Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c2a19ba2 by security tracker role at 2020-01-23T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2020-7934
+ RESERVED
+CVE-2020-7933
+ RESERVED
+CVE-2020-7932
+ RESERVED
+CVE-2020-7931 (In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template
process ...)
+ TODO: check
+CVE-2020-7930
+ RESERVED
+CVE-2020-7929
+ RESERVED
+CVE-2020-7928
+ RESERVED
+CVE-2020-7927
+ RESERVED
+CVE-2020-7926
+ RESERVED
+CVE-2020-7925
+ RESERVED
+CVE-2020-7924
+ RESERVED
+CVE-2020-7923
+ RESERVED
+CVE-2020-7922
+ RESERVED
+CVE-2020-7921
+ RESERVED
+CVE-2019-20419
+ RESERVED
+CVE-2019-20418
+ RESERVED
+CVE-2019-20417
+ RESERVED
+CVE-2019-20416
+ RESERVED
+CVE-2019-20415
+ RESERVED
+CVE-2019-20414
+ RESERVED
+CVE-2019-20413
+ RESERVED
+CVE-2019-20412
+ RESERVED
+CVE-2019-20411
+ RESERVED
+CVE-2019-20410
+ RESERVED
+CVE-2019-20409
+ RESERVED
+CVE-2019-20408
+ RESERVED
+CVE-2019-20407
+ RESERVED
+CVE-2019-20406
+ RESERVED
+CVE-2019-20405
+ RESERVED
+CVE-2019-20404
+ RESERVED
+CVE-2019-20403
+ RESERVED
+CVE-2019-20402
+ RESERVED
+CVE-2019-20401
+ RESERVED
+CVE-2019-20400
+ RESERVED
CVE-2020-7920
RESERVED
CVE-2020-7919
@@ -1469,8 +1537,8 @@ CVE-2020-7222 (An issue was discovered in Amcrest Web
Server 2.520.AC00.18.R 201
NOT-FOR-US: Amcrest Web Server
CVE-2020-7221
RESERVED
-CVE-2020-7220
- RESERVED
+CVE-2020-7220 (HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in
certain circ ...)
+ TODO: check
CVE-2020-7219
RESERVED
CVE-2020-7218
@@ -1491,8 +1559,8 @@ CVE-2020-7211 (tftp.c in libslirp 4.1.0, as used in QEMU
4.2.0, does not prevent
- libslirp <unfixed> (unimportant)
NOTE: https://bugs.launchpad.net/qemu/+bug/1812451
NOTE:
https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4
-CVE-2020-7210
- RESERVED
+CVE-2020-7210 (Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user
account ...)
+ TODO: check
CVE-2020-7209
RESERVED
CVE-2020-7208
@@ -2270,8 +2338,8 @@ CVE-2020-6845
RESERVED
CVE-2020-6844
RESERVED
-CVE-2020-6843
- RESERVED
+CVE-2020-6843 (Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS.
...)
+ TODO: check
CVE-2020-6842
RESERVED
CVE-2020-6841
@@ -10208,16 +10276,16 @@ CVE-2019-19841 (emfd in Ruckus Wireless Unleashed
through 200.7.10.102.64 allows
NOT-FOR-US: Ruckus devices
CVE-2019-19840 (A stack-based buffer overflow in zap_parse_args in zap.c in
zap in Ruc ...)
NOT-FOR-US: Ruckus devices
-CVE-2019-19839
- RESERVED
-CVE-2019-19838
- RESERVED
-CVE-2019-19837
- RESERVED
+CVE-2019-19839 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64
allows remot ...)
+ TODO: check
+CVE-2019-19838 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64
allows remot ...)
+ TODO: check
+CVE-2019-19837 (Incorrect access control in the web interface in Ruckus
Wireless Unlea ...)
+ TODO: check
CVE-2019-19836 (AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed
through 200. ...)
NOT-FOR-US: Ruckus devices
-CVE-2019-19835
- RESERVED
+CVE-2019-19835 (SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless
Unleashed thro ...)
+ TODO: check
CVE-2019-19834 (Directory Traversal in ruckus_cli2 in Ruckus Wireless
Unleashed throug ...)
NOT-FOR-US: Ruckus devices
CVE-2019-20043 (In in
wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.ph ...)
@@ -16613,11 +16681,9 @@ CVE-2019-18901
RESERVED
CVE-2019-18900
RESERVED
-CVE-2019-18899
- RESERVED
+CVE-2019-18899 (The apt-cacher-ng package of openSUSE Leap 15.1 runs
operations in use ...)
- apt-cacher-ng <not-affected> (openSUSE specific systemd service unit
configuration)
-CVE-2019-18898
- RESERVED
+CVE-2019-18898 (UNIX Symbolic Link (Symlink) Following vulnerability in the
trousers p ...)
NOT-FOR-US: SUSE specific packaging issue in %posttrans section in
src:trousers
CVE-2019-18897
RESERVED
@@ -20624,8 +20690,8 @@ CVE-2019-18224 (idn2_to_ascii_4i in lib/lookup.c in GNU
libidn2 before 2.1.1 has
NOTE:
https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c
CVE-2019-18223
RESERVED
-CVE-2019-18222
- RESERVED
+CVE-2019-18222 (The ECDSA signature implementation in ecdsa.c in Arm Mbed
Crypto 2.1 a ...)
+ TODO: check
CVE-2019-18221 (CoreHR Core Portal before 27.0.7 allows stored XSS. ...)
NOT-FOR-US: CoreHR Core Portal
CVE-2019-18220 (Sitemagic CMS 4.4.1 is affected by a
Cross-Site-Request-Forgery (CSRF) ...)
@@ -24104,10 +24170,10 @@ CVE-2019-17204 (TeamPass 2.1.27.36 allows Stored XSS
by setting a crafted Knowle
- teampass <itp> (bug #730180)
CVE-2019-17203 (TeamPass 2.1.27.36 allows Stored XSS at the Search page by
setting a c ...)
- teampass <itp> (bug #730180)
-CVE-2019-17202
- RESERVED
-CVE-2019-17201
- RESERVED
+CVE-2019-17202 (FastTrack Admin By Request 6.1.0.0 supports group policies
that are su ...)
+ TODO: check
+CVE-2019-17201 (FastTrack Admin By Request 6.1.0.0 supports group policies
that are su ...)
+ TODO: check
CVE-2019-17200
RESERVED
CVE-2017-18637
@@ -26012,18 +26078,18 @@ CVE-2019-16519 (ESET Cyber Security 6.7.900.0 for
macOS allows a local attacker
NOT-FOR-US: ESET Cyber Security
CVE-2019-16518 (An issue was discovered on Swell Kit Mod devices that use the
Vandy Va ...)
NOT-FOR-US: Swell Kit Mod devices
-CVE-2019-16517
- RESERVED
-CVE-2019-16516
- RESERVED
-CVE-2019-16515
- RESERVED
-CVE-2019-16514
- RESERVED
-CVE-2019-16513
- RESERVED
-CVE-2019-16512
- RESERVED
+CVE-2019-16517 (An issue was discovered in ConnectWise Control (formerly known
as Scre ...)
+ TODO: check
+CVE-2019-16516 (An issue was discovered in ConnectWise Control (formerly known
as Scre ...)
+ TODO: check
+CVE-2019-16515 (An issue was discovered in ConnectWise Control (formerly known
as Scre ...)
+ TODO: check
+CVE-2019-16514 (An issue was discovered in ConnectWise Control (formerly known
as Scre ...)
+ TODO: check
+CVE-2019-16513 (An issue was discovered in ConnectWise Control (formerly known
as Scre ...)
+ TODO: check
+CVE-2019-16512 (An issue was discovered in ConnectWise Control (formerly known
as Scre ...)
+ TODO: check
CVE-2019-16511 (An issue was discovered in DTF in FireGiant WiX Toolset before
3.11.2. ...)
NOT-FOR-US: FireGiant
CVE-2019-16510 (libIEC61850 through 1.3.3 has a use-after-free in
MmsServer_waitReady ...)
@@ -27135,8 +27201,8 @@ CVE-2019-16155
RESERVED
CVE-2019-16154 (An improper neutralization of input during web page generation
in Fort ...)
NOT-FOR-US: FortiAuthenticator WEB UI
-CVE-2019-16153
- RESERVED
+CVE-2019-16153 (A hard-coded password vulnerability in the Fortinet FortiSIEM
database ...)
+ TODO: check
CVE-2019-16152
RESERVED
CVE-2019-16151
@@ -28368,8 +28434,8 @@ CVE-2012-6717 (The redirection plugin before 2.2.12 for
WordPress has XSS, a dif
NOT-FOR-US: redirection plugin for WordPress
CVE-2011-5329 (The redirection plugin before 2.2.9 for WordPress has XSS in
the admin ...)
NOT-FOR-US: redirection plugin for WordPress
-CVE-2019-15712
- RESERVED
+CVE-2019-15712 (An improper access control vulnerability in FortiMail admin
webUI 6.2. ...)
+ TODO: check
CVE-2019-15711
RESERVED
CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.0
to 4.1.1, ...)
@@ -28378,8 +28444,8 @@ CVE-2019-15709
RESERVED
CVE-2019-15708
RESERVED
-CVE-2019-15707
- RESERVED
+CVE-2019-15707 (An improper access control vulnerability in FortiMail admin
webUI 6.2. ...)
+ TODO: check
CVE-2019-15706
RESERVED
CVE-2019-15705 (An Improper Input Validation vulnerability in the SSL VPN
portal of Fo ...)
@@ -31056,8 +31122,7 @@ CVE-2019-14889 (A flaw was found with the libssh API
function ssh_scp_new() in v
NOTE: The fix in libssh makes an update in x2goclient necessary, cf:
NOTE: https://bugs.debian.org/947129
NOTE:
https://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=ce559d163a943737fe4160f7233925df2eee1f9a
-CVE-2019-14888
- RESERVED
+CVE-2019-14888 (A vulnerability was found in the Undertow HTTP server in
versions befo ...)
- undertow <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1772464
CVE-2019-14887
@@ -58929,8 +58994,8 @@ CVE-2019-5595 (In FreeBSD before 11.2-STABLE(r343782),
11.2-RELEASE-p9, 12.0-STA
NOTE: kfreebsd not covered by security support
CVE-2019-5594 (An Improper Neutralization of Input During Web Page Generation
("Cross ...)
NOT-FOR-US: Fortinet
-CVE-2019-5593
- RESERVED
+CVE-2019-5593 (Improper permission or value checking in the CLI console may
allow a n ...)
+ TODO: check
CVE-2019-5592 (Multiple padding oracle vulnerabilities (Zombie POODLE,
GOLDENDOODLE, ...)
NOT-FOR-US: Fortinet
CVE-2019-5591
@@ -63280,8 +63345,8 @@ CVE-2019-3693
RESERVED
CVE-2019-3692
RESERVED
-CVE-2019-3691
- RESERVED
+CVE-2019-3691 (A Symbolic Link (Symlink) Following vulnerability in the
packaging of ...)
+ TODO: check
CVE-2019-3690 (The chkstat tool in the permissions package followed symlinks
before c ...)
NOT-FOR-US: SuSE-specific tool
CVE-2019-3689 (The nfs-utils package in SUSE Linux Enterprise Server 12 before
and in ...)
@@ -183830,8 +183895,8 @@ CVE-2016-1000239
RESERVED
CVE-2016-1000238
RESERVED
-CVE-2016-1000237
- RESERVED
+CVE-2016-1000237 (sanitize-html before 1.4.3 has XSS. ...)
+ TODO: check
CVE-2016-1000236 (Node-cookie-signature before 1.0.6 is affected by a timing
attack due ...)
- node-cookie-signature 1.1.0-1 (unimportant; bug #838618)
NOTE: https://nodesecurity.io/advisories/134
@@ -223747,8 +223812,8 @@ CVE-2015-4088
RESERVED
CVE-2015-4087
RESERVED
-CVE-2007-6758
- RESERVED
+CVE-2007-6758 (Server-side request forgery (SSRF) vulnerability in
feed-proxy.php in ...)
+ TODO: check
CVE-2015-4086
RESERVED
CVE-2015-4084 (Cross-site scripting (XSS) vulnerability in the Free Counter
plugin 1. ...)
@@ -230272,8 +230337,7 @@ CVE-2015-1933 (IBM Maximo Asset Management 7.1
through 7.1.1.13, 7.5.0 before 7.
NOT-FOR-US: IBM
CVE-2015-1932 (IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x
before 8.0 ...)
NOT-FOR-US: IBM WebSphere
-CVE-2015-1931
- RESERVED
+CVE-2015-1931 (IBM Java Security Components in IBM SDK, Java Technology
Edition 8 bef ...)
NOT-FOR-US: IBM JDK
CVE-2015-1930 (Stack-based buffer overflow in the server in IBM Tivoli Storage
Manage ...)
NOT-FOR-US: IBM
@@ -241420,8 +241484,8 @@ CVE-2014-7861 (The IOHIDSecurePromptClient function
in Apple OS X does not prope
NOT-FOR-US: Apple OS X
CVE-2011-5282 (mIRC prior to 7.22 has a message leak because chopping of
outbound mes ...)
NOT-FOR-US: mIRC
-CVE-2008-7314
- RESERVED
+CVE-2008-7314 (mIRC before 6.35 allows attackers to cause a denial of service
(crash) ...)
+ TODO: check
CVE-2014-7975 (The do_umount function in fs/namespace.c in the Linux kernel
through 3 ...)
- linux 3.16.7-1
[wheezy] - linux <not-affected> (User namespaces only usable in later
kernels)
@@ -242816,8 +242880,8 @@ CVE-2014-7240 (Cross-site scripting (XSS)
vulnerability in the Easy Contact Form
NOT-FOR-US: Wordpress plugin
CVE-2014-7239
RESERVED
-CVE-2014-7238
- RESERVED
+CVE-2014-7238 (The WordPress plugin Contact Form Integrated With Google Maps
1.0-2.4 ...)
+ TODO: check
CVE-2014-7237 (lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running
on Windo ...)
- twiki <removed>
NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237
@@ -251629,7 +251693,7 @@ CVE-2014-3608 (The VMWare driver in OpenStack Compute
(Nova) before 2014.1.3 all
CVE-2014-3607 (DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not
proper ...)
- libvt-ldap-java 3.3.8-1 (bug #763608)
CVE-2014-3606
- RESERVED
+ REJECTED
- pillow <unfixed> (unimportant)
- python-imaging <removed> (unimportant)
NOTE: not a security issue, see
https://bugzilla.redhat.com/show_bug.cgi?id=1133306#c8
@@ -256104,8 +256168,8 @@ CVE-2014-2052
NOTE: The reference wrt zendframework is for CVE-2012-6532
CVE-2014-2051 (ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows
remote att ...)
- owncloud 6.0.2+dfsg-1
-CVE-2014-2050
- RESERVED
+CVE-2014-2050 (Cross-site request forgery (CSRF) vulnerability in ownCloud
Server bef ...)
+ TODO: check
CVE-2014-2049 (The default Flash Cross Domain policies in ownCloud before
5.0.15 and ...)
- owncloud 6.0.0+dfsg-1
CVE-2014-2048 (The user_openid app in ownCloud Server before 5.0.15 allows
remote att ...)
@@ -262746,8 +262810,8 @@ CVE-2013-6794 (Cross-site scripting (XSS)
vulnerability in the Calendar module i
NOT-FOR-US: Olat
CVE-2013-6793 (Multiple cross-site scripting (XSS) vulnerabilities in the
Calendar mo ...)
NOT-FOR-US: Olat
-CVE-2013-6792
- RESERVED
+CVE-2013-6792 (Google Android prior to 4.4 has an APK Signature Security
Bypass Vulne ...)
+ TODO: check
CVE-2013-6791 (Microsoft Enhanced Mitigation Experience Toolkit (EMET) before
4.0 use ...)
NOT-FOR-US: Microsoft Enhanced Mitigation Experience Toolkit
CVE-2013-6790
@@ -262760,8 +262824,8 @@ CVE-2013-6787 (SQL injection vulnerability in the
check_user_password function i
NOT-FOR-US: Chamilo LMS
CVE-2013-6786 (Cross-site scripting (XSS) vulnerability in Allegro RomPager
before 4. ...)
NOT-FOR-US: Allegro RomPager
-CVE-2013-6785
- RESERVED
+CVE-2013-6785 (Directory traversal vulnerability in url_redirect.cgi in
Supermicro IP ...)
+ TODO: check
CVE-2013-6784
RESERVED
CVE-2013-6783
@@ -262789,10 +262853,10 @@ CVE-2013-6775 (The Chainfire SuperSU package before
1.69 for Android allows atta
NOT-FOR-US: Chainfire SuperSU package
CVE-2013-6774 (Untrusted search path vulnerability in the ChainsDD Superuser
package ...)
NOT-FOR-US: Chainfire SuperSU package
-CVE-2013-6773
- RESERVED
-CVE-2013-6772
- RESERVED
+CVE-2013-6773 (Splunk 5.0.3 has an Unquoted Service Path in Windows for
Universal For ...)
+ TODO: check
+CVE-2013-6772 (Splunk before 5.0.4 lacks X-Frame-Options which can allow
Clickjacking ...)
+ TODO: check
CVE-2013-6771 (Directory traversal vulnerability in the collect script in
Splunk befo ...)
NOT-FOR-US: Splunk
CVE-2013-6770 (The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1
for Andro ...)
@@ -264041,8 +264105,8 @@ CVE-2013-6359 (Munin::Master::Node in Munin before
2.0.18 allows remote attacker
- munin 2.0.18-1
[squeeze] - munin 1.4.5-3+deb6u1
NOTE: http://munin-monitoring.org/ticket/1397
-CVE-2013-6358
- RESERVED
+CVE-2013-6358 (PrestaShop 1.5.5 allows remote authenticated attackers to
execute arbi ...)
+ TODO: check
CVE-2013-6357 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability
in the ...)
NOT-FOR-US: Disputed non-issue in Tomcat
CVE-2013-6356
@@ -269757,11 +269821,9 @@ CVE-2013-4178 (The Google Authenticator login module
6.x-1.x before 6.x-1.2 and
NOT-FOR-US: GA Login Drupal contributed module
CVE-2013-4177 (The Google Authenticator login module 6.x-1.x before 6.x-1.2
and 7.x-1 ...)
NOT-FOR-US: GA Login Drupal contributed module
-CVE-2013-4176 [information disclosure]
- RESERVED
+CVE-2013-4176 (mysecureshell 1.31: Local Information Disclosure Vulnerability
...)
NOT-FOR-US: MySecureShell
-CVE-2013-4175 [local denial of service]
- RESERVED
+CVE-2013-4175 (MySecureShell 1.31 has a Local Denial of Service Vulnerability
...)
NOT-FOR-US: MySecureShell
CVE-2013-4174 (Multiple cross-site scripting (XSS) vulnerabilities in the
Scald modul ...)
NOT-FOR-US: Scald Drupal contributed module
@@ -276955,8 +277017,8 @@ CVE-2013-1594
RESERVED
CVE-2013-1593
RESERVED
-CVE-2013-1592
- RESERVED
+CVE-2013-1592 (A Buffer Overflow vulnerability exists in the Message Server
service _ ...)
+ TODO: check
CVE-2013-1591 (Stack-based buffer overflow in libpixman, as used in Pale Moon
before ...)
- pixman 0.26.0-4 (bug #700308)
[squeeze] - pixman <not-affected> (Vulnerable code not present)
@@ -282004,8 +282066,7 @@ CVE-2012-6084 (modules/m_capab.c in (1) ircd-ratbox
before 3.0.8 and (2) Charybd
- ircd-ratbox 3.0.7.dfsg-3 (bug #697093)
NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/1
NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/2
-CVE-2012-6083
- RESERVED
+CVE-2012-6083 (Freeciv before 2.3.3 allows remote attackers to cause a denial
of serv ...)
- freeciv 2.3.4-1 (low; bug #696306)
[squeeze] - freeciv <no-dsa> (Minor issue)
[wheezy] - freeciv 2.3.2-1+deb7u1
@@ -282800,8 +282861,8 @@ CVE-2012-5869
CVE-2012-5868 (WordPress 3.4.2 does not invalidate a wordpress_sec session
cookie upo ...)
- wordpress <unfixed> (unimportant; bug #696868)
NOTE: non-issue, see
https://wordpress.org/support/topic/old-bug-cve-2012-5868
-CVE-2012-5867
- RESERVED
+CVE-2012-5867 (HT Editor 2.0.20 has a Remote Stack Buffer Overflow
Vulnerability ...)
+ TODO: check
CVE-2012-5866 (Cross-site scripting (XSS) vulnerability in include.php in
Achievo 1.4 ...)
NOT-FOR-US: Achievo
CVE-2012-5865 (SQL injection vulnerability in dispatch.php in Achievo 1.4.5
allows re ...)
@@ -283210,10 +283271,10 @@ CVE-2012-5701 (Multiple SQL injection
vulnerabilities in dotProject before 2.1.7
NOT-FOR-US: dotProject
CVE-2012-5700 (Multiple cross-site scripting (XSS) vulnerabilities in Baby
Gekko befo ...)
