[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Dec 31 20:10:25 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1d1f96e2 by security tracker role at 2019-12-31T20:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,147 @@
+CVE-2020-5178
+ RESERVED
+CVE-2020-5177
+ RESERVED
+CVE-2020-5176
+ RESERVED
+CVE-2020-5175
+ RESERVED
+CVE-2020-5174
+ RESERVED
+CVE-2020-5173
+ RESERVED
+CVE-2020-5172
+ RESERVED
+CVE-2020-5171
+ RESERVED
+CVE-2020-5170
+ RESERVED
+CVE-2020-5169
+ RESERVED
+CVE-2020-5168
+ RESERVED
+CVE-2020-5167
+ RESERVED
+CVE-2020-5166
+ RESERVED
+CVE-2020-5165
+ RESERVED
+CVE-2020-5164
+ RESERVED
+CVE-2020-5163
+ RESERVED
+CVE-2020-5162
+ RESERVED
+CVE-2020-5161
+ RESERVED
+CVE-2020-5160
+ RESERVED
+CVE-2020-5159
+ RESERVED
+CVE-2020-5158
+ RESERVED
+CVE-2020-5157
+ RESERVED
+CVE-2020-5156
+ RESERVED
+CVE-2020-5155
+ RESERVED
+CVE-2020-5154
+ RESERVED
+CVE-2020-5153
+ RESERVED
+CVE-2020-5152
+ RESERVED
+CVE-2020-5151
+ RESERVED
+CVE-2020-5150
+ RESERVED
+CVE-2020-5149
+ RESERVED
+CVE-2020-5148
+ RESERVED
+CVE-2020-5147
+ RESERVED
+CVE-2020-5146
+ RESERVED
+CVE-2020-5145
+ RESERVED
+CVE-2020-5144
+ RESERVED
+CVE-2020-5143
+ RESERVED
+CVE-2020-5142
+ RESERVED
+CVE-2020-5141
+ RESERVED
+CVE-2020-5140
+ RESERVED
+CVE-2020-5139
+ RESERVED
+CVE-2020-5138
+ RESERVED
+CVE-2020-5137
+ RESERVED
+CVE-2020-5136
+ RESERVED
+CVE-2020-5135
+ RESERVED
+CVE-2020-5134
+ RESERVED
+CVE-2020-5133
+ RESERVED
+CVE-2020-5132
+ RESERVED
+CVE-2020-5131
+ RESERVED
+CVE-2020-5130
+ RESERVED
+CVE-2020-5129
+ RESERVED
+CVE-2019-20197 (In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary ...)
+ TODO: check
+CVE-2019-20196
+ RESERVED
+CVE-2019-20195
+ RESERVED
+CVE-2019-20194
+ RESERVED
+CVE-2019-20193
+ RESERVED
+CVE-2019-20192
+ RESERVED
+CVE-2019-20191
+ RESERVED
+CVE-2019-20190
+ RESERVED
+CVE-2019-20189
+ RESERVED
+CVE-2019-20188
+ RESERVED
+CVE-2019-20187
+ RESERVED
+CVE-2019-20186
+ RESERVED
+CVE-2019-20185
+ RESERVED
+CVE-2019-20184
+ RESERVED
+CVE-2019-20183
+ RESERVED
+CVE-2019-20182
+ RESERVED
+CVE-2019-20181
+ RESERVED
+CVE-2019-20180
+ RESERVED
+CVE-2019-20179
+ RESERVED
+CVE-2019-20178
+ RESERVED
+CVE-2019-20177
+ RESERVED
+CVE-2019-20176 (In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the li ...)
+ TODO: check
CVE-2019-20175 (** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core. ...)
- qemu <unfixed> (unimportant)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg01651.html
@@ -15243,6 +15387,7 @@ CVE-2019-18180 (Improper Check for filenames with overly long extensions in Post
NOTE: https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/
CVE-2019-18179
RESERVED
+ {DLA-2053-1}
- otrs2 6.0.24-1 (bug #945251)
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
@@ -19675,7 +19820,7 @@ CVE-2019-16407 (JetBrains ReSharper installers for versions before 2019.2 had a
NOT-FOR-US: JetBrains ReSharper installer
CVE-2019-16406 (Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware v ...)
- centreon-web <itp> (bug #913903)
-CVE-2019-16405 (Centreon Web 19.04.4 allows Remote Code Execution by an administrator ...)
+CVE-2019-16405 (Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19. ...)
- centreon-web <itp> (bug #913903)
CVE-2019-16404 (Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php ...)
NOT-FOR-US: OpenEMR
@@ -25722,8 +25867,7 @@ CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c
NOTE: https://sourceforge.net/p/open-cobol/bugs/581/
CVE-2019-14467 (The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code E ...)
NOT-FOR-US: Social Photo Gallery plugin for WordPress
-CVE-2019-14466 [GOsa <= 2.7.5.2 uses unserialize to restore filter settings from a cookie. Since this cookie is supplied by the client, authenticated users can pass arbitrary content to unserialized, which opens GOsa up to a potential PHP object injection.]
- RESERVED
+CVE-2019-14466 (The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable ...)
{DLA-1905-1}
- gosa 2.7.4+reloaded3-10
NOTE: https://github.com/gosa-project/gosa-core/commit/e1504e9765db2adde8b4685b5c93fbba57df868b (fix)
@@ -31649,8 +31793,8 @@ CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allo
- slurm-llnl 19.05.3.2-1 (bug #931880)
[stretch] - slurm-llnl <no-dsa> (Too intrusive to backport)
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html
-CVE-2019-12837
- RESERVED
+CVE-2019-12837 (The Java API in Generalitat de Catalunya accesuniversitat.gencat.cat 1 ...)
+ TODO: check
CVE-2019-12836 (The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker t ...)
NOT-FOR-US: Bobronix JEditor editor for Jira
CVE-2019-12835 (formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds ...)
@@ -33166,8 +33310,8 @@ CVE-2016-10750 (In Hazelcast before 3.11, the cluster join procedure is vulnerab
- hazelcast <itp> (bug #745640)
CVE-2019-12274 (In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to de ...)
NOT-FOR-US: Rancher
-CVE-2019-12273
- RESERVED
+CVE-2019-12273 (OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF ...)
+ TODO: check
CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/band ...)
NOT-FOR-US: OpenWrt LuCI
CVE-2019-12271 (Sandline Centraleyezer (On Premises) allows unrestricted File Upload w ...)
@@ -33441,8 +33585,8 @@ CVE-2019-12188
RESERVED
CVE-2019-12187
RESERVED
-CVE-2019-12186
- RESERVED
+CVE-2019-12186 (An issue was discovered in Sylius products. Missing input sanitization ...)
+ TODO: check
CVE-2019-12185 (eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/con ...)
NOT-FOR-US: eLabFTW
CVE-2019-12184 (There is XSS in browser/components/MarkdownPreview.js in BoostIO Boost ...)
@@ -38763,12 +38907,12 @@ CVE-2019-10231 (Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vu
NOTE: Only supported behind an authenticated HTTP zone
CVE-2019-10230
RESERVED
-CVE-2019-10229
- RESERVED
+CVE-2019-10229 (An issue was discovered in MailStore Server (and Service Provider Edit ...)
+ TODO: check
CVE-2019-10228
RESERVED
-CVE-2019-10227
- RESERVED
+CVE-2019-10227 (openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found comp ...)
+ TODO: check
CVE-2019-10226 (HTML Injection has been discovered in the v0.19.0 version of the Fat F ...)
NOT-FOR-US: Fat Free CRM
CVE-2019-10225
@@ -39974,10 +40118,12 @@ CVE-2019-1010304 (Saleor Issue was introduced by merge commit: e1b01bad0703afd08
CVE-2019-1010303
RESERVED
CVE-2019-1010302 (jhead 3.03 is affected by: Incorrect Access Control. The impact is: De ...)
+ {DLA-2054-1}
- jhead 1:3.03-2 (unimportant; bug #932146)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1679978
NOTE: No security impact, crash in CLI tool
CVE-2019-1010301 (jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of s ...)
+ {DLA-2054-1}
- jhead 1:3.03-2 (unimportant; bug #932145)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1679952
NOTE: No security impact, crash in CLI tool
@@ -41446,8 +41592,8 @@ CVE-2019-9670 (mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x be
NOT-FOR-US: Synacor Zimbra Collaboration Suite
CVE-2019-9669 (The Wordfence plugin 7.2.3 for WordPress allows XSS via a unique attac ...)
NOT-FOR-US: Wordfence plugin for WordPress
-CVE-2019-9668
- RESERVED
+CVE-2019-9668 (An issue was discovered in rovinbhandari FTP through 2012-03-28. recei ...)
+ TODO: check
CVE-2019-9667
RESERVED
CVE-2019-9666
@@ -41805,14 +41951,14 @@ CVE-2019-9558 (Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Sc
NOT-FOR-US: Mailtraq WebMail
CVE-2019-9557 (Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) vi ...)
NOT-FOR-US: Ability Mail Server
-CVE-2019-9556
- RESERVED
+CVE-2019-9556 (FiberHome an5506-04-f RP2669 devices have XSS. ...)
+ TODO: check
CVE-2019-9555 (Sagemcom F at st 5260 routers using firmware version 0.4.39, in WPA mode, ...)
NOT-FOR-US: Sagemcom routers
-CVE-2019-9554
- RESERVED
-CVE-2019-9553
- RESERVED
+CVE-2019-9554 (In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the ...)
+ TODO: check
+CVE-2019-9553 (Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcon ...)
+ TODO: check
CVE-2019-9552 (Eloan V3.0 through 2018-09-20 allows remote attackers to list files vi ...)
NOT-FOR-US: Eloan
CVE-2019-9551 (An issue was discovered in DOYO (aka doyocms) 2.3 through 2015-05-06. ...)
@@ -42745,10 +42891,10 @@ CVE-2019-9208 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissect
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-07.html
-CVE-2019-9207
- RESERVED
-CVE-2019-9206
- RESERVED
+CVE-2019-9207 (PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm search ...)
+ TODO: check
+CVE-2019-9206 (PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm ...)
+ TODO: check
CVE-2019-9205
RESERVED
CVE-2019-9204 (SQL injection vulnerability in Nagios IM (component of Nagios XI) befo ...)
@@ -42772,8 +42918,8 @@ CVE-2019-9199 (PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp i
NOTE: upstream fix: https://sourceforge.net/p/podofo/code/1971/
CVE-2019-9198
RESERVED
-CVE-2019-9197
- RESERVED
+CVE-2019-9197 (The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows ...)
+ TODO: check
CVE-2019-9196 (The Face authentication component in Aware mobile liveness 2.2.1 sdk 2 ...)
NOT-FOR-US: Aware mobile liveness
CVE-2019-9195 (util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An a ...)
@@ -46457,8 +46603,8 @@ CVE-2018-20781 (In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user
NOTE: Not a vulnerability, just a hardening patch
CVE-2019-7752
RESERVED
-CVE-2019-7751
- RESERVED
+CVE-2019-7751 (A directory traversal and local file inclusion vulnerability in FPProd ...)
+ TODO: check
CVE-2019-7750
RESERVED
CVE-2019-7749
@@ -48165,8 +48311,8 @@ CVE-2019-7164 (SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL In
NOTE: https://github.com/sqlalchemy/sqlalchemy/commit/30307c4616ad67c01ddae2e1e8e34fabf6028414
CVE-2019-7163 (The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 dev ...)
NOT-FOR-US: Alcatel
-CVE-2019-7162
- RESERVED
+CVE-2019-7162 (An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Bu ...)
+ TODO: check
CVE-2019-7161 (An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x th ...)
NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2019-7160 (idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Trav ...)
@@ -55627,8 +55773,8 @@ CVE-2019-3986 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote att
NOT-FOR-US: Blink XT2
CVE-2019-3985 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
NOT-FOR-US: Blink XT2
-CVE-2019-3984
- RESERVED
+CVE-2019-3984 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
+ TODO: check
CVE-2019-3983 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
NOT-FOR-US: Blink XT2
CVE-2019-3982 (Nessus versions 8.6.0 and earlier were found to contain a Denial of Se ...)
@@ -58093,6 +58239,7 @@ CVE-2018-20351 (The Markdown component in Evernote (Chinese) before 8.3.2 on mac
CVE-2018-20350
RESERVED
CVE-2018-20349 (The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 ...)
+ {DLA-2055-1}
- igraph 0.7.1-3 (bug #917211)
[stretch] - igraph 0.7.1-2.1+deb9u1
- r-cran-igraph 1.2.2-2 (bug #917212)
@@ -63824,16 +63971,16 @@ CVE-2018-19836 (In Metinfo 6.1.3, include/interface/applogin.php allows setting
NOT-FOR-US: Metinfo
CVE-2018-19835 (Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_col ...)
NOT-FOR-US: Metinfo
-CVE-2018-19834
- RESERVED
-CVE-2018-19833
- RESERVED
-CVE-2018-19832
- RESERVED
-CVE-2018-19831
- RESERVED
-CVE-2018-19830
- RESERVED
+CVE-2018-19834 (The quaker function of a smart contract implementation for BOMBBA (BOM ...)
+ TODO: check
+CVE-2018-19833 (The owned function of a smart contract implementation for DDQ, an trad ...)
+ TODO: check
+CVE-2018-19832 (The NETM() function of a smart contract implementation for NewIntelTec ...)
+ TODO: check
+CVE-2018-19831 (The ToOwner() function of a smart contract implementation for Cryptbon ...)
+ TODO: check
+CVE-2018-19830 (The UBSexToken() function of a smart contract implementation for Busin ...)
+ TODO: check
CVE-2018-19829 (Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios ...)
NOT-FOR-US: Artica Integria IMS
CVE-2018-19828 (Artica Integria IMS 5.0.83 has XSS via the search_string parameter. ...)
@@ -75852,10 +75999,12 @@ CVE-2018-16514 (A cross-site scripting (XSS) vulnerability in the View Filters p
- mantis <removed>
NOTE: https://mantisbt.org/bugs/view.php?id=24731
CVE-2018-17088 (The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may al ...)
+ {DLA-2054-1}
- jhead 1:3.00-8 (bug #907925)
[stretch] - jhead 1:3.00-4+deb9u1
[jessie] - jhead <no-dsa> (Minor issue)
CVE-2018-16554 (The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may al ...)
+ {DLA-2054-1}
- jhead 1:3.00-8 (bug #908176)
[stretch] - jhead 1:3.00-4+deb9u1
[jessie] - jhead <no-dsa> (Minor issue)
@@ -81187,8 +81336,8 @@ CVE-2018-14478 (ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via t
NOT-FOR-US: Coppermine Photo Gallery
CVE-2018-14477
RESERVED
-CVE-2018-14476
- RESERVED
+CVE-2018-14476 (GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step ...)
+ TODO: check
CVE-2018-14475
RESERVED
CVE-2018-14474 (views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the ne ...)
@@ -262358,8 +262507,7 @@ CVE-2013-4358 (libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers
[wheezy] - libav <not-affected> (Vulnerable code not present)
- ffmpeg <not-affected> (Vulnerable code not present)
NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=072be3e8969f24113d599444be4d6a0ed04a6602
-CVE-2013-4357 [getaddrinfo(), glob_in_dir stack overflow]
- RESERVED
+CVE-2013-4357 (The eglibc package before 2.14 incorrectly handled the getaddrinfo() f ...)
{DLA-165-1}
- eglibc 2.17-1 (unimportant; bug #742925)
[wheezy] - eglibc 2.13-38+deb7u6
@@ -263039,8 +263187,7 @@ CVE-2013-4162 (The udp_v6_push_pending_frames function in net/ipv6/udp.c in the
{DSA-2906-1 DSA-2745-1}
- linux 3.10.5-1 (low)
- linux-2.6 <removed> (low)
-CVE-2013-4161
- RESERVED
+CVE-2013-4161 (gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012- ...)
- gksu-polkit <not-affected> (CVE for improperly applied fix for CVE-2012-5617 on Red Hat)
CVE-2013-4160 (Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other ...)
- lcms 1.19.dfsg1-1.3 (low; bug #728208)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d1f96e2f42809c55d4b0885fff4a379f1f126c9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d1f96e2f42809c55d4b0885fff4a379f1f126c9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191231/eaf212f1/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list