Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 10bdd7fe by security tracker role at 2020-02-13T20:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,47 @@ +CVE-2020-8986 + RESERVED +CVE-2020-8985 + RESERVED +CVE-2020-8984 + RESERVED +CVE-2020-8983 + RESERVED +CVE-2020-8982 + RESERVED +CVE-2020-8981 (A cross-site scripting (XSS) vulnerability was discovered in the Sourc ...) + TODO: check +CVE-2020-8980 + RESERVED +CVE-2020-8979 + RESERVED +CVE-2020-8978 + RESERVED +CVE-2020-8977 + RESERVED +CVE-2020-8976 + RESERVED +CVE-2020-8975 + RESERVED +CVE-2020-8974 + RESERVED +CVE-2020-8973 + RESERVED +CVE-2020-8972 + RESERVED +CVE-2020-8971 + RESERVED +CVE-2020-8970 + RESERVED +CVE-2020-8969 + RESERVED +CVE-2020-8968 + RESERVED +CVE-2020-8967 + RESERVED +CVE-2020-8966 + RESERVED +CVE-2020-8965 + RESERVED CVE-2020-8964 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...) NOT-FOR-US: TimeTools devices CVE-2020-8963 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...) @@ -351,16 +395,16 @@ CVE-2020-8806 RESERVED CVE-2020-8805 RESERVED -CVE-2020-8804 - RESERVED -CVE-2020-8803 - RESERVED -CVE-2020-8802 - RESERVED -CVE-2020-8801 - RESERVED -CVE-2020-8800 - RESERVED +CVE-2020-8804 (SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the Em ...) + TODO: check +CVE-2020-8803 (SuiteCRM through 7.11.11 allows Directory Traversal to include arbitra ...) + TODO: check +CVE-2020-8802 (SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveH ...) + TODO: check +CVE-2020-8801 (SuiteCRM through 7.11.11 allows PHAR Deserialization. ...) + TODO: check +CVE-2020-8800 (SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PH ...) + TODO: check CVE-2020-8799 RESERVED CVE-2020-8798 @@ -751,8 +795,8 @@ CVE-2020-8616 RESERVED CVE-2020-8615 (A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPres ...) NOT-FOR-US: Tutor LMS plugin for WordPress -CVE-2020-8614 - RESERVED +CVE-2020-8614 (An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An att ...) + TODO: check CVE-2020-8613 RESERVED CVE-2020-8612 @@ -4226,8 +4270,8 @@ CVE-2020-7053 (In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longt NOTE: https://lore.kernel.org/stable/20200114183937.12224-1-tyhi...@canonical.com/ CVE-2020-7052 (CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow unco ...) NOT-FOR-US: CODESYS -CVE-2020-7051 - RESERVED +CVE-2020-7051 (An issue was discovered in Codologic Codoforum 4.8.4. While creating a ...) + TODO: check CVE-2020-7050 RESERVED CVE-2020-7049 @@ -4793,7 +4837,7 @@ CVE-2020-6801 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6801 CVE-2020-6800 RESERVED - {DSA-4620-1} + {DSA-4620-1 DLA-2102-1} - firefox 73.0-1 - firefox-esr 68.5.0esr-1 - thunderbird 1:68.5.0-1 @@ -4808,7 +4852,7 @@ CVE-2020-6799 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6799 CVE-2020-6798 RESERVED - {DSA-4620-1} + {DSA-4620-1 DLA-2102-1} - firefox 73.0-1 - firefox-esr 68.5.0esr-1 - thunderbird 1:68.5.0-1 @@ -4825,7 +4869,7 @@ CVE-2020-6797 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6797 CVE-2020-6796 RESERVED - {DSA-4620-1} + {DSA-4620-1 DLA-2102-1} - firefox 73.0-1 - firefox-esr 68.5.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6796 @@ -12390,95 +12434,94 @@ CVE-2020-3765 RESERVED CVE-2020-3764 RESERVED -CVE-2020-3763 - RESERVED -CVE-2020-3762 - RESERVED +CVE-2020-3763 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) + TODO: check +CVE-2020-3762 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) + TODO: check CVE-2020-3761 RESERVED -CVE-2020-3760 - RESERVED -CVE-2020-3759 - RESERVED +CVE-2020-3760 (Adobe Digital Editions versions 4.5.10 and below have a command inject ...) + TODO: check +CVE-2020-3759 (Adobe Digital Editions versions 4.5.10 and below have a buffer errors ...) + TODO: check CVE-2020-3758 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento -CVE-2020-3757 - RESERVED +CVE-2020-3757 (Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and ear ...) NOT-FOR-US: Adobe -CVE-2020-3756 - RESERVED -CVE-2020-3755 - RESERVED -CVE-2020-3754 - RESERVED -CVE-2020-3753 - RESERVED -CVE-2020-3752 - RESERVED -CVE-2020-3751 - RESERVED -CVE-2020-3750 - RESERVED -CVE-2020-3749 - RESERVED -CVE-2020-3748 - RESERVED -CVE-2020-3747 - RESERVED -CVE-2020-3746 - RESERVED -CVE-2020-3745 - RESERVED -CVE-2020-3744 - RESERVED -CVE-2020-3743 - RESERVED -CVE-2020-3742 - RESERVED -CVE-2020-3741 - RESERVED -CVE-2020-3740 - RESERVED -CVE-2020-3739 - RESERVED -CVE-2020-3738 - RESERVED -CVE-2020-3737 - RESERVED -CVE-2020-3736 - RESERVED -CVE-2020-3735 - RESERVED -CVE-2020-3734 - RESERVED -CVE-2020-3733 - RESERVED -CVE-2020-3732 - RESERVED -CVE-2020-3731 - RESERVED -CVE-2020-3730 - RESERVED -CVE-2020-3729 - RESERVED -CVE-2020-3728 - RESERVED -CVE-2020-3727 - RESERVED -CVE-2020-3726 - RESERVED -CVE-2020-3725 - RESERVED -CVE-2020-3724 - RESERVED -CVE-2020-3723 - RESERVED -CVE-2020-3722 - RESERVED -CVE-2020-3721 - RESERVED -CVE-2020-3720 - RESERVED +CVE-2020-3756 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) + TODO: check +CVE-2020-3755 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) + TODO: check +CVE-2020-3754 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) + TODO: check +CVE-2020-3753 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) + TODO: check +CVE-2020-3752 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) + TODO: check +CVE-2020-3751 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) + TODO: check +CVE-2020-3750 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) + TODO: check +CVE-2020-3749 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) + TODO: check +CVE-2020-3748 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) + TODO: check +CVE-2020-3747 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) + TODO: check +CVE-2020-3746 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) + TODO: check +CVE-2020-3745 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) + TODO: check +CVE-2020-3744 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) + TODO: check +CVE-2020-3743 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) + TODO: check +CVE-2020-3742 (Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.01 ...) + TODO: check +CVE-2020-3741 (Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled re ...) + TODO: check +CVE-2020-3740 (Adobe Framemaker versions 2019.0.4 and below have a memory corruption ...) + TODO: check +CVE-2020-3739 (Adobe Framemaker versions 2019.0.4 and below have a memory corruption ...) + TODO: check +CVE-2020-3738 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) + TODO: check +CVE-2020-3737 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) + TODO: check +CVE-2020-3736 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) + TODO: check +CVE-2020-3735 (Adobe Framemaker versions 2019.0.4 and below have a heap overflow vuln ...) + TODO: check +CVE-2020-3734 (Adobe Framemaker versions 2019.0.4 and below have a buffer error vulne ...) + TODO: check +CVE-2020-3733 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) + TODO: check +CVE-2020-3732 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) + TODO: check +CVE-2020-3731 (Adobe Framemaker versions 2019.0.4 and below have a heap overflow vuln ...) + TODO: check +CVE-2020-3730 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) + TODO: check +CVE-2020-3729 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) + TODO: check +CVE-2020-3728 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) + TODO: check +CVE-2020-3727 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) + TODO: check +CVE-2020-3726 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) + TODO: check +CVE-2020-3725 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) + TODO: check +CVE-2020-3724 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) + TODO: check +CVE-2020-3723 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) + TODO: check +CVE-2020-3722 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) + TODO: check +CVE-2020-3721 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) + TODO: check +CVE-2020-3720 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) + TODO: check CVE-2020-3719 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3718 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) @@ -19606,8 +19649,8 @@ CVE-2019-18792 (An issue was discovered in Suricata 5.0.0. It is possible to byp NOTE: https://github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006 (suricata-5.0.1) NOTE: https://redmine.openinfosecfoundation.org/issues/3324 NOTE: https://redmine.openinfosecfoundation.org/issues/3394 -CVE-2019-18791 - RESERVED +CVE-2019-18791 (Lexmark printer MS812 and multiple older generation Lexmark devices ha ...) + TODO: check CVE-2019-18790 (An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13. ...) {DLA-2017-1} - asterisk <unfixed> (bug #947381) @@ -22387,16 +22430,16 @@ CVE-2020-0566 RESERVED CVE-2020-0565 RESERVED -CVE-2020-0564 - RESERVED -CVE-2020-0563 - RESERVED -CVE-2020-0562 - RESERVED -CVE-2020-0561 - RESERVED -CVE-2020-0560 - RESERVED +CVE-2020-0564 (Improper permissions in the installer for Intel(R) RWC3 for Windows be ...) + TODO: check +CVE-2020-0563 (Improper permissions in the installer for Intel(R) MPSS before version ...) + TODO: check +CVE-2020-0562 (Improper permissions in the installer for Intel(R) RWC2, all versions, ...) + TODO: check +CVE-2020-0561 (Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may ...) + TODO: check +CVE-2020-0560 (Improper permissions in the installer for the Intel(R) Renesas Electro ...) + TODO: check CVE-2020-0559 RESERVED CVE-2020-0558 @@ -24370,43 +24413,42 @@ CVE-2020-0032 RESERVED CVE-2020-0031 RESERVED -CVE-2020-0030 - RESERVED +CVE-2020-0030 (In binder_thread_release of binder.c, there is a possible use after fr ...) - linux 4.15.11-1 [stretch] - linux 4.9.210-1 NOTE: Fixed by: https://git.kernel.org/linus/5eeb2ca02a2f6084fc57ae5c244a38baab07033a CVE-2020-0029 RESERVED -CVE-2020-0028 - RESERVED -CVE-2020-0027 - RESERVED -CVE-2020-0026 - RESERVED +CVE-2020-0028 (In notifyNetworkTested and related functions of NetworkMonitor.java, t ...) + TODO: check +CVE-2020-0027 (In HidRawSensor::batch of HidRawSensor.cpp, there is a possible out of ...) + TODO: check +CVE-2020-0026 (In Parcel::continueWrite of Parcel.cpp, there is possible memory corru ...) + TODO: check CVE-2020-0025 RESERVED CVE-2020-0024 RESERVED -CVE-2020-0023 - RESERVED -CVE-2020-0022 - RESERVED -CVE-2020-0021 - RESERVED -CVE-2020-0020 - RESERVED +CVE-2020-0023 (In setPhonebookAccessPermission of AdapterService.java, there is a pos ...) + TODO: check +CVE-2020-0022 (In reassemble_and_dispatch of packet_fragmenter.cc, there is possible ...) + TODO: check +CVE-2020-0021 (In removeUnusedPackagesLPw of PackageManagerService.java, there is a p ...) + TODO: check +CVE-2020-0020 (In getAttributeRange of ExifInterface.java, there is a possible failur ...) + TODO: check CVE-2020-0019 RESERVED -CVE-2020-0018 - RESERVED -CVE-2020-0017 - RESERVED +CVE-2020-0018 (In MotionEntry::appendDescription of InputDispatcher.cpp, there is a p ...) + TODO: check +CVE-2020-0017 (In multiple places, it was possible for the primary user’s dicti ...) + TODO: check CVE-2020-0016 RESERVED -CVE-2020-0015 - RESERVED -CVE-2020-0014 - RESERVED +CVE-2020-0015 (In onCreate of CertInstaller.java, there is a possible way to overlay ...) + TODO: check +CVE-2020-0014 (It is possible for a malicious application to construct a TYPE_TOAST w ...) + TODO: check CVE-2020-0013 RESERVED CVE-2020-0012 @@ -24424,8 +24466,8 @@ CVE-2020-0007 (In flattenString8 of Sensor.cpp, there is a possible information NOT-FOR-US: Android CVE-2020-0006 (In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possibl ...) NOT-FOR-US: Android -CVE-2020-0005 - RESERVED +CVE-2020-0005 (In btm_read_remote_ext_features_complete of btm_acl.cc, there is a pos ...) + TODO: check CVE-2020-0004 (In generateCrop of WallpaperManagerService.java, there is a possible s ...) NOT-FOR-US: Android CVE-2020-0003 (In onCreate of InstallStart.java, there is a possible package validati ...) @@ -34827,8 +34869,8 @@ CVE-2019-14600 (Uncontrolled search path element in the installer for Intel(R) S NOT-FOR-US: Intel CVE-2019-14599 (Unquoted service path in Control Center-I version 2.1.0.0 and earlier ...) NOT-FOR-US: Intel -CVE-2019-14598 - RESERVED +CVE-2019-14598 (Improper Authentication in subsystem in Intel(R) CSME versions 12.0 th ...) + TODO: check CVE-2019-14597 RESERVED CVE-2019-14596 (Improper access control in the installer for Intel(R) Chipset Device S ...) @@ -47059,8 +47101,8 @@ CVE-2019-10787 (im-resize through 2.3.2 allows remote attackers to execute arbit TODO: check CVE-2019-10786 (network-manager through 1.0.2 allows remote attackers to execute arbit ...) NOT-FOR-US: network-manager node module -CVE-2019-10785 - RESERVED +CVE-2019-10785 (dojox is vulnerable to Cross-site Scripting in all versions before ver ...) + TODO: check CVE-2019-10784 (phppgadmin through 7.12.1 allows sensitive actions to be performed wit ...) - phppgadmin <unfixed> NOTE: https://snyk.io/vuln/SNYK-PHP-PHPPGADMINPHPPGADMIN-543885 @@ -64016,8 +64058,8 @@ CVE-2019-4668 RESERVED CVE-2019-4667 RESERVED -CVE-2019-4666 - RESERVED +CVE-2019-4666 (IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could a ...) + TODO: check CVE-2019-4665 (IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM CVE-2019-4664 @@ -64164,8 +64206,8 @@ CVE-2019-4594 RESERVED CVE-2019-4593 RESERVED -CVE-2019-4592 - RESERVED +CVE-2019-4592 (IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow ...) + TODO: check CVE-2019-4591 RESERVED CVE-2019-4590 @@ -71620,8 +71662,8 @@ CVE-2019-2201 (In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, the NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/361 NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/2a9e3bd7430cfda1bc812d139e0609c6aca0b884 NOTE: https://github.com/clearlinux-pkgs/libjpeg-turbo/commit/0a5d06c3dd4a64754d7e6ffa081fd9132714f74c -CVE-2019-2200 - RESERVED +CVE-2019-2200 (In updatePermissions of PermissionManagerService.java, it may be possi ...) + TODO: check CVE-2019-2199 (In createSessionInternal of PackageInstallerService.java, there is a p ...) NOT-FOR-US: Android CVE-2019-2198 (In Download Provider, there is a possible SQL injection vulnerability. ...) @@ -252940,8 +252982,8 @@ CVE-2014-4199 (vm-support 0.88 in VMware Tools, as distributed with VMware Works [squeeze] - open-vm-tools <no-dsa> (Minor issue) [wheezy] - open-vm-tools <no-dsa> (Minor issue) NOTE: http://seclists.org/fulldisclosure/2014/Aug/71 -CVE-2014-4198 - RESERVED +CVE-2014-4198 (A Two-Factor Authentication Bypass Vulnerability exists in BS-Client P ...) + TODO: check CVE-2014-4197 (Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS ...) NOT-FOR-US: Bank Soft Systems CVE-2014-4196 (Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Syste ...) @@ -253013,8 +253055,8 @@ CVE-2014-4171 (mm/shmem.c in the Linux kernel through 3.15.1 does not properly i [wheezy] - linux 3.2.63-1 - linux-2.6 <not-affected> (Vulnerable code introduced later) NOTE: https://lkml.org/lkml/2014/7/2/518 -CVE-2014-4170 - RESERVED +CVE-2014-4170 (A Privilege Escalation Vulnerability exists in Free Reprintables Artic ...) + TODO: check CVE-2014-4169 RESERVED CVE-2014-4166 (Cross-site scripting (XSS) vulnerability in the song history in SHOUTc ...) @@ -253608,8 +253650,8 @@ CVE-2014-3925 (sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Li - sosreport <not-affected> (RedHat-specific issue) CVE-2014-3920 (Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0 ...) - kanboard <itp> (bug #790814) -CVE-2014-3919 - RESERVED +CVE-2014-3919 (A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp ...) + TODO: check CVE-2014-3918 RESERVED CVE-2014-3916 (The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 all ...) @@ -265364,7 +265406,7 @@ CVE-2013-6871 RESERVED CVE-2013-6870 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk befor ...) NOT-FOR-US: Splunk Web -CVE-2012-6611 (Polycom HDX Video End Points before 3.0 allows attackers to read arbit ...) +CVE-2012-6611 (An issue was discovered in Polycom Web Management Interface G3/HDX 800 ...) TODO: check CVE-2012-6610 (Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J al ...) NOT-FOR-US: Polycom HDX Video End Points @@ -284723,8 +284765,8 @@ CVE-2012-6093 (The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x befo NOTE: Fixed in 4:4.8.2+dfsg-10 CVE-2012-6092 (Multiple cross-site scripting (XSS) vulnerabilities in the web demos i ...) - activemq <not-affected> (Example code not shipped in .deb) -CVE-2012-6091 - RESERVED +CVE-2012-6091 (Zend_XmlRpc Class in Magento before 1.7.0.2 contains an information di ...) + TODO: check CVE-2012-6090 (Multiple stack-based buffer overflows in the expand function in os/pl- ...) - swi-prolog 5.10.4-5 (low; bug #697416) [squeeze] - swi-prolog 5.10.1-1+squeeze1 @@ -286232,8 +286274,7 @@ CVE-2012-5624 (The XMLHttpRequest object in Qt before 4.8.4 enables http redirec - qt4-x11 4:4.8.2+dfsg-7 (bug #695156) [squeeze] - qt4-x11 <not-affected> (Vulnerable code not present) NOTE: http://lists.qt-project.org/pipermail/announce/2012-November/000014.html -CVE-2012-5623 - RESERVED +CVE-2012-5623 (Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords. ...) NOT-FOR-US: change_passwd plugin for Squirrelmail CVE-2012-5622 (Cross-site request forgery (CSRF) vulnerability in the management cons ...) NOT-FOR-US: OpenShift @@ -296190,8 +296231,8 @@ CVE-2012-1905 RESERVED CVE-2012-1904 (mp4fformat.dll in the QuickTime File Format plugin in RealNetworks Rea ...) NOT-FOR-US: RealPlayer -CVE-2012-1903 - RESERVED +CVE-2012-1903 (XSS in Telligent Community 5.6.583.20496 via a flash file and related ...) + TODO: check CVE-2012-1902 (show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a con ...) - phpmyadmin 4:3.4.10.2-1 (unimportant) CVE-2012-1901 (Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS ...) @@ -297092,8 +297133,8 @@ CVE-2012-1502 (Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyP - python-pam 0.4.2-13 CVE-2012-1501 REJECTED -CVE-2012-1500 - RESERVED +CVE-2012-1500 (Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and Gre ...) + TODO: check CVE-2012-1499 (The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attac ...) - openjpeg <not-affected> (vulnerable code introduced after 1.3) CVE-2012-1498 (Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10bdd7fea0e14b01699f0e8809e8b5ce642670fd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10bdd7fea0e14b01699f0e8809e8b5ce642670fd You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits