[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Feb 3 20:10:38 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dcaa946f by security tracker role at 2020-02-03T20:10:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,149 @@
+CVE-2020-8590
+	RESERVED
+CVE-2020-8589
+	RESERVED
+CVE-2020-8588
+	RESERVED
+CVE-2020-8587
+	RESERVED
+CVE-2020-8586
+	RESERVED
+CVE-2020-8585
+	RESERVED
+CVE-2020-8584
+	RESERVED
+CVE-2020-8583
+	RESERVED
+CVE-2020-8582
+	RESERVED
+CVE-2020-8581
+	RESERVED
+CVE-2020-8580
+	RESERVED
+CVE-2020-8579
+	RESERVED
+CVE-2020-8578
+	RESERVED
+CVE-2020-8577
+	RESERVED
+CVE-2020-8576
+	RESERVED
+CVE-2020-8575
+	RESERVED
+CVE-2020-8574
+	RESERVED
+CVE-2020-8573
+	RESERVED
+CVE-2020-8572
+	RESERVED
+CVE-2020-8571
+	RESERVED
+CVE-2020-8570
+	RESERVED
+CVE-2020-8569
+	RESERVED
+CVE-2020-8568
+	RESERVED
+CVE-2020-8567
+	RESERVED
+CVE-2020-8566
+	RESERVED
+CVE-2020-8565
+	RESERVED
+CVE-2020-8564
+	RESERVED
+CVE-2020-8563
+	RESERVED
+CVE-2020-8562
+	RESERVED
+CVE-2020-8561
+	RESERVED
+CVE-2020-8560
+	RESERVED
+CVE-2020-8559
+	RESERVED
+CVE-2020-8558
+	RESERVED
+CVE-2020-8557
+	RESERVED
+CVE-2020-8556
+	RESERVED
+CVE-2020-8555
+	RESERVED
+CVE-2020-8554
+	RESERVED
+CVE-2020-8553
+	RESERVED
+CVE-2020-8552
+	RESERVED
+CVE-2020-8551
+	RESERVED
+CVE-2020-8550
+	RESERVED
+CVE-2020-8549 (Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPre ...)
+	TODO: check
+CVE-2020-8548 (massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resu ...)
+	TODO: check
+CVE-2020-8547 (phpList 3.5.0 allows type juggling for admin login bypass because == i ...)
+	TODO: check
+CVE-2020-8546
+	RESERVED
+CVE-2020-8545 (Global.py in AIL framework 2.8 allows path traversal. ...)
+	TODO: check
+CVE-2020-8544
+	RESERVED
+CVE-2020-8543
+	RESERVED
+CVE-2020-8542
+	RESERVED
+CVE-2020-8541
+	RESERVED
+CVE-2020-8540
+	RESERVED
+CVE-2020-8539
+	RESERVED
+CVE-2020-8538
+	RESERVED
+CVE-2020-8537
+	RESERVED
+CVE-2020-8536
+	RESERVED
+CVE-2020-8535
+	RESERVED
+CVE-2020-8534
+	RESERVED
+CVE-2020-8533
+	RESERVED
+CVE-2020-8532
+	RESERVED
+CVE-2020-8531
+	RESERVED
+CVE-2020-8530
+	RESERVED
+CVE-2020-8529
+	RESERVED
+CVE-2020-8528
+	RESERVED
+CVE-2020-8527
+	RESERVED
+CVE-2020-8526
+	RESERVED
+CVE-2020-8525
+	RESERVED
+CVE-2020-8524
+	RESERVED
+CVE-2020-8523
+	RESERVED
+CVE-2020-8522
+	RESERVED
+CVE-2020-8521
+	RESERVED
+CVE-2020-8520
+	RESERVED
+CVE-2020-8519
+	RESERVED
+CVE-2020-8518
+	RESERVED
 CVE-2020-8517
 	RESERVED
 CVE-2020-8516 (The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not ...)
@@ -16,8 +162,8 @@ CVE-2020-8512 (In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /
 	NOT-FOR-US: IceWarp Webmail Server
 CVE-2020-8511
 	RESERVED
-CVE-2020-8510
-	RESERVED
+CVE-2020-8510 (An issue was discovered in phpABook 0.9 Intermediate. On the login pag ...)
