diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-02-08 20:10:21 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-02-08 20:10:21 +0000 |
commit | a136ab7dc92ad401be2b3037f7cf16e68b9ed3f1 (patch) | |
tree | 09c6069321bf87e7bdc80541f80f269fa4c7eb27 | |
parent | 9af374078794e7e56a35a121ef1fcce185e38fcb (diff) |
automatic update
-rw-r--r-- | data/CVE/2011.list | 3 | ||||
-rw-r--r-- | data/CVE/2012.list | 14 | ||||
-rw-r--r-- | data/CVE/2014.list | 23 | ||||
-rw-r--r-- | data/CVE/2015.list | 18 |
4 files changed, 26 insertions, 32 deletions
diff --git a/data/CVE/2011.list b/data/CVE/2011.list index e2c0681bd3..c299d8dc1e 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -4106,8 +4106,7 @@ CVE-2011-3644 RESERVED CVE-2011-3643 RESERVED -CVE-2011-3642 [flowplayer-core: Arbitrary plugins with remote code execution (XSS)] - RESERVED +CVE-2011-3642 (Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 thr ...) - mahara <removed> (low; bug #699230) [squeeze] - mahara <no-dsa> (Minor issue) NOTE: https://code.google.com/p/flowplayer-core/issues/detail?id=441 diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 6e969e95dc..92ef83dc8e 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -2937,8 +2937,8 @@ CVE-2012-5572 (CRLF injection vulnerability in the cookie method (lib/Dancer/Coo NOTE: https://github.com/PerlDancer/Dancer/issues/859 CVE-2012-5571 (OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properl ...) - keystone 2012.1.1-11 (bug #694433) -CVE-2012-5570 - RESERVED +CVE-2012-5570 (The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remo ...) + TODO: check CVE-2012-5569 (Multiple cross-site scripting (XSS) vulnerabilities in the Basic webma ...) NOT-FOR-US: Drupal Webmail module CVE-2012-5568 (Apache Tomcat through 7.0.x allows remote attackers to cause a denial ...) @@ -5358,8 +5358,7 @@ CVE-2012-4513 (khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows - kdebase <removed> (unimportant) - kde-baseapps <unfixed> (unimportant) NOTE: Konqueror not supported security-wise -CVE-2012-4512 - RESERVED +CVE-2012-4512 (The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 all ...) - kdebase <removed> (unimportant) - kde-baseapps <unfixed> (unimportant) NOTE: Konqueror not supported security-wise @@ -5759,8 +5758,7 @@ CVE-2012-4382 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not proper [squeeze] - mediawiki <end-of-life> NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39823 NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6 -CVE-2012-4381 [Passwords were stored in local DB even if auth systems like LDAP were used] - RESERVED +CVE-2012-4381 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in t ...) - mediawiki 1:1.19.2-1 (bug #686330) [squeeze] - mediawiki <end-of-life> NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39184 @@ -6653,8 +6651,8 @@ CVE-2012-4031 (Multiple directory traversal vulnerabilities in src/acloglogin.ph NOT-FOR-US: Wangkongbao not in Debian CVE-2012-4030 (Chamilo before 1.8.8.6 does not adequately handle user supplied input ...) NOT-FOR-US: Chamilo LMS -CVE-2012-4029 - RESERVED +CVE-2012-4029 (Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in ...) + TODO: check CVE-2012-4028 (Tridium Niagara AX Framework does not properly store credential data, ...) NOT-FOR-US: Tridium Niagara AX Framework CVE-2012-4027 (Directory traversal vulnerability in Tridium Niagara AX Framework allo ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index d5142491b8..0473fc6b1c 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -2907,8 +2907,8 @@ CVE-2014-9472 (The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x b {DSA-3176-1 DLA-158-1} - request-tracker4 4.2.8-3 - request-tracker3.8 <removed> (unimportant) -CVE-2014-9470 - RESERVED +CVE-2014-9470 (Cross-site scripting (XSS) vulnerability in the loadForm function in F ...) + TODO: check CVE-2014-9469 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3. ...) NOT-FOR-US: vBulletin CVE-2014-9468 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP Inst ...) @@ -3882,10 +3882,10 @@ CVE-2014-9131 RESERVED CVE-2014-9128 RESERVED -CVE-2014-9127 - RESERVED -CVE-2014-9126 - RESERVED +CVE-2014-9127 (Open-School Community Edition 2.2 does not properly restrict access to ...) + TODO: check +CVE-2014-9126 (Multiple cross-site scripting (XSS) vulnerabilities in Open-School Com ...) + TODO: check CVE-2014-9125 RESERVED CVE-2014-9124 @@ -4882,8 +4882,8 @@ CVE-2014-8741 (Directory traversal vulnerability in the GfdFileUploadServerlet s NOT-FOR-US: Lexmark CVE-2014-8740 RESERVED -CVE-2014-8739 - RESERVED +CVE-2014-8739 (Unrestricted file upload vulnerability in server/php/UploadHandler.php ...) + TODO: check CVE-2014-8736 (The Open Atrium Core module for Drupal before 7.x-2.22 allows remote a ...) NOT-FOR-US: Drupal module Open Atrium Core CVE-2014-8735 (The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7 ...) @@ -7424,8 +7424,8 @@ CVE-2014-7865 REJECTED CVE-2014-7864 (Multiple SQL injection vulnerabilities in the FailOverHelperServlet (a ...) NOT-FOR-US: ZOHO ManageEngine OpManager -CVE-2014-7863 - RESERVED +CVE-2014-7863 (The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngi ...) + TODO: check CVE-2014-7862 (The DCPluginServelet servlet in ManageEngine Desktop Central and Deskt ...) NOT-FOR-US: ManageEngine CVE-2014-7861 (The IOHIDSecurePromptClient function in Apple OS X does not properly v ...) @@ -21278,8 +21278,7 @@ CVE-2014-2227 (The default Flash cross-domain policy (crossdomain.xml) in Ubiqui NOT-FOR-US: Ubiquiti Networks CVE-2014-2226 (Ubiquiti UniFi Controller before 3.2.1 logs the administrative passwor ...) NOT-FOR-US: Ubiquiti Networks -CVE-2014-2225 - RESERVED +CVE-2014-2225 (Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti ...) NOT-FOR-US: Ubiquiti Networks CVE-2014-2224 (Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not as ...) NOT-FOR-US: Plogger diff --git a/data/CVE/2015.list b/data/CVE/2015.list index a95eeffbc9..90b2b49182 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -10757,8 +10757,7 @@ CVE-2015-5726 (The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before NOTE: http://botan.randombit.net/security.html CVE-2015-5725 (SQL injection vulnerability in the offset method in the Active Record ...) - codeigniter <itp> (bug #471583) -CVE-2015-5741 [other discoveries of security-relevant RFC 7230 violations] - RESERVED +CVE-2015-5741 (The net/http library in net/http/transfer.go in Go before 1.4.3 does n ...) - golang 2:1.4.2-4 (bug #795106) [jessie] - golang <no-dsa> (Minor issue) [wheezy] - golang <no-dsa> (Minor issue) @@ -17299,8 +17298,8 @@ CVE-2015-3425 (Cross-site scripting (XSS) vulnerability in Accentis Content Reso NOT-FOR-US: Accentis Content Resource Management System CVE-2015-3424 (SQL injection vulnerability in Accentis Content Resource Management Sy ...) NOT-FOR-US: Accentis Content Resource Management System -CVE-2015-3423 - RESERVED +CVE-2015-3423 (Multiple SQL injection vulnerabilities in NetCracker Resource Manageme ...) + TODO: check CVE-2015-3422 (Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 al ...) NOT-FOR-US: SearchBlox CVE-2015-3421 (The eshop_checkout function in checkout.php in the Wordpress Eshop plu ...) @@ -21041,8 +21040,8 @@ CVE-2015-2209 (DLGuard 4.5 allows remote attackers to obtain the installation pa NOT-FOR-US: DLGuard CVE-2015-2208 (The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remo ...) NOT-FOR-US: phpMoAdmin -CVE-2015-2207 - RESERVED +CVE-2015-2207 (Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Reso ...) + TODO: check CVE-2015-2206 (libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2 ...) {DSA-3382-1 DLA-336-1} - phpmyadmin 4:4.4.4-1 (unimportant) @@ -21455,8 +21454,8 @@ CVE-2015-2080 (The exception handling code in Eclipse Jetty before 9.2.9.v201502 NOTE: http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html NOTE: https://github.com/eclipse/jetty.project/blob/master/advisories/2015-02-24-httpparser-error-buffer-bleed.md NOTE: http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html -CVE-2015-2062 - RESERVED +CVE-2015-2062 (Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-i ...) + TODO: check CVE-2015-2061 (Heap-based buffer overflow in the browser plugin for PTC Creo View all ...) NOT-FOR-US: PTC Creo View CVE-2015-2057 @@ -23277,8 +23276,7 @@ CVE-2015-1398 (Multiple directory traversal vulnerabilities in Magento Community NOT-FOR-US: Magento CVE-2015-1397 (SQL injection vulnerability in the getCsvFile function in the Mage_Adm ...) NOT-FOR-US: Magento -CVE-2015-1394 - RESERVED +CVE-2015-1394 (Multiple cross-site scripting (XSS) vulnerabilities in the Photo Galle ...) NOT-FOR-US: WordPress plugin photo-gallery CVE-2015-1393 (SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 ...) NOT-FOR-US: WordPress plugin photo-gallery |