Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: c2a19ba2 by security tracker role at 2020-01-23T20:10:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,71 @@ +CVE-2020-7934 + RESERVED +CVE-2020-7933 + RESERVED +CVE-2020-7932 + RESERVED +CVE-2020-7931 (In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template process ...) + TODO: check +CVE-2020-7930 + RESERVED +CVE-2020-7929 + RESERVED +CVE-2020-7928 + RESERVED +CVE-2020-7927 + RESERVED +CVE-2020-7926 + RESERVED +CVE-2020-7925 + RESERVED +CVE-2020-7924 + RESERVED +CVE-2020-7923 + RESERVED +CVE-2020-7922 + RESERVED +CVE-2020-7921 + RESERVED +CVE-2019-20419 + RESERVED +CVE-2019-20418 + RESERVED +CVE-2019-20417 + RESERVED +CVE-2019-20416 + RESERVED +CVE-2019-20415 + RESERVED +CVE-2019-20414 + RESERVED +CVE-2019-20413 + RESERVED +CVE-2019-20412 + RESERVED +CVE-2019-20411 + RESERVED +CVE-2019-20410 + RESERVED +CVE-2019-20409 + RESERVED +CVE-2019-20408 + RESERVED +CVE-2019-20407 + RESERVED +CVE-2019-20406 + RESERVED +CVE-2019-20405 + RESERVED +CVE-2019-20404 + RESERVED +CVE-2019-20403 + RESERVED +CVE-2019-20402 + RESERVED +CVE-2019-20401 + RESERVED +CVE-2019-20400 + RESERVED CVE-2020-7920 RESERVED CVE-2020-7919 @@ -1469,8 +1537,8 @@ CVE-2020-7222 (An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 201 NOT-FOR-US: Amcrest Web Server CVE-2020-7221 RESERVED -CVE-2020-7220 - RESERVED +CVE-2020-7220 (HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circ ...) + TODO: check CVE-2020-7219 RESERVED CVE-2020-7218 @@ -1491,8 +1559,8 @@ CVE-2020-7211 (tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent - libslirp <unfixed> (unimportant) NOTE: https://bugs.launchpad.net/qemu/+bug/1812451 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4 -CVE-2020-7210 - RESERVED +CVE-2020-7210 (Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user account ...) + TODO: check CVE-2020-7209 RESERVED CVE-2020-7208 @@ -2270,8 +2338,8 @@ CVE-2020-6845 RESERVED CVE-2020-6844 RESERVED -CVE-2020-6843 - RESERVED +CVE-2020-6843 (Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. ...) + TODO: check CVE-2020-6842 RESERVED CVE-2020-6841 @@ -10208,16 +10276,16 @@ CVE-2019-19841 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows NOT-FOR-US: Ruckus devices CVE-2019-19840 (A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruc ...) NOT-FOR-US: Ruckus devices -CVE-2019-19839 - RESERVED -CVE-2019-19838 - RESERVED -CVE-2019-19837 - RESERVED +CVE-2019-19839 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remot ...) + TODO: check +CVE-2019-19838 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remot ...) + TODO: check +CVE-2019-19837 (Incorrect access control in the web interface in Ruckus Wireless Unlea ...) + TODO: check CVE-2019-19836 (AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200. ...) NOT-FOR-US: Ruckus devices -CVE-2019-19835 - RESERVED +CVE-2019-19835 (SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed thro ...) + TODO: check CVE-2019-19834 (Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed throug ...) NOT-FOR-US: Ruckus devices CVE-2019-20043 (In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.ph ...) @@ -16613,11 +16681,9 @@ CVE-2019-18901 RESERVED CVE-2019-18900 RESERVED -CVE-2019-18899 - RESERVED +CVE-2019-18899 (The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in use ...) - apt-cacher-ng <not-affected> (openSUSE specific systemd service unit configuration) -CVE-2019-18898 - RESERVED +CVE-2019-18898 (UNIX Symbolic Link (Symlink) Following vulnerability in the trousers p ...) NOT-FOR-US: SUSE specific packaging issue in %posttrans section in src:trousers CVE-2019-18897 RESERVED @@ -20624,8 +20690,8 @@ CVE-2019-18224 (idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has NOTE: https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c CVE-2019-18223 RESERVED -CVE-2019-18222 - RESERVED +CVE-2019-18222 (The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 a ...) + TODO: check CVE-2019-18221 (CoreHR Core Portal before 27.0.7 allows stored XSS. ...) NOT-FOR-US: CoreHR Core Portal CVE-2019-18220 (Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) ...) @@ -24104,10 +24170,10 @@ CVE-2019-17204 (TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowle - teampass <itp> (bug #730180) CVE-2019-17203 (TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a c ...) - teampass <itp> (bug #730180) -CVE-2019-17202 - RESERVED -CVE-2019-17201 - RESERVED +CVE-2019-17202 (FastTrack Admin By Request 6.1.0.0 supports group policies that are su ...) + TODO: check +CVE-2019-17201 (FastTrack Admin By Request 6.1.0.0 supports group policies that are su ...) + TODO: check CVE-2019-17200 RESERVED CVE-2017-18637 @@ -26012,18 +26078,18 @@ CVE-2019-16519 (ESET Cyber Security 6.7.900.0 for macOS allows a local attacker NOT-FOR-US: ESET Cyber Security CVE-2019-16518 (An issue was discovered on Swell Kit Mod devices that use the Vandy Va ...) NOT-FOR-US: Swell Kit Mod devices -CVE-2019-16517 - RESERVED -CVE-2019-16516 - RESERVED -CVE-2019-16515 - RESERVED -CVE-2019-16514 - RESERVED -CVE-2019-16513 - RESERVED -CVE-2019-16512 - RESERVED +CVE-2019-16517 (An issue was discovered in ConnectWise Control (formerly known as Scre ...) + TODO: check +CVE-2019-16516 (An issue was discovered in ConnectWise Control (formerly known as Scre ...) + TODO: check +CVE-2019-16515 (An issue was discovered in ConnectWise Control (formerly known as Scre ...) + TODO: check +CVE-2019-16514 (An issue was discovered in ConnectWise Control (formerly known as Scre ...) + TODO: check +CVE-2019-16513 (An issue was discovered in ConnectWise Control (formerly known as Scre ...) + TODO: check +CVE-2019-16512 (An issue was discovered in ConnectWise Control (formerly known as Scre ...) + TODO: check CVE-2019-16511 (An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. ...) NOT-FOR-US: FireGiant CVE-2019-16510 (libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady ...) @@ -27135,8 +27201,8 @@ CVE-2019-16155 RESERVED CVE-2019-16154 (An improper neutralization of input during web page generation in Fort ...) NOT-FOR-US: FortiAuthenticator WEB UI -CVE-2019-16153 - RESERVED +CVE-2019-16153 (A hard-coded password vulnerability in the Fortinet FortiSIEM database ...) + TODO: check CVE-2019-16152 RESERVED CVE-2019-16151 @@ -28368,8 +28434,8 @@ CVE-2012-6717 (The redirection plugin before 2.2.12 for WordPress has XSS, a dif NOT-FOR-US: redirection plugin for WordPress CVE-2011-5329 (The redirection plugin before 2.2.9 for WordPress has XSS in the admin ...) NOT-FOR-US: redirection plugin for WordPress -CVE-2019-15712 - RESERVED +CVE-2019-15712 (An improper access control vulnerability in FortiMail admin webUI 6.2. ...) + TODO: check CVE-2019-15711 RESERVED CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, ...) @@ -28378,8 +28444,8 @@ CVE-2019-15709 RESERVED CVE-2019-15708 RESERVED -CVE-2019-15707 - RESERVED +CVE-2019-15707 (An improper access control vulnerability in FortiMail admin webUI 6.2. ...) + TODO: check CVE-2019-15706 RESERVED CVE-2019-15705 (An Improper Input Validation vulnerability in the SSL VPN portal of Fo ...) @@ -31056,8 +31122,7 @@ CVE-2019-14889 (A flaw was found with the libssh API function ssh_scp_new() in v NOTE: The fix in libssh makes an update in x2goclient necessary, cf: NOTE: https://bugs.debian.org/947129 NOTE: https://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=ce559d163a943737fe4160f7233925df2eee1f9a -CVE-2019-14888 - RESERVED +CVE-2019-14888 (A vulnerability was found in the Undertow HTTP server in versions befo ...) - undertow <undetermined> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1772464 CVE-2019-14887 @@ -58929,8 +58994,8 @@ CVE-2019-5595 (In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STA NOTE: kfreebsd not covered by security support CVE-2019-5594 (An Improper Neutralization of Input During Web Page Generation ("Cross ...) NOT-FOR-US: Fortinet -CVE-2019-5593 - RESERVED +CVE-2019-5593 (Improper permission or value checking in the CLI console may allow a n ...) + TODO: check CVE-2019-5592 (Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, ...) NOT-FOR-US: Fortinet CVE-2019-5591 @@ -63280,8 +63345,8 @@ CVE-2019-3693 RESERVED CVE-2019-3692 RESERVED -CVE-2019-3691 - RESERVED +CVE-2019-3691 (A Symbolic Link (Symlink) Following vulnerability in the packaging of ...) + TODO: check CVE-2019-3690 (The chkstat tool in the permissions package followed symlinks before c ...) NOT-FOR-US: SuSE-specific tool CVE-2019-3689 (The nfs-utils package in SUSE Linux Enterprise Server 12 before and in ...) @@ -183830,8 +183895,8 @@ CVE-2016-1000239 RESERVED CVE-2016-1000238 RESERVED -CVE-2016-1000237 - RESERVED +CVE-2016-1000237 (sanitize-html before 1.4.3 has XSS. ...) + TODO: check CVE-2016-1000236 (Node-cookie-signature before 1.0.6 is affected by a timing attack due ...) - node-cookie-signature 1.1.0-1 (unimportant; bug #838618) NOTE: https://nodesecurity.io/advisories/134 @@ -223747,8 +223812,8 @@ CVE-2015-4088 RESERVED CVE-2015-4087 RESERVED -CVE-2007-6758 - RESERVED +CVE-2007-6758 (Server-side request forgery (SSRF) vulnerability in feed-proxy.php in ...) + TODO: check CVE-2015-4086 RESERVED CVE-2015-4084 (Cross-site scripting (XSS) vulnerability in the Free Counter plugin 1. ...) @@ -230272,8 +230337,7 @@ CVE-2015-1933 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7. NOT-FOR-US: IBM CVE-2015-1932 (IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0 ...) NOT-FOR-US: IBM WebSphere -CVE-2015-1931 - RESERVED +CVE-2015-1931 (IBM Java Security Components in IBM SDK, Java Technology Edition 8 bef ...) NOT-FOR-US: IBM JDK CVE-2015-1930 (Stack-based buffer overflow in the server in IBM Tivoli Storage Manage ...) NOT-FOR-US: IBM @@ -241420,8 +241484,8 @@ CVE-2014-7861 (The IOHIDSecurePromptClient function in Apple OS X does not prope NOT-FOR-US: Apple OS X CVE-2011-5282 (mIRC prior to 7.22 has a message leak because chopping of outbound mes ...) NOT-FOR-US: mIRC -CVE-2008-7314 - RESERVED +CVE-2008-7314 (mIRC before 6.35 allows attackers to cause a denial of service (crash) ...) + TODO: check CVE-2014-7975 (The do_umount function in fs/namespace.c in the Linux kernel through 3 ...) - linux 3.16.7-1 [wheezy] - linux <not-affected> (User namespaces only usable in later kernels) @@ -242816,8 +242880,8 @@ CVE-2014-7240 (Cross-site scripting (XSS) vulnerability in the Easy Contact Form NOT-FOR-US: Wordpress plugin CVE-2014-7239 RESERVED -CVE-2014-7238 - RESERVED +CVE-2014-7238 (The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 ...) + TODO: check CVE-2014-7237 (lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windo ...) - twiki <removed> NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237 @@ -251629,7 +251693,7 @@ CVE-2014-3608 (The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 all CVE-2014-3607 (DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not proper ...) - libvt-ldap-java 3.3.8-1 (bug #763608) CVE-2014-3606 - RESERVED + REJECTED - pillow <unfixed> (unimportant) - python-imaging <removed> (unimportant) NOTE: not a security issue, see https://bugzilla.redhat.com/show_bug.cgi?id=1133306#c8 @@ -256104,8 +256168,8 @@ CVE-2014-2052 NOTE: The reference wrt zendframework is for CVE-2012-6532 CVE-2014-2051 (ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote att ...) - owncloud 6.0.2+dfsg-1 -CVE-2014-2050 - RESERVED +CVE-2014-2050 (Cross-site request forgery (CSRF) vulnerability in ownCloud Server bef ...) + TODO: check CVE-2014-2049 (The default Flash Cross Domain policies in ownCloud before 5.0.15 and ...) - owncloud 6.0.0+dfsg-1 CVE-2014-2048 (The user_openid app in ownCloud Server before 5.0.15 allows remote att ...) @@ -262746,8 +262810,8 @@ CVE-2013-6794 (Cross-site scripting (XSS) vulnerability in the Calendar module i NOT-FOR-US: Olat CVE-2013-6793 (Multiple cross-site scripting (XSS) vulnerabilities in the Calendar mo ...) NOT-FOR-US: Olat -CVE-2013-6792 - RESERVED +CVE-2013-6792 (Google Android prior to 4.4 has an APK Signature Security Bypass Vulne ...) + TODO: check CVE-2013-6791 (Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 use ...) NOT-FOR-US: Microsoft Enhanced Mitigation Experience Toolkit CVE-2013-6790 @@ -262760,8 +262824,8 @@ CVE-2013-6787 (SQL injection vulnerability in the check_user_password function i NOT-FOR-US: Chamilo LMS CVE-2013-6786 (Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4. ...) NOT-FOR-US: Allegro RomPager -CVE-2013-6785 - RESERVED +CVE-2013-6785 (Directory traversal vulnerability in url_redirect.cgi in Supermicro IP ...) + TODO: check CVE-2013-6784 RESERVED CVE-2013-6783 @@ -262789,10 +262853,10 @@ CVE-2013-6775 (The Chainfire SuperSU package before 1.69 for Android allows atta NOT-FOR-US: Chainfire SuperSU package CVE-2013-6774 (Untrusted search path vulnerability in the ChainsDD Superuser package ...) NOT-FOR-US: Chainfire SuperSU package -CVE-2013-6773 - RESERVED -CVE-2013-6772 - RESERVED +CVE-2013-6773 (Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal For ...) + TODO: check +CVE-2013-6772 (Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking ...) + TODO: check CVE-2013-6771 (Directory traversal vulnerability in the collect script in Splunk befo ...) NOT-FOR-US: Splunk CVE-2013-6770 (The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Andro ...) @@ -264041,8 +264105,8 @@ CVE-2013-6359 (Munin::Master::Node in Munin before 2.0.18 allows remote attacker - munin 2.0.18-1 [squeeze] - munin 1.4.5-3+deb6u1 NOTE: http://munin-monitoring.org/ticket/1397 -CVE-2013-6358 - RESERVED +CVE-2013-6358 (PrestaShop 1.5.5 allows remote authenticated attackers to execute arbi ...) + TODO: check CVE-2013-6357 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the ...) NOT-FOR-US: Disputed non-issue in Tomcat CVE-2013-6356 @@ -269757,11 +269821,9 @@ CVE-2013-4178 (The Google Authenticator login module 6.x-1.x before 6.x-1.2 and NOT-FOR-US: GA Login Drupal contributed module CVE-2013-4177 (The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1 ...) NOT-FOR-US: GA Login Drupal contributed module -CVE-2013-4176 [information disclosure] - RESERVED +CVE-2013-4176 (mysecureshell 1.31: Local Information Disclosure Vulnerability ...) NOT-FOR-US: MySecureShell -CVE-2013-4175 [local denial of service] - RESERVED +CVE-2013-4175 (MySecureShell 1.31 has a Local Denial of Service Vulnerability ...) NOT-FOR-US: MySecureShell CVE-2013-4174 (Multiple cross-site scripting (XSS) vulnerabilities in the Scald modul ...) NOT-FOR-US: Scald Drupal contributed module @@ -276955,8 +277017,8 @@ CVE-2013-1594 RESERVED CVE-2013-1593 RESERVED -CVE-2013-1592 - RESERVED +CVE-2013-1592 (A Buffer Overflow vulnerability exists in the Message Server service _ ...) + TODO: check CVE-2013-1591 (Stack-based buffer overflow in libpixman, as used in Pale Moon before ...) - pixman 0.26.0-4 (bug #700308) [squeeze] - pixman <not-affected> (Vulnerable code not present) @@ -282004,8 +282066,7 @@ CVE-2012-6084 (modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybd - ircd-ratbox 3.0.7.dfsg-3 (bug #697093) NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/1 NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/2 -CVE-2012-6083 - RESERVED +CVE-2012-6083 (Freeciv before 2.3.3 allows remote attackers to cause a denial of serv ...) - freeciv 2.3.4-1 (low; bug #696306) [squeeze] - freeciv <no-dsa> (Minor issue) [wheezy] - freeciv 2.3.2-1+deb7u1 @@ -282800,8 +282861,8 @@ CVE-2012-5869 CVE-2012-5868 (WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upo ...) - wordpress <unfixed> (unimportant; bug #696868) NOTE: non-issue, see https://wordpress.org/support/topic/old-bug-cve-2012-5868 -CVE-2012-5867 - RESERVED +CVE-2012-5867 (HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability ...) + TODO: check CVE-2012-5866 (Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4 ...) NOT-FOR-US: Achievo CVE-2012-5865 (SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows re ...) @@ -283210,10 +283271,10 @@ CVE-2012-5701 (Multiple SQL injection vulnerabilities in dotProject before 2.1.7 NOT-FOR-US: dotProject CVE-2012-5700 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko befo ...) NOT-FOR-US: Baby Gekko -CVE-2012-5699 - RESERVED -CVE-2012-5698 - RESERVED +CVE-2012-5699 (BabyGekko before 1.2.4 allows PHP file inclusion. ...) + TODO: check +CVE-2012-5698 (BabyGekko before 1.2.4 has SQL injection. ...) + TODO: check CVE-2012-5979 REJECTED CVE-2012-5697 (The btinstall installation script in Bulb Security Smartphone Pentest ...) @@ -283470,8 +283531,7 @@ CVE-2012-5627 (Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12 - mysql-5.5 <removed> (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=883719 NOTE: https://mariadb.atlassian.net/browse/MDEV-3915 -CVE-2012-5626 - RESERVED +CVE-2012-5626 (EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Applicati ...) - jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226) CVE-2012-5625 (OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when usin ...) - nova <not-affected> (Only affects OpenStack Folsom, bug #695830) @@ -285075,8 +285135,8 @@ CVE-2012-4983 (Multiple cross-site scripting (XSS) vulnerabilities on the Foresc NOT-FOR-US: Forescout device CVE-2012-4982 (Open redirect vulnerability in assets/login on the Forescout CounterAC ...) NOT-FOR-US: Forescout device -CVE-2012-4981 - RESERVED +CVE-2012-4981 (Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vuln ...) + TODO: check CVE-2012-4980 (Multiple stack-based buffer overflows in CFProfile.exe in Toshiba Conf ...) NOT-FOR-US: Toshiba ConfigFree Utility CVE-2012-4979 @@ -285314,8 +285374,8 @@ CVE-2012-4902 (Multiple cross-site request forgery (CSRF) vulnerabilities in Tem NOT-FOR-US: Template CMS (http://template-cms.ru) CVE-2012-4901 (Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and ear ...) NOT-FOR-US: Template CMS (http://template-cms.ru) -CVE-2012-4900 - RESERVED +CVE-2012-4900 (Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via unt ...) + TODO: check CVE-2012-4899 (WellinTech KingView 6.5.3 and earlier uses a weak password-hashing alg ...) NOT-FOR-US: WellinTech KingView CVE-2012-4898 (Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a ...) @@ -285397,8 +285457,8 @@ CVE-2012-4865 (Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers NOT-FOR-US: Oreans Themida CVE-2012-4864 (Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Oreans WinLicense -CVE-2012-4863 - RESERVED +CVE-2012-4863 (IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability ...) + TODO: check CVE-2012-4862 (The Host Connect emulator in IBM Rational Developer for System z 7.1 t ...) NOT-FOR-US: IBM Rational CVE-2012-4861 (The web server in InfoSphere Data Replication Dashboard in IBM InfoSph ...) @@ -292933,8 +292993,8 @@ CVE-2012-2088 (Integer signedness error in the TIFFReadDirectory function in tif {DSA-2552-1} - tiff 4.0-1 (bug #678140) - tiff3 3.9.6-6 -CVE-2012-2087 - RESERVED +CVE-2012-2087 (ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entir ...) + TODO: check CVE-2012-2086 (SQL injection vulnerability in the get_last_conversation_lines functio ...) {DSA-2453-2 DSA-2453-1} - gajim 0.15-1 (low; bug #668038) @@ -316742,7 +316802,7 @@ CVE-2010-3296 (The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main {DSA-2126-1} - linux-2.6 2.6.32-24 CVE-2010-3295 [drivers/net/tulip/de4x5.c: reading uninitialized stack memory] - RESERVED + REJECTED NOTE: assigned to linux-2.6, but claimed not a problem: http://www.openwall.com/lists/oss-security/2010/09/15/2 NOTE: will probably get rejected CVE-2010-3291 (Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x throug ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2a19ba288057fbc9b7831e8e08e15351427f348 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2a19ba288057fbc9b7831e8e08e15351427f348 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits