-US: TOMP Bare Server CVE-2024-27918 (Coder allows oragnizations to provision remote development environment ...) - TODO: check + NOT-FOR-US: Coder CVE-2024-26566 (An issue in Cute Http File Server v.3.1 allows a remote attacker to es ...) NOT-FOR-US: Cute Http File Server CVE-2024-24389 (A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba5a49ae512d4b9cad42fdee292860c7bb23a560 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba5a49ae512d4b9cad42fdee292860c7bb23a560 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 791b7fc1 by Salvatore Bonaccorso at 2023-12-23T20:53:08+01:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -91264,7 +91264,7 @@ CVE-2022-39339 (user_oidc is an OpenID Connect user backend for Nextcloud. In ve CVE-2022-39338 (user_oidc is an OpenID Connect user backend for Nextcloud. Versions pr ...) NOT-FOR-US: Nextcloud addon CVE-2022-39337 (Hertzbeat is an open source, real-time monitoring system with custom-m ...) - TODO: check + NOT-FOR-US: Hertzbeat CVE-2022-39336 RESERVED CVE-2022-39335 (Synapse is an open-source Matrix homeserver written and maintained by ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/791b7fc19a07e217d533f8cd4de55dce432e9e72 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/791b7fc19a07e217d533f8cd4de55dce432e9e72 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0a21633b by Salvatore Bonaccorso at 2023-03-26T21:13:41+02:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1359,7 +1359,7 @@ CVE-2023-28466 (do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel thro CVE-2023-28449 RESERVED CVE-2023-28448 (Versionize is a framework for version tolerant serializion/deserializa ...) - TODO: check + NOT-FOR-US: Versionize (firecracker-microvm / framework for version tolerant serializion/deserialization of Rust data structures) CVE-2023-28447 RESERVED CVE-2023-28446 (Deno is a simple, modern and secure runtime for JavaScript and TypeScr ...) @@ -14833,7 +14833,7 @@ CVE-2023-23709 CVE-2023-23708 RESERVED CVE-2023-23707 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23706 RESERVED CVE-2023-23705 @@ -28320,13 +28320,13 @@ CVE-2022-45639 (** DISPUTED ** OS Command injection vulnerability in sleuthkit f CVE-2022-45638 RESERVED CVE-2022-45637 (An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Ap ...) - TODO: check + NOT-FOR-US: MEGAFEIS CVE-2022-45636 (An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & ...) - TODO: check + NOT-FOR-US: MEGAFEIS CVE-2022-45635 (An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & ...) - TODO: check + NOT-FOR-US: MEGAFEIS CVE-2022-45634 (An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & ...) - TODO: check + NOT-FOR-US: MEGAFEIS CVE-2022-45633 RESERVED CVE-2022-45632 @@ -30493,9 +30493,9 @@ CVE-2022-45006 CVE-2022-45005 (IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injec ...) NOT-FOR-US: IP-COM EW9 CVE-2022-45004 (Gophish through 0.12.1 was discovered to contain a cross-site scriptin ...) - TODO: check + NOT-FOR-US: Gophish CVE-2022-45003 (Gophish through 0.12.1 allows attackers to cause a Denial of Service ( ...) - TODO: check + NOT-FOR-US: Gophish CVE-2022-45002 RESERVED CVE-2022-45001 @@ -31059,7 +31059,7 @@ CVE-2022-44744 (Local privilege escalation due to DLL hijacking vulnerability. T CVE-2022-44743 RESERVED CVE-2022-44742 (Auth. (admin+) Stored Cross-Site Scripting vulnerability in Yannick Le ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-44741 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2022-44740 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative ...) @@ -31827,229 +31827,229 @@ CVE-2023-21081 CVE-2023-21080 RESERVED CVE-2023-21079 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21078 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21077 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21076 (In createTransmitFollowupRequest of nan.cpp, there is a possible out o ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21075 (In get_svc_hash of nan.cpp, there is a possible out of bounds write du ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21074 RESERVED CVE-2023-21073 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21072 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21071 (In dhd_prot_ioctcmplt_process of dhd_msgbuf.c, there is a possible out ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21070 (In add_roam_cache_list of wl_roam.c, there is a possible out of bounds ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21069 (In wl_update_hidden_ap_ie of wl_cfgscan.c, there is a possible out of ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21068 (In (TBD) of (TBD), there is a possible way to boot with a hidden debug ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21067 (Product: AndroidVersions: Android kernelAndroid ID: A-254114726Referen ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21066 RESERVED CVE-2023-21065 (In fdt_next_tag of fdt.c, there is a possible out of bounds write due ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21064 (In DoSetPinControl of miscservice.cpp, there is a possible out of boun ...) - TODO: check + NOT-FOR-US:
[Git][security-tracker-team/security-tracker][master] Process NFU
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 95db19c8 by Neil Williams at 2022-05-06T10:09:15+01:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -65130,7 +65130,7 @@ CVE-2021-3530 (A flaw was discovered in GNU libiberty within demangle_path() in CVE-2021-32011 RESERVED CVE-2021-32010 (Inadequate Encryption Strength vulnerability in TLS stack of Secomea S ...) - TODO: check + NOT-FOR-US: Secomea CVE-2021-32009 (Cross-site Scripting (XSS) vulnerability in firmware section of Secome ...) NOT-FOR-US: Secomea GateManager CVE-2021-32008 (This issue affects: Secomea GateManager Version 9.6.621421014 and all ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95db19c85337bc11badf7660e97e7f98dd18175d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95db19c85337bc11badf7660e97e7f98dd18175d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: d73936b9 by Neil Williams at 2022-03-04T09:23:03+00:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25272,7 +25272,7 @@ CVE-2021-42769 CVE-2021-42768 RESERVED CVE-2021-42767 (A directory traversal vulnerability in the Apoc plugins in Neo4J Graph ...) - TODO: check + NOT-FOR-US: neo4j-apoc-procedures CVE-2021-42766 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-1 ...) NOT-FOR-US: Proof-of-Stake (PoS) Ethereum consensus protocol CVE-2021-42765 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d73936b9ba42379e6ae5d6030eeabccd264a8fc7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d73936b9ba42379e6ae5d6030eeabccd264a8fc7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 842c61de by Neil Williams at 2022-03-04T09:07:19+00:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -39683,7 +39683,7 @@ CVE-2021-37506 CVE-2021-37505 RESERVED CVE-2021-37504 (A cross-site scripting (XSS) vulnerability in the fileNameStr paramete ...) - TODO: check + NOT-FOR-US: hayageek/jquery-upload-file CVE-2021-37503 RESERVED CVE-2021-37502 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/842c61de43ba5796196a6891c1ca10792562738c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/842c61de43ba5796196a6891c1ca10792562738c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU in Node karma-runner/karma
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: eaf2d58d by Neil Williams at 2022-03-04T08:54:18+00:00 Process NFU in Node karma-runner/karma - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -74481,7 +74481,7 @@ CVE-2021-23497 (This affects the package @strikeentco/set before 1.0.2. It allow CVE-2021-23496 RESERVED CVE-2021-23495 (The package karma before 6.3.16 are vulnerable to Open Redirect due to ...) - TODO: check + NOT-FOR-US: Node karma-runner/karma CVE-2021-23494 RESERVED CVE-2021-23493 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eaf2d58d3cca3efab26becc4f4f7a4b9b357f8c0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eaf2d58d3cca3efab26becc4f4f7a4b9b357f8c0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: c6772704 by Neil Williams at 2022-01-28T11:42:08+00:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10700,7 +10700,7 @@ CVE-2021-44794 (Single Connect does not perform an authorization check when usin CVE-2021-44793 (Single Connect does not perform an authorization check when using the ...) TODO: check CVE-2021-44792 (Single Connect does not perform an authorization check when using the ...) - TODO: check + NOT-FOR-US: Kron Single Connect CVE-2021-44791 RESERVED CVE-2021-44790 (A carefully crafted request body can cause a buffer overflow in the mo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6772704c1e92281aaf56631390866b59cf890a7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6772704c1e92281aaf56631390866b59cf890a7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 7e36b97a by Neil Williams at 2022-01-26T08:31:42+00:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -61,7 +61,7 @@ CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command CVE-2021-46559 (The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm ...) TODO: check CVE-2019-25056 (In Bromite through 78.0.3904.130, there are adblock rules in the relea ...) - TODO: check + NOT-FOR-US: Bromite CVE-2022-23947 RESERVED CVE-2022-23946 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e36b97aa851300e407d3192d77ac33cfa59d6f7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e36b97aa851300e407d3192d77ac33cfa59d6f7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d08647e5 by Salvatore Bonaccorso at 2022-01-12T20:57:34+01:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -435,7 +435,7 @@ CVE-2022-0181 CVE-2022-0180 RESERVED CVE-2022-0179 (snipe-it is vulnerable to Improper Access Control ...) - TODO: check + NOT-FOR-US: snipe-it CVE-2022-0178 RESERVED CVE-2022-0177 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d08647e5e91df2f6efe6846b9477b6b0de5668cb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d08647e5e91df2f6efe6846b9477b6b0de5668cb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 8d37ef31 by Neil Williams at 2021-11-18T09:45:20+00:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -74122,7 +74122,7 @@ CVE-2020-27677 CVE-2020-27676 RESERVED CVE-2021-0200 (Out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series C ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-0199 (Improper input validation in the firmware for the Intel(R) Ethernet Ne ...) NOT-FOR-US: Intel CVE-2021-0198 (Improper access control in the firmware for the Intel(R) Ethernet Netw ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d37ef3162129fc072be6c8093c7cca6cd1c8797 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d37ef3162129fc072be6c8093c7cca6cd1c8797 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 907a09e2 by Neil Williams at 2021-11-02T15:04:47+00:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -43184,7 +43184,7 @@ CVE-2021-25975 CVE-2021-25974 RESERVED CVE-2021-25973 (In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Cont ...) - TODO: check + NOT-FOR-US: Publify CVE-2021-25972 (In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-S ...) NOT-FOR-US: Camaleon CMS CVE-2021-25971 (In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/907a09e24a427c7dd0f688ae98b588924e4fab39 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/907a09e24a427c7dd0f688ae98b588924e4fab39 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 69f1386c by Neil Williams at 2021-09-28T11:25:36+01:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -456,7 +456,7 @@ CVE-2021-41560 CVE-2021-41559 RESERVED CVE-2021-41558 (The set_user extension module before 3.0.0 for PostgreSQL allows Proce ...) - TODO: check + NOT-FOR-US: set_user extension for Postgres CVE-2021-41557 RESERVED CVE-2021-41556 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69f1386c321e710b8cac2d38a9fe7a86d22cc4a7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69f1386c321e710b8cac2d38a9fe7a86d22cc4a7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 728417e9 by Neil Williams at 2021-09-28T08:51:44+01:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -446,7 +446,7 @@ CVE-2021-3824 (OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers CVE-2021-3823 RESERVED CVE-2021-3822 (jsoneditor is vulnerable to Inefficient Regular Expression Complexity ...) - TODO: check + NOT-FOR-US: jsoneditor CVE-2021-41560 RESERVED CVE-2021-41559 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/728417e9fb5437a900b2a4cdf111fbf82e1e12fe -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/728417e9fb5437a900b2a4cdf111fbf82e1e12fe You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a589c55c by Salvatore Bonaccorso at 2021-09-20T22:28:59+02:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1861,7 +1861,7 @@ CVE-2021-40676 CVE-2021-40675 RESERVED CVE-2021-40674 (An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyV ...) - TODO: check + NOT-FOR-US: Wuzhi CMS CVE-2021-40673 RESERVED CVE-2021-40672 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a589c55c58e463ce88c1d564921056261661087e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a589c55c58e463ce88c1d564921056261661087e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU Eclipse Keti IoT
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: b53e832a by Neil Williams at 2021-09-09T11:51:36+01:00 Process NFU Eclipse Keti IoT - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18315,9 +18315,9 @@ CVE-2021-32837 CVE-2021-32836 (ZStack is open source IaaS(infrastructure as a service) software. In Z ...) NOT-FOR-US: ZStack CVE-2021-32835 (Eclipse Keti is a service that was designed to protect RESTfuls API us ...) - TODO: check + NOT-FOR-US: Eclipse Keti CVE-2021-32834 (Eclipse Keti is a service that was designed to protect RESTfuls API us ...) - TODO: check + NOT-FOR-US: Eclipse Keti CVE-2021-32833 (Emby Server is a personal media server with apps on many devices. In E ...) TODO: check CVE-2021-32832 (Rocket.Chat is an open-source fully customizable communications platfo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b53e832a98993c728ea95ee4d17840a4776e5745 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b53e832a98993c728ea95ee4d17840a4776e5745 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 4126a3e1 by Neil Williams at 2021-09-01T11:27:55+01:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -77575,7 +77575,8 @@ CVE-2020-20497 CVE-2020-20496 RESERVED CVE-2020-20495 (bludit v3.13.0 contains an arbitrary file deletion vulnerability in th ...) - TODO: check + NOT-FOR-US: bludit + NOTE: https://github.com/bludit/bludit CVE-2020-20494 RESERVED CVE-2020-20493 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4126a3e1b602d08b508f1ed03c0cf90ce37211ec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4126a3e1b602d08b508f1ed03c0cf90ce37211ec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: c13aaaec by Neil Williams at 2021-09-01T08:43:29+01:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2555,7 +2555,8 @@ CVE-2021-39178 (Next.js is a React framework. Versions of Next.js between 10.0.0 CVE-2021-39177 (Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: J ...) NOT-FOR-US: geyser CVE-2021-39176 (detect-character-encoding is a package for detecting character encodin ...) - TODO: check + NOT-FOR-US: detect-character-encoding + NOTE: NPM addon - https://github.com/sonicdoe/detect-character-encoding CVE-2021-39175 (HedgeDoc is a platform to write and share markdown. In versions prior ...) NOT-FOR-US: hedgedoc CVE-2021-39174 (Cachet is an open source status page system. Prior to version 2.5.1, a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c13aaaec297828cc5cf3da41ebba170e1a6e776b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c13aaaec297828cc5cf3da41ebba170e1a6e776b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4124e9ed by Salvatore Bonaccorso at 2021-02-19T21:18:08+01:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13323,7 +13323,7 @@ CVE-2021-21514 CVE-2021-21513 RESERVED CVE-2021-21512 (Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an In ...) - TODO: check + NOT-FOR-US: EMC CVE-2021-21511 (Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Aut ...) NOT-FOR-US: EMC Avamar Server CVE-2021-21510 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4124e9ed30208b0db28bda8b4b2fb48c31a94db4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4124e9ed30208b0db28bda8b4b2fb48c31a94db4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ca7a2537 by Salvatore Bonaccorso at 2021-01-30T17:14:05+01:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18274,7 +18274,7 @@ CVE-2020-29559 CVE-2020-29558 RESERVED CVE-2020-29557 (An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 bef ...) - TODO: check + NOT-FOR-US: D-Link CVE-2020-29556 RESERVED CVE-2020-29555 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca7a25371d192dabc7416d0ab52455c1b8131b96 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca7a25371d192dabc7416d0ab52455c1b8131b96 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 28d935e5 by Salvatore Bonaccorso at 2020-11-25T21:29:55+01:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,7 +5,7 @@ CVE-2020-29072 (A Cross-Site Script Inclusion vulnerability was found on LiquidF CVE-2020-29071 (An XSS issue was found in the Shares feature of LiquidFiles before 3.3 ...) NOT-FOR-US: LiquidFiles CVE-2020-29070 (osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user en ...) - TODO: check + NOT-FOR-US: osCommerce CVE-2020-29069 (_get_flag_ip_localdb in server/mhn/ui/utils.py in Modern Honey Network ...) NOT-FOR-US: Modern Honey Network CVE-2020-29068 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28d935e599190b229878478778346e790c14d5c6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28d935e599190b229878478778346e790c14d5c6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 