Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: e79e443f by Moritz Muehlenhoff at 2020-02-05T18:45:42+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -85131,19 +85131,19 @@ CVE-2018-16270 (Samsung Galaxy Gear series before build RE2 includes the hcidump CVE-2018-16269 (The wnoti system service in Samsung Galaxy Gear series allows an unpri ...) NOT-FOR-US: Samsung CVE-2018-16268 (The SoundServer/FocusServer system services in Tizen allow an unprivil ...) - TODO: check + NOT-FOR-US: Tizen CVE-2018-16267 (The system-popup system service in Tizen allows an unprivileged proces ...) - TODO: check + NOT-FOR-US: Tizen CVE-2018-16266 (The Enlightenment system service in Tizen allows an unprivileged proce ...) - TODO: check + NOT-FOR-US: Tizen CVE-2018-16265 (The bt/bt_core system service in Tizen allows an unprivileged process ...) - TODO: check + NOT-FOR-US: Tizen CVE-2018-16264 (The BlueZ system service in Tizen allows an unprivileged process to pa ...) - TODO: check + NOT-FOR-US: Tizen CVE-2018-16263 (The PulseAudio system service in Tizen allows an unprivileged process ...) - TODO: check + NOT-FOR-US: Tizen CVE-2018-16262 (The pkgmgr system service in Tizen allows an unprivileged process to p ...) - TODO: check + NOT-FOR-US: Tizen CVE-2018-16261 (In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, the ...) NOT-FOR-US: Pulse Secure Pulse Desktop Client CVE-2018-16260 @@ -138143,9 +138143,9 @@ CVE-2017-14809 CVE-2017-14808 REJECTED CVE-2017-14807 (An Improper Neutralization of Special Elements used in an SQL Command ...) - TODO: check + NOT-FOR-US: SUSE Studio CVE-2017-14806 (A Improper Certificate Validation vulnerability in susestudio-common o ...) - TODO: check + NOT-FOR-US: SUSE Studio CVE-2017-14805 RESERVED CVE-2017-14804 (The build package before 20171128 did not check directory names during ...) @@ -197987,7 +197987,7 @@ CVE-2016-4678 (An issue was discovered in certain Apple products. macOS before 1 CVE-2016-4677 (An issue was discovered in certain Apple products. iOS before 10.1 is ...) NOT-FOR-US: Apple CVE-2016-4676 (A Cross-origin vulnerability exists in WebKit in Apple Safari before 1 ...) - TODO: check + NOT-FOR-US: Apple CVE-2016-4675 (An issue was discovered in certain Apple products. iOS before 10.1 is ...) NOT-FOR-US: Apple CVE-2016-4674 (An issue was discovered in certain Apple products. macOS before 10.12. ...) @@ -220150,9 +220150,9 @@ CVE-2015-5953 (Cross-site scripting (XSS) vulnerability in the activity applicat - owncloud 7.0.6+dfsg-1 NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-010 CVE-2015-5952 (Directory traversal vulnerability in Thomson Reuters for FATCA before ...) - TODO: check + NOT-FOR-US: Thomson Reuters FATCA CVE-2015-5951 (A file upload issue exists in the specid parameter in Thomson Reuters ...) - NOT-FOR-US: Thomson Reuters FATCH + NOT-FOR-US: Thomson Reuters FATCA CVE-2015-5950 (The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on ...) - nvidia-graphics-drivers 340.93-1 (bug #800566) [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) @@ -222834,9 +222834,9 @@ CVE-2015-5075 (Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM CVE-2015-5074 (Incomplete blacklist vulnerability in the FileUploadsFilter class in p ...) NOT-FOR-US: X2Engine CVE-2015-5072 (The BIRT Engine servlet in the AR System Mid Tier component before 9.0 ...) - TODO: check + NOT-FOR-US: AR System Mid Tier CVE-2015-5071 (AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 ...) - TODO: check + NOT-FOR-US: AR System Mid Tier CVE-2014-9735 (The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for ...) NOT-FOR-US: WordPress plugins ThemePunch Slider Revolution (revslider) and Showbiz Pro CVE-2014-9734 (Directory traversal vulnerability in the Slider Revolution (revslider) ...) @@ -226875,11 +226875,11 @@ CVE-2015-3615 (Cross-site scripting (XSS) vulnerability in Fortinet FortiManager CVE-2015-3614 (Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows r ...) NOT-FOR-US: Fortinet CVE-2015-3613 (A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2015-3612 (A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2. ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2015-3611 (A Command Injection vulnerability exists in FortiManager 5.2.1 and ear ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2015-3610 (The Siemens HomeControl for Room Automation application before 2.0.1 f ...) NOT-FOR-US: Siemens HomeControl for Room Automation application for Android CVE-2015-3609 @@ -229302,7 +229302,7 @@ CVE-2015-2804 (The management web interface in Alcatel-Lucent OmniSwitch 6450, 6 CVE-2015-2803 (SQL injection vulnerability in mod1/index.php in the Akronymmanager (s ...) NOT-FOR-US: TYPO3 extension sb_akronymmanager CVE-2015-2802 (An Information Disclosure vulnerability exists in HP SiteScope 11.2 an ...) - TODO: check + NOT-FOR-US: HP SiteScope CVE-2015-2801 RESERVED