[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Dec 31 20:10:25 GMT 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1d1f96e2 by security tracker role at 2019-12-31T20:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,147 @@
+CVE-2020-5178
+	RESERVED
+CVE-2020-5177
+	RESERVED
+CVE-2020-5176
+	RESERVED
+CVE-2020-5175
+	RESERVED
+CVE-2020-5174
+	RESERVED
+CVE-2020-5173
+	RESERVED
+CVE-2020-5172
+	RESERVED
+CVE-2020-5171
+	RESERVED
+CVE-2020-5170
+	RESERVED
+CVE-2020-5169
+	RESERVED
+CVE-2020-5168
+	RESERVED
+CVE-2020-5167
+	RESERVED
+CVE-2020-5166
+	RESERVED
+CVE-2020-5165
+	RESERVED
+CVE-2020-5164
+	RESERVED
+CVE-2020-5163
+	RESERVED
+CVE-2020-5162
+	RESERVED
+CVE-2020-5161
+	RESERVED
+CVE-2020-5160
+	RESERVED
+CVE-2020-5159
+	RESERVED
+CVE-2020-5158
+	RESERVED
+CVE-2020-5157
+	RESERVED
+CVE-2020-5156
+	RESERVED
+CVE-2020-5155
+	RESERVED
+CVE-2020-5154
+	RESERVED
+CVE-2020-5153
+	RESERVED
+CVE-2020-5152
+	RESERVED
+CVE-2020-5151
+	RESERVED
+CVE-2020-5150
+	RESERVED
+CVE-2020-5149
+	RESERVED
+CVE-2020-5148
+	RESERVED
+CVE-2020-5147
+	RESERVED
+CVE-2020-5146
+	RESERVED
+CVE-2020-5145
+	RESERVED
+CVE-2020-5144
+	RESERVED
+CVE-2020-5143
+	RESERVED
+CVE-2020-5142
+	RESERVED
+CVE-2020-5141
+	RESERVED
+CVE-2020-5140
+	RESERVED
+CVE-2020-5139
+	RESERVED
+CVE-2020-5138
+	RESERVED
+CVE-2020-5137
+	RESERVED
+CVE-2020-5136
+	RESERVED
+CVE-2020-5135
+	RESERVED
+CVE-2020-5134
+	RESERVED
+CVE-2020-5133
+	RESERVED
+CVE-2020-5132
+	RESERVED
+CVE-2020-5131
+	RESERVED
+CVE-2020-5130
+	RESERVED
+CVE-2020-5129
+	RESERVED
+CVE-2019-20197 (In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary ...)
+	TODO: check
+CVE-2019-20196
+	RESERVED
+CVE-2019-20195
+	RESERVED
+CVE-2019-20194
+	RESERVED
+CVE-2019-20193
+	RESERVED
+CVE-2019-20192
+	RESERVED
+CVE-2019-20191
+	RESERVED
+CVE-2019-20190
+	RESERVED
+CVE-2019-20189
+	RESERVED
+CVE-2019-20188
+	RESERVED
+CVE-2019-20187
+	RESERVED
+CVE-2019-20186
+	RESERVED
+CVE-2019-20185
+	RESERVED
+CVE-2019-20184
+	RESERVED
+CVE-2019-20183
+	RESERVED
+CVE-2019-20182
+	RESERVED
+CVE-2019-20181
+	RESERVED
+CVE-2019-20180
+	RESERVED
+CVE-2019-20179
+	RESERVED
+CVE-2019-20178
+	RESERVED
+CVE-2019-20177
+	RESERVED
+CVE-2019-20176 (In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the li ...)
+	TODO: check
 CVE-2019-20175 (** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core. ...)
 	- qemu <unfixed> (unimportant)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg01651.html
@@ -15243,6 +15387,7 @@ CVE-2019-18180 (Improper Check for filenames with overly long extensions in Post
 	NOTE: https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/
 CVE-2019-18179
 	RESERVED
+	{DLA-2053-1}
 	- otrs2 6.0.24-1 (bug #945251)
 	[buster] - otrs2 <no-dsa> (Non-free not supported)
 	[stretch] - otrs2 <no-dsa> (Non-free not supported)
@@ -19675,7 +19820,7 @@ CVE-2019-16407 (JetBrains ReSharper installers for versions before 2019.2 had a
 	NOT-FOR-US: JetBrains ReSharper installer
 CVE-2019-16406 (Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware v ...)
