[Git][security-tracker-team/security-tracker][master] automatic update

Sat, 08 Feb 2020 12:10:55 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f2af77da by security tracker role at 2020-02-08T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -221362,8 +221362,7 @@ CVE-2014-9742 (The Miller-Rabin primality check in 
Botan before 1.10.8 and 1.11.
        - botan1.10 1.10.8-1
        NOTE: Introduced in 1.8.3, fixed in 1.10.8 and 1.11.9
        NOTE: http://botan.randombit.net/security.html
-CVE-2015-5741 [other discoveries of security-relevant RFC 7230 violations]
-       RESERVED
+CVE-2015-5741 (The net/http library in net/http/transfer.go in Go before 1.4.3 
does n ...)
        - golang 2:1.4.2-4 (bug #795106)
        [jessie] - golang <no-dsa> (Minor issue)
        [wheezy] - golang <no-dsa> (Minor issue)
@@ -228058,8 +228057,8 @@ CVE-2015-3425 (Cross-site scripting (XSS) 
vulnerability in Accentis Content Reso
        NOT-FOR-US: Accentis Content Resource Management System
 CVE-2015-3424 (SQL injection vulnerability in Accentis Content Resource 
Management Sy ...)
        NOT-FOR-US: Accentis Content Resource Management System
-CVE-2015-3423
-       RESERVED
+CVE-2015-3423 (Multiple SQL injection vulnerabilities in NetCracker Resource 
Manageme ...)
+       TODO: check
 CVE-2015-3422 (Cross-site scripting (XSS) vulnerability in SearchBlox before 
8.2.1 al ...)
        NOT-FOR-US: SearchBlox
 CVE-2015-3421 (The eshop_checkout function in checkout.php in the Wordpress 
Eshop plu ...)
@@ -232034,8 +232033,8 @@ CVE-2015-2209 (DLGuard 4.5 allows remote attackers to 
obtain the installation pa
        NOT-FOR-US: DLGuard
 CVE-2015-2208 (The saveObject function in moadmin.php in phpMoAdmin 1.1.2 
allows remo ...)
        NOT-FOR-US: phpMoAdmin
-CVE-2015-2207
-       RESERVED
+CVE-2015-2207 (Multiple cross-site scripting (XSS) vulnerabilities in 
NetCracker Reso ...)
+       TODO: check
 CVE-2015-2206 (libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 
4.0.10.9, 4.2 ...)
        {DSA-3382-1 DLA-336-1}
        - phpmyadmin 4:4.4.4-1 (unimportant)
@@ -232485,8 +232484,8 @@ CVE-2015-2080 (The exception handling code in Eclipse 
Jetty before 9.2.9.v201502
        NOTE: http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
        NOTE: 
https://github.com/eclipse/jetty.project/blob/master/advisories/2015-02-24-httpparser-error-buffer-bleed.md
        NOTE: 
http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
-CVE-2015-2062
-       RESERVED
+CVE-2015-2062 (Multiple SQL injection vulnerabilities in the Huge-IT Slider 
(slider-i ...)
+       TODO: check
 CVE-2015-2061 (Heap-based buffer overflow in the browser plugin for PTC Creo 
View all ...)
        NOT-FOR-US: PTC Creo View
 CVE-2015-2057
@@ -234562,8 +234561,7 @@ CVE-2015-1398 (Multiple directory traversal 
vulnerabilities in Magento Community
        NOT-FOR-US: Magento
 CVE-2015-1397 (SQL injection vulnerability in the getCsvFile function in the 
Mage_Adm ...)
        NOT-FOR-US: Magento
-CVE-2015-1394
-       RESERVED
+CVE-2015-1394 (Multiple cross-site scripting (XSS) vulnerabilities in the 
Photo Galle ...)
        NOT-FOR-US: WordPress plugin photo-gallery
 CVE-2015-1393 (SQL injection vulnerability in the Photo Gallery plugin before 
1.2.11  ...)
        NOT-FOR-US: WordPress plugin photo-gallery
@@ -237733,8 +237731,8 @@ CVE-2014-9472 (The email gateway in RT (aka Request 
Tracker) 3.0.0 through 4.x b
        {DSA-3176-1 DLA-158-1}
        - request-tracker4 4.2.8-3
        - request-tracker3.8 <removed> (unimportant)
-CVE-2014-9470
-       RESERVED
+CVE-2014-9470 (Cross-site scripting (XSS) vulnerability in the loadForm 
function in F ...)
+       TODO: check
 CVE-2014-9469 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 
3.6.0, 3. ...)
        NOT-FOR-US: vBulletin
 CVE-2014-9468 (Multiple cross-site scripting (XSS) vulnerabilities in 
InstantASP Inst ...)
@@ -239490,10 +239488,10 @@ CVE-2014-9131
        RESERVED
 CVE-2014-9128
        RESERVED
-CVE-2014-9127
-       RESERVED
-CVE-2014-9126
-       RESERVED
+CVE-2014-9127 (Open-School Community Edition 2.2 does not properly restrict 
access to ...)
+       TODO: check
+CVE-2014-9126 (Multiple cross-site scripting (XSS) vulnerabilities in 
Open-School Com ...)
+       TODO: check
 CVE-2014-9125
        RESERVED
 CVE-2014-9124
@@ -241298,8 +241296,8 @@ CVE-2014-8741 (Directory traversal vulnerability in 
the GfdFileUploadServerlet s
        NOT-FOR-US: Lexmark
 CVE-2014-8740
        RESERVED
-CVE-2014-8739
-       RESERVED
+CVE-2014-8739 (Unrestricted file upload vulnerability in 
server/php/UploadHandler.php ...)
+       TODO: check
 CVE-2014-8736 (The Open Atrium Core module for Drupal before 7.x-2.22 allows 
remote a ...)
        NOT-FOR-US: Drupal module Open Atrium Core
 CVE-2014-8735 (The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x 
before 7 ...)
@@ -243876,8 +243874,8 @@ CVE-2014-7865
        REJECTED
 CVE-2014-7864 (Multiple SQL injection vulnerabilities in the 
FailOverHelperServlet (a ...)
        NOT-FOR-US: ZOHO ManageEngine OpManager
-CVE-2014-7863
-       RESERVED
+CVE-2014-7863 (The FailOverHelperServlet (aka FailServlet) servlet in ZOHO 
ManageEngi ...)
+       TODO: check
 CVE-2014-7862 (The DCPluginServelet servlet in ManageEngine Desktop Central 
and Deskt ...)
        NOT-FOR-US: ManageEngine
 CVE-2014-7861 (The IOHIDSecurePromptClient function in Apple OS X does not 
properly v ...)
@@ -258070,8 +258068,7 @@ CVE-2014-2227 (The default Flash cross-domain policy 
(crossdomain.xml) in Ubiqui
        NOT-FOR-US: Ubiquiti Networks
 CVE-2014-2226 (Ubiquiti UniFi Controller before 3.2.1 logs the administrative 
passwor ...)
        NOT-FOR-US: Ubiquiti Networks
-CVE-2014-2225
-       RESERVED
+CVE-2014-2225 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
Ubiquiti ...)
        NOT-FOR-US: Ubiquiti Networks
 CVE-2014-2224 (Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does 
not as ...)
        NOT-FOR-US: Plogger
@@ -286046,8 +286043,8 @@ CVE-2012-5572 (CRLF injection vulnerability in the 
cookie method (lib/Dancer/Coo
        NOTE: https://github.com/PerlDancer/Dancer/issues/859
 CVE-2012-5571 (OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not 
properl ...)
        - keystone 2012.1.1-11 (bug #694433)
-CVE-2012-5570
-       RESERVED
+CVE-2012-5570 (The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal 
allows remo ...)
+       TODO: check
 CVE-2012-5569 (Multiple cross-site scripting (XSS) vulnerabilities in the 
Basic webma ...)
        NOT-FOR-US: Drupal Webmail module
 CVE-2012-5568 (Apache Tomcat through 7.0.x allows remote attackers to cause a 
denial  ...)
@@ -288998,8 +288995,7 @@ CVE-2012-4513 (khtml/imload/scaledimageplane.h in 
Konqueror in KDE 4.7.3 allows
        - kdebase <removed> (unimportant)
        - kde-baseapps <unfixed> (unimportant)
        NOTE: Konqueror not supported security-wise
-CVE-2012-4512
-       RESERVED
+CVE-2012-4512 (The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 
4.7.3 all ...)
        - kdebase <removed> (unimportant)
        - kde-baseapps <unfixed> (unimportant)
        NOTE: Konqueror not supported security-wise
@@ -289399,8 +289395,7 @@ CVE-2012-4382 (MediaWiki before 1.18.5, and 1.19.x 
before 1.19.2 does not proper
        [squeeze] - mediawiki <end-of-life>
        NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39823
        NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
-CVE-2012-4381 [Passwords were stored in local DB even if auth systems like 
LDAP were used]
-       RESERVED
+CVE-2012-4381 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves 
passwords in t ...)
        - mediawiki 1:1.19.2-1 (bug #686330)
        [squeeze] - mediawiki <end-of-life>
        NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39184
@@ -290321,8 +290316,8 @@ CVE-2012-4031 (Multiple directory traversal 
vulnerabilities in src/acloglogin.ph
        NOT-FOR-US: Wangkongbao not in Debian
 CVE-2012-4030 (Chamilo before 1.8.8.6 does not adequately handle user supplied 
input  ...)
        NOT-FOR-US: Chamilo LMS
-CVE-2012-4029
-       RESERVED
+CVE-2012-4029 (Cross-site scripting (XSS) vulnerability in 
main/dropbox/index.php in  ...)
+       TODO: check
 CVE-2012-4028 (Tridium Niagara AX Framework does not properly store credential 
data,  ...)
        NOT-FOR-US: Tridium Niagara AX Framework
 CVE-2012-4027 (Directory traversal vulnerability in Tridium Niagara AX 
Framework allo ...)
@@ -304662,8 +304657,7 @@ CVE-2011-3644
        RESERVED
 CVE-2011-3643
        RESERVED
-CVE-2011-3642 [flowplayer-core: Arbitrary plugins with remote code execution 
(XSS)]
-       RESERVED
+CVE-2011-3642 (Cross-site scripting (XSS) vulnerability in Flowplayer Flash 
3.2.7 thr ...)
        - mahara <removed> (low; bug #699230)
        [squeeze] - mahara <no-dsa> (Minor issue)
        NOTE: https://code.google.com/p/flowplayer-core/issues/detail?id=441



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2af77da61f06557937561af7d68b5cfa05f887e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2af77da61f06557937561af7d68b5cfa05f887e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to