Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f2af77da by security tracker role at 2020-02-08T20:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -221362,8 +221362,7 @@ CVE-2014-9742 (The Miller-Rabin primality check in Botan before 1.10.8 and 1.11. - botan1.10 1.10.8-1 NOTE: Introduced in 1.8.3, fixed in 1.10.8 and 1.11.9 NOTE: http://botan.randombit.net/security.html -CVE-2015-5741 [other discoveries of security-relevant RFC 7230 violations] - RESERVED +CVE-2015-5741 (The net/http library in net/http/transfer.go in Go before 1.4.3 does n ...) - golang 2:1.4.2-4 (bug #795106) [jessie] - golang <no-dsa> (Minor issue) [wheezy] - golang <no-dsa> (Minor issue) @@ -228058,8 +228057,8 @@ CVE-2015-3425 (Cross-site scripting (XSS) vulnerability in Accentis Content Reso NOT-FOR-US: Accentis Content Resource Management System CVE-2015-3424 (SQL injection vulnerability in Accentis Content Resource Management Sy ...) NOT-FOR-US: Accentis Content Resource Management System -CVE-2015-3423 - RESERVED +CVE-2015-3423 (Multiple SQL injection vulnerabilities in NetCracker Resource Manageme ...) + TODO: check CVE-2015-3422 (Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 al ...) NOT-FOR-US: SearchBlox CVE-2015-3421 (The eshop_checkout function in checkout.php in the Wordpress Eshop plu ...) @@ -232034,8 +232033,8 @@ CVE-2015-2209 (DLGuard 4.5 allows remote attackers to obtain the installation pa NOT-FOR-US: DLGuard CVE-2015-2208 (The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remo ...) NOT-FOR-US: phpMoAdmin -CVE-2015-2207 - RESERVED +CVE-2015-2207 (Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Reso ...) + TODO: check CVE-2015-2206 (libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2 ...) {DSA-3382-1 DLA-336-1} - phpmyadmin 4:4.4.4-1 (unimportant) @@ -232485,8 +232484,8 @@ CVE-2015-2080 (The exception handling code in Eclipse Jetty before 9.2.9.v201502 NOTE: http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html NOTE: https://github.com/eclipse/jetty.project/blob/master/advisories/2015-02-24-httpparser-error-buffer-bleed.md NOTE: http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html -CVE-2015-2062 - RESERVED +CVE-2015-2062 (Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-i ...) + TODO: check CVE-2015-2061 (Heap-based buffer overflow in the browser plugin for PTC Creo View all ...) NOT-FOR-US: PTC Creo View CVE-2015-2057 @@ -234562,8 +234561,7 @@ CVE-2015-1398 (Multiple directory traversal vulnerabilities in Magento Community NOT-FOR-US: Magento CVE-2015-1397 (SQL injection vulnerability in the getCsvFile function in the Mage_Adm ...) NOT-FOR-US: Magento -CVE-2015-1394 - RESERVED +CVE-2015-1394 (Multiple cross-site scripting (XSS) vulnerabilities in the Photo Galle ...) NOT-FOR-US: WordPress plugin photo-gallery CVE-2015-1393 (SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 ...) NOT-FOR-US: WordPress plugin photo-gallery @@ -237733,8 +237731,8 @@ CVE-2014-9472 (The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x b {DSA-3176-1 DLA-158-1} - request-tracker4 4.2.8-3 - request-tracker3.8 <removed> (unimportant) -CVE-2014-9470 - RESERVED +CVE-2014-9470 (Cross-site scripting (XSS) vulnerability in the loadForm function in F ...) + TODO: check CVE-2014-9469 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3. ...) NOT-FOR-US: vBulletin CVE-2014-9468 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP Inst ...) @@ -239490,10 +239488,10 @@ CVE-2014-9131 RESERVED CVE-2014-9128 RESERVED -CVE-2014-9127 - RESERVED -CVE-2014-9126 - RESERVED +CVE-2014-9127 (Open-School Community Edition 2.2 does not properly restrict access to ...) + TODO: check +CVE-2014-9126 (Multiple cross-site scripting (XSS) vulnerabilities in Open-School Com ...) + TODO: check CVE-2014-9125 RESERVED CVE-2014-9124 @@ -241298,8 +241296,8 @@ CVE-2014-8741 (Directory traversal vulnerability in the GfdFileUploadServerlet s NOT-FOR-US: Lexmark CVE-2014-8740 RESERVED -CVE-2014-8739 - RESERVED +CVE-2014-8739 (Unrestricted file upload vulnerability in server/php/UploadHandler.php ...) + TODO: check CVE-2014-8736 (The Open Atrium Core module for Drupal before 7.x-2.22 allows remote a ...) NOT-FOR-US: Drupal module Open Atrium Core CVE-2014-8735 (The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7 ...) @@ -243876,8 +243874,8 @@ CVE-2014-7865 REJECTED CVE-2014-7864 (Multiple SQL injection vulnerabilities in the FailOverHelperServlet (a ...) NOT-FOR-US: ZOHO ManageEngine OpManager -CVE-2014-7863 - RESERVED +CVE-2014-7863 (The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngi ...) + TODO: check CVE-2014-7862 (The DCPluginServelet servlet in ManageEngine Desktop Central and Deskt ...) NOT-FOR-US: ManageEngine CVE-2014-7861 (The IOHIDSecurePromptClient function in Apple OS X does not properly v ...) @@ -258070,8 +258068,7 @@ CVE-2014-2227 (The default Flash cross-domain policy (crossdomain.xml) in Ubiqui NOT-FOR-US: Ubiquiti Networks CVE-2014-2226 (Ubiquiti UniFi Controller before 3.2.1 logs the administrative passwor ...) NOT-FOR-US: Ubiquiti Networks -CVE-2014-2225 - RESERVED +CVE-2014-2225 (Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti ...) NOT-FOR-US: Ubiquiti Networks CVE-2014-2224 (Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not as ...) NOT-FOR-US: Plogger @@ -286046,8 +286043,8 @@ CVE-2012-5572 (CRLF injection vulnerability in the cookie method (lib/Dancer/Coo NOTE: https://github.com/PerlDancer/Dancer/issues/859 CVE-2012-5571 (OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properl ...) - keystone 2012.1.1-11 (bug #694433) -CVE-2012-5570 - RESERVED +CVE-2012-5570 (The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remo ...) + TODO: check CVE-2012-5569 (Multiple cross-site scripting (XSS) vulnerabilities in the Basic webma ...) NOT-FOR-US: Drupal Webmail module CVE-2012-5568 (Apache Tomcat through 7.0.x allows remote attackers to cause a denial ...) @@ -288998,8 +288995,7 @@ CVE-2012-4513 (khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows - kdebase <removed> (unimportant) - kde-baseapps <unfixed> (unimportant) NOTE: Konqueror not supported security-wise -CVE-2012-4512 - RESERVED +CVE-2012-4512 (The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 all ...) - kdebase <removed> (unimportant) - kde-baseapps <unfixed> (unimportant) NOTE: Konqueror not supported security-wise @@ -289399,8 +289395,7 @@ CVE-2012-4382 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not proper [squeeze] - mediawiki <end-of-life> NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39823 NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6 -CVE-2012-4381 [Passwords were stored in local DB even if auth systems like LDAP were used] - RESERVED +CVE-2012-4381 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in t ...) - mediawiki 1:1.19.2-1 (bug #686330) [squeeze] - mediawiki <end-of-life> NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39184 @@ -290321,8 +290316,8 @@ CVE-2012-4031 (Multiple directory traversal vulnerabilities in src/acloglogin.ph NOT-FOR-US: Wangkongbao not in Debian CVE-2012-4030 (Chamilo before 1.8.8.6 does not adequately handle user supplied input ...) NOT-FOR-US: Chamilo LMS -CVE-2012-4029 - RESERVED +CVE-2012-4029 (Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in ...) + TODO: check CVE-2012-4028 (Tridium Niagara AX Framework does not properly store credential data, ...) NOT-FOR-US: Tridium Niagara AX Framework CVE-2012-4027 (Directory traversal vulnerability in Tridium Niagara AX Framework allo ...) @@ -304662,8 +304657,7 @@ CVE-2011-3644 RESERVED CVE-2011-3643 RESERVED -CVE-2011-3642 [flowplayer-core: Arbitrary plugins with remote code execution (XSS)] - RESERVED +CVE-2011-3642 (Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 thr ...) - mahara <removed> (low; bug #699230) [squeeze] - mahara <no-dsa> (Minor issue) NOTE: https://code.google.com/p/flowplayer-core/issues/detail?id=441 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2af77da61f06557937561af7d68b5cfa05f887e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2af77da61f06557937561af7d68b5cfa05f887e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits