Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4511104f by security tracker role at 2020-02-12T20:10:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,141 @@ +CVE-2020-8949 (Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3. ...) + TODO: check +CVE-2020-8948 + RESERVED +CVE-2020-8947 (functions_netflow.php in Artica Pandora FMS 7.0 allows remote attacker ...) + TODO: check +CVE-2020-8946 (Netis WF2471 v1.2.30142 devices allow an authenticated attacker to exe ...) + TODO: check +CVE-2020-8945 (The proglottis Go wrapper before 0.1.1 for the GPGME library has a use ...) + TODO: check +CVE-2020-8944 + RESERVED +CVE-2020-8943 + RESERVED +CVE-2020-8942 + RESERVED +CVE-2020-8941 + RESERVED +CVE-2020-8940 + RESERVED +CVE-2020-8939 + RESERVED +CVE-2020-8938 + RESERVED +CVE-2020-8937 + RESERVED +CVE-2020-8936 + RESERVED +CVE-2020-8935 + RESERVED +CVE-2020-8934 + RESERVED +CVE-2020-8933 + RESERVED +CVE-2020-8932 + RESERVED +CVE-2020-8931 + RESERVED +CVE-2020-8930 + RESERVED +CVE-2020-8929 + RESERVED +CVE-2020-8928 + RESERVED +CVE-2020-8927 + RESERVED +CVE-2020-8926 + RESERVED +CVE-2020-8925 + RESERVED +CVE-2020-8924 + RESERVED +CVE-2020-8923 + RESERVED +CVE-2020-8922 + RESERVED +CVE-2020-8921 + RESERVED +CVE-2020-8920 + RESERVED +CVE-2020-8919 + RESERVED +CVE-2020-8918 + RESERVED +CVE-2020-8917 + RESERVED +CVE-2020-8916 + RESERVED +CVE-2020-8915 + RESERVED +CVE-2020-8914 + RESERVED +CVE-2020-8913 + RESERVED +CVE-2020-8912 + RESERVED +CVE-2020-8911 + RESERVED +CVE-2020-8910 + RESERVED +CVE-2020-8909 + RESERVED +CVE-2020-8908 + RESERVED +CVE-2020-8907 + RESERVED +CVE-2020-8906 + RESERVED +CVE-2020-8905 + RESERVED +CVE-2020-8904 + RESERVED +CVE-2020-8903 + RESERVED +CVE-2020-8902 + RESERVED +CVE-2020-8901 + RESERVED +CVE-2020-8900 + RESERVED +CVE-2020-8899 + RESERVED +CVE-2020-8898 + RESERVED +CVE-2020-8897 + RESERVED +CVE-2020-8896 + RESERVED +CVE-2020-8895 + RESERVED +CVE-2020-8894 (An issue was discovered in MISP before 2.4.121. ACLs for discussion th ...) + TODO: check +CVE-2020-8893 (An issue was discovered in MISP before 2.4.121. The Galaxy view contai ...) + TODO: check +CVE-2020-8892 (An issue was discovered in MISP before 2.4.121. It did not consider th ...) + TODO: check +CVE-2020-8891 (An issue was discovered in MISP before 2.4.121. It did not canonicaliz ...) + TODO: check +CVE-2020-8890 (An issue was discovered in MISP before 2.4.121. It mishandled time ske ...) + TODO: check +CVE-2020-8889 + RESERVED +CVE-2020-8888 + RESERVED +CVE-2020-8887 + RESERVED +CVE-2020-8886 + RESERVED +CVE-2020-8885 + RESERVED +CVE-2019-20453 + RESERVED +CVE-2019-20452 + RESERVED +CVE-2012-6721 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...) + TODO: check +CVE-2012-6720 (Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine be ...) + TODO: check CVE-2020-8884 RESERVED CVE-2020-8883 @@ -92,8 +230,8 @@ CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain x NOTE: https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by NOTE: but still an issue when Default Typing is enabled. -CVE-2020-8839 - RESERVED +CVE-2020-8839 (Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter dev ...) + TODO: check CVE-2015-9542 RESERVED CVE-2020-8838 @@ -146,8 +284,8 @@ CVE-2020-8817 RESERVED CVE-2020-8816 RESERVED -CVE-2020-8815 - RESERVED +CVE-2020-8815 (Improper connection handling in the base connection handler in IKTeam ...) + TODO: check CVE-2020-8814 RESERVED CVE-2018-21034 @@ -625,8 +763,7 @@ CVE-2020-8597 (eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer NOTE: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426 CVE-2020-8596 (participants-database.php in the Participants Database plugin 1.9.5.5 ...) NOT-FOR-US: Participants Database plugin for WordPress -CVE-2020-8595 - RESERVED +CVE-2020-8595 (Istio 1.3 through 1.4.3 allows authentication bypass. The Authenticati ...) NOT-FOR-US: itsio CVE-2020-8594 RESERVED @@ -2049,8 +2186,7 @@ CVE-2020-7959 RESERVED CVE-2020-7958 RESERVED -CVE-2020-7957 - RESERVED +CVE-2020-7957 (The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle ...) - dovecot <not-affected> (Only affects 2.3.9) NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/2 CVE-2020-7956 (HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validate ...) @@ -4060,8 +4196,7 @@ CVE-2020-7048 (The WordPress plugin, WP Database Reset through 3.1, contains a f NOT-FOR-US: Wordpress plugin CVE-2020-7047 (The WordPress plugin, WP Database Reset through 3.1, contains a flaw t ...) NOT-FOR-US: Wordpress plugin -CVE-2020-7046 - RESERVED +CVE-2020-7046 (lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 ...) - dovecot <not-affected> (Only affects 2.3.9) NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/1 CVE-2020-7045 (In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. Thi ...) @@ -6237,20 +6372,20 @@ CVE-2020-6071 RESERVED CVE-2020-6070 RESERVED -CVE-2020-6069 - RESERVED +CVE-2020-6069 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) + TODO: check CVE-2020-6068 RESERVED -CVE-2020-6067 - RESERVED -CVE-2020-6066 - RESERVED -CVE-2020-6065 - RESERVED -CVE-2020-6064 - RESERVED -CVE-2020-6063 - RESERVED +CVE-2020-6067 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) + TODO: check +CVE-2020-6066 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) + TODO: check +CVE-2020-6065 (An exploitable out-of-bounds write vulnerability exists in the bmp_par ...) + TODO: check +CVE-2020-6064 (An exploitable out-of-bounds write vulnerability exists in the uncompr ...) + TODO: check +CVE-2020-6063 (An exploitable out-of-bounds write vulnerability exists in the uncompr ...) + TODO: check CVE-2020-6062 RESERVED CVE-2020-6061 @@ -11200,12 +11335,12 @@ CVE-2019-20102 RESERVED CVE-2019-20101 RESERVED -CVE-2019-20100 - RESERVED -CVE-2019-20099 - RESERVED -CVE-2019-20098 - RESERVED +CVE-2019-20100 (The Atlassian Application Links plugin is vulnerable to cross-site req ...) + TODO: check +CVE-2019-20099 (The VerifyPopServerConnection!add.jspa component in Atlassian Jira Ser ...) + TODO: check +CVE-2019-20098 (The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Se ...) + TODO: check CVE-2019-20097 (Bitbucket Server and Bitbucket Data Center versions starting from 1.0. ...) NOT-FOR-US: Bitbucket Server and Bitbucket Data Center CVE-2019-20096 (In the Linux kernel before 5.1, there is a memory leak in __feat_regis ...) @@ -11704,8 +11839,7 @@ CVE-2019-19922 (kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.c [buster] - linux 4.19.87-1 [stretch] - linux <not-affected> (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/de53fd7aedb100f03e5d2231cfce0e4993282425 -CVE-2019-19921 [Volume mount race condition with shared mounts] - RESERVED +CVE-2019-19921 (runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalat ...) - runc 1.0.0~rc10+dfsg1-1 [buster] - runc <no-dsa> (Minor issue) [stretch] - runc <no-dsa> (Minor issue) @@ -16275,80 +16409,55 @@ CVE-2020-2135 RESERVED CVE-2020-2134 RESERVED -CVE-2020-2133 - RESERVED +CVE-2020-2133 (Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2132 - RESERVED +CVE-2020-2132 (Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2131 - RESERVED +CVE-2020-2131 (Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencryp ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2130 - RESERVED +CVE-2020-2130 (Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencry ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2129 - RESERVED +CVE-2020-2129 (Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencr ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2128 - RESERVED +CVE-2020-2128 (Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a passw ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2127 - RESERVED +CVE-2020-2127 (Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stor ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2126 - RESERVED +CVE-2020-2126 (Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2125 - RESERVED +CVE-2020-2125 (Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2124 - RESERVED +CVE-2020-2124 (Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier sto ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2123 - RESERVED +CVE-2020-2123 (Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML pa ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2122 - RESERVED +CVE-2020-2122 (Jenkins Brakeman Plugin 0.12 and earlier did not escape values receive ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2121 - RESERVED +CVE-2020-2121 (Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not con ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2120 - RESERVED +CVE-2020-2120 (Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML pa ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2119 - RESERVED +CVE-2020-2119 (Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credent ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2118 - RESERVED +CVE-2020-2118 (A missing permission check in Jenkins Pipeline GitHub Notify Step Plug ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2117 - RESERVED +CVE-2020-2117 (A missing permission check in Jenkins Pipeline GitHub Notify Step Plug ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2116 - RESERVED +CVE-2020-2116 (A cross-site request forgery vulnerability in Jenkins Pipeline GitHub ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2115 - RESERVED +CVE-2020-2115 (Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parse ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2114 - RESERVED +CVE-2020-2114 (Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured cr ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2113 - RESERVED +CVE-2020-2113 (Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the de ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2112 - RESERVED +CVE-2020-2112 (Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the pa ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2111 - RESERVED +CVE-2020-2111 (Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2110 - RESERVED +CVE-2020-2110 (Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2109 - RESERVED +CVE-2020-2109 (Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2020-2108 (Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin @@ -16938,8 +17047,7 @@ CVE-2020-1944 RESERVED CVE-2020-1943 RESERVED -CVE-2020-1942 - RESERVED +CVE-2020-1942 (In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated ...) NOT-FOR-US: Apache NiFi CVE-2020-1941 RESERVED @@ -17743,8 +17851,7 @@ CVE-2020-1728 RESERVED CVE-2020-1727 RESERVED -CVE-2020-1726 - RESERVED +CVE-2020-1726 (A flaw was discovered in Podman where it incorrectly allows containers ...) - podman <itp> (bug #930440) CVE-2020-1725 RESERVED @@ -17788,8 +17895,7 @@ CVE-2020-1712 [heap use-after-free vulnerability] NOTE: https://github.com/systemd/systemd/commit/5c1163273569809742c164260cfd9f096520cb82 (documentation) NOTE: https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d (documentation) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1794578 -CVE-2020-1711 [block: iscsi: OOB heap access via an unexpected response of iSCSI Server] - RESERVED +CVE-2020-1711 (An out-of-bounds heap buffer access flaw was found in the way the iSCS ...) - qemu 1:4.2-2 (bug #949731) [buster] - qemu 1:3.1+dfsg-8+deb10u4 [stretch] - qemu <postponed> (Intrusive to backport, revisit later) @@ -18352,16 +18458,16 @@ CVE-2019-19198 (The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS. ... NOT-FOR-US: Scoutnet Kalender plugin for WordPress CVE-2019-19197 (IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0. ...) NOT-FOR-US: Kyrol Internet Security -CVE-2019-19196 - RESERVED +CVE-2019-19196 (The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation ...) + TODO: check CVE-2019-19195 (The Bluetooth Low Energy implementation on Microchip Technology BluSDK ...) TODO: check -CVE-2019-19194 - RESERVED +CVE-2019-19194 (The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation ...) + TODO: check CVE-2019-19193 (The Bluetooth Low Energy peripheral implementation on Texas Instrument ...) TODO: check -CVE-2019-19192 - RESERVED +CVE-2019-19192 (The Bluetooth Low Energy implementation on STMicroelectronics BLE Stac ...) + TODO: check CVE-2019-19191 (Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file ...) - shibboleth-sp <unfixed> (unimportant) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1157471 @@ -21275,8 +21381,8 @@ CVE-2020-0794 RESERVED CVE-2020-0793 RESERVED -CVE-2020-0792 - RESERVED +CVE-2020-0792 (An elevation of privilege vulnerability exists when the Windows Graphi ...) + TODO: check CVE-2020-0791 RESERVED CVE-2020-0790 @@ -21325,8 +21431,8 @@ CVE-2020-0769 RESERVED CVE-2020-0768 RESERVED -CVE-2020-0767 - RESERVED +CVE-2020-0767 (A remote code execution vulnerability exists in the way that the Chakr ...) + TODO: check CVE-2020-0766 RESERVED CVE-2020-0765 @@ -21341,216 +21447,216 @@ CVE-2020-0761 RESERVED CVE-2020-0760 RESERVED -CVE-2020-0759 - RESERVED +CVE-2020-0759 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) + TODO: check CVE-2020-0758 RESERVED -CVE-2020-0757 - RESERVED -CVE-2020-0756 - RESERVED -CVE-2020-0755 - RESERVED -CVE-2020-0754 - RESERVED -CVE-2020-0753 - RESERVED -CVE-2020-0752 - RESERVED -CVE-2020-0751 - RESERVED -CVE-2020-0750 - RESERVED -CVE-2020-0749 - RESERVED -CVE-2020-0748 - RESERVED -CVE-2020-0747 - RESERVED -CVE-2020-0746 - RESERVED -CVE-2020-0745 - RESERVED -CVE-2020-0744 - RESERVED -CVE-2020-0743 - RESERVED -CVE-2020-0742 - RESERVED -CVE-2020-0741 - RESERVED -CVE-2020-0740 - RESERVED -CVE-2020-0739 - RESERVED -CVE-2020-0738 - RESERVED -CVE-2020-0737 - RESERVED -CVE-2020-0736 - RESERVED -CVE-2020-0735 - RESERVED -CVE-2020-0734 - RESERVED -CVE-2020-0733 - RESERVED -CVE-2020-0732 - RESERVED -CVE-2020-0731 - RESERVED -CVE-2020-0730 - RESERVED -CVE-2020-0729 - RESERVED -CVE-2020-0728 - RESERVED -CVE-2020-0727 - RESERVED -CVE-2020-0726 - RESERVED -CVE-2020-0725 - RESERVED -CVE-2020-0724 - RESERVED -CVE-2020-0723 - RESERVED -CVE-2020-0722 - RESERVED -CVE-2020-0721 - RESERVED -CVE-2020-0720 - RESERVED -CVE-2020-0719 - RESERVED +CVE-2020-0757 (An elevation of privilege vulnerability exists when Windows improperly ...) + TODO: check +CVE-2020-0756 (An information disclosure vulnerability exists in the Cryptography Nex ...) + TODO: check +CVE-2020-0755 (An information disclosure vulnerability exists in the Cryptography Nex ...) + TODO: check +CVE-2020-0754 (An elevation of privilege vulnerability exists in Windows Error Report ...) + TODO: check +CVE-2020-0753 (An elevation of privilege vulnerability exists in Windows Error Report ...) + TODO: check +CVE-2020-0752 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0751 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) + TODO: check +CVE-2020-0750 (An elevation of privilege vulnerability exists in the way that the Con ...) + TODO: check +CVE-2020-0749 (An elevation of privilege vulnerability exists in the way that the Con ...) + TODO: check +CVE-2020-0748 (An information disclosure vulnerability exists in the Cryptography Nex ...) + TODO: check +CVE-2020-0747 (An elevation of privilege vulnerability exists when the Windows Data S ...) + TODO: check +CVE-2020-0746 (An information disclosure vulnerability exists in the way that Microso ...) + TODO: check +CVE-2020-0745 (An elevation of privilege vulnerability exists when the Windows Graphi ...) + TODO: check +CVE-2020-0744 (An information disclosure vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0743 (An elevation of privilege vulnerability exists in the way that the Con ...) + TODO: check +CVE-2020-0742 (An elevation of privilege vulnerability exists in the way that the Con ...) + TODO: check +CVE-2020-0741 (An elevation of privilege vulnerability exists in the way that the Con ...) + TODO: check +CVE-2020-0740 (An elevation of privilege vulnerability exists in the way that the Con ...) + TODO: check +CVE-2020-0739 (An elevation of privilege vulnerability exists in the way that the dss ...) + TODO: check +CVE-2020-0738 (A memory corruption vulnerability exists when Windows Media Foundation ...) + TODO: check +CVE-2020-0737 (An elevation of privilege vulnerability exists in the way that the tap ...) + TODO: check +CVE-2020-0736 (An information disclosure vulnerability exists when the Windows kernel ...) + TODO: check +CVE-2020-0735 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0734 (A remote code execution vulnerability exists in the Windows Remote Des ...) + TODO: check +CVE-2020-0733 (An elevation of privilege vulnerability exists when the Windows Malici ...) + TODO: check +CVE-2020-0732 (An elevation of privilege vulnerability exists when DirectX improperly ...) + TODO: check +CVE-2020-0731 (An elevation of privilege vulnerability exists in Windows when the Win ...) + TODO: check +CVE-2020-0730 (An elevation of privilege vulnerability exists when the Windows User P ...) + TODO: check +CVE-2020-0729 (A remote code execution vulnerability exists in Microsoft Windows that ...) + TODO: check +CVE-2020-0728 (An information vulnerability exists when Windows Modules Installer Ser ...) + TODO: check +CVE-2020-0727 (An elevation of privilege vulnerability exists when the Connected User ...) + TODO: check +CVE-2020-0726 (An elevation of privilege vulnerability exists in Windows when the Win ...) + TODO: check +CVE-2020-0725 (An elevation of privilege vulnerability exists in Windows when the Win ...) + TODO: check +CVE-2020-0724 (An elevation of privilege vulnerability exists in Windows when the Win ...) + TODO: check +CVE-2020-0723 (An elevation of privilege vulnerability exists in Windows when the Win ...) + TODO: check +CVE-2020-0722 (An elevation of privilege vulnerability exists in Windows when the Win ...) + TODO: check +CVE-2020-0721 (An elevation of privilege vulnerability exists in Windows when the Win ...) + TODO: check +CVE-2020-0720 (An elevation of privilege vulnerability exists in Windows when the Win ...) + TODO: check +CVE-2020-0719 (An elevation of privilege vulnerability exists in Windows when the Win ...) + TODO: check CVE-2020-0718 RESERVED -CVE-2020-0717 - RESERVED -CVE-2020-0716 - RESERVED -CVE-2020-0715 - RESERVED -CVE-2020-0714 - RESERVED -CVE-2020-0713 - RESERVED -CVE-2020-0712 - RESERVED -CVE-2020-0711 - RESERVED -CVE-2020-0710 - RESERVED -CVE-2020-0709 - RESERVED -CVE-2020-0708 - RESERVED -CVE-2020-0707 - RESERVED -CVE-2020-0706 - RESERVED -CVE-2020-0705 - RESERVED -CVE-2020-0704 - RESERVED -CVE-2020-0703 - RESERVED -CVE-2020-0702 - RESERVED -CVE-2020-0701 - RESERVED +CVE-2020-0717 (An information disclosure vulnerability exists when the win32k compone ...) + TODO: check +CVE-2020-0716 (An information disclosure vulnerability exists when the win32k compone ...) + TODO: check +CVE-2020-0715 (An elevation of privilege vulnerability exists when the Windows Graphi ...) + TODO: check +CVE-2020-0714 (An information disclosure vulnerability exists when DirectX improperly ...) + TODO: check +CVE-2020-0713 (A remote code execution vulnerability exists in the way that the Chakr ...) + TODO: check +CVE-2020-0712 (A remote code execution vulnerability exists in the way that the Chakr ...) + TODO: check +CVE-2020-0711 (A remote code execution vulnerability exists in the way that the Chakr ...) + TODO: check +CVE-2020-0710 (A remote code execution vulnerability exists in the way that the Chakr ...) + TODO: check +CVE-2020-0709 (An elevation of privilege vulnerability exists when DirectX improperly ...) + TODO: check +CVE-2020-0708 (A remote code execution vulnerability exists when the Windows Imaging ...) + TODO: check +CVE-2020-0707 (An elevation of privilege vulnerability exists when the Windows IME im ...) + TODO: check +CVE-2020-0706 (An information disclosure vulnerability exists in the way that affecte ...) + TODO: check +CVE-2020-0705 (An information disclosure vulnerability exists when the Windows Networ ...) + TODO: check +CVE-2020-0704 (An elevation of privilege vulnerability exists when the Windows Wirele ...) + TODO: check +CVE-2020-0703 (An elevation of privilege vulnerability exists when the Windows Backup ...) + TODO: check +CVE-2020-0702 (A security feature bypass vulnerability exists in Surface Hub when pro ...) + TODO: check +CVE-2020-0701 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check CVE-2020-0700 RESERVED CVE-2020-0699 RESERVED -CVE-2020-0698 - RESERVED -CVE-2020-0697 - RESERVED -CVE-2020-0696 - RESERVED -CVE-2020-0695 - RESERVED -CVE-2020-0694 - RESERVED -CVE-2020-0693 - RESERVED -CVE-2020-0692 - RESERVED -CVE-2020-0691 - RESERVED +CVE-2020-0698 (An information disclosure vulnerability exists when the Telephony Serv ...) + TODO: check +CVE-2020-0697 (An elevation of privilege vulnerability exists in Microsoft Office OLi ...) + TODO: check +CVE-2020-0696 (A security feature bypass vulnerability exists in Microsoft Outlook so ...) + TODO: check +CVE-2020-0695 (A spoofing vulnerability exists when Office Online Server does not val ...) + TODO: check +CVE-2020-0694 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) + TODO: check +CVE-2020-0693 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) + TODO: check +CVE-2020-0692 (An elevation of privilege vulnerability exists in Microsoft Exchange S ...) + TODO: check +CVE-2020-0691 (An elevation of privilege vulnerability exists in Windows when the Win ...) + TODO: check CVE-2020-0690 RESERVED -CVE-2020-0689 - RESERVED -CVE-2020-0688 - RESERVED +CVE-2020-0689 (A security feature bypass vulnerability exists in secure boot, aka 'Mi ...) + TODO: check +CVE-2020-0688 (A remote code execution vulnerability exists in Microsoft Exchange sof ...) + TODO: check CVE-2020-0687 RESERVED -CVE-2020-0686 - RESERVED -CVE-2020-0685 - RESERVED +CVE-2020-0686 (An elevation of privilege vulnerability exists in the Windows Installe ...) + TODO: check +CVE-2020-0685 (An elevation of privilege vulnerability exists when Windows improperly ...) + TODO: check CVE-2020-0684 RESERVED -CVE-2020-0683 - RESERVED -CVE-2020-0682 - RESERVED -CVE-2020-0681 - RESERVED -CVE-2020-0680 - RESERVED -CVE-2020-0679 - RESERVED -CVE-2020-0678 - RESERVED -CVE-2020-0677 - RESERVED -CVE-2020-0676 - RESERVED -CVE-2020-0675 - RESERVED -CVE-2020-0674 - RESERVED -CVE-2020-0673 - RESERVED -CVE-2020-0672 - RESERVED -CVE-2020-0671 - RESERVED -CVE-2020-0670 - RESERVED -CVE-2020-0669 - RESERVED -CVE-2020-0668 - RESERVED -CVE-2020-0667 - RESERVED -CVE-2020-0666 - RESERVED -CVE-2020-0665 - RESERVED +CVE-2020-0683 (An elevation of privilege vulnerability exists in the Windows Installe ...) + TODO: check +CVE-2020-0682 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0681 (A remote code execution vulnerability exists in the Windows Remote Des ...) + TODO: check +CVE-2020-0680 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0679 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0678 (An elevation of privilege vulnerability exists when Windows Error Repo ...) + TODO: check +CVE-2020-0677 (An information disclosure vulnerability exists in the Cryptography Nex ...) + TODO: check +CVE-2020-0676 (An information disclosure vulnerability exists in the Cryptography Nex ...) + TODO: check +CVE-2020-0675 (An information disclosure vulnerability exists in the Cryptography Nex ...) + TODO: check +CVE-2020-0674 (A remote code execution vulnerability exists in the way that the scrip ...) + TODO: check +CVE-2020-0673 (A remote code execution vulnerability exists in the way that the scrip ...) + TODO: check +CVE-2020-0672 (An elevation of privilege vulnerability exists when the Windows kernel ...) + TODO: check +CVE-2020-0671 (An elevation of privilege vulnerability exists when the Windows kernel ...) + TODO: check +CVE-2020-0670 (An elevation of privilege vulnerability exists when the Windows kernel ...) + TODO: check +CVE-2020-0669 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0668 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0667 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0666 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0665 (An elevation of privilege vulnerability exists in Active Directory For ...) + TODO: check CVE-2020-0664 RESERVED -CVE-2020-0663 - RESERVED -CVE-2020-0662 - RESERVED -CVE-2020-0661 - RESERVED -CVE-2020-0660 - RESERVED -CVE-2020-0659 - RESERVED -CVE-2020-0658 - RESERVED -CVE-2020-0657 - RESERVED +CVE-2020-0663 (An elevation of privilege vulnerability exists when Microsoft Edge doe ...) + TODO: check +CVE-2020-0662 (A remote code execution vulnerability exists in the way that Windows h ...) + TODO: check +CVE-2020-0661 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) + TODO: check +CVE-2020-0660 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...) + TODO: check +CVE-2020-0659 (An elevation of privilege vulnerability exists when the Windows Data S ...) + TODO: check +CVE-2020-0658 (An information disclosure vulnerability exists in the Windows Common L ...) + TODO: check +CVE-2020-0657 (An elevation of privilege vulnerability exists when the Windows Common ...) + TODO: check CVE-2020-0656 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft -CVE-2020-0655 - RESERVED +CVE-2020-0655 (A remote code execution vulnerability exists in Remote Desktop Service ...) + TODO: check CVE-2020-0654 (A security feature bypass vulnerability exists in Microsoft OneDrive A ...) NOT-FOR-US: Microsoft CVE-2020-0653 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) @@ -21623,8 +21729,8 @@ CVE-2020-0620 (An elevation of privilege vulnerability exists when Microsoft Cry NOT-FOR-US: Microsoft CVE-2020-0619 RESERVED -CVE-2020-0618 - RESERVED +CVE-2020-0618 (A remote code execution vulnerability exists in Microsoft SQL Server R ...) + TODO: check CVE-2020-0617 (A denial of service vulnerability exists when Microsoft Hyper-V Virtua ...) NOT-FOR-US: Microsoft CVE-2020-0616 (A denial of service vulnerability exists when Windows improperly handl ...) @@ -25887,8 +25993,8 @@ CVE-2019-17521 (An issue was discovered in Landing-CMS 0.0.6. There is a CSRF vu NOT-FOR-US: Landing-CMS CVE-2019-17520 (The Bluetooth Low Energy implementation on Texas Instruments SDK throu ...) TODO: check -CVE-2019-17519 - RESERVED +CVE-2019-17519 (The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for K ...) + TODO: check CVE-2019-17518 (The Bluetooth Low Energy implementation on Dialog Semiconductor SDK th ...) TODO: check CVE-2019-17517 (The Bluetooth Low Energy implementation on Dialog Semiconductor SDK th ...) @@ -29072,8 +29178,8 @@ CVE-2019-16338 RESERVED CVE-2019-16337 RESERVED -CVE-2019-16336 - RESERVED +CVE-2019-16336 (The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE componen ...) + TODO: check CVE-2019-16335 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...) {DSA-4542-1 DLA-1943-1} - jackson-databind 2.10.0-1 (bug #940498) @@ -43683,8 +43789,8 @@ CVE-2019-11869 (The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS beca NOT-FOR-US: WordPress plugin yuzo-related-post CVE-2019-11868 (See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or ...) NOT-FOR-US: SoftEther VPN Server -CVE-2019-11867 - RESERVED +CVE-2019-11867 (Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to ...) + TODO: check CVE-2019-11866 RESERVED CVE-2019-11865 @@ -63704,8 +63810,8 @@ CVE-2019-4743 (IBM Financial Transaction Manager 3.0 does not set the secure att NOT-FOR-US: IBM CVE-2019-4742 (IBM Financial Transaction Manager 3.0 could allow a remote attacker to ...) NOT-FOR-US: IBM -CVE-2019-4741 - RESERVED +CVE-2019-4741 (IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forge ...) + TODO: check CVE-2019-4740 RESERVED CVE-2019-4739 @@ -64324,16 +64430,16 @@ CVE-2019-4433 (IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSph NOT-FOR-US: IBM CVE-2019-4432 RESERVED -CVE-2019-4431 - RESERVED +CVE-2019-4431 (IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cros ...) + TODO: check CVE-2019-4430 (IBM Maximo Asset Management 7.6 could allow a remote attacker to trave ...) NOT-FOR-US: IBM CVE-2019-4429 RESERVED CVE-2019-4428 (IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is ...) NOT-FOR-US: IBM -CVE-2019-4427 - RESERVED +CVE-2019-4427 (IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using ...) + TODO: check CVE-2019-4426 (The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and ...) NOT-FOR-US: IBM CVE-2019-4425 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 coul ...) @@ -79024,6 +79130,7 @@ CVE-2018-18900 CVE-2018-18899 RESERVED CVE-2018-18898 (The email-ingestion feature in Best Practical Request Tracker 4.1.13 t ...) + {DLA-2101-1} - libemail-address-list-perl 0.06-1 [stretch] - libemail-address-list-perl 0.05-1+deb9u1 NOTE: https://github.com/bestpractical/email-address-list/commit/a22e6b233443fe3ad1a408e50ecbd7237674817d @@ -215859,8 +215966,8 @@ CVE-2015-7892 (Stack-based buffer overflow in the m2m1shot_compat_ioctl32 functi NOT-FOR-US: Samsung CVE-2015-7891 (Race condition in the ioctl implementation in the Samsung Graphics 2D ...) NOT-FOR-US: Samsung Graphics 2D driver on Samsung devices with Android -CVE-2015-7890 - RESERVED +CVE-2015-7890 (Multiple buffer overflows in the esa_write function in /dev/seirenin t ...) + TODO: check CVE-2015-7889 (The SecEmailComposer/EmailComposer application in the Samsung S6 Edge ...) NOT-FOR-US: Samsung CVE-2015-7888 (Directory traversal vulnerability in the WifiHs20UtilityService on the ...) @@ -217137,8 +217244,7 @@ CVE-2015-7509 (fs/ext4/namei.c in the Linux kernel before 3.7 allows physically NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1259222 NOTE: https://git.kernel.org/linus/c9b92530a723ac5ef8e352885a1862b18f31b2f5 NOTE: https://git.kernel.org/linus/0e9a9a1ad619e7e987815d20262d36a2f95717ca -CVE-2015-7508 [heap overflow] - RESERVED +CVE-2015-7508 (Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp. ...) - libnsbmp <removed> [squeeze] - libnsbmp <no-dsa> (Library not used anywhere in Debian) NOTE: http://source.netsurf-browser.org/libnsbmp.git/commit/?id=041df43bbe273b0829132b0b17d89a69da2927d4 @@ -222057,8 +222163,8 @@ CVE-2015-5619 (Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjac - logstash <itp> (bug #664841) CVE-2015-5618 (Chiyu BF-630 and BF-630W fingerprint access-control devices allow remo ...) NOT-FOR-US: Chiyu BF-630 and BF-630W fingerprint access-control devices -CVE-2015-5617 - RESERVED +CVE-2015-5617 (SQL injection vulnerability in pub/m_pending_news/delete_pending_news. ...) + TODO: check CVE-2015-5616 RESERVED CVE-2015-5615 @@ -238965,8 +239071,7 @@ CVE-2014-9420 (The rock_continue function in fs/isofs/rock.c in the Linux kernel [wheezy] - linux 3.2.65-1 - linux-2.6 <removed> NOTE: Upstream fix: https://git.kernel.org/linus/f54e18f1b831c92f6512d2eedb224cd63d607d3d (v3.19-rc1) -CVE-2014-9390 [arbitrary command execution vulnerability on case-insensitive file systems] - RESERVED +CVE-2014-9390 (Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x befo ...) {DLA-237-1} - git 1:2.1.4-1 [wheezy] - git <no-dsa> (Minor issue) @@ -243316,8 +243421,7 @@ CVE-2014-8129 (LibTIFF 4.0.3 allows remote attackers to cause a denial of servic NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2487 (tiff2pdf) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2488 (tiff2pdf) NOTE: The tiff3 source package doesn't build the TIFF tools, but most of these bugs are in the library -CVE-2014-8128 [out-of-bounds write] - RESERVED +CVE-2014-8128 (LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X befor ...) {DSA-3273-1 DLA-693-1 DLA-610-1 DLA-221-1} - tiff 4.0.3-12.3 (bug #776185) - tiff3 <removed> @@ -247871,8 +247975,8 @@ CVE-2014-6264 RESERVED CVE-2014-6263 RESERVED -CVE-2014-6262 - RESERVED +CVE-2014-6262 (Multiple format string vulnerabilities in the python module in RRDtool ...) + TODO: check CVE-2014-6261 (Zenoss Core through 5 Beta 3 does not properly implement the Check For ...) - zenoss <itp> (bug #361253) CVE-2014-6260 (Zenoss Core through 5 Beta 3 does not require a password for modifying ...) @@ -250932,8 +251036,8 @@ CVE-2014-4970 RESERVED CVE-2014-4969 RESERVED -CVE-2014-4968 - RESERVED +CVE-2014-4968 (The WebView class and use of the WebView.addJavascriptInterface method ...) + TODO: check CVE-2014-4967 RESERVED - ansible 1.6.8+dfsg-1 @@ -251814,8 +251918,7 @@ CVE-2014-4608 (** DISPUTED ** Multiple integer overflows in the lzo1x_decompress [squeeze] - linux-2.6 2.6.32-48squeeze9 NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=206a81c18401c0cde6e579164f752c4b147324ce NOTE: Not exploitable with the block sizes used in kernel images -CVE-2014-4607 - RESERVED +CVE-2014-4607 (Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and ...) {DSA-2995-1 DLA-35-1} - lzo <removed> - lzo2 2.08-1 (bug #752861) @@ -253581,8 +253684,8 @@ CVE-2014-3862 (CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to d NOT-FOR-US: HL7 C-CDA CVE-2014-3861 (Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 a ...) NOT-FOR-US: HL7 C-CDA -CVE-2014-3860 - RESERVED +CVE-2014-3860 (Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijac ...) + TODO: check CVE-2014-3859 (libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS opti ...) - bind9 <not-affected> (Only affects 9.10.0, 9.10.0-P1) NOTE: https://kb.isc.org/article/AA-01166 @@ -254910,14 +255013,14 @@ CVE-2014-3463 REJECTED CVE-2013-7382 (VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and e ...) NOT-FOR-US: VICIDIAL -CVE-2013-7381 - RESERVED +CVE-2013-7381 (libnotify before 1.0.4 for Node.js allows remote attackers to execute ...) + TODO: check CVE-2013-7380 (The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injectio ...) NOT-FOR-US: Etherpad Lite ep_imageconvert Plugin CVE-2013-7379 (The admin API in the tomato module before 0.0.6 for Node.js does not p ...) NOT-FOR-US: tomato module for Node.js -CVE-2013-7378 - RESERVED +CVE-2013-7378 (scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node ...) + TODO: check CVE-2013-7377 (The codem-transcode module before 0.5.0 for Node.js, when ffprobe is e ...) NOT-FOR-US: codem-transcode Node module CVE-2013-7376 (Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2. ...) @@ -257285,8 +257388,8 @@ CVE-2014-2597 (PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to ca NOT-FOR-US: PCNetSoftware RAC Server CVE-2014-2596 RESERVED -CVE-2014-2595 - RESERVED +CVE-2014-2595 (Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attac ...) + TODO: check CVE-2014-2594 RESERVED CVE-2014-2593 (The management console in Aruba Networks ClearPass Policy Manager 6.3. ...) @@ -257342,8 +257445,8 @@ CVE-2014-2562 RESERVED CVE-2014-2561 RESERVED -CVE-2014-2560 - RESERVED +CVE-2014-2560 (The PhonerLite phone before 2.15 provides hashed credentials in a resp ...) + TODO: check CVE-2014-2559 (Multiple cross-site request forgery (CSRF) vulnerabilities in twitget. ...) NOT-FOR-US: WordPress plugin Twitget CVE-2014-2558 (The File Gallery plugin before 1.7.9.2 for WordPress does not properly ...) @@ -257493,10 +257596,10 @@ CVE-2011-5273 (Directory traversal vulnerability in shared/package-installer in - dtc 0.34.1-1 CVE-2011-5272 (SQL injection vulnerability in Domain Technologie Control (DTC) before ...) - dtc 0.34.1-1 -CVE-2009-5140 - RESERVED -CVE-2009-5139 - RESERVED +CVE-2009-5140 (The SIP implementation on the Linksys SPA2102 phone adapter provides h ...) + TODO: check +CVE-2009-5139 (The SIP implementation on the Gizmo5 software phone provides hashed cr ...) + TODO: check CVE-2014-2599 (The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bi ...) {DSA-3006-1} - xen 4.4.1-1 (bug #757724) @@ -261460,8 +261563,8 @@ CVE-2013-7289 (Multiple cross-site scripting (XSS) vulnerabilities in register.p NOT-FOR-US: Andy's PHP Knowledgebase (Aphpkb) CVE-2013-7287 RESERVED -CVE-2013-7286 - RESERVED +CVE-2013-7286 (MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfu ...) + TODO: check CVE-2013-7283 (Race condition in the libreswan.spec files for Red Hat Enterprise Linu ...) - libreswan <not-affected> (Fixed before initial upload in Debian; /tmp-race in libreswan.spec for rpm based systems) CVE-2013-7282 (The management web interface on the Nisuta NS-WIR150NE router with fir ...) @@ -264233,8 +264336,7 @@ CVE-2014-0236 (file before 5.18, as used in the Fileinfo component in PHP before NOTE: https://bugs.php.net/bug.php?id=67329 CVE-2014-0235 REJECTED -CVE-2014-0234 - RESERVED +CVE-2014-0234 (The default configuration of broker.conf in Red Hat OpenShift Enterpri ...) NOT-FOR-US: OpenShift CVE-2014-0233 (Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow re ...) NOT-FOR-US: OpenShift @@ -265628,8 +265730,8 @@ CVE-2013-6683 (The IPv6 implementation in Cisco NX-OS does not properly handle n NOT-FOR-US: Cisco NX-OS CVE-2013-6682 (The phone-proxy implementation in Cisco Adaptive Security Appliance (A ...) NOT-FOR-US: Cisco Adaptive Security Appliance -CVE-2013-6681 - RESERVED +CVE-2013-6681 (Tube Map Live Underground for Android before 3.0.22 has an Information ...) + TODO: check CVE-2013-6680 REJECTED CVE-2013-6679 @@ -266971,8 +267073,7 @@ CVE-2013-6238 RESERVED CVE-2013-6237 (The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 an ...) NOT-FOR-US: ISL Light -CVE-2013-6236 - RESERVED +CVE-2013-6236 (IZON IP 2.0.2: hard-coded password vulnerability ...) NOT-FOR-US: Stem Innovations IZON CVE-2013-6235 (Multiple cross-site scripting (XSS) vulnerabilities in JAMon (Java App ...) - libjamon-java <not-affected> (jamon.war/JAMon web apps gets excluded by debian/orig-tar.sh) @@ -271623,8 +271724,7 @@ CVE-2013-4397 (Multiple integer overflows in the th_read function in lib/block.c CVE-2013-4396 (Use-after-free vulnerability in the doImageText function in dix/dixfon ...) {DSA-2784-1} - xorg-server 2:1.14.3-4 -CVE-2013-4395 - RESERVED +CVE-2013-4395 (Simple Machines Forum (SMF) through 2.0.5 has XSS ...) NOT-FOR-US: Simple Machines Forum CVE-2013-4394 (The SetX11Keyboard function in systemd, when PolicyKit Local Authority ...) {DSA-2777-1} @@ -272249,8 +272349,7 @@ CVE-2013-4227 CVE-2013-4226 RESERVED NOT-FOR-US: Authenticated User Page Caching Drupal contributed module -CVE-2013-4225 - RESERVED +CVE-2013-4225 (The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7. ...) NOT-FOR-US: RESTful Web Services (RESTWS) Drupal cotributed module CVE-2013-4224 REJECTED @@ -272680,8 +272779,8 @@ CVE-2013-4092 (The SecureSphere Operations Manager (SOM) Management Server in Im NOT-FOR-US: Imperva SecureSphere CVE-2013-4091 (The SecureSphere Operations Manager (SOM) Management Server in Imperva ...) NOT-FOR-US: Imperva SecureSphere -CVE-2013-4090 - RESERVED +CVE-2013-4090 (Varnish HTTP cache before 3.0.4: ACL bug ...) + TODO: check CVE-2013-4089 RESERVED CVE-2013-4088 [Information Disclosure] @@ -273541,8 +273640,8 @@ CVE-2013-3727 (SQL injection vulnerability in Kasseler CMS before 2 r1232 allows NOT-FOR-US: Kasseler CMS CVE-2013-3726 REJECTED -CVE-2013-3725 - RESERVED +CVE-2013-3725 (Invision Power Board (IPB) through 3.x allows admin account takeover l ...) + TODO: check CVE-2013-3724 (The mk_request_header_process function in mk_request.c in Monkey 1.1.1 ...) - monkey <removed> (low) [squeeze] - monkey <no-dsa> (Minor issue) @@ -273625,8 +273724,7 @@ CVE-2013-3687 (AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-20 NOT-FOR-US: AirLive cameras CVE-2013-3686 (cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera ...) NOT-FOR-US: AirLive -CVE-2013-3685 - RESERVED +CVE-2013-3685 (A Privilege Escalation Vulnerability exists in Sprite Software Spriteb ...) NOT-FOR-US: Sprite Software's backup softare for Android CVE-2013-3684 (NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php fil ...) TODO: check @@ -274088,8 +274186,8 @@ CVE-2013-3496 (Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordin CVE-2013-3495 (The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x a ...) - xen 4.4.1-3 (unimportant) NOTE: Hardware design flaw, no software solution -CVE-2013-3494 - RESERVED +CVE-2013-3494 (A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll ...) + TODO: check CVE-2013-3493 (XnView 2.03 has an integer overflow vulnerability ...) NOT-FOR-US: XnView CVE-2013-3492 (XnView 2.03 has a stack-based buffer overflow vulnerability ...) @@ -276107,8 +276205,8 @@ CVE-2013-2639 (Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage O NOT-FOR-US: CTERA Cloud Storage OS CVE-2013-2638 RESERVED -CVE-2013-2637 - RESERVED +CVE-2013-2637 (A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior t ...) + TODO: check CVE-2013-2636 (net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initiali ...) - linux <not-affected> (Introduced in 3.8) - linux-2.6 <not-affected> (Introduced in 3.8) @@ -277328,8 +277426,7 @@ CVE-2013-2214 (status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 do [wheezy] - nagios3 3.4.1-3+deb7u1 [squeeze] - nagios3 <no-dsa> (disputed, minor issue) NOTE: Disputed issue; claimed work as designed, may be rejected -CVE-2013-2213 [KRandom::random() Small Space of Random Values] - RESERVED +CVE-2013-2213 (The KRandom::random function in KDE Paste Applet after 4.10.5 in kdepl ...) - kdeplasma-addons <not-affected> (only affects if incomplete patch for CVE-2013-2120 is applied) CVE-2013-2212 (The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling ca ...) - xen 4.3.0-1 (unimportant) @@ -277742,8 +277839,7 @@ CVE-2013-2099 (Algorithmic complexity vulnerability in the ssl.match_hostname fu - u1db 13.10-1 (low; bug #709486) CVE-2013-2098 REJECTED -CVE-2013-2097 [zPanel themes remote command execution as root] - RESERVED +CVE-2013-2097 (ZPanel through 10.1.0 has Remote Command Execution ...) NOT-FOR-US: zPanel CVE-2013-2096 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify t ...) - nova 2013.1.2-2 (low; bug #710157) @@ -278039,8 +278135,7 @@ CVE-2013-2012 (autojump before 21.5.8 allows local users to gain privileges via CVE-2013-2011 (WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execu ...) NOT-FOR-US: WP Super Cache NOTE: this issue exists because of an incomplete fix for CVE-2013-2009 -CVE-2013-2010 - RESERVED +CVE-2013-2010 (WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Executio ...) NOT-FOR-US: W3 Total Cache CVE-2013-2009 (WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution ...) NOT-FOR-US: WP Super Cache @@ -278267,8 +278362,7 @@ CVE-2013-1939 (The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1. - owncloud <not-affected> (Windows version only) - php-sabredav <not-affected> (running in Windows hosts) NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-016/ -CVE-2013-1938 - RESERVED +CVE-2013-1938 (Zimbra 2013 has XSS in aspell.php ...) NOT-FOR-US: Zimbra CVE-2013-1937 (** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in ...) - phpmyadmin <not-affected> (Affected are versions 3.5.0 to 3.5.7, older versions not vulnerable) @@ -278308,8 +278402,7 @@ CVE-2013-1926 (The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses t - icedtea-web 1.3.2-1 CVE-2013-1925 (The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal ...) NOT-FOR-US: CTools module for Drupal -CVE-2013-1924 - RESERVED +CVE-2013-1924 (Commerce Skrill (Formerly Moneybookers) has an Access bypass vulnerabi ...) NOT-FOR-US: Commerce Skrill Drupal module CVE-2013-1923 (rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for ...) - nfs-utils 1:1.2.8-1 (low; bug #707401) @@ -280242,8 +280335,8 @@ CVE-2013-1412 (DataLife Engine (DLE) 9.7 allows remote attackers to execute arbi NOT-FOR-US: DataLife Engine CVE-2013-1411 RESERVED -CVE-2013-1410 - RESERVED +CVE-2013-1410 (Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities ...) + TODO: check CVE-2013-1409 (Cross-site scripting (XSS) vulnerability in the CommentLuv plugin befo ...) NOT-FOR-US: CommentLuv plugin for Wordpress CVE-2013-1408 (Multiple SQL injection vulnerabilities in the Wysija Newsletters plugi ...) @@ -294298,8 +294391,8 @@ CVE-2012-2519 (Untrusted search path vulnerability in Entity Framework in ADO.NE NOT-FOR-US: Microsoft .NET framework CVE-2012-2518 REJECTED -CVE-2012-2517 - RESERVED +CVE-2012-2517 (Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 al ...) + TODO: check CVE-2012-2516 (An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the ...) NOT-FOR-US: KeyWorks not in Debian CVE-2012-2515 (Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX ...) @@ -294429,8 +294522,8 @@ CVE-2012-2454 RESERVED CVE-2012-2453 RESERVED -CVE-2012-2452 - RESERVED +CVE-2012-2452 (Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x be ...) + TODO: check CVE-2012-2450 (VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, V ...) NOT-FOR-US: VMware CVE-2012-2449 (VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, V ...) @@ -295186,7 +295279,7 @@ CVE-2012-2218 CVE-2012-2217 (The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, ...) NOT-FOR-US: Android CVE-2012-2216 - RESERVED + REJECTED CVE-2012-2095 (The SetWiredProperty function in the D-Bus interface in WICD before 1. ...) - wicd 1.7.2.4-1 (low; bug #668397) [squeeze] - wicd 1.7.0+ds1-5+squeeze2 @@ -297797,8 +297890,7 @@ CVE-2012-1126 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 1 NOTE: Crash only CVE-2012-1125 (Unrestricted file upload vulnerability in uploadify/scripts/uploadify. ...) NOT-FOR-US: Kish Guest Posting Plugin for WordPress (not in Debian) -CVE-2012-1124 - RESERVED +CVE-2012-1124 (SQL injection vulnerability in search.php in phxEventManager 2.0 beta ...) NOT-FOR-US: phxEventManager not in Debian CVE-2012-1123 (The mci_check_login function in api/soap/mc_api.php in the SOAP API in ...) {DSA-2500-1} @@ -298229,8 +298321,8 @@ CVE-2012-0953 RESERVED CVE-2012-0952 RESERVED -CVE-2012-0951 - RESERVED +CVE-2012-0951 (A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29 ...) + TODO: check CVE-2012-0950 (The Apport hook (DistUpgradeApport.py) in Update Manager, as used by U ...) - update-manager <not-affected> (Ubuntu-specific) CVE-2012-0949 (The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, ...) @@ -298619,8 +298711,7 @@ CVE-2012-0812 (PostfixAdmin 2.3.4 has multiple XSS vulnerabilities ...) CVE-2012-0811 (Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixad ...) - postfixadmin 2.3.5-1 NOTE: http://seclists.org/oss-sec/2012/q1/285 -CVE-2012-0810 - RESERVED +CVE-2012-0810 (The int3 handler in the Linux kernel before 3.3 relies on a per-CPU de ...) - linux-2.6 3.2.16-1 (bug #672660) [squeeze] - linux-2.6 <not-affected> (rt patchset not yet present) NOTE: Ben Hutchings said it was fixed in 3.2.9-1, I checked it for 3.2.16-1 @@ -300407,8 +300498,7 @@ CVE-2011-4939 (The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin - pidgin 2.10.2-1 (bug #664028) [squeeze] - pidgin <not-affected> (vulnerable code not present) NOTE: http://pidgin.im/news/security/?id=60 -CVE-2011-4938 - RESERVED +CVE-2011-4938 (Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 a ...) NOT-FOR-US: Ariadne CMS not in Debian CVE-2011-4937 (Joomla! 1.7.1 has core information disclosure due to inadequate error ...) NOT-FOR-US: Joomla! @@ -301757,8 +301847,8 @@ CVE-2011-4663 RESERVED CVE-2011-4662 RESERVED -CVE-2011-4661 - RESERVED +CVE-2011-4661 (A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to ...) + TODO: check CVE-2011-4660 RESERVED CVE-2011-4659 (Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phon ...) @@ -302626,8 +302716,7 @@ CVE-2011-4340 (Multiple cross-site scripting (XSS) vulnerabilities in Symphony C CVE-2011-4339 (ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmito ...) {DSA-2376-2 DSA-2376-1} - ipmitool 1.8.11-5 (bug #651917) -CVE-2011-4338 - RESERVED +CVE-2011-4338 (Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.con ...) NOT-FOR-US: Arch-Linux specific tool CVE-2011-4337 (Static code injection vulnerability in translate.php in Support Incide ...) NOT-FOR-US: Support Incident Tracker @@ -308823,8 +308912,8 @@ CVE-2011-2345 (The NPAPI implementation in Google Chrome before 12.0.742.112 doe - webkit <not-affected> CVE-2011-2344 (Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext H ...) NOT-FOR-US: Android SDK -CVE-2011-2343 - RESERVED +CVE-2011-2343 (The Bluetooth stack in Android before 2.3.6 allows a physically proxim ...) + TODO: check CVE-2011-2341 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-2340 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4511104fbd765a79bb13b860d1361162fe08ed8a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4511104fbd765a79bb13b860d1361162fe08ed8a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits