Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
10bdd7fe by security tracker role at 2020-02-13T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2020-8986
+ RESERVED
+CVE-2020-8985
+ RESERVED
+CVE-2020-8984
+ RESERVED
+CVE-2020-8983
+ RESERVED
+CVE-2020-8982
+ RESERVED
+CVE-2020-8981 (A cross-site scripting (XSS) vulnerability was discovered in
the Sourc ...)
+ TODO: check
+CVE-2020-8980
+ RESERVED
+CVE-2020-8979
+ RESERVED
+CVE-2020-8978
+ RESERVED
+CVE-2020-8977
+ RESERVED
+CVE-2020-8976
+ RESERVED
+CVE-2020-8975
+ RESERVED
+CVE-2020-8974
+ RESERVED
+CVE-2020-8973
+ RESERVED
+CVE-2020-8972
+ RESERVED
+CVE-2020-8971
+ RESERVED
+CVE-2020-8970
+ RESERVED
+CVE-2020-8969
+ RESERVED
+CVE-2020-8968
+ RESERVED
+CVE-2020-8967
+ RESERVED
+CVE-2020-8966
+ RESERVED
+CVE-2020-8965
+ RESERVED
CVE-2020-8964 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007,
SR7110 1.0.0 ...)
NOT-FOR-US: TimeTools devices
CVE-2020-8963 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007,
SR7110 1.0.0 ...)
@@ -351,16 +395,16 @@ CVE-2020-8806
RESERVED
CVE-2020-8805
RESERVED
-CVE-2020-8804
- RESERVED
-CVE-2020-8803
- RESERVED
-CVE-2020-8802
- RESERVED
-CVE-2020-8801
- RESERVED
-CVE-2020-8800
- RESERVED
+CVE-2020-8804 (SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API,
the Em ...)
+ TODO: check
+CVE-2020-8803 (SuiteCRM through 7.11.11 allows Directory Traversal to include
arbitra ...)
+ TODO: check
+CVE-2020-8802 (SuiteCRM through 7.11.11 has Incorrect Access Control via
action_saveH ...)
+ TODO: check
+CVE-2020-8801 (SuiteCRM through 7.11.11 allows PHAR Deserialization. ...)
+ TODO: check
+CVE-2020-8800 (SuiteCRM through 7.11.11 allows
EmailsControllerActionGetFromFields PH ...)
+ TODO: check
CVE-2020-8799
RESERVED
CVE-2020-8798
@@ -751,8 +795,8 @@ CVE-2020-8616
RESERVED
CVE-2020-8615 (A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for
WordPres ...)
NOT-FOR-US: Tutor LMS plugin for WordPress
-CVE-2020-8614
- RESERVED
+CVE-2020-8614 (An issue was discovered on Askey AP4000W TDC_V1.01.003 devices.
An att ...)
+ TODO: check
CVE-2020-8613
RESERVED
CVE-2020-8612
@@ -4226,8 +4270,8 @@ CVE-2020-7053 (In the Linux kernel 4.14 longterm through
4.14.165 and 4.19 longt
NOTE:
https://lore.kernel.org/stable/20200114183937.12224-1-tyhi...@canonical.com/
CVE-2020-7052 (CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30
allow unco ...)
NOT-FOR-US: CODESYS
-CVE-2020-7051
- RESERVED
+CVE-2020-7051 (An issue was discovered in Codologic Codoforum 4.8.4. While
creating a ...)
+ TODO: check
CVE-2020-7050
RESERVED
CVE-2020-7049
@@ -4793,7 +4837,7 @@ CVE-2020-6801
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6801
CVE-2020-6800
RESERVED
- {DSA-4620-1}
+ {DSA-4620-1 DLA-2102-1}
- firefox 73.0-1
- firefox-esr 68.5.0esr-1
- thunderbird 1:68.5.0-1
@@ -4808,7 +4852,7 @@ CVE-2020-6799
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6799
CVE-2020-6798
RESERVED
- {DSA-4620-1}
+ {DSA-4620-1 DLA-2102-1}
- firefox 73.0-1
- firefox-esr 68.5.0esr-1
- thunderbird 1:68.5.0-1
@@ -4825,7 +4869,7 @@ CVE-2020-6797
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6797
CVE-2020-6796
RESERVED
- {DSA-4620-1}
+ {DSA-4620-1 DLA-2102-1}
- firefox 73.0-1
- firefox-esr 68.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6796
@@ -12390,95 +12434,94 @@ CVE-2020-3765
RESERVED
CVE-2020-3764
RESERVED
-CVE-2020-3763
- RESERVED
-CVE-2020-3762
- RESERVED
+CVE-2020-3763 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3762 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier,
2017.011 ...)