CVE-2015-2800 (The user authentication module in Huawei Campus switches S5700, S5300, ...) @@ -229403,7 +229403,7 @@ CVE-2015-2942 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1 CVE-2015-2786 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 h ...) NOT-FOR-US: MyBB CVE-2015-2784 (The papercrop gem before 0.3.0 for Ruby on Rails does not properly han ...) - TODO: check + NOT-FOR-US: papercrop Ruby gem CVE-2015-2783 (ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x b ...) {DSA-3280-1 DLA-212-1} - php5 5.6.9+dfsg-1 @@ -233174,7 +233174,7 @@ CVE-2015-1532 CVE-2015-1531 RESERVED CVE-2015-1530 (media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows at ...) - TODO: check + NOT-FOR-US: Android CVE-2015-1529 (Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android ...) NOT-FOR-US: Android CVE-2015-1528 (Integer overflow in the native_handle_create function in libcutils/nat ...) @@ -233184,7 +233184,7 @@ CVE-2015-1527 (Integer overflow in IAudioPolicyService.cpp in Android allows loc CVE-2015-1526 (The media_server component in Android allows remote attackers to cause ...) NOT-FOR-US: Android CVE-2015-1525 (audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attacker ...) - TODO: check + NOT-FOR-US: Android CVE-2015-1524 RESERVED CVE-2015-1523 @@ -249658,7 +249658,7 @@ CVE-2014-5083 CVE-2014-5082 (Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1 ...) NOT-FOR-US: Sphider CVE-2014-5081 (sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus pri ...) - TODO: check + NOT-FOR-US: sphider CVE-2014-5080 RESERVED CVE-2014-5079 @@ -252617,7 +252617,7 @@ CVE-2014-3871 (Multiple SQL injection vulnerabilities in register.php in Geodesi CVE-2014-3869 RESERVED CVE-2014-3868 (Multiple SQL injection vulnerabilities in ZeusCart 4.x. ...) - TODO: check + NOT-FOR-US: ZeusCart CVE-2014-3867 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...) NOT-FOR-US: IBM Sametime CVE-2014-3863 (Cross-site scripting (XSS) vulnerability in the JChatSocial component ...) @@ -254977,7 +254977,7 @@ CVE-2014-3120 (The default configuration in Elasticsearch before 1.2 enables dyn NOTE: https://github.com/elasticsearch/elasticsearch/commit/81e83cca NOTE: https://github.com/elasticsearch/elasticsearch/issues/5853 CVE-2014-3119 (Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier ...) - TODO: check + NOT-FOR-US: web2Project CVE-2014-3118 RESERVED CVE-2014-3117 @@ -255642,7 +255642,7 @@ CVE-2014-2845 (Cyberduck before 4.4.4 on Windows does not properly validate X.50 CVE-2014-2844 (Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure ...) NOT-FOR-US: F-Secure Messaging Secure Gateway CVE-2014-2843 (Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1 ...) - TODO: check + NOT-FOR-US: MapSuite MapAPI CVE-2014-2842 (Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a de ...) NOT-FOR-US: Juniper ScreenOS CVE-2014-2841 @@ -257818,7 +257818,7 @@ CVE-2014-2052 CVE-2014-2051 (ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote att ...) - owncloud 6.0.2+dfsg-1 CVE-2014-2050 (Cross-site request forgery (CSRF) vulnerability in ownCloud Server bef ...) - TODO: check + - owncloud 6.0.2+dfsg-1 CVE-2014-2049 (The default Flash Cross Domain policies in ownCloud before 5.0.15 and ...) - owncloud 6.0.0+dfsg-1 CVE-2014-2048 (The user_openid app in ownCloud Server before 5.0.15 allows remote att ...) @@ -264450,7 +264450,7 @@ CVE-2013-6794 (Cross-site scripting (XSS) vulnerability in the Calendar module i CVE-2013-6793 (Multiple cross-site scripting (XSS) vulnerabilities in the Calendar mo ...) NOT-FOR-US: Olat CVE-2013-6792 (Google Android prior to 4.4 has an APK Signature Security Bypass Vulne ...) - TODO: check + NOT-FOR-US: Android CVE-2013-6791 (Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 use ...) NOT-FOR-US: Microsoft Enhanced Mitigation Experience Toolkit CVE-2013-6790 @@ -266408,7 +266408,7 @@ CVE-2013-6058 (SQL injection vulnerability in appRain CMF 3.0.2 and earlier allo CVE-2013-6057 RESERVED CVE-2013-6056 (OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerabilit ...) - TODO: check + NOT-FOR-US: AlienVault OSSIM CVE-2013-6055 REJECTED CVE-2013-6054 (Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and ...) @@ -267374,7 +267374,7 @@ CVE-2013-5661 (Cache Poisoning issue exists in DNS Response Rate Limiting. ...) CVE-2013-5660 (Buffer overflow in Power Software WinArchiver 3.2 allows remote attack ...) NOT-FOR-US: Power Software WinArchiver CVE-2013-5659 (Wiz 5.0.3 has a user mode write access violation ...) - TODO: check + NOT-FOR-US: Wiz CVE-2013-5658 (AultWare pwStore 2010.8.30.0 has XSS ...) NOT-FOR-US: AultWare pwStore CVE-2013-5657 (AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e79e443f08ea2f85bdf48b8a879f06622566ca90 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e79e443f08ea2f85bdf48b8a879f06622566ca90 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits