[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Nov 27 20:10:44 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0a0db8e9 by security tracker role at 2019-11-27T20:10:33Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,227 @@
+CVE-2020-1764
+ RESERVED
+CVE-2020-1763
+ RESERVED
+CVE-2020-1762
+ RESERVED
+CVE-2020-1761
+ RESERVED
+CVE-2020-1760
+ RESERVED
+CVE-2020-1759
+ RESERVED
+CVE-2020-1758
+ RESERVED
+CVE-2020-1757
+ RESERVED
+CVE-2020-1756
+ RESERVED
+CVE-2020-1755
+ RESERVED
+CVE-2020-1754
+ RESERVED
+CVE-2020-1753
+ RESERVED
+CVE-2020-1752
+ RESERVED
+CVE-2020-1751
+ RESERVED
+CVE-2020-1750
+ RESERVED
+CVE-2020-1749
+ RESERVED
+CVE-2020-1748
+ RESERVED
+CVE-2020-1747
+ RESERVED
+CVE-2020-1746
+ RESERVED
+CVE-2020-1745
+ RESERVED
+CVE-2020-1744
+ RESERVED
+CVE-2020-1743
+ RESERVED
+CVE-2020-1742
+ RESERVED
+CVE-2020-1741
+ RESERVED
+CVE-2020-1740
+ RESERVED
+CVE-2020-1739
+ RESERVED
+CVE-2020-1738
+ RESERVED
+CVE-2020-1737
+ RESERVED
+CVE-2020-1736
+ RESERVED
+CVE-2020-1735
+ RESERVED
+CVE-2020-1734
+ RESERVED
+CVE-2020-1733
+ RESERVED
+CVE-2020-1732
+ RESERVED
+CVE-2020-1731
+ RESERVED
+CVE-2020-1730
+ RESERVED
+CVE-2020-1729
+ RESERVED
+CVE-2020-1728
+ RESERVED
+CVE-2020-1727
+ RESERVED
+CVE-2020-1726
+ RESERVED
+CVE-2020-1725
+ RESERVED
+CVE-2020-1724
+ RESERVED
+CVE-2020-1723
+ RESERVED
+CVE-2020-1722
+ RESERVED
+CVE-2020-1721
+ RESERVED
+CVE-2020-1720
+ RESERVED
+CVE-2020-1719
+ RESERVED
+CVE-2020-1718
+ RESERVED
+CVE-2020-1717
+ RESERVED
+CVE-2020-1716
+ RESERVED
+CVE-2020-1715
+ RESERVED
+CVE-2020-1714
+ RESERVED
+CVE-2020-1713
+ RESERVED
+CVE-2020-1712
+ RESERVED
+CVE-2020-1711
+ RESERVED
+CVE-2020-1710
+ RESERVED
+CVE-2020-1709
+ RESERVED
+CVE-2020-1708
+ RESERVED
+CVE-2020-1707
+ RESERVED
+CVE-2020-1706
+ RESERVED
+CVE-2020-1705
+ RESERVED
+CVE-2020-1704
+ RESERVED
+CVE-2020-1703
+ RESERVED
+CVE-2020-1702
+ RESERVED
+CVE-2020-1701
+ RESERVED
+CVE-2020-1700
+ RESERVED
+CVE-2020-1699
+ RESERVED
+CVE-2020-1698
+ RESERVED
+CVE-2020-1697
+ RESERVED
+CVE-2020-1696
+ RESERVED
+CVE-2020-1695
+ RESERVED
+CVE-2020-1694
+ RESERVED
+CVE-2020-1693
+ RESERVED
+CVE-2020-1692
+ RESERVED
+CVE-2020-1691
+ RESERVED
+CVE-2020-1690
+ RESERVED
+CVE-2019-19364
+ RESERVED
+CVE-2019-19363
+ RESERVED
+CVE-2019-19362
+ RESERVED
+CVE-2019-19361
+ RESERVED
+CVE-2019-19360
+ RESERVED
+CVE-2019-19359
+ RESERVED
+CVE-2019-19358
+ RESERVED
+CVE-2019-19357
+ RESERVED
+CVE-2019-19356
+ RESERVED
+CVE-2019-19355
+ RESERVED
+CVE-2019-19354
+ RESERVED
+CVE-2019-19353
+ RESERVED
+CVE-2019-19352
+ RESERVED
+CVE-2019-19351
+ RESERVED
+CVE-2019-19350
+ RESERVED
+CVE-2019-19349
+ RESERVED
+CVE-2019-19348
+ RESERVED
+CVE-2019-19347
+ RESERVED
+CVE-2019-19346
+ RESERVED
+CVE-2019-19345
+ RESERVED
+CVE-2019-19344
+ RESERVED
+CVE-2019-19343
+ RESERVED
+CVE-2019-19342
+ RESERVED
+CVE-2019-19341
+ RESERVED
+CVE-2019-19340
+ RESERVED
+CVE-2019-19339
+ RESERVED
+CVE-2019-19338
+ RESERVED
+CVE-2019-19337
+ RESERVED
+CVE-2019-19336
+ RESERVED
+CVE-2019-19335
+ RESERVED
+CVE-2019-19334
+ RESERVED
+CVE-2019-19333
+ RESERVED
+CVE-2019-19332
+ RESERVED
+CVE-2019-19331
+ RESERVED
+CVE-2019-19329 (In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-0 ...)
+ TODO: check
+CVE-2019-19328 (ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before ...)
+ TODO: check
+CVE-2019-19327 (ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-S ...)
+ TODO: check
CVE-2019-19326
RESERVED
CVE-2019-19325
@@ -34,14 +258,14 @@ CVE-2019-19310
RESERVED
CVE-2019-19309
RESERVED
-CVE-2019-19330 [CRLF injection when decoding from http/2 to http/1]
+CVE-2019-19330 (The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, ...)
- haproxy 2.0.10-1
[stretch] - haproxy <not-affected> (Vulnerable code introduced in 1.8)
[jessie] - haproxy <not-affected> (Vulnerable code introduced in 1.8)
NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=54f53ef7ce4102be596130b44c768d1818570344
NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=146f53ae7e97dbfe496d0445c2802dd0a30b0878
-CVE-2019-19308
- RESERVED
+CVE-2019-19308 (In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, ...)
+ TODO: check
CVE-2019-19307 (An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6. ...)
NOT-FOR-US: Cesanta Mongoose
NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
@@ -546,7 +770,7 @@ CVE-2019-19085 (A persistent cross-site scripting (XSS) vulnerability in Octopus
NOT-FOR-US: Octopus Server
CVE-2019-19084 (In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with ...)
NOT-FOR-US: Octopus Deploy
-CVE-2018-21031 (Plex Media Server 1.18.2.2029-36236cc4c allows remote attackers to byp ...)
+CVE-2018-21031 (Tautulli versions 2.1.38 and below allows remote attackers to bypass i ...)
NOT-FOR-US: Plex Media Server
CVE-2011-5331 (Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval. ...)
NOT-FOR-US: Distributed Ruby
@@ -5994,8 +6218,8 @@ CVE-2019-18186
RESERVED
CVE-2019-18185
RESERVED
-CVE-2019-18184
- RESERVED
+CVE-2019-18184 (Crestron DMC-STRO 1.0 devices allow remote command execution as root v ...)
+ TODO: check
CVE-2019-18183
RESERVED
CVE-2019-18182
@@ -13549,12 +13773,12 @@ CVE-2019-15302 (The pad management logic in XWiki labs CryptPad before 3.0.0 all
NOT-FOR-US: CryptPad
CVE-2019-15301 (A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.C ...)
NOT-FOR-US: Terrasoft Bpm'online CRM-System SDK
-CVE-2019-15300
- RESERVED
+CVE-2019-15300 (A problem was found in Centreon Web through 19.04.3. An authenticated ...)
+ TODO: check
CVE-2019-15299
RESERVED
-CVE-2019-15298
- RESERVED
+CVE-2019-15298 (A problem was found in Centreon Web through 19.04.3. An authenticated ...)
+ TODO: check
CVE-2019-15297 (res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allo ...)
- asterisk <unfixed> (low; bug #940060)
[buster] - asterisk <no-dsa> (Minor issue)
@@ -14991,8 +15215,7 @@ CVE-2019-14897 [Stack Overflow in lbs_ibss_join_existing() function of Marvell W
RESERVED
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
-CVE-2019-14896 [Heap Overflow in add_ie_rates() function of Marvell Wifi Driver in Linux kernel]
- RESERVED
+CVE-2019-14896 (A vulnerability was found in marvell wifi chip driver in Linux kernel. ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
CVE-2019-14895 [Heap Overflow in mwifiex_process_country_ie() function of Marvell Wifi Driver in Linux kernel]
@@ -15072,8 +15295,7 @@ CVE-2019-14869 (A flaw was found in all versions of ghostscript 9.x before 9.50,
NOTE: which changed the access to file permissions.
CVE-2019-14868
RESERVED
-CVE-2019-14867
- RESERVED
+CVE-2019-14867 (A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x ve ...)
- freeipa 4.8.3-1
NOTE: https://pagure.io/freeipa/c/4abd2f76d76c4c1a1ec5087ec447f4515b63c2c6
CVE-2019-14866 [improper input validation when writing tar header fields leads to unexpect tar generation]
@@ -15323,8 +15545,7 @@ CVE-2019-14813 (A flaw was found in ghostscript, versions 9.x before 9.50, in th
NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting
NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
NOTE: which changed the access to file permissions.
-CVE-2019-14812
- RESERVED
+CVE-2019-14812 (A flaw was found in all ghostscript versions 9.x before 9.50, in the . ...)
{DSA-4518-1 DLA-1915-1}
- ghostscript 9.28~~rc2~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701444
@@ -18264,12 +18485,12 @@ CVE-2019-13938
RESERVED
CVE-2019-13937
RESERVED
-CVE-2019-13936
- RESERVED
-CVE-2019-13935
- RESERVED
-CVE-2019-13934
- RESERVED
+CVE-2019-13936 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2019-13935 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2019-13934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2019-13933
RESERVED
CVE-2019-13932
@@ -29284,8 +29505,8 @@ CVE-2019-10222 (A flaw was found in the Ceph RGW configuration with Beast as the
NOTE: features are enabled.
CVE-2019-10221
RESERVED
-CVE-2019-10220
- RESERVED
+CVE-2019-10220 (Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a rel ...)
+ TODO: check
CVE-2019-10219 (A vulnerability was found in Hibernate-Validator. The SafeHtml validat ...)
- libhibernate-validator-java <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1738673
@@ -29305,8 +29526,7 @@ CVE-2019-10217 (A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing
NOTE: https://github.com/ansible/ansible/pull/59427
NOTE: Introduced by: https://github.com/ansible/ansible/commit/08918c6c2bcd73eb40b89af31736d3fcbe55e75a (v2.8.0a1)
NOTE: Fixed by: https://github.com/ansible/ansible/commit/c1ee1f142db1e669b710a65147ea32be47a91519
-CVE-2019-10216 [-dSAFER escape via .buildfont1]
- RESERVED
+CVE-2019-10216 (It was found that the .buildfont1 procedure did not properly secure it ...)
{DSA-4499-1 DLA-1880-1}
- ghostscript 9.27~dfsg-3.1 (bug #934638)
NOTE: https://www.openwall.com/lists/oss-security/2019/08/12/4
@@ -29368,7 +29588,7 @@ CVE-2019-10205
NOT-FOR-US: Red Hat Quay
CVE-2019-10204
RESERVED
-CVE-2019-10203 (PowerDNS Authoritative daemon , all versions pdns 4.1.x before pdns 4. ...)
+CVE-2019-10203 (PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1. ...)
- pdns 4.2.0-1 (low)
[buster] - pdns <no-dsa> (Minor issue)
[stretch] - pdns <no-dsa> (Minor issue)
@@ -29396,8 +29616,7 @@ CVE-2019-10197 (A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.1
CVE-2019-10196
RESERVED
NOT-FOR-US: nodejs-http-proxy-agent
-CVE-2019-10195
- RESERVED
+CVE-2019-10195 (A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x ve ...)
- freeipa 4.8.3-1
NOTE: https://pagure.io/freeipa/c/02ce407f5e10e670d4788778037892b58f80adc0
CVE-2019-10194 (Sensitive passwords used in deployment and configuration of oVirt Metr ...)
@@ -35463,7 +35682,7 @@ CVE-2019-8462 (In a rare scenario, Check Point R80.30 Security Gateway before JH
NOT-FOR-US: Check Point R80.30 Security Gateway
CVE-2019-8461 (Check Point Endpoint Security Initial Client for Windows before versio ...)
NOT-FOR-US: Check Point
-CVE-2019-8460 (Reuven Plevinsky and Tal Vainshtein of Check Point Software Technologi ...)
+CVE-2019-8460 (OpenBSD kernel version <= 6.5 can be forced to create long chains o ...)
NOT-FOR-US: Check Point
CVE-2019-8459 (Check Point Endpoint Security Client for Windows, with the VPN blade, ...)
NOT-FOR-US: Check Point Endpoint Security Client for Windows
@@ -125181,8 +125400,8 @@ CVE-2017-12947 (classes\controller\admin\modals.php in the Easy Modal plugin bef
NOT-FOR-US: Easy Modal plugin for WordPress
CVE-2017-12946 (classes\controller\admin\modals.php in the Easy Modal plugin before 2. ...)
NOT-FOR-US: Easy Modal plugin for WordPress
-CVE-2017-12945
- RESERVED
+CVE-2017-12945 (Insufficient validation of user-supplied input for the Solstice Pod ne ...)
+ TODO: check
CVE-2017-12944 (The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mish ...)
{DSA-4100-1 DLA-1093-1}
- tiff 4.0.8-6 (bug #872607)
@@ -174329,8 +174548,7 @@ CVE-2016-6219
RESERVED
CVE-2016-6218
RESERVED
-CVE-2016-1000110
- RESERVED
+CVE-2016-1000110 (The CGIHandler class in Python before 2.7.12 does not protect against ...)
- python3.5 3.5.2-3 (unimportant)
- python3.4 <removed> (unimportant)
- python3.2 <removed> (unimportant)
@@ -178844,8 +179062,7 @@ CVE-2016-4982 (authd sets weak permissions for /etc/ident.key, which allows loca
NOT-FOR-US: authd
CVE-2016-4981
RESERVED
-CVE-2016-4980
- RESERVED
+CVE-2016-4980 (A password generation weakness exists in xquest through 2016-06-13. ...)
NOT-FOR-US: Red Hat xguest kiosk mode
CVE-2016-4979 (The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_s ...)
- apache2 2.4.23-1
@@ -231068,8 +231285,7 @@ CVE-2012-6656 (iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allow
[wheezy] - eglibc <no-dsa> (Will be fixed in a point update)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=14134
NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=6e230d11837f3ae7b375ea69d7905f0d18eb79e5
-CVE-2012-6655 [passes (encrypted) passwords as commandline arguments]
- RESERVED
+CVE-2012-6655 (An issue exists AccountService 0.6.37 in the user_change_password_auth ...)
- accountsservice <unfixed> (low; bug #757912)
[buster] - accountsservice <ignored> (Minor issue)
[stretch] - accountsservice <ignored> (Minor issue)
@@ -234529,8 +234745,7 @@ CVE-2014-3876 (Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fas
- fex 20140530-1
[wheezy] - fex <no-dsa> (non-free not supported)
NOTE: https://www.lsexperts.de/advisories/lse-2014-05-22.txt
-CVE-2014-3875
- RESERVED
+CVE-2014-3875 (The addto parameter to fup in Frams' Fast File EXchange (F*EX, aka fex ...)
{DLA-68-1}
- fex 20140530-1
[wheezy] - fex <no-dsa> (non-free not supported)
@@ -257236,8 +257451,7 @@ CVE-2013-2627 (SQL injection vulnerability in action.php in Leed (Light Feed), p
NOT-FOR-US: Leed
CVE-2013-2626
RESERVED
-CVE-2013-2625
- RESERVED
+CVE-2013-2625 (An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, ...)
- otrs2 3.1.7+dfsg1-8
[squeeze] - otrs2 2.4.9+dfsg1-3+squeeze4
NOTE: DSA-2733-1
@@ -276268,8 +276482,7 @@ CVE-2012-2249 (Tor before 0.2.3.23-rc allows remote attackers to cause a denial
{DLA-17-1}
- tor 0.2.3.23-rc-1 (low)
[squeeze] - tor 0.2.4.23-1~deb6u1
-CVE-2012-2248 [build-influenced PATH set in dhclient]
- RESERVED
+CVE-2012-2248 (An issue was discovered in dhclient 4.3.1-6 due to an embedded path va ...)
- isc-dhcp 4.2.4-3 (bug #690532)
[wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u2
[squeeze] - isc-dhcp <not-affected> (CLIENT_PATH is not correctly defined)
@@ -289652,8 +289865,7 @@ CVE-2011-2482 (A certain Red Hat patch to the sctp_sock_migrate function in net/
- linux-2.6 <not-affected> (RHEL-specific regression)
CVE-2011-2481 (Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace ...)
- tomcat7 7.0.19-1
-CVE-2011-2480 [kfreebsd info disclosure]
- RESERVED
+CVE-2011-2480 (Information Disclosure vulnerability in the 802.11 stack, as used in F ...)
- kfreebsd-9 9.0~svn223502-1 (bug #631160)
- kfreebsd-8 8.2-3 (bug #631161)
[squeeze] - kfreebsd-8 8.1+dfsg-8+squeeze1
@@ -290301,8 +290513,7 @@ CVE-2011-2212 (Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and ea
{DSA-2282-1}
- qemu-kvm 0.14.1+dfsg-3 (bug #632987)
- kvm <removed>
-CVE-2011-2207
- RESERVED
+CVE-2011-2207 (dirmngr before 2.1.0 improperly handles certain system calls, which al ...)
- dirmngr <unfixed> (unimportant; bug #627377)
NOTE: Negligible impact
CVE-2011-2206 (XMLParser.pm in DJabberd before 0.85 allows remote authenticated users ...)
@@ -290352,8 +290563,7 @@ CVE-2011-2189 (net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier d
NOTE: this is technically a kernel bug. however this has been workarounded specifically
NOTE: for vsftpd by adding a kernel check before using this feature, see DSA-2304-1
NOTE: for details
-CVE-2011-2187
- RESERVED
+CVE-2011-2187 (xscreensaver before 5.14 crashes during activation and leaves the scre ...)
- xscreensaver 5.14-1 (bug #627382)
[squeeze] - xscreensaver <not-affected> (introduced in 5.13)
CVE-2011-2186
@@ -290362,8 +290572,7 @@ CVE-2011-2181 (Multiple SQL injection vulnerabilities in A Really Simple Chat (A
NOT-FOR-US: A Really Simple Chat
CVE-2011-2180 (Cross-site scripting (XSS) vulnerability in dereferer.php in A Really ...)
NOT-FOR-US: A Really Simple Chat
-CVE-2011-2177
- RESERVED
+CVE-2011-2177 (OpenOffice.org v3.3 allows execution of arbitrary code with the privil ...)
NOT-FOR-US: Claimed older OpenOffice vulnerability, which was never disclosed
CVE-2011-2176 (GNOME NetworkManager before 0.8.6 does not properly enforce the auth_a ...)
- network-manager 0.9.0-1 (low; bug #631520)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0a0db8e99a5275ad944543939f3acf58dc47ad82
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0a0db8e99a5275ad944543939f3acf58dc47ad82
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191127/3f14c19e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list