[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Dec 31 08:10:32 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ddc08817 by security tracker role at 2019-12-31T08:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2019-20175 (** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core. ...)
+ TODO: check
+CVE-2019-20174
+ RESERVED
+CVE-2019-20173
+ RESERVED
+CVE-2019-20172 (Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not r ...)
+ TODO: check
+CVE-2019-20171 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
+ TODO: check
+CVE-2019-20170 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
+ TODO: check
+CVE-2019-20169 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
+ TODO: check
+CVE-2019-20168 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
+ TODO: check
+CVE-2019-20167 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
+ TODO: check
+CVE-2019-20166 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
+ TODO: check
+CVE-2019-20165 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
+ TODO: check
+CVE-2019-20164 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
+ TODO: check
+CVE-2019-20163 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
+ TODO: check
+CVE-2019-20162 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
+ TODO: check
+CVE-2019-20161 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
+ TODO: check
+CVE-2019-20160 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
+ TODO: check
+CVE-2019-20159 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
+ TODO: check
+CVE-2019-20158
+ RESERVED
+CVE-2019-20157
+ RESERVED
+CVE-2019-20156
+ RESERVED
+CVE-2019-20155
+ RESERVED
+CVE-2019-20154
+ RESERVED
+CVE-2019-20153
+ RESERVED
+CVE-2019-20152
+ RESERVED
+CVE-2019-20151
+ RESERVED
+CVE-2019-20150
+ RESERVED
CVE-2020-5128
RESERVED
CVE-2020-5127
@@ -2902,8 +2954,8 @@ CVE-2019-19929 (An Untrusted Search Path vulnerability in Malwarebytes AdwCleane
NOT-FOR-US: Malwarebytes AdwCleaner
CVE-2019-19928
RESERVED
-CVE-2019-19927
- RESERVED
+CVE-2019-19927 (In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on k ...)
+ TODO: check
CVE-2019-19926 (multiSelect in select.c in SQLite 3.30.1 mishandles certain errors dur ...)
- sqlite3 <not-affected> (Incomplete fix for CVE-2019-19880 not applied)
NOTE: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
@@ -9764,10 +9816,10 @@ CVE-2019-19034
RESERVED
CVE-2019-19033 (Jalios JCMS 10 allows attackers to access any part of the website and ...)
NOT-FOR-US: Jalios JCMS
-CVE-2019-19032
- RESERVED
-CVE-2019-19031
- RESERVED
+CVE-2019-19032 (XMLBlueprint through 16.191112 is affected by XML External Entity Inje ...)
+ TODO: check
+CVE-2019-19031 (Easy XML Editor through v1.7.8 is affected by: XML External Entity Inj ...)
+ TODO: check
CVE-2019-19030
RESERVED
CVE-2019-19029
@@ -18636,8 +18688,8 @@ CVE-2019-16792
RESERVED
CVE-2019-16791
RESERVED
-CVE-2019-16790
- RESERVED
+CVE-2019-16790 (In Tiny File Manager before 2.3.9, there is a remote code execution vi ...)
+ TODO: check
CVE-2019-16789 (In Waitress through version 1.4.0, if a proxy server is used in front ...)
- waitress <unfixed> (bug #947433)
[buster] - waitress <no-dsa> (Minor issue)
@@ -47159,10 +47211,10 @@ CVE-2019-7481 (Vulnerability in SonicWall SMA100 allow unauthenticated user to g
NOT-FOR-US: SonicWall SMA100
CVE-2019-7480
RESERVED
-CVE-2019-7479
- RESERVED
-CVE-2019-7478
- RESERVED
+CVE-2019-7479 (A vulnerability in SonicOS allow authenticated read-only admin can ele ...)
+ TODO: check
+CVE-2019-7478 (A vulnerability in GMS allow unauthenticated user to SQL injection in ...)
+ TODO: check
CVE-2019-7477 (A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow ...)
NOT-FOR-US: SonicWall
CVE-2019-7476 (A vulnerability in SonicWall Global Management System (GMS), allow a r ...)
@@ -57530,8 +57582,7 @@ CVE-2018-20511 (An issue was discovered in the Linux kernel before 4.18.11. The
- linux 4.18.20-1
[stretch] - linux 4.9.130-1
NOTE: Fixed by: https://git.kernel.org/linus/9824dfae5741275473a23a7ed5756c7b6efacc9d (4.19-rc5)
-CVE-2018-20507 [Missing authentication for Prometheus alert endpoint]
- RESERVED
+CVE-2018-20507 (An issue was discovered in GitLab Enterprise Edition 11.2.x through 11 ...)
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20506 (SQLite before 3.25.3, when the FTS3 extension is enabled, encounters a ...)
@@ -57550,58 +57601,46 @@ CVE-2018-20503 (Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_inter
NOT-FOR-US: Allied Telesis 8100L/8 devices
CVE-2018-20502 (An issue was discovered in Bento4 1.5.1-627. There is an attempt at ex ...)
NOT-FOR-US: Bento4
-CVE-2018-20501 [Missing authorization control merge requests]
- RESERVED
+CVE-2018-20501 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20500 (An insecure permissions issue was discovered in GitLab Community and E ...)
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
-CVE-2018-20499 [SSRF in project imports with LFS]
- RESERVED
+CVE-2018-20499 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
-CVE-2018-20498 [Improper access control branches and tags]
- RESERVED
+CVE-2018-20498 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
-CVE-2018-20497 [SSRF repository mirroring]
- RESERVED
+CVE-2018-20497 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
-CVE-2018-20496 [Persistent XSS label reference]
- RESERVED
+CVE-2018-20496 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
-CVE-2018-20495 [CI job token LFS error message disclosure]
- RESERVED
+CVE-2018-20495 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
-CVE-2018-20494 [Guest user CI job disclosure]
- RESERVED
+CVE-2018-20494 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
-CVE-2018-20493 [Source code disclosure merge request diff]
- RESERVED
+CVE-2018-20493 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20492 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
-CVE-2018-20491 [Persistent XSS wiki in IE browser]
- RESERVED
+CVE-2018-20491 (An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x ...)
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
-CVE-2018-20490 [Persistent XSS Autocompletion]
- RESERVED
+CVE-2018-20490 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
-CVE-2018-20489 [URL rel attribute not set]
- RESERVED
+CVE-2018-20489 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
-CVE-2018-20488 [Secret CI variable exposure]
- RESERVED
+CVE-2018-20488 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20487 (An issue was discovered in the firewall3 component in Inteno IOPSYS 1. ...)
@@ -98680,8 +98719,8 @@ CVE-2018-7861
REJECTED
CVE-2018-7860
RESERVED
-CVE-2018-7859
- RESERVED
+CVE-2018-7859 (A security vulnerability in D-Link DGS-1510-series switches with firmw ...)
+ TODO: check
CVE-2018-7858 (Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Em ...)
- qemu 1:2.12~rc3+dfsg-1 (bug #892497)
[stretch] - qemu <not-affected> (Vulnerable code not present)
@@ -197422,6 +197461,7 @@ CVE-2016-2091 (The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdw
NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/3
NOTE: Fixed by http://sourceforge.net/p/libdwarf/code/ci/9565964f26966d8391fe2cfa8e6e8e59278c5f91
CVE-2016-2090 (Off-by-one vulnerability in the fgetwln function in libbsd before 0.8. ...)
+ {DLA-2052-1}
- libbsd 0.8.2-1
[wheezy] - libbsd <not-affected> (Vulnerable code not present)
[squeeze] - libbsd <not-affected> (Vulnerable code not present)
@@ -268550,8 +268590,7 @@ CVE-2013-2017 (The veth (aka virtual Ethernet) driver in the Linux kernel before
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ec82562ffc6f297d0de36d65776cff8e5704867
NOTE: http://marc.info/?l=linux-netdev&m=127310770900442&w=3
-CVE-2013-2016 [qemu: virtio: out-of-bounds config space access]
- RESERVED
+CVE-2013-2016 (A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validat ...)
- qemu 1.5.0+dfsg-1 (bug #710822)
[jessie] - qemu <not-affected> (vulnerability introduced in 1.3.0)
[wheezy] - qemu <not-affected> (vulnerability introduced in 1.3.0)
@@ -274061,8 +274100,7 @@ CVE-2013-0266 (manifests/base.pp in the puppetlabs-cinder module, as used in Pac
CVE-2013-0265 (The redirect_stderr function in xnbd_common.c in xnbd-server and xndb- ...)
- xnbd 0.1.0-pre-hg20-e75b93a47722-3 (low)
NOTE: http://seclists.org/oss-sec/2013/q1/248
-CVE-2013-0264
- RESERVED
+CVE-2013-0264 (An import error was introduced in Cumin in the code refactoring in r53 ...)
NOT-FOR-US: Cumin
CVE-2013-0263 (Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, ...)
{DSA-2783-1}
@@ -274279,8 +274317,7 @@ CVE-2013-0198 (Dnsmasq before 2.66test2, when used with certain libvirt configur
CVE-2013-0197 (Cross-site scripting (XSS) vulnerability in the filter_draw_selection_ ...)
- mantis <not-affected> (This only affects the 1.2.12 version, which isn't present in Debian, bug #698481)
NOTE: http://www.mantisbt.org/bugs/view.php?id=15373
-CVE-2013-0196
- RESERVED
+CVE-2013-0196 (A CSRF issue was found in OpenShift Enterprise 1.2. The web console is ...)
NOT-FOR-US: OpenShift
CVE-2013-0195 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attack ...)
- piwik <itp> (bug #506933)
@@ -276509,8 +276546,7 @@ CVE-2012-5665 (ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not prop
[wheezy] - owncloud 4.0.4debian2-3.2
CVE-2012-5664
REJECTED
-CVE-2012-5663
- RESERVED
+CVE-2012-5663 (The isearch package (textproc/isearch) before 1.47.01nb1 uses the temp ...)
NOT-FOR-US: Isearch
NOTE: http://www.openwall.com/lists/oss-security/2012/12/21/1
CVE-2012-5662 (x3270 before 3.3.12ga12 does not verify that the server hostname match ...)
@@ -276565,8 +276601,7 @@ CVE-2012-5647 (Open redirect vulnerability in node-util/www/html/restorer.php in
NOT-FOR-US: OpenShift
CVE-2012-5646 (node-util/www/html/restorer.php in the Red Hat OpenShift Origin before ...)
NOT-FOR-US: OpenShift
-CVE-2012-5645
- RESERVED
+CVE-2012-5645 (A denial of service flaw was found in the way the server component of ...)
- freeciv 2.3.4-1 (low; bug #696306)
[squeeze] - freeciv <no-dsa> (Minor issue)
[wheezy] - freeciv 2.3.2-1+deb7u1
@@ -277052,8 +277087,7 @@ CVE-2012-5476 (Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard
- horizon <not-affected> (File is installed with 0700 perms in Debian)
CVE-2012-5475 [YUI 2.x security issue regarding embedded SWF files]
REJECTED
-CVE-2012-5474
- RESERVED
+CVE-2012-5474 (The file /etc/openstack-dashboard/local_settings within Red Hat OpenSt ...)
- horizon 2012.1.1-7
CVE-2012-5473 (The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x befor ...)
- moodle 2.2.3.dfsg-2.6
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ddc0881759b2681c36e02c22333fa5ccff0f936c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ddc0881759b2681c36e02c22333fa5ccff0f936c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191231/870c4f37/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list