+	TODO: check
 CVE-2020-8509
 	RESERVED
 CVE-2020-8508 (nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbi ...)
@@ -1111,8 +1257,8 @@ CVE-2020-7995 (The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6
 	- dolibarr <removed>
 CVE-2020-7994 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 ...)
 	- dolibarr <removed>
-CVE-2020-7993
-	RESERVED
+CVE-2020-7993 (Prototype 1.6.0.1 allows remote authenticated users to forge ticket cr ...)
+	TODO: check
 CVE-2020-7992
 	RESERVED
 CVE-2020-7991 (Adive Framework 2.0.8 has admin/config CSRF to change the Administrato ...)
@@ -2321,8 +2467,7 @@ CVE-2019-20387 (repodata_schema2id in repodata.c in libsolv before 0.7.6 has a h
 	[buster] - libsolv <no-dsa> (Minor issue)
 	[stretch] - libsolv <no-dsa> (Minor issue)
 	NOTE: https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da (0.7.6)
-CVE-2020-7471 [Potential SQL injection via StringAgg(delimiter)]
-	RESERVED
+CVE-2020-7471 (Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 al ...)
 	- python-django <unfixed> (bug #950581)
 	NOTE: https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
 	NOTE: https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136 (master)
@@ -7461,8 +7606,8 @@ CVE-2020-5184
 	RESERVED
 CVE-2020-5183 (FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption ...)
 	NOT-FOR-US: FTPGetter Professional
-CVE-2020-5182
-	RESERVED
+CVE-2020-5182 (The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reve ...)
+	TODO: check
 CVE-2020-5181
 	RESERVED
 CVE-2020-5180 (Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to se ...)
@@ -7694,8 +7839,8 @@ CVE-2019-20175 (** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide
 	NOTE: Marked unimportant, as negligible security impact (a privileged guest
 	NOTE: can trigger similar issues without triggering the specific assert) and
 	NOTE: is disputed by QEMU security team.
-CVE-2019-20174
-	RESERVED
+CVE-2019-20174 (Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is us ...)
+	TODO: check
 CVE-2019-20173
 	RESERVED
 CVE-2019-20172 (Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not r ...)
@@ -9596,8 +9741,8 @@ CVE-2020-4226
 	RESERVED
 CVE-2020-4225
 	RESERVED
-CVE-2020-4224
-	RESERVED
+CVE-2020-4224 (IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive inform ...)
+	TODO: check
 CVE-2020-4223
 	RESERVED
 CVE-2020-4222
@@ -10823,12 +10968,12 @@ CVE-2020-3929
 	RESERVED
 CVE-2020-3928
 	RESERVED
-CVE-2020-3927
-	RESERVED
-CVE-2020-3926
-	RESERVED
-CVE-2020-3925
-	RESERVED
+CVE-2020-3927 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...)
+	TODO: check
+CVE-2020-3926 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...)
+	TODO: check
+CVE-2020-3925 (A Remote Code Execution(RCE) vulnerability exists in some designated a ...)
+	TODO: check
 CVE-2020-3924
 	RESERVED
 CVE-2020-3923
@@ -17505,8 +17650,8 @@ CVE-2019-19121
 	RESERVED
 CVE-2019-19120
 	RESERVED
-CVE-2019-19119
-	RESERVED
+CVE-2019-19119 (An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficie ...)
+	TODO: check
 CVE-2019-19118 (Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model  ...)
 	- python-django 2:2.2.8-1 (bug #946011)
 	[buster] - python-django <not-affected> (Vulnerable code introduced later)
@@ -21308,8 +21453,8 @@ CVE-2019-18569
 	RESERVED
 CVE-2019-18568 (Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege esca ...)
 	NOT-FOR-US: Avira Free Antivirus
-CVE-2019-18567
-	RESERVED
+CVE-2019-18567 (Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an o ...)
+	TODO: check
 CVE-2019-18566
 	REJECTED
 CVE-2019-18565
@@ -22199,8 +22344,8 @@ CVE-2019-18195 (An issue was discovered on TerraMaster FS-210 4.0.19 devices. No
 	NOT-FOR-US: TerraMaster FS-210 devices
 CVE-2019-18194 (TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escal ...)
 	NOT-FOR-US: TotalAV
-CVE-2019-18193
-	RESERVED