[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Dec 2 20:11:15 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e9d78110 by security tracker role at 2019-12-02T20:10:36Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,111 @@
+CVE-2020-1924
+ RESERVED
+CVE-2020-1923
+ RESERVED
+CVE-2020-1922
+ RESERVED
+CVE-2020-1921
+ RESERVED
+CVE-2020-1920
+ RESERVED
+CVE-2020-1919
+ RESERVED
+CVE-2020-1918
+ RESERVED
+CVE-2020-1917
+ RESERVED
+CVE-2020-1916
+ RESERVED
+CVE-2020-1915
+ RESERVED
+CVE-2020-1914
+ RESERVED
+CVE-2020-1913
+ RESERVED
+CVE-2020-1912
+ RESERVED
+CVE-2020-1911
+ RESERVED
+CVE-2020-1910
+ RESERVED
+CVE-2020-1909
+ RESERVED
+CVE-2020-1908
+ RESERVED
+CVE-2020-1907
+ RESERVED
+CVE-2020-1906
+ RESERVED
+CVE-2020-1905
+ RESERVED
+CVE-2020-1904
+ RESERVED
+CVE-2020-1903
+ RESERVED
+CVE-2020-1902
+ RESERVED
+CVE-2020-1901
+ RESERVED
+CVE-2020-1900
+ RESERVED
+CVE-2020-1899
+ RESERVED
+CVE-2020-1898
+ RESERVED
+CVE-2020-1897
+ RESERVED
+CVE-2020-1896
+ RESERVED
+CVE-2020-1895
+ RESERVED
+CVE-2020-1894
+ RESERVED
+CVE-2020-1893
+ RESERVED
+CVE-2020-1892
+ RESERVED
+CVE-2020-1891
+ RESERVED
+CVE-2020-1890
+ RESERVED
+CVE-2020-1889
+ RESERVED
+CVE-2020-1888
+ RESERVED
+CVE-2020-1887
+ RESERVED
+CVE-2020-1886
+ RESERVED
+CVE-2020-1885
+ RESERVED
+CVE-2019-19512
+ RESERVED
+CVE-2019-19511
+ RESERVED
+CVE-2019-19510
+ RESERVED
+CVE-2019-19509
+ RESERVED
+CVE-2019-19508
+ RESERVED
+CVE-2019-19507 (In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can ...)
+ TODO: check
+CVE-2019-19506
+ RESERVED
+CVE-2019-19505
+ RESERVED
+CVE-2019-19504
+ RESERVED
+CVE-2019-19503
+ RESERVED
+CVE-2019-19502 (pluginconfig.php in the Image Uploader and Browser plugin before 4.1.9 ...)
+ TODO: check
+CVE-2019-19501
+ RESERVED
+CVE-2019-19500
+ RESERVED
+CVE-2019-19499
+ RESERVED
CVE-2019-19498
RESERVED
CVE-2019-19497
@@ -998,8 +1106,8 @@ CVE-2019-19246 (Oniguruma through 6.9.3, as used in PHP 7.3.x and other products
- libonig <unfixed>
NOTE: https://bugs.php.net/bug.php?id=78559
NOTE: https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b
-CVE-2019-19245
- RESERVED
+CVE-2019-19245 (NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication S ...)
+ TODO: check
CVE-2019-19244 (sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-sel ...)
- sqlite3 <unfixed>
[jessie] - sqlite3 <not-affected> (Vulnerable code, i.e. window functions, not present)
@@ -1277,8 +1385,7 @@ CVE-2019-19120
RESERVED
CVE-2019-19119
RESERVED
-CVE-2019-19118 [Privilege escalation in the Django admin]
- RESERVED
+CVE-2019-19118 (Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model ...)
- python-django 2:2.2.8-1
NOTE: https://www.djangoproject.com/weblog/2019/dec/02/security-releases/
NOTE: https://github.com/django/django/commit/11c5e0609bcc0db93809de2a08e0dc3d70b393e4 (master)
@@ -1573,22 +1680,22 @@ CVE-2019-19023
RESERVED
CVE-2019-19022 (iTerm2 through 3.3.6 has potentially insufficient documentation about ...)
NOT-FOR-US: iTerm2
-CVE-2019-19021
- RESERVED
-CVE-2019-19020
- RESERVED
-CVE-2019-19019
- RESERVED
-CVE-2019-19018
- RESERVED
-CVE-2019-19017
- RESERVED
-CVE-2019-19016
- RESERVED
-CVE-2019-19015
- RESERVED
-CVE-2019-19014
- RESERVED
+CVE-2019-19021 (An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidd ...)
+ TODO: check
+CVE-2019-19020 (An issue was discovered in TitanHQ WebTitan before 5.18. In the admini ...)
+ TODO: check
+CVE-2019-19019 (An issue was discovered in TitanHQ WebTitan before 5.18. It contains a ...)
+ TODO: check
+CVE-2019-19018 (An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a ...)
+ TODO: check
+CVE-2019-19017 (An issue was discovered in TitanHQ WebTitan before 5.18. The appliance ...)
+ TODO: check
+CVE-2019-19016 (An issue was discovered in TitanHQ WebTitan before 5.18. Some function ...)
+ TODO: check
+CVE-2019-19015 (An issue was discovered in TitanHQ WebTitan before 5.18. The proxy ser ...)
+ TODO: check
+CVE-2019-19014 (An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudo ...)
+ TODO: check
CVE-2019-19013 (A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an ...)
NOT-FOR-US: Pagekit CMS
CVE-2019-19012 (An integer overflow in the search_in_range function in regexec.c in On ...)
@@ -13558,8 +13665,8 @@ CVE-2019-15630 (Directory Traversal in APIkit, HTTP connector, and OAuth2 Provid
NOT-FOR-US: MuleSoft
CVE-2019-15629 (Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is ...)
NOT-FOR-US: Trend Micro
-CVE-2019-15628
- RESERVED
+CVE-2019-15628 (Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affecte ...)
+ TODO: check
CVE-2019-15627 (Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent ar ...)
NOT-FOR-US: Trend Micro
CVE-2019-15626 (The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), ...)
@@ -15913,7 +16020,7 @@ CVE-2019-14892
NOTE: https://github.com/FasterXML/jackson-databind/commit/819cdbcab51c6da9fb896380f2d46e9b7d4fdc3b
CVE-2019-14891 (A flaw was found in cri-o, as a result of all pod-related processes be ...)
NOT-FOR-US: Kubernetes CRI-O
-CVE-2019-14890 (An attacker with low privilege could retrieve usernames and passwords ...)
+CVE-2019-14890 (A vulnerability was found in Ansible Tower before 3.6.1 where an attac ...)
NOT-FOR-US: Ansible Tower
CVE-2019-14889
RESERVED
@@ -16019,7 +16126,7 @@ CVE-2019-14858 (A vulnerability was found in Ansible engine 2.x up to 2.8 and An
- ansible 2.8.6+dfsg-1 (bug #942332)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760593
NOTE: https://github.com/ansible/ansible/pull/63405
-CVE-2019-14857 (mod_auth_openidc before version 2.4.0.1 is vulnerable to a None ...)
+CVE-2019-14857 (A flaw was found in mod_auth_openidc before version 2.4.0.1. An open r ...)
{DLA-1996-1}
- libapache2-mod-auth-openidc 2.4.0.3-1 (bug #942165)
[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
@@ -16047,7 +16154,7 @@ CVE-2019-14855 [WoT forgeries using SHA-1]
CVE-2019-14854
RESERVED
NOT-FOR-US: OpenShift
-CVE-2019-14853 (An error-handling flaw was found in python-ecdsa. During signature dec ...)
+CVE-2019-14853 (An error-handling flaw was found in python-ecdsa before version 0.13.3 ...)
{DLA-1978-1}
- python-ecdsa 0.13.3-1
NOTE: https://github.com/warner/python-ecdsa/issues/114
@@ -16206,7 +16313,7 @@ CVE-2019-14817 (A flaw was found in, ghostscript versions prior to 9.50, in the
CVE-2019-14816 (There is heap-based buffer overflow in kernel, all versions up to, exc ...)
{DLA-1930-1}
- linux 5.2.17-1
-CVE-2019-14815 (kernel is vulnerable to a None ...)
+CVE-2019-14815 (A vulnerability was found in Linux Kernel, where a Heap Overflow was f ...)
{DLA-1930-1}
- linux 5.2.17-1
[jessie] - linux <not-affected> (Vulnerability introduced later)
@@ -23863,8 +23970,8 @@ CVE-2019-12519
RESERVED
CVE-2017-18376 (An improper authorization check in the User API in TheHive before 2.13 ...)
NOT-FOR-US: User API in TheHive Project
-CVE-2019-12518
- RESERVED
+CVE-2019-12518 (Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 ...)
+ TODO: check
CVE-2019-12517 (An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 fo ...)
NOT-FOR-US: slickquiz plugin for WordPress
CVE-2019-12516 (The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injectio ...)
@@ -23894,8 +24001,8 @@ CVE-2019-12505 (Due to unencrypted and unauthenticated data communication, the w
NOT-FOR-US: Inateck
CVE-2019-12504 (Due to unencrypted and unauthenticated data communication, the wireles ...)
NOT-FOR-US: Inateck
-CVE-2019-12503
- RESERVED
+CVE-2019-12503 (Due to unencrypted and unauthenticated data communication, the wireles ...)
+ TODO: check
CVE-2019-12502 (There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 ca ...)
NOT-FOR-US: MOBOTIX cameras
CVE-2019-12501
@@ -24261,20 +24368,20 @@ CVE-2019-12396
REJECTED
CVE-2019-12395 (In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing login check ...)
NOT-FOR-US: Webbukkit Dynmap
-CVE-2019-12394
- RESERVED
-CVE-2019-12393
- RESERVED
-CVE-2019-12392
- RESERVED
-CVE-2019-12391
- RESERVED
-CVE-2019-12390
- RESERVED
-CVE-2019-12389
- RESERVED
-CVE-2019-12388
- RESERVED
+CVE-2019-12394 (Anviz access control devices allow unverified password change which al ...)
+ TODO: check
+CVE-2019-12393 (Anviz access control devices are vulnerable to replay attacks which co ...)
+ TODO: check
+CVE-2019-12392 (Anviz access control devices allow remote attackers to issue commands ...)
+ TODO: check
+CVE-2019-12391 (The Anviz Management System for access control has insufficient loggin ...)
+ TODO: check
+CVE-2019-12390 (Anviz access control devices expose private Information (pin code and ...)
+ TODO: check
+CVE-2019-12389 (Anviz access control devices expose credentials (names and passwords) ...)
+ TODO: check
+CVE-2019-12388 (Anviz access control devices perform cleartext transmission of sensiti ...)
+ TODO: check
CVE-2019-12387 (In Twisted before 19.2.1, twisted.web did not validate or sanitize URI ...)
- twisted <unfixed> (bug #930389)
[buster] - twisted <no-dsa> (Minor issue)
@@ -44618,6 +44725,7 @@ CVE-2019-5166
CVE-2019-5165
RESERVED
CVE-2019-5164 [shadowsocks-libev TALOS-2019-0958]
+ RESERVED
- shadowsocks-libev 3.3.3+ds-2
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958
NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/2537
@@ -220953,8 +221061,7 @@ CVE-2014-9358 (Docker before 1.3.3 does not properly validate image IDs, which a
- docker.io 1.3.3~dfsg1-1 (bug #772909)
CVE-2014-9357 (Docker 1.3.2 allows remote attackers to execute arbitrary code with ro ...)
- docker.io 1.3.3~dfsg1-1 (bug #772909)
-CVE-2014-9356 [Path traversal during processing of absolute symlinks]
- RESERVED
+CVE-2014-9356 (Path traversal vulnerability in Docker before 1.3.3 allows remote atta ...)
- docker.io 1.3.3~dfsg1-1 (bug #772909)
CVE-2014-9355 (Puppet Enterprise before 3.7.1 allows remote authenticated users to ob ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
@@ -253587,8 +253694,7 @@ CVE-2013-4412 (slim has NULL pointer dereference when using crypt() method from
CVE-2013-4411
RESERVED
- reviewboard <itp> (bug #653113)
-CVE-2013-4410
- RESERVED
+CVE-2013-4410 (ReviewBoard: has an access-control problem in REST API ...)
- reviewboard <itp> (bug #653113)
CVE-2013-4409 (An eval() vulnerability exists in Python Software Foundation Djblets 0 ...)
- djblets <removed> (low; bug #726039)
@@ -268363,8 +268469,7 @@ CVE-2012-5564 (android-tools 4.1.1 in Android Debug Bridge (ADB) allows local us
NOTE: Neutralised by kernel hardening
CVE-2012-5563 (OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not prope ...)
- keystone <not-affected> (Folsom branch not packaged yet)
-CVE-2012-5562
- RESERVED
+CVE-2012-5562 (rhn-proxy: may transmit credentials over clear-text when accessing RHN ...)
NOT-FOR-US: Red Hat Satellite
CVE-2012-5561 (script/katello-generate-passphrase in Katello 1.1 uses world-readable ...)
NOT-FOR-US: Katello
@@ -271103,8 +271208,7 @@ CVE-2012-4578 (The geli encryption provider 7 before r239184 on FreeBSD 10 uses
NOTE: not sure if the bug is in the userland tool or in the kernel device
CVE-2012-4577 (The Linux firmware image on (1) Korenix Jetport 5600 series serial-dev ...)
NOT-FOR-US: Korenix Jetport 5600
-CVE-2012-4576 [freebsd privilege escalation]
- RESERVED
+CVE-2012-4576 (FreeBSD: Input Validation Flaw allows local users to gain elevated pri ...)
- kfreebsd-8 8.3-6 (bug #694096)
- kfreebsd-9 9.0-9 (bug #694097)
- kfreebsd-10 10.0~svn252032-1 (bug #694098)
@@ -271250,12 +271354,10 @@ CVE-2012-4527 (Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows us
- mcrypt 2.6.8-1.3 (unimportant; bug #690924)
NOTE: patch proposed by submitter at RH bugzilla is incorrect
NOTE: Only occurs in cmdline parsing, no priv escalation. Only a security issue in constructed setups
-CVE-2012-4526 [XSS in password.php, incomplete fix for CVE-2012-4525]
- RESERVED
+CVE-2012-4526 (piwigo has XSS in password.php (incomplete fix for CVE-2012-4525) ...)
- piwigo <not-affected> (incomplete fix not applied to Debian package)
[squeeze] - piwigo <not-affected> (vulnerable code not present)
-CVE-2012-4525 [XSS in password.php]
- RESERVED
+CVE-2012-4525 (piwigo has XSS in password.php ...)
- piwigo <removed>
[squeeze] - piwigo <not-affected> (vulnerable code not present)
CVE-2012-4524 (xlockmore before 5.43 'dclock' security bypass vulnerability ...)
@@ -271376,8 +271478,7 @@ CVE-2012-4482 (The Ubercart SecureTrading Payment Method module 6.x for Drupal d
CVE-2012-4481 (The safe-level feature in Ruby 1.8.7 allows context-dependent attacker ...)
- ruby1.8 1.8.7.358-5 (bug #689945)
[squeeze] - ruby1.8 <not-affected> (problematic code not present)
-CVE-2012-4480
- RESERVED
+CVE-2012-4480 (mom creates world-writable pid files in /var/run ...)
NOT-FOR-US: mom
CVE-2012-4479 (SQL injection vulnerability in the Drag & Drop Gallery module 6.x ...)
NOT-FOR-US: Drupal contributed-module
@@ -271546,8 +271647,7 @@ CVE-2012-4429 (Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to re
- vino 3.8.1-1 (bug #687596; low)
[squeeze] - vino <no-dsa> (Minor issue)
[wheezy] - vino <no-dsa> (Minor issue)
-CVE-2012-4428
- RESERVED
+CVE-2012-4428 (openslp: SLPIntersectStringList()' Function has a DoS vulnerability ...)
{DLA-304-1}
- openslp-dfsg 1.2.1-10 (bug #687597; low)
[squeeze] - openslp-dfsg <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9d78110429a512aa54ec8bc70ee1e0cab5bd3f9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9d78110429a512aa54ec8bc70ee1e0cab5bd3f9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191202/a4f6b201/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list