NOT-FOR-US: Baby Gekko
-CVE-2012-5699
- RESERVED
-CVE-2012-5698
- RESERVED
+CVE-2012-5699 (BabyGekko before 1.2.4 allows PHP file inclusion. ...)
+ TODO: check
+CVE-2012-5698 (BabyGekko before 1.2.4 has SQL injection. ...)
+ TODO: check
CVE-2012-5979
REJECTED
CVE-2012-5697 (The btinstall installation script in Bulb Security Smartphone
Pentest ...)
@@ -283470,8 +283531,7 @@ CVE-2012-5627 (Oracle MySQL and MariaDB 5.5.x before
5.5.29, 5.3.x before 5.3.12
- mysql-5.5 <removed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=883719
NOTE: https://mariadb.atlassian.net/browse/MDEV-3915
-CVE-2012-5626
- RESERVED
+CVE-2012-5626 (EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise
Applicati ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
CVE-2012-5625 (OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly,
when usin ...)
- nova <not-affected> (Only affects OpenStack Folsom, bug #695830)
@@ -285075,8 +285135,8 @@ CVE-2012-4983 (Multiple cross-site scripting (XSS)
vulnerabilities on the Foresc
NOT-FOR-US: Forescout device
CVE-2012-4982 (Open redirect vulnerability in assets/login on the Forescout
CounterAC ...)
NOT-FOR-US: Forescout device
-CVE-2012-4981
- RESERVED
+CVE-2012-4981 (Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command
Execution Vuln ...)
+ TODO: check
CVE-2012-4980 (Multiple stack-based buffer overflows in CFProfile.exe in
Toshiba Conf ...)
NOT-FOR-US: Toshiba ConfigFree Utility
CVE-2012-4979
@@ -285314,8 +285374,8 @@ CVE-2012-4902 (Multiple cross-site request forgery
(CSRF) vulnerabilities in Tem
NOT-FOR-US: Template CMS (http://template-cms.ru)
CVE-2012-4901 (Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1
and ear ...)
NOT-FOR-US: Template CMS (http://template-cms.ru)
-CVE-2012-4900
- RESERVED
+CVE-2012-4900 (Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability
via unt ...)
+ TODO: check
CVE-2012-4899 (WellinTech KingView 6.5.3 and earlier uses a weak
password-hashing alg ...)
NOT-FOR-US: WellinTech KingView
CVE-2012-4898 (Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not
use a ...)
@@ -285397,8 +285457,8 @@ CVE-2012-4865 (Buffer overflow in Oreans Themida
2.1.8.0 allows remote attackers
NOT-FOR-US: Oreans Themida
CVE-2012-4864 (Oreans WinLicense 2.1.8.0 allows remote attackers to cause a
denial of ...)
NOT-FOR-US: Oreans WinLicense
-CVE-2012-4863
- RESERVED
+CVE-2012-4863 (IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS
vulnerability ...)
+ TODO: check
CVE-2012-4862 (The Host Connect emulator in IBM Rational Developer for System
z 7.1 t ...)
NOT-FOR-US: IBM Rational
CVE-2012-4861 (The web server in InfoSphere Data Replication Dashboard in IBM
InfoSph ...)
@@ -292933,8 +292993,8 @@ CVE-2012-2088 (Integer signedness error in the
TIFFReadDirectory function in tif
{DSA-2552-1}
- tiff 4.0-1 (bug #678140)
- tiff3 3.9.6-6
-CVE-2012-2087
- RESERVED
+CVE-2012-2087 (ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and
chown entir ...)
+ TODO: check
CVE-2012-2086 (SQL injection vulnerability in the get_last_conversation_lines
functio ...)
{DSA-2453-2 DSA-2453-1}
- gajim 0.15-1 (low; bug #668038)
@@ -316742,7 +316802,7 @@ CVE-2010-3296 (The cxgb_extension_ioctl function in
drivers/net/cxgb3/cxgb3_main
{DSA-2126-1}
- linux-2.6 2.6.32-24
CVE-2010-3295 [drivers/net/tulip/de4x5.c: reading uninitialized stack memory]
- RESERVED
+ REJECTED
NOTE: assigned to linux-2.6, but claimed not a problem:
http://www.openwall.com/lists/oss-security/2010/09/15/2
NOTE: will probably get rejected
CVE-2010-3291 (Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x
throug ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2a19ba288057fbc9b7831e8e08e15351427f348
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2a19ba288057fbc9b7831e8e08e15351427f348
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