06242b04 by Salvatore Bonaccorso at 2020-09-20T10:49:33+02:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,7 +13,7 @@ CVE-2020-25787 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 202 NOTE: https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799 NOTE: https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef CVE-2020-25786 (** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L ...) - TODO: check + NOT-FOR-US: D-Link CVE-2020-25785 RESERVED CVE-2020-25784 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06242b04f07793b82c234eb53ea6c9d4b4ba9164 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06242b04f07793b82c234eb53ea6c9d4b4ba9164 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e28f964f by Salvatore Bonaccorso at 2020-07-13T22:58:58+02:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -83979,7 +83979,7 @@ CVE-2019-4593 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 generates an error message that CVE-2019-4592 (IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow ...) NOT-FOR-US: IBM CVE-2019-4591 (IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate sessio ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4590 RESERVED CVE-2019-4589 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e28f964f62baee9dbc2a5f8023b0f6941c6c21d9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e28f964f62baee9dbc2a5f8023b0f6941c6c21d9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 364afdd4 by Salvatore Bonaccorso at 2020-05-25T07:35:28+02:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2,7 +2,7 @@ CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datas - grafana NOTE: https://github.com/grafana/grafana/pull/24539 CVE-2020-13429 (legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1. ...) - TODO: check + NOT-FOR-US: piechart-panel plugin for Grafana CVE-2020-13428 RESERVED CVE-2020-13427 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/364afdd46a6a89deefe4de2bd26879e482e53543 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/364afdd46a6a89deefe4de2bd26879e482e53543 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU for Keycloak
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f60aa738 by Salvatore Bonaccorso at 2020-05-08T09:12:44+02:00 Process NFU for Keycloak - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29123,6 +29123,7 @@ CVE-2020-1725 RESERVED CVE-2020-1724 RESERVED + NOT-FOR-US: Keycloak CVE-2020-1723 RESERVED CVE-2020-1722 (A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending ...) @@ -29223,6 +29224,7 @@ CVE-2020-1699 (A path traversal flaw was found in the Ceph dashboard implemented NOTE: https://github.com/ceph/ceph/commit/0443e40c11280ba3b7efcba61522afa70c4f8158 CVE-2020-1698 RESERVED + NOT-FOR-US: Keycloak CVE-2020-1697 (It was found in all keycloak versions before 9.0.0 that links to exter ...) NOT-FOR-US: Keycloak CVE-2020-1696 (A flaw was found in the all pki-core 10.x.x versions, where Token Proc ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f60aa738bcf106c2483f4059c77ee64fa40758bf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f60aa738bcf106c2483f4059c77ee64fa40758bf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a89b07c by Salvatore Bonaccorso at 2020-03-08T09:14:29+01:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2020-10220 (An issue was discovered in rConfig through 3.9.4. The web interface is ...) - TODO: check + NOT-FOR-US: rConfig CVE-2020-10219 RESERVED CVE-2020-10218 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a89b07c36561d950b99b33c42783dc9037a15fa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a89b07c36561d950b99b33c42783dc9037a15fa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: acf5984e by Salvatore Bonaccorso at 2020-02-21T10:01:51+01:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,11 +11,11 @@ CVE-2020-9322 CVE-2020-9321 RESERVED CVE-2020-9320 (Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a ...) - TODO: check + NOT-FOR-US: Avira CVE-2020-9319 RESERVED CVE-2020-9318 (Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative us ...) - TODO: check + NOT-FOR-US: Red Gate SQL Monitor CVE-2020-9317 RESERVED CVE-2020-9316 @@ -650,7 +650,7 @@ CVE-2020-9017 CVE-2020-9016 (Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, ...) - dolibarr CVE-2020-9015 (Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7 ...) - TODO: check + NOT-FOR-US: Arista devices CVE-2020-9014 RESERVED CVE-2020-9013 (Arvato Skillpipe 3.0 allows attackers to bypass intended print restric ...) @@ -749,7 +749,7 @@ CVE-2020-8991 (vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanag NOTE: https://sourceware.org/git/?p=lvm2.git;a=commit;h=bcf9556b8fcd16ad8997f80cc92785f295c66701 NOTE: 2.03.00 upstream removed lvmetad (and the still vulnerable code) CVE-2020-8990 (Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow ...) - TODO: check + NOT-FOR-US: Western Digital My Cloud Home CVE-2020-8989 (In the Voatz application 2020-01-01 for Android, the amount of data tr ...) NOT-FOR-US: Voatz application for Android CVE-2020-8988 (The Voatz application 2020-01-01 for Android allows only 100 million d ...) @@ -809,7 +809,7 @@ CVE-2020-8962 (A stack-based buffer overflow was found on the D-Link DIR-842 REV CVE-2020-8961 RESERVED CVE-2020-8960 (Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. ...) - TODO: check + NOT-FOR-US: Western Digital mycloud.com CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 all ...) NOT-FOR-US: Western Digital CVE-2020-8958 @@ -5227,7 +5227,7 @@ CVE-2020-6979 CVE-2020-6978 RESERVED CVE-2020-6977 (A restricted desktop environment escape vulnerability exists in the Ki ...) - TODO: check + NOT-FOR-US: GE CVE-2020-6976 RESERVED CVE-2020-6975 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...) @@ -5245,7 +5245,7 @@ CVE-2020-6970 (A Heap-based Buffer Overflow was found in Emerson OpenEnterprise CVE-2020-6969 (It is possible to unmask credentials and other sensitive information o ...) NOT-FOR-US: AutomationDirect CVE-2020-6968 (Honeywell INNCOM INNControl 3 allows workstation users to escalate app ...) - TODO: check + NOT-FOR-US: Honeywell CVE-2020-6967 RESERVED CVE-2020-6966 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) @@ -13260,9 +13260,9 @@ CVE-2020-3767 CVE-2020-3766 RESERVED CVE-2020-3765 (Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3764 (Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds wr ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3763 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3762 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) @@ -14922,7 +14922,7 @@ CVE-2019-19743 (On D-Link DIR-615 devices, a normal user is able to create a roo CVE-2019-19742 (On D-Link DIR-615 devices, the User Account Configuration page is vuln ...) NOT-FOR-US: D-Link CVE-2019-19741 (Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege ...) - TODO: check + NOT-FOR-US: Electronic Arts Origin CVE-2019-19740 (Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignI ...) NOT-FOR-US: Octeth Oempro CVE-2019-19739 (MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag o ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/acf5984e2e29b8617b67bb7ab958adace4ec345c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/acf5984e2e29b8617b67bb7ab958adace4ec345c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU for wordpress plugin
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a311344b by Salvatore Bonaccorso at 2020-02-14T21:20:11+01:00 Process NFU for wordpress plugin - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -877,7 +877,7 @@ CVE-2020-8596 (participants-database.php in the Participants Database plugin 1.9 CVE-2020-8595 (Istio 1.3 through 1.4.3 allows authentication bypass. The Authenticati ...) NOT-FOR-US: itsio CVE-2020-8594 (The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vu ...) - TODO: check + NOT-FOR-US: Ninja Forms plugin for WordPress CVE-2020-8593 RESERVED CVE-2020-8592 (eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a311344ba87a64b15e2a683c38e266323de7fa47 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a311344ba87a64b15e2a683c38e266323de7fa47 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f7c4e94 by Salvatore Bonaccorso at 2020-01-24T09:41:52+01:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,17 +9,17 @@ CVE-2020-7943 CVE-2020-7942 RESERVED CVE-2020-7941 (A privilege escalation issue in plone.app.contenttypes in Plone 4.3 th ...) - TODO: check + NOT-FOR-US: Plone CVE-2020-7940 (Missing password strength checks on some forms in Plone 4.3 through 5. ...) - TODO: check + NOT-FOR-US: Plone CVE-2020-7939 (SQL Injection in DTML or in connection objects in Plone 4.0 through 5. ...) - TODO: check + NOT-FOR-US: Plone CVE-2020-7938 (plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain ...) - TODO: check + NOT-FOR-US: Plone CVE-2020-7937 (An XSS issue in the title field in Plone 5.0 through 5.2.1 allows user ...) - TODO: check + NOT-FOR-US: Plone CVE-2020-7936 (An open redirect on the login form (and possibly other places) in Plon ...) - TODO: check + NOT-FOR-US: Plone CVE-2020-7935 RESERVED CVE-2020-7934 @@ -4148,7 +4148,7 @@ CVE-2020-6009 CVE-2020-6008 RESERVED CVE-2020-6007 (Philips Hue Bridge model 2.X prior to and including version 1935144020 ...) - TODO: check + NOT-FOR-US: Philips Hue Bridge model CVE-2020-6006 RESERVED CVE-2020-6005 @@ -9527,17 +9527,17 @@ CVE-2019-19900 (An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and CVE-2019-19899 (Pebble Templates 3.1.2 allows attackers to bypass a protection mechani ...) NOT-FOR-US: Pebble Templates CVE-2019-19898 (In IXP EasyInstall 6.2.13723, there are cleartext credentials in netwo ...) - TODO: check + NOT-FOR-US: IXP EasyInstall CVE-2019-19897 (In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the A ...) - TODO: check + NOT-FOR-US: IXP EasyInstall CVE-2019-19896 (In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak ...) - TODO: check + NOT-FOR-US: IXP EasyInstall CVE-2019-19895 (In IXP EasyInstall 6.2.13723, there is Lateral Movement (using the Age ...) - TODO: check + NOT-FOR-US: IXP EasyInstall CVE-2019-19894 (In IXP EasyInstall 6.2.13723, it is possible to temporarily disable UA ...) - TODO: check + NOT-FOR-US: IXP EasyInstall CVE-2019-19893 (In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port ...) - TODO: check + NOT-FOR-US: IXP EasyInstall CVE-2019-19892 RESERVED CVE-2019-19891 (An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 ...) @@ -277039,7 +277039,7 @@ CVE-2013-1595 CVE-2013-1594 RESERVED CVE-2013-1593 (A Denial of Service vulnerability exists in the WRITE_C function in th ...) - TODO: check + NOT-FOR-US: SAP CVE-2013-1592 (A Buffer Overflow vulnerability exists in the Message Server service _ ...) NOT-FOR-US: SAP CVE-2013-1591 (Stack-based buffer overflow in libpixman, as used in Pale Moon before ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9f7c4e94374179b054749547a622601325a1b0c8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9f7c4e94374179b054749547a622601325a1b0c8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 05ffe114 by Salvatore Bonaccorso at 2019-12-18T08:21:11Z Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -31480,7 +31480,7 @@ CVE-2019-11659 CVE-2019-11658 (Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 ...) NOT-FOR-US: Micro Focus CVE-2019-11657 (Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight L ...) - TODO: check + NOT-FOR-US: Micro Focus CVE-2019-11656 (Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versi ...) NOT-FOR-US: Micro Focus CVE-2019-11655 (Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, ...) @@ -63524,9 +63524,9 @@ CVE-2019-0386 (Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.0 CVE-2019-0385 (SAP Enable Now, before version 1908, does not sufficiently encode user ...) NOT-FOR-US: SAP CVE-2019-0384 (Transaction Management in SAP Treasury and Risk Management (corrected ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0383 (Transaction Management in SAP Treasury and Risk Management (corrected ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0382 (A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Bus ...) NOT-FOR-US: SAP CVE-2019-0381 (A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, be ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05ffe11429778dff3d16545b3f312ae1b97853c3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05ffe11429778dff3d16545b3f312ae1b97853c3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 09daaaf2 by Salvatore Bonaccorso at 2019-11-09T21:10:30Z Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2019-18845 (The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 ...) - TODO: check + NOT-FOR-US: Patriot Viper RGB CVE-2019-18844 RESERVED CVE-2019-18843 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/09daaaf29888d2eccbbd59db1d21018ae0501e0d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/09daaaf29888d2eccbbd59db1d21018ae0501e0d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d4adfbc0 by Salvatore Bonaccorso at 2019-11-07T20:11:27Z Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -45373,7 +45373,7 @@ CVE-2019-3766 (Dell EMC ECS versions prior to 3.4.0.0 contain an improper restri CVE-2019-3765 (Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and ...) NOT-FOR-US: EMC CVE-2019-3764 (Dell EMC iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior ...) - TODO: check + NOT-FOR-US: EMC CVE-2019-3763 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...) NOT-FOR-US: RSA CVE-2019-3762 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4adfbc05c5bb78eacc253d62e4ad36eacfe7ffa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4adfbc05c5bb78eacc253d62e4ad36eacfe7ffa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3a04a1f4 by Salvatore Bonaccorso at 2019-11-04T20:18:44Z Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -53480,7 +53480,7 @@ CVE-2019-0352 (In SAP Business Objects Business Intelligence Platform, before ve CVE-2019-0351 (A remote code execution vulnerability exists in the SAP NetWeaver UDDI ...) NOT-FOR-US: SAP CVE-2019-0350 (SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0349 (SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7. ...) NOT-FOR-US: SAP CVE-2019-0348 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence), ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a04a1f4ea7a6d33a76fdd619a90ce9b96b144d0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a04a1f4ea7a6d33a76fdd619a90ce9b96b144d0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 246bc7c6 by Salvatore Bonaccorso at 2019-10-05T20:33:31Z Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,7 +3,7 @@ CVE-2019-17199 (www/getfile.php in WPO WebPageTest 19.04 on Windows allows Direc CVE-2019-17198 RESERVED CVE-2019-17197 (OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic f ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2019-17196 RESERVED CVE-2019-17195 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/246bc7c662867e3da643bf8d2af0fd2839b4b357 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/246bc7c662867e3da643bf8d2af0fd2839b4b357 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 53b5e30d by Salvatore Bonaccorso at 2019-09-22T08:26:55Z Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,7 +9,7 @@ CVE-2019-16679 (Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversa CVE-2019-16678 (admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant deni ...) NOT-FOR-US: YzmCMS CVE-2019-16677 (An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=membe ...) - TODO: check + NOT-FOR-US: idreamsoft iCMS CVE-2019-16676 RESERVED CVE-2019-16675 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/53b5e30db7bd5b730dfcf26d79bc7fc0ba007575 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/53b5e30db7bd5b730dfcf26d79bc7fc0ba007575 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ffd4ddfc by Salvatore Bonaccorso at 2019-08-23T20:17:34Z Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11784,7 +11784,7 @@ CVE-2019-11656 CVE-2019-11655 RESERVED CVE-2019-11654 (Path traversal vulnerability in Micro Focus Verastream Host Integrator ...) - TODO: check + NOT-FOR-US: Micro Focus CVE-2019-11653 (Remote Access Control Bypass in Micro Focus Content Manager. versions ...) NOT-FOR-US: Micro Focus CVE-2019-11652 (A potential authorization bypass issue was found in Micro Focus Self S ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ffd4ddfc6606f37a16c9302a9bc0c1b1e805a9a9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ffd4ddfc6606f37a16c9302a9bc0c1b1e805a9a9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 65de97e5 by Salvatore Bonaccorso at 2019-08-17T13:14:47Z Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,7 +9,7 @@ CVE-2019-15121 CVE-2019-15120 (The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode. ...) NOT-FOR-US: Kunena extension for Joomla! CVE-2019-15119 (lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permission ...) - TODO: check + NOT-FOR-US: cnlh nps CVE-2019-15118 (check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2. ...) - linux NOTE: Fixed by: https://git.kernel.org/linus/19bce474c45be69a284ecee660aa12d8f1e88f18 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65de97e5be8807a2e423010d83b7ed9f0e5fb040 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65de97e5be8807a2e423010d83b7ed9f0e5fb040 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fc94e453 by Salvatore Bonaccorso at 2019-07-17T08:31:34Z Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,7 +17,7 @@ CVE-2019-13618 (In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a he NOTE: https://github.com/gpac/gpac/issues/1250 NOTE: https://github.com/gpac/gpac/commit/c23d54ed15a70b4543e3191e6ead5097cda0878b CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in ...) - TODO: check + NOT-FOR-US: njs CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) - libsdl2 - libsdl1.2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc94e45302c149c2d32eb81d90a8af5cae2ebd55 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc94e45302c149c2d32eb81d90a8af5cae2ebd55 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b16b77be by Salvatore Bonaccorso at 2019-07-15T20:44:26Z Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -991,7 +991,7 @@ CVE-2019-13606 CVE-2019-13605 RESERVED CVE-2019-13604 (There is a short key vulnerability in HID Global DigitalPersona (forme ...) - TODO: check + NOT-FOR-US: HID Global DigitalPersona U.are.U 4500 Fingerprint Reader CVE-2019-13603 RESERVED CVE-2019-13602 (An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b16b77bec4940c20c41bb22bf48c45c0ee12f3c6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b16b77bec4940c20c41bb22bf48c45c0ee12f3c6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a932167b by Salvatore Bonaccorso at 2019-04-27T20:38:52Z Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33652,7 +33652,7 @@ CVE-2018-18278 CVE-2018-18277 RESERVED CVE-2018-18276 (XSS exists in the ProFiles 1.5 component for Joomla! via the name or p ...) - TODO: check + NOT-FOR-US: ProFiles for Joomla! CVE-2018-18275 RESERVED CVE-2018-18274 (A issue was found in pdfalto 0.2. There is a heap-based buffer overflo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a932167bbabd3d19a9552d4e6209d6e9f1b3497f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a932167bbabd3d19a9552d4e6209d6e9f1b3497f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0bb851e5 by Salvatore Bonaccorso at 2019-04-27T20:14:53Z Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10543,7 +10543,7 @@ CVE-2019-7478 CVE-2019-7477 (A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow ...) NOT-FOR-US: SonicWall CVE-2019-7476 (A vulnerability in SonicWall Global Management System (GMS), allow a r ...) - TODO: check + NOT-FOR-US: SonicWall Global Management System CVE-2019-7475 (A vulnerability in SonicWall SonicOS and SonicOSv with management enab ...) NOT-FOR-US: SonicWall CVE-2019-7474 (A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0bb851e5e8fd5e193d5f0244ee54053c2fcdcb68 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0bb851e5e8fd5e193d5f0244ee54053c2fcdcb68 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU for IBM issue
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1a94b68b by Salvatore Bonaccorso at 2019-03-19T20:26:59Z Process NFU for IBM issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -73556,7 +73556,7 @@ CVE-2018-1838 (IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could a CVE-2018-1837 RESERVED CVE-2018-1836 (IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0, and 9.1.0.1 cons ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-1835 (IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable ...) NOT-FOR-US: IBM CVE-2018-1834 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1a94b68b619198974754df7ed7eea735fad88cb8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1a94b68b619198974754df7ed7eea735fad88cb8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8b4948bc by Salvatore Bonaccorso at 2019-02-18T20:19:11Z Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,13 +11,13 @@ CVE-2019-8913 CVE-2019-8912 (In the Linux kernel through 4.20.10, af_alg_release() in ...) - linux CVE-2019-8911 (An issue was discovered in WTCMS 1.0. It has stored XSS via the third ...) - TODO: check + NOT-FOR-US: WTCMS CVE-2019-8910 (An issue was discovered in WTCMS 1.0. It allows ...) - TODO: check + NOT-FOR-US: WTCMS CVE-2019-8909 (An issue was discovered in WTCMS 1.0. It allows remote attackers to ...) - TODO: check + NOT-FOR-US: WTCMS CVE-2019-8908 (An issue was discovered in WTCMS 1.0. It allows remote attackers to ...) - TODO: check + NOT-FOR-US: WTCMS CVE-2019-8907 (do_core_note in readelf.c in libmagic.a in file 5.35 allows remote ...) TODO: check CVE-2019-8906 (do_core_note in readelf.c in libmagic.a in file 5.35 has an ...) @@ -29,7 +29,7 @@ CVE-2019-8904 (do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-b CVE-2019-8903 (index.js in Total.js Platform before 3.2.3 allows path traversal. ...) TODO: check CVE-2019-8902 (An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF ...) - TODO: check + NOT-FOR-US: idreamsoft iCMS CVE-2019-8901 RESERVED CVE-2019-8900 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b4948bc5881640733c1d11fefdf9492adcaffab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b4948bc5881640733c1d11fefdf9492adcaffab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: da47e1ef by Salvatore Bonaccorso at 2018-12-23T20:23:17Z Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2018-20378 RESERVED CVE-2018-20377 (Orange Livebox 00.96.320S devices allow remote attackers to discover ...) - TODO: check + NOT-FOR-US: Orange Livebox CVE-2018-20376 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...) TODO: check CVE-2018-20375 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da47e1ef67850c1342addd0e70a751232563a111 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da47e1ef67850c1342addd0e70a751232563a111 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1aed2478 by Salvatore Bonaccorso at 2018-12-10T09:10:57Z Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15,7 +15,7 @@ CVE-2018-20008 CVE-2018-20007 RESERVED CVE-2018-20006 (An issue was discovered in PHPok v5.0.055. There is a Stored XSS ...) - TODO: check + NOT-FOR-US: PHPok CVE-2018-20005 (An issue has been found in Mini-XML (aka mxml) 2.12. It is a ...) TODO: check CVE-2018-20004 (An issue has been found in Mini-XML (aka mxml) 2.12. It is a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1aed2478ee076c79e54da1b4519214f14f46e06b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1aed2478ee076c79e54da1b4519214f14f46e06b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 62b10f03 by Salvatore Bonaccorso at 2018-09-19T20:18:01Z Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,7 +11,7 @@ CVE-2018-17210 CVE-2018-17209 RESERVED CVE-2018-17208 (Linksys Velop 1.1.2.187020 devices allow unauthenticated command ...) - TODO: check + NOT-FOR-US: Linksys Velop CVE-2018-17207 (An issue was discovered in Snap Creek Duplicator before 1.2.42. By ...) TODO: check CVE-2018-17206 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62b10f0329faa7ca965bdbdabf0cb323b2a6fbe3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62b10f0329faa7ca965bdbdabf0cb323b2a6fbe3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 64cb6cf9 by Salvatore Bonaccorso at 2018-08-20T20:50:00Z Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -31,7 +31,7 @@ CVE-2018-1000654 (GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn - libtasn1-3 NOTE: https://gitlab.com/gnutls/libtasn1/issues/4 CVE-2018-1000653 (zzcms version 8.3 and earlier contains a SQL Injection vulnerability ...) - TODO: check + NOT-FOR-US: zzcms CVE-2018-1000652 (JabRef version <=4.3.1 contains a XML External Entity (XXE) ...) - jabref NOTE: https://github.com/JabRef/jabref/issues/4229 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/64cb6cf996d7d66f2a74ed8be7239b1a42ce04b7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/64cb6cf996d7d66f2a74ed8be7239b1a42ce04b7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6100d7b8 by Salvatore Bonaccorso at 2018-08-10T12:29:07Z Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1068,7 +1068,7 @@ CVE-2018-14737 (An issue was discovered in libpbc.a in cloudwu PBC through 2017- CVE-2018-14736 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...) NOT-FOR-US: cloudwu PBC CVE-2018-14735 (An Information Exposure issue was discovered in Hitachi Command Suite ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2018-14733 RESERVED CVE-2018-14734 (drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 ...) @@ -18984,7 +18984,7 @@ CVE-2018-7694 CVE-2018-7693 RESERVED CVE-2018-7692 (Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 ...) - TODO: check + NOT-FOR-US: NetIQ eDirectory CVE-2018-7691 RESERVED CVE-2018-7690 @@ -19002,7 +19002,7 @@ CVE-2018-7688 (A missing permission check in the review handling of openSUSE Ope CVE-2018-7687 (The Micro Focus Client for OES before version 2 SP4 IR8a has a ...) NOT-FOR-US: Micro Focus Client for OES CVE-2018-7686 (Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 ...) - TODO: check + NOT-FOR-US: NetIQ eDirectory CVE-2018-7685 RESERVED CVE-2018-7684 @@ -41151,7 +41151,7 @@ CVE-2018-0431 CVE-2018-0430 RESERVED CVE-2018-0429 (Stack-based buffer overflow in the Cisco Thor decoder before commit ...) - TODO: check + NOT-FOR-US: Cisco CVE-2018-0428 RESERVED CVE-2018-0427 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6100d7b83926b5d3a1fdaeb193e2c2e5d096213a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6100d7b83926b5d3a1fdaeb193e2c2e5d096213a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 263b43ca by Salvatore Bonaccorso at 2018-06-08T23:18:25+02:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -22455,7 +22455,7 @@ CVE-2018-3737 (sshpk is vulnerable to ReDoS when parsing crafted invalid public NOTE: https://github.com/joyent/node-sshpk/commit/46065d38a5e6d1bccf86d3efb2fb83c14e3f9957 NOTE: nodejs not covered by security support CVE-2018-3736 (https-proxy-agent passes unsanitized options to Buffer(arg) resulting ...) - TODO: check + NOT-FOR-US: https-proxy-agent nodejs module CVE-2018-3735 (bracket-template suffers from reflected XSS possible when variable ...) TODO: check CVE-2018-3734 (stattic node module suffers from a Path Traversal vulnerability due to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/263b43cac170727512f521a5358e44332bc7febb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/263b43cac170727512f521a5358e44332bc7febb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 00f6ac1c by Salvatore Bonaccorso at 2018-05-20T23:01:24+02:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -5,7 +5,7 @@ CVE-2018-11317 CVE-2018-11316 RESERVED CVE-2018-11315 (The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below ...) - TODO: check + NOT-FOR-US: Radio Thermostat CT50 and CT80 CVE-2018-11314 RESERVED CVE-2018-11313 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/00f6ac1c70a3bf032caa591f78e2acbf52f9b53c --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/00f6ac1c70a3bf032caa591f78e2acbf52f9b53c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 976a90ed by Salvatore Bonaccorso at 2018-05-05T13:21:07+02:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -3364,7 +3364,7 @@ CVE-2018-9303 (In Exiv2 0.26, an assertion failure in BigTiffImage::readData in - exiv2 (Vulnerable code introduced after 0.26) NOTE: https://github.com/Exiv2/exiv2/issues/262 CVE-2018-9302 (SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in ...) - TODO: check + NOT-FOR-US: Cockpit CMS (different from src:cockpit) CVE-2018-9301 RESERVED CVE-2018-9300 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/976a90edb099a2e00c84cfec0149a108c717c2c0 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/976a90edb099a2e00c84cfec0149a108c717c2c0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 43a7aafb by Salvatore Bonaccorso at 2018-04-14T14:10:44+02:00 Process NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -3,7 +3,7 @@ CVE-2018-10099 CVE-2018-10098 RESERVED CVE-2018-10097 (XSS exists in Domain Trader 2.5.3 via the recoverlogin.php ...) - TODO: check + NOT-FOR-US: Domain Trader CVE-2018-1000171 REJECTED CVE-2018-1002100 [Kubectl copy doesn't check for paths outside of it's destination directory] View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43a7aafb212e68c2e409db0d5e0bd9d179eaec24 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43a7aafb212e68c2e409db0d5e0bd9d179eaec24 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits