diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-03-24 08:30:59 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-03-24 08:30:59 +0100 |
commit | ed1fe5a2b9c596491569fbcc69cba2a7aa19d8c9 (patch) | |
tree | 5eafb59dfd2abe31a2f643f2bac6096f975eec13 | |
parent | 0cd8bb1dc185ac65c5653efc2a03f1da606f3e4d (diff) |
"new" ruby issue, "new" bitcoin issues, NFUs
-rw-r--r-- | data/CVE/2011.list | 2 | ||||
-rw-r--r-- | data/CVE/2013.list | 4 | ||||
-rw-r--r-- | data/CVE/2014.list | 6 | ||||
-rw-r--r-- | data/CVE/2015.list | 2 | ||||
-rw-r--r-- | data/CVE/2016.list | 7 | ||||
-rw-r--r-- | data/CVE/2017.list | 6 | ||||
-rw-r--r-- | data/CVE/2018.list | 8 |
7 files changed, 19 insertions, 16 deletions
diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 8a77a28600..257b1a3d42 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -5149,7 +5149,7 @@ CVE-2011-3271 (Unspecified vulnerability in the Smart Install functionality in C CVE-2011-3270 (Unspecified vulnerability in Cisco IOS 12.2SB before 12.2(33)SB10 and ...) NOT-FOR-US: Cisco CVE-2011-3269 (Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allo ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2011-3268 (Buffer overflow in the crypt function in PHP before 5.3.7 allows conte ...) - php5 5.3.8-1 [squeeze] - php5 <not-affected> (Only affected 5.3.7) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 994791adef..5257bd1b1c 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -6166,7 +6166,7 @@ CVE-2013-5108 (Multiple cross-site scripting (XSS) vulnerabilities in the xn fun CVE-2013-5107 (Directory traversal vulnerability in RockMongo 1.1.5 and earlier allow ...) - rockmongo <itp> (bug #702961) CVE-2013-5106 (A Code Execution vulnerability exists in select.py when using python-m ...) - TODO: check + NOT-FOR-US: python vim mode, different from src:python-mode, which is for a nicer editor CVE-2013-5105 RESERVED CVE-2013-5104 @@ -10179,7 +10179,7 @@ CVE-2013-3630 (Moodle through 2.5.2 allows remote authenticated administrators t CVE-2013-3629 (ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution ...) NOT-FOR-US: ISPConfig CVE-2013-3628 (Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability ...) - TODO: check + NOTE: Historic Zabbix issue CVE-2013-3627 (FrameworkService.exe in McAfee Framework Service in McAfee Managed Age ...) NOT-FOR-US: McAfee CVE-2013-3626 (Directory traversal vulnerability in the Session Server in Attachmate ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 9e697f5902..9526615b5c 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -20007,11 +20007,11 @@ CVE-2014-2725 CVE-2014-2724 RESERVED CVE-2014-2723 (In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2014-2722 (In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2014-2721 (In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2014-2720 (IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Cen ...) NOT-FOR-US: IZArc Archiver CVE-2014-2719 (Advanced_System_Content.asp in the ASUS RT series routers with firmwar ...) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 0741918951..b551bd8f1b 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -16798,7 +16798,7 @@ CVE-2015-3643 (usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before CVE-2015-3642 (The TLS and DTLS processing functionality in Citrix NetScaler Applicat ...) NOT-FOR-US: Citrix CVE-2015-3641 (bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a den ...) - TODO: check + - bitcoin 0.10.2-1 CVE-2015-3640 (phpMyBackupPro 2.5 and earlier does not properly escape the "." charac ...) NOT-FOR-US: phpMyBackupPro CVE-2015-3639 (phpMyBackupPro 2.5 and earlier does not properly sanitize input string ...) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 889acfabe9..632beed3ba 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -12028,7 +12028,7 @@ CVE-2016-6920 (Heap-based buffer overflow in the decode_block function in libavc CVE-2016-6919 RESERVED CVE-2016-6918 (Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attacke ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2016-6917 (Buffer overflow in nvhost_job.c in the NVIDIA video driver for Android ...) NOT-FOR-US: Nvidia driver for Android CVE-2016-6916 (Integer overflow in nvhost_job.c in the NVIDIA video driver for Androi ...) @@ -25874,7 +25874,10 @@ CVE-2016-2339 (An exploitable heap overflow vulnerability exists in the Fiddle:: NOTE: Fixed by: https://github.com/ruby/ruby/commit/de577357e80fa15f5cf13a81aa3decc783ea929e NOTE: Fixed by: https://github.com/ruby/ruby/commit/4977af3c3d54d27167bfc237f1b2802c40bddc10 CVE-2016-2338 (An exploitable heap overflow vulnerability exists in the Psych::Emitte ...) - TODO: check + - ruby2.3 2.3.0-1 + - ruby2.1 <removed> + NOTE: https://talosintelligence.com/reports/TALOS-2016-0032 + NOTE: https://git.ruby-lang.org/ruby.git/commit/?id=db48c307944a9a18877236bdf9e9b778875f38ed CVE-2016-2337 (Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Att ...) {DLA-1480-1} - ruby2.3 2.3.0-1 diff --git a/data/CVE/2017.list b/data/CVE/2017.list index de379c2d1c..1fb7de2106 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -663,7 +663,7 @@ CVE-2017-18352 (Error reporting within Rendertron 1.0.0 allows reflected Cross S CVE-2017-18351 RESERVED CVE-2017-18350 (bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer over ...) - TODO: check + - bitcoin 0.15.1~dfsg-1 CVE-2017-18349 (parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pi ...) NOT-FOR-US: FastjsonEngine CVE-2017-18348 (Splunk Enterprise 6.6.x, when configured to run as root but drop privi ...) @@ -16824,7 +16824,7 @@ CVE-2017-12843 (Cyrus IMAP before 3.0.3 allows remote authenticated users to wri - cyrus-imapd-2.4 <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/d734a23122155f3522a8cb6aef118223aa73cde0 CVE-2017-12842 (Bitcoin Core before 0.14 allows an attacker to create an ostensibly va ...) - TODO: check + - bitcoin 0.14.2~dfsg-1~exp2 CVE-2017-12841 RESERVED CVE-2017-12840 (A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client ...) @@ -22318,7 +22318,7 @@ CVE-2017-10994 (Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Ar CVE-2017-10993 (Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to i ...) NOT-FOR-US: Contao CVE-2017-10992 (In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Des ...) - TODO: check + NOT-FOR-US: HPE CVE-2017-10991 (The WP Statistics plugin through 12.0.9 for WordPress has XSS in the r ...) NOT-FOR-US: Wordpress plugin CVE-2017-10990 diff --git a/data/CVE/2018.list b/data/CVE/2018.list index a1cf06ed92..63aff9b9ee 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -21041,13 +21041,13 @@ CVE-2018-13065 (** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribut CVE-2018-13064 RESERVED CVE-2018-13063 (Easy!Appointments 1.3.0 has a Missing Authorization issue allowing ret ...) - TODO: check + NOT-FOR-US: Easy!Appointments CVE-2018-13062 RESERVED CVE-2018-13061 RESERVED CVE-2018-13060 (Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue. ...) - TODO: check + NOT-FOR-US: Easy!Appointments CVE-2018-13059 RESERVED CVE-2018-13058 @@ -27739,7 +27739,7 @@ CVE-2018-10706 (An integer overflow in the transferMulti function of a smart con CVE-2018-10705 (The Owned smart contract implementation for Aurora DAO (AURA), an Ethe ...) NOT-FOR-US: Aurora DAD CVE-2018-10704 (yidashi yii2cmf 2.0 has XSS via the /search q parameter. ...) - TODO: check + NOT-FOR-US: yidashi yii2cmf CVE-2018-10703 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...) NOT-FOR-US: Moxa CVE-2018-10702 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...) @@ -29177,7 +29177,7 @@ CVE-2018-10126 (LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2786 NOTE: Crash in CLI tool, no security impact CVE-2018-10125 (Contao before 4.5.7 has XSS in the system log. ...) - TODO: check + NOT-FOR-US: Contao CVE-2018-10123 (p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to r ...) NOT-FOR-US: p910nd on Inteno IOPSYS CVE-2018-10122 (QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhi ...) |