+ TODO: check
CVE-2020-3761
RESERVED
-CVE-2020-3760
- RESERVED
-CVE-2020-3759
- RESERVED
+CVE-2020-3760 (Adobe Digital Editions versions 4.5.10 and below have a command
inject ...)
+ TODO: check
+CVE-2020-3759 (Adobe Digital Editions versions 4.5.10 and below have a buffer
errors ...)
+ TODO: check
CVE-2020-3758 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier,
1.14.4.3 and e ...)
NOT-FOR-US: Magento
-CVE-2020-3757
- RESERVED
+CVE-2020-3757 (Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314
and ear ...)
NOT-FOR-US: Adobe
-CVE-2020-3756
- RESERVED
-CVE-2020-3755
- RESERVED
-CVE-2020-3754
- RESERVED
-CVE-2020-3753
- RESERVED
-CVE-2020-3752
- RESERVED
-CVE-2020-3751
- RESERVED
-CVE-2020-3750
- RESERVED
-CVE-2020-3749
- RESERVED
-CVE-2020-3748
- RESERVED
-CVE-2020-3747
- RESERVED
-CVE-2020-3746
- RESERVED
-CVE-2020-3745
- RESERVED
-CVE-2020-3744
- RESERVED
-CVE-2020-3743
- RESERVED
-CVE-2020-3742
- RESERVED
-CVE-2020-3741
- RESERVED
-CVE-2020-3740
- RESERVED
-CVE-2020-3739
- RESERVED
-CVE-2020-3738
- RESERVED
-CVE-2020-3737
- RESERVED
-CVE-2020-3736
- RESERVED
-CVE-2020-3735
- RESERVED
-CVE-2020-3734
- RESERVED
-CVE-2020-3733
- RESERVED
-CVE-2020-3732
- RESERVED
-CVE-2020-3731
- RESERVED
-CVE-2020-3730
- RESERVED
-CVE-2020-3729
- RESERVED
-CVE-2020-3728
- RESERVED
-CVE-2020-3727
- RESERVED
-CVE-2020-3726
- RESERVED
-CVE-2020-3725
- RESERVED
-CVE-2020-3724
- RESERVED
-CVE-2020-3723
- RESERVED
-CVE-2020-3722
- RESERVED
-CVE-2020-3721
- RESERVED
-CVE-2020-3720
- RESERVED
+CVE-2020-3756 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3755 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3754 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3753 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3752 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3751 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3750 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3749 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3748 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3747 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3746 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3745 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3744 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3743 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3742 (Adobe Acrobat and Reader versions, 2019.021.20061 and earlier,
2017.01 ...)
+ TODO: check
+CVE-2020-3741 (Adobe Experience Manager versions 6.5, and 6.4 have an
uncontrolled re ...)
+ TODO: check
+CVE-2020-3740 (Adobe Framemaker versions 2019.0.4 and below have a memory
corruption ...)
+ TODO: check
+CVE-2020-3739 (Adobe Framemaker versions 2019.0.4 and below have a memory
corruption ...)
+ TODO: check
+CVE-2020-3738 (Adobe Framemaker versions 2019.0.4 and below have an
out-of-bounds wri ...)
+ TODO: check
+CVE-2020-3737 (Adobe Framemaker versions 2019.0.4 and below have an
out-of-bounds wri ...)
+ TODO: check
+CVE-2020-3736 (Adobe Framemaker versions 2019.0.4 and below have an
out-of-bounds wri ...)
+ TODO: check
+CVE-2020-3735 (Adobe Framemaker versions 2019.0.4 and below have a heap
overflow vuln ...)
+ TODO: check
+CVE-2020-3734 (Adobe Framemaker versions 2019.0.4 and below have a buffer
error vulne ...)
+ TODO: check
+CVE-2020-3733 (Adobe Framemaker versions 2019.0.4 and below have an
out-of-bounds wri ...)
+ TODO: check
+CVE-2020-3732 (Adobe Framemaker versions 2019.0.4 and below have an
out-of-bounds wri ...)
+ TODO: check
+CVE-2020-3731 (Adobe Framemaker versions 2019.0.4 and below have a heap
overflow vuln ...)
+ TODO: check
+CVE-2020-3730 (Adobe Framemaker versions 2019.0.4 and below have an
out-of-bounds wri ...)
+ TODO: check
+CVE-2020-3729 (Adobe Framemaker versions 2019.0.4 and below have an
out-of-bounds wri ...)
+ TODO: check
+CVE-2020-3728 (Adobe Framemaker versions 2019.0.4 and below have an
out-of-bounds wri ...)
+ TODO: check
+CVE-2020-3727 (Adobe Framemaker versions 2019.0.4 and below have an
out-of-bounds wri ...)
+ TODO: check
+CVE-2020-3726 (Adobe Framemaker versions 2019.0.4 and below have an
out-of-bounds wri ...)
+ TODO: check
+CVE-2020-3725 (Adobe Framemaker versions 2019.0.4 and below have an
out-of-bounds wri ...)
+ TODO: check
+CVE-2020-3724 (Adobe Framemaker versions 2019.0.4 and below have an
out-of-bounds wri ...)
+ TODO: check
+CVE-2020-3723 (Adobe Framemaker versions 2019.0.4 and below have an
out-of-bounds wri ...)
+ TODO: check
+CVE-2020-3722 (Adobe Framemaker versions 2019.0.4 and below have an
out-of-bounds wri ...)
+ TODO: check
+CVE-2020-3721 (Adobe Framemaker versions 2019.0.4 and below have an
out-of-bounds wri ...)
+ TODO: check
+CVE-2020-3720 (Adobe Framemaker versions 2019.0.4 and below have an
out-of-bounds wri ...)
+ TODO: check
CVE-2020-3719 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier,
1.14.4.3 and e ...)
NOT-FOR-US: Magento
CVE-2020-3718 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier,
1.14.4.3 and e ...)
@@ -19606,8 +19649,8 @@ CVE-2019-18792 (An issue was discovered in Suricata
5.0.0. It is possible to byp
NOTE:
https://github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006
(suricata-5.0.1)
NOTE: https://redmine.openinfosecfoundation.org/issues/3324
NOTE: https://redmine.openinfosecfoundation.org/issues/3394
-CVE-2019-18791
- RESERVED
+CVE-2019-18791 (Lexmark printer MS812 and multiple older generation Lexmark
devices ha ...)
+ TODO: check
CVE-2019-18790 (An issue was discovered in channels/chan_sip.c in Sangoma
Asterisk 13. ...)
{DLA-2017-1}
- asterisk <unfixed> (bug #947381)
@@ -22387,16 +22430,16 @@ CVE-2020-0566
RESERVED
CVE-2020-0565
RESERVED
-CVE-2020-0564
- RESERVED
-CVE-2020-0563
- RESERVED
-CVE-2020-0562
- RESERVED
-CVE-2020-0561
- RESERVED
-CVE-2020-0560
- RESERVED
+CVE-2020-0564 (Improper permissions in the installer for Intel(R) RWC3 for
Windows be ...)
+ TODO: check
+CVE-2020-0563 (Improper permissions in the installer for Intel(R) MPSS before
version ...)
+ TODO: check
+CVE-2020-0562 (Improper permissions in the installer for Intel(R) RWC2, all
versions, ...)
+ TODO: check
+CVE-2020-0561 (Improper initialization in the Intel(R) SGX SDK before
v2.6.100.1 may ...)
+ TODO: check
+CVE-2020-0560 (Improper permissions in the installer for the Intel(R) Renesas
Electro ...)
+ TODO: check
CVE-2020-0559
RESERVED
CVE-2020-0558
@@ -24370,43 +24413,42 @@ CVE-2020-0032
RESERVED
CVE-2020-0031
RESERVED
-CVE-2020-0030
- RESERVED
+CVE-2020-0030 (In binder_thread_release of binder.c, there is a possible use
after fr ...)
- linux 4.15.11-1
[stretch] - linux 4.9.210-1
NOTE: Fixed by:
https://git.kernel.org/linus/5eeb2ca02a2f6084fc57ae5c244a38baab07033a
CVE-2020-0029
RESERVED
-CVE-2020-0028
- RESERVED
-CVE-2020-0027
- RESERVED
-CVE-2020-0026
- RESERVED
+CVE-2020-0028 (In notifyNetworkTested and related functions of
NetworkMonitor.java, t ...)
+ TODO: check
+CVE-2020-0027 (In HidRawSensor::batch of HidRawSensor.cpp, there is a possible
out of ...)
+ TODO: check
+CVE-2020-0026 (In Parcel::continueWrite of Parcel.cpp, there is possible
memory corru ...)
+ TODO: check
CVE-2020-0025
RESERVED
CVE-2020-0024
RESERVED
-CVE-2020-0023
- RESERVED
-CVE-2020-0022
- RESERVED
-CVE-2020-0021
- RESERVED
-CVE-2020-0020
- RESERVED
+CVE-2020-0023 (In setPhonebookAccessPermission of AdapterService.java, there
is a pos ...)
+ TODO: check
+CVE-2020-0022 (In reassemble_and_dispatch of packet_fragmenter.cc, there is
possible ...)
+ TODO: check
+CVE-2020-0021 (In removeUnusedPackagesLPw of PackageManagerService.java, there
is a p ...)
+ TODO: check
+CVE-2020-0020 (In getAttributeRange of ExifInterface.java, there is a possible
failur ...)
+ TODO: check
CVE-2020-0019
RESERVED
-CVE-2020-0018
- RESERVED
-CVE-2020-0017
- RESERVED
+CVE-2020-0018 (In MotionEntry::appendDescription of InputDispatcher.cpp, there
is a p ...)
+ TODO: check
+CVE-2020-0017 (In multiple places, it was possible for the primary
user’s dicti ...)
+ TODO: check
CVE-2020-0016
RESERVED
-CVE-2020-0015
- RESERVED
-CVE-2020-0014
- RESERVED
+CVE-2020-0015 (In onCreate of CertInstaller.java, there is a possible way to
overlay ...)
+ TODO: check
+CVE-2020-0014 (It is possible for a malicious application to construct a
TYPE_TOAST w ...)
+ TODO: check
CVE-2020-0013
RESERVED
CVE-2020-0012
@@ -24424,8 +24466,8 @@ CVE-2020-0007 (In flattenString8 of Sensor.cpp, there
is a possible information
NOT-FOR-US: Android
CVE-2020-0006 (In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a
possibl ...)
NOT-FOR-US: Android
-CVE-2020-0005
- RESERVED
+CVE-2020-0005 (In btm_read_remote_ext_features_complete of btm_acl.cc, there
is a pos ...)
+ TODO: check
CVE-2020-0004 (In generateCrop of WallpaperManagerService.java, there is a
possible s ...)
NOT-FOR-US: Android
CVE-2020-0003 (In onCreate of InstallStart.java, there is a possible package
validati ...)
@@ -34827,8 +34869,8 @@ CVE-2019-14600 (Uncontrolled search path element in the
installer for Intel(R) S
NOT-FOR-US: Intel
CVE-2019-14599 (Unquoted service path in Control Center-I version 2.1.0.0 and
earlier ...)
NOT-FOR-US: Intel
-CVE-2019-14598
- RESERVED
+CVE-2019-14598 (Improper Authentication in subsystem in Intel(R) CSME versions
12.0 th ...)
+ TODO: check
CVE-2019-14597
RESERVED
CVE-2019-14596 (Improper access control in the installer for Intel(R) Chipset
Device S ...)
@@ -47059,8 +47101,8 @@ CVE-2019-10787 (im-resize through 2.3.2 allows remote
attackers to execute arbit
TODO: check
CVE-2019-10786 (network-manager through 1.0.2 allows remote attackers to
execute arbit ...)
NOT-FOR-US: network-manager node module
-CVE-2019-10785
- RESERVED
+CVE-2019-10785 (dojox is vulnerable to Cross-site Scripting in all versions
before ver ...)
+ TODO: check
CVE-2019-10784 (phppgadmin through 7.12.1 allows sensitive actions to be
performed wit ...)
- phppgadmin <unfixed>
NOTE: https://snyk.io/vuln/SNYK-PHP-PHPPGADMINPHPPGADMIN-543885
@@ -64016,8 +64058,8 @@ CVE-2019-4668
RESERVED
CVE-2019-4667
RESERVED
-CVE-2019-4666
- RESERVED
+CVE-2019-4666 (IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5
could a ...)
+ TODO: check
CVE-2019-4665 (IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site
scripting. ...)
NOT-FOR-US: IBM
CVE-2019-4664
@@ -64164,8 +64206,8 @@ CVE-2019-4594
RESERVED
CVE-2019-4593
RESERVED
-CVE-2019-4592
- RESERVED
+CVE-2019-4592 (IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10
could allow ...)
+ TODO: check
CVE-2019-4591
RESERVED
CVE-2019-4590
@@ -71620,8 +71662,8 @@ CVE-2019-2201 (In generate_jsimd_ycc_rgb_convert_neon
of jsimd_arm64_neon.S, the
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/361
NOTE:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/2a9e3bd7430cfda1bc812d139e0609c6aca0b884
NOTE:
https://github.com/clearlinux-pkgs/libjpeg-turbo/commit/0a5d06c3dd4a64754d7e6ffa081fd9132714f74c
-CVE-2019-2200
- RESERVED
+CVE-2019-2200 (In updatePermissions of PermissionManagerService.java, it may
be possi ...)
+ TODO: check
CVE-2019-2199 (In createSessionInternal of PackageInstallerService.java, there
is a p ...)
NOT-FOR-US: Android
CVE-2019-2198 (In Download Provider, there is a possible SQL injection
vulnerability. ...)
@@ -252940,8 +252982,8 @@ CVE-2014-4199 (vm-support 0.88 in VMware Tools, as
distributed with VMware Works
[squeeze] - open-vm-tools <no-dsa> (Minor issue)
[wheezy] - open-vm-tools <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2014/Aug/71
-CVE-2014-4198
- RESERVED
+CVE-2014-4198 (A Two-Factor Authentication Bypass Vulnerability exists in
BS-Client P ...)
+ TODO: check
CVE-2014-4197 (Multiple SQL injection vulnerabilities in Bank Soft Systems
(BSS) RBS ...)
NOT-FOR-US: Bank Soft Systems
CVE-2014-4196 (Cross-site scripting (XSS) vulnerability in bsi.dll in Bank
Soft Syste ...)
@@ -253013,8 +253055,8 @@ CVE-2014-4171 (mm/shmem.c in the Linux kernel through
3.15.1 does not properly i
[wheezy] - linux 3.2.63-1
- linux-2.6 <not-affected> (Vulnerable code introduced later)
NOTE: https://lkml.org/lkml/2014/7/2/518
-CVE-2014-4170
- RESERVED
+CVE-2014-4170 (A Privilege Escalation Vulnerability exists in Free
Reprintables Artic ...)
+ TODO: check
CVE-2014-4169
RESERVED
CVE-2014-4166 (Cross-site scripting (XSS) vulnerability in the song history in
SHOUTc ...)
@@ -253608,8 +253650,8 @@ CVE-2014-3925 (sosreport in Red Hat sos 1.7 and
earlier on Red Hat Enterprise Li
- sosreport <not-affected> (RedHat-specific issue)
CVE-2014-3920 (Cross-site request forgery (CSRF) vulnerability in Kanboard
before 1.0 ...)
- kanboard <itp> (bug #790814)
-CVE-2014-3919
- RESERVED
+CVE-2014-3919 (A vulnerability exists in Netgear CG3100 devices before
3.9.2421.13.mp ...)
+ TODO: check
CVE-2014-3918
RESERVED
CVE-2014-3916 (The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and
2.1 all ...)
@@ -265364,7 +265406,7 @@ CVE-2013-6871
RESERVED
CVE-2013-6870 (Cross-site scripting (XSS) vulnerability in Splunk Web in
Splunk befor ...)
NOT-FOR-US: Splunk Web
-CVE-2012-6611 (Polycom HDX Video End Points before 3.0 allows attackers to
read arbit ...)
+CVE-2012-6611 (An issue was discovered in Polycom Web Management Interface
G3/HDX 800 ...)
TODO: check
CVE-2012-6610 (Polycom HDX Video End Points before 3.0.4 and UC APL before
2.7.1.J al ...)
NOT-FOR-US: Polycom HDX Video End Points
@@ -284723,8 +284765,8 @@ CVE-2012-6093 (The QSslSocket::sslErrors function in
Qt before 4.6.5, 4.7.x befo
NOTE: Fixed in 4:4.8.2+dfsg-10
CVE-2012-6092 (Multiple cross-site scripting (XSS) vulnerabilities in the web
demos i ...)
- activemq <not-affected> (Example code not shipped in .deb)
-CVE-2012-6091
- RESERVED
+CVE-2012-6091 (Zend_XmlRpc Class in Magento before 1.7.0.2 contains an
information di ...)
+ TODO: check
CVE-2012-6090 (Multiple stack-based buffer overflows in the expand function in
os/pl- ...)
- swi-prolog 5.10.4-5 (low; bug #697416)
[squeeze] - swi-prolog 5.10.1-1+squeeze1
@@ -286232,8 +286274,7 @@ CVE-2012-5624 (The XMLHttpRequest object in Qt before
4.8.4 enables http redirec
- qt4-x11 4:4.8.2+dfsg-7 (bug #695156)
[squeeze] - qt4-x11 <not-affected> (Vulnerable code not present)
NOTE:
http://lists.qt-project.org/pipermail/announce/2012-November/000014.html
-CVE-2012-5623
- RESERVED
+CVE-2012-5623 (Squirrelmail 4.0 uses the outdated MD5 hash algorithm for
passwords. ...)
NOT-FOR-US: change_passwd plugin for Squirrelmail
CVE-2012-5622 (Cross-site request forgery (CSRF) vulnerability in the
management cons ...)
NOT-FOR-US: OpenShift
@@ -296190,8 +296231,8 @@ CVE-2012-1905
RESERVED
CVE-2012-1904 (mp4fformat.dll in the QuickTime File Format plugin in
RealNetworks Rea ...)
NOT-FOR-US: RealPlayer
-CVE-2012-1903
- RESERVED
+CVE-2012-1903 (XSS in Telligent Community 5.6.583.20496 via a flash file and
related ...)
+ TODO: check
CVE-2012-1902 (show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2,
when a con ...)
- phpmyadmin 4:3.4.10.2-1 (unimportant)
CVE-2012-1901 (Multiple cross-site request forgery (CSRF) vulnerabilities in
FlexCMS ...)
@@ -297092,8 +297133,8 @@ CVE-2012-1502 (Double free vulnerability in the
PyPAM_conv in PAMmodule.c in PyP
- python-pam 0.4.2-13
CVE-2012-1501
REJECTED
-CVE-2012-1500
- RESERVED
+CVE-2012-1500 (Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3
and Gre ...)
+ TODO: check
CVE-2012-1499 (The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows
remote attac ...)
- openjpeg <not-affected> (vulnerable code introduced after 1.3)
CVE-2012-1498 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Webfolio ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/10bdd7fea0e14b01699f0e8809e8b5ce642670fd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/10bdd7fea0e14b01699f0e8809e8b5ce642670fd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