 	- centreon-web <itp> (bug #913903)
-CVE-2019-16405 (Centreon Web 19.04.4 allows Remote Code Execution by an administrator  ...)
+CVE-2019-16405 (Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19. ...)
 	- centreon-web <itp> (bug #913903)
 CVE-2019-16404 (Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php ...)
 	NOT-FOR-US: OpenEMR
@@ -25722,8 +25867,7 @@ CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c
 	NOTE: https://sourceforge.net/p/open-cobol/bugs/581/
 CVE-2019-14467 (The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code E ...)
 	NOT-FOR-US: Social Photo Gallery plugin for WordPress
-CVE-2019-14466 [GOsa <= 2.7.5.2 uses unserialize to restore filter settings from a cookie. Since this cookie is supplied by the client, authenticated users can pass arbitrary content to unserialized, which opens GOsa up to a potential PHP object injection.]
-	RESERVED
+CVE-2019-14466 (The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable  ...)
 	{DLA-1905-1}
 	- gosa 2.7.4+reloaded3-10
 	NOTE: https://github.com/gosa-project/gosa-core/commit/e1504e9765db2adde8b4685b5c93fbba57df868b (fix)
@@ -31649,8 +31793,8 @@ CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allo
 	- slurm-llnl 19.05.3.2-1 (bug #931880)
 	[stretch] - slurm-llnl <no-dsa> (Too intrusive to backport)
 	NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html
-CVE-2019-12837
-	RESERVED
+CVE-2019-12837 (The Java API in Generalitat de Catalunya accesuniversitat.gencat.cat 1 ...)
+	TODO: check
 CVE-2019-12836 (The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker t ...)
 	NOT-FOR-US: Bobronix JEditor editor for Jira
 CVE-2019-12835 (formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds ...)
@@ -33166,8 +33310,8 @@ CVE-2016-10750 (In Hazelcast before 3.11, the cluster join procedure is vulnerab
 	- hazelcast <itp> (bug #745640)
 CVE-2019-12274 (In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to de ...)
 	NOT-FOR-US: Rancher
-CVE-2019-12273
-	RESERVED
+CVE-2019-12273 (OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF ...)
+	TODO: check
 CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/band ...)
 	NOT-FOR-US: OpenWrt LuCI
 CVE-2019-12271 (Sandline Centraleyezer (On Premises) allows unrestricted File Upload w ...)
@@ -33441,8 +33585,8 @@ CVE-2019-12188
 	RESERVED
 CVE-2019-12187
 	RESERVED
-CVE-2019-12186
-	RESERVED
+CVE-2019-12186 (An issue was discovered in Sylius products. Missing input sanitization ...)
+	TODO: check
 CVE-2019-12185 (eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/con ...)
 	NOT-FOR-US: eLabFTW
 CVE-2019-12184 (There is XSS in browser/components/MarkdownPreview.js in BoostIO Boost ...)
@@ -38763,12 +38907,12 @@ CVE-2019-10231 (Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vu
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2019-10230
 	RESERVED
-CVE-2019-10229
-	RESERVED
+CVE-2019-10229 (An issue was discovered in MailStore Server (and Service Provider Edit ...)
+	TODO: check
 CVE-2019-10228
 	RESERVED
-CVE-2019-10227
-	RESERVED
+CVE-2019-10227 (openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found comp ...)
+	TODO: check
 CVE-2019-10226 (HTML Injection has been discovered in the v0.19.0 version of the Fat F ...)
 	NOT-FOR-US: Fat Free CRM
 CVE-2019-10225
@@ -39974,10 +40118,12 @@ CVE-2019-1010304 (Saleor Issue was introduced by merge commit: e1b01bad0703afd08
 CVE-2019-1010303
 	RESERVED
 CVE-2019-1010302 (jhead 3.03 is affected by: Incorrect Access Control. The impact is: De ...)
+	{DLA-2054-1}
 	- jhead 1:3.03-2 (unimportant; bug #932146)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1679978
 	NOTE: No security impact, crash in CLI tool
 CVE-2019-1010301 (jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of s ...)
+	{DLA-2054-1}
 	- jhead 1:3.03-2 (unimportant; bug #932145)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1679952
 	NOTE: No security impact, crash in CLI tool
@@ -41446,8 +41592,8 @@ CVE-2019-9670 (mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x be
 	NOT-FOR-US: Synacor Zimbra Collaboration Suite
 CVE-2019-9669 (The Wordfence plugin 7.2.3 for WordPress allows XSS via a unique attac ...)
 	NOT-FOR-US: Wordfence plugin for WordPress
-CVE-2019-9668
-	RESERVED
+CVE-2019-9668 (An issue was discovered in rovinbhandari FTP through 2012-03-28. recei ...)
+	TODO: check
 CVE-2019-9667
 	RESERVED
 CVE-2019-9666
@@ -41805,14 +41951,14 @@ CVE-2019-9558 (Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Sc
 	NOT-FOR-US: Mailtraq WebMail
 CVE-2019-9557 (Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) vi ...)
 	NOT-FOR-US: Ability Mail Server
-CVE-2019-9556
-	RESERVED
+CVE-2019-9556 (FiberHome an5506-04-f RP2669 devices have XSS. ...)
+	TODO: check
 CVE-2019-9555 (Sagemcom F at st 5260 routers using firmware version 0.4.39, in WPA mode, ...)
 	NOT-FOR-US: Sagemcom routers
-CVE-2019-9554
-	RESERVED
-CVE-2019-9553
-	RESERVED
+CVE-2019-9554 (In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the ...)
+	TODO: check
+CVE-2019-9553 (Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcon ...)
+	TODO: check
 CVE-2019-9552 (Eloan V3.0 through 2018-09-20 allows remote attackers to list files vi ...)
 	NOT-FOR-US: Eloan
 CVE-2019-9551 (An issue was discovered in DOYO (aka doyocms) 2.3 through 2015-05-06.  ...)
@@ -42745,10 +42891,10 @@ CVE-2019-9208 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissect
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-07.html
-CVE-2019-9207
-	RESERVED
-CVE-2019-9206
-	RESERVED
+CVE-2019-9207 (PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm search ...)
+	TODO: check
+CVE-2019-9206 (PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm  ...)
+	TODO: check
 CVE-2019-9205
 	RESERVED
 CVE-2019-9204 (SQL injection vulnerability in Nagios IM (component of Nagios XI) befo ...)
@@ -42772,8 +42918,8 @@ CVE-2019-9199 (PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp i
 	NOTE: upstream fix: https://sourceforge.net/p/podofo/code/1971/
 CVE-2019-9198
 	RESERVED
-CVE-2019-9197
-	RESERVED
+CVE-2019-9197 (The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows  ...)
+	TODO: check
 CVE-2019-9196 (The Face authentication component in Aware mobile liveness 2.2.1 sdk 2 ...)
 	NOT-FOR-US: Aware mobile liveness
 CVE-2019-9195 (util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An a ...)
@@ -46457,8 +46603,8 @@ CVE-2018-20781 (In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user
 	NOTE: Not a vulnerability, just a hardening patch
 CVE-2019-7752
 	RESERVED
-CVE-2019-7751
-	RESERVED
+CVE-2019-7751 (A directory traversal and local file inclusion vulnerability in FPProd ...)
+	TODO: check
 CVE-2019-7750
 	RESERVED
 CVE-2019-7749
@@ -48165,8 +48311,8 @@ CVE-2019-7164 (SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL In
 	NOTE: https://github.com/sqlalchemy/sqlalchemy/commit/30307c4616ad67c01ddae2e1e8e34fabf6028414
 CVE-2019-7163 (The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 dev ...)
 	NOT-FOR-US: Alcatel
-CVE-2019-7162
-	RESERVED
+CVE-2019-7162 (An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Bu ...)
+	TODO: check
 CVE-2019-7161 (An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x th ...)
 	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
 CVE-2019-7160 (idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Trav ...)
@@ -55627,8 +55773,8 @@ CVE-2019-3986 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote att
 	NOT-FOR-US: Blink XT2
 CVE-2019-3985 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
 	NOT-FOR-US: Blink XT2
-CVE-2019-3984
-	RESERVED
+CVE-2019-3984 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
+	TODO: check
 CVE-2019-3983 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
 	NOT-FOR-US: Blink XT2
 CVE-2019-3982 (Nessus versions 8.6.0 and earlier were found to contain a Denial of Se ...)
@@ -58093,6 +58239,7 @@ CVE-2018-20351 (The Markdown component in Evernote (Chinese) before 8.3.2 on mac
 CVE-2018-20350
 	RESERVED
 CVE-2018-20349 (The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 ...)
+	{DLA-2055-1}
 	- igraph 0.7.1-3 (bug #917211)
 	[stretch] - igraph 0.7.1-2.1+deb9u1
 	- r-cran-igraph 1.2.2-2 (bug #917212)
@@ -63824,16 +63971,16 @@ CVE-2018-19836 (In Metinfo 6.1.3, include/interface/applogin.php allows setting
 	NOT-FOR-US: Metinfo
 CVE-2018-19835 (Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_col ...)
 	NOT-FOR-US: Metinfo
-CVE-2018-19834
-	RESERVED
-CVE-2018-19833
-	RESERVED
-CVE-2018-19832
-	RESERVED
-CVE-2018-19831
-	RESERVED
-CVE-2018-19830
-	RESERVED
+CVE-2018-19834 (The quaker function of a smart contract implementation for BOMBBA (BOM ...)
+	TODO: check
+CVE-2018-19833 (The owned function of a smart contract implementation for DDQ, an trad ...)
+	TODO: check
+CVE-2018-19832 (The NETM() function of a smart contract implementation for NewIntelTec ...)
+	TODO: check
+CVE-2018-19831 (The ToOwner() function of a smart contract implementation for Cryptbon ...)
+	TODO: check
+CVE-2018-19830 (The UBSexToken() function of a smart contract implementation for Busin ...)
+	TODO: check
 CVE-2018-19829 (Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios ...)
 	NOT-FOR-US: Artica Integria IMS
 CVE-2018-19828 (Artica Integria IMS 5.0.83 has XSS via the search_string parameter. ...)
@@ -75852,10 +75999,12 @@ CVE-2018-16514 (A cross-site scripting (XSS) vulnerability in the View Filters p
 	- mantis <removed>
 	NOTE: https://mantisbt.org/bugs/view.php?id=24731
 CVE-2018-17088 (The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may al ...)
+	{DLA-2054-1}
 	- jhead 1:3.00-8 (bug #907925)
 	[stretch] - jhead 1:3.00-4+deb9u1
 	[jessie] - jhead <no-dsa> (Minor issue)
 CVE-2018-16554 (The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may al ...)
+	{DLA-2054-1}
 	- jhead 1:3.00-8 (bug #908176)
 	[stretch] - jhead 1:3.00-4+deb9u1
 	[jessie] - jhead <no-dsa> (Minor issue)
@@ -81187,8 +81336,8 @@ CVE-2018-14478 (ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via t
 	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2018-14477
 	RESERVED
-CVE-2018-14476
-	RESERVED
+CVE-2018-14476 (GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step  ...)
+	TODO: check
 CVE-2018-14475
 	RESERVED
 CVE-2018-14474 (views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the ne ...)
@@ -262358,8 +262507,7 @@ CVE-2013-4358 (libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers
 	[wheezy] - libav <not-affected> (Vulnerable code not present)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=072be3e8969f24113d599444be4d6a0ed04a6602
-CVE-2013-4357 [getaddrinfo(), glob_in_dir stack overflow]
-	RESERVED
+CVE-2013-4357 (The eglibc package before 2.14 incorrectly handled the getaddrinfo() f ...)
 	{DLA-165-1}
 	- eglibc 2.17-1 (unimportant; bug #742925)
 	[wheezy] - eglibc 2.13-38+deb7u6
@@ -263039,8 +263187,7 @@ CVE-2013-4162 (The udp_v6_push_pending_frames function in net/ipv6/udp.c in the
 	{DSA-2906-1 DSA-2745-1}
 	- linux 3.10.5-1 (low)
 	- linux-2.6 <removed> (low)
-CVE-2013-4161
-	RESERVED
+CVE-2013-4161 (gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012- ...)
 	- gksu-polkit <not-affected> (CVE for improperly applied fix for CVE-2012-5617 on Red Hat)
 CVE-2013-4160 (Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other ...)
 	- lcms 1.19.dfsg1-1.3 (low; bug #728208)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d1f96e2f42809c55d4b0885fff4a379f1f126c9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d1f96e2f42809c55d4b0885fff4a379f1f126c9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191231/eaf212f1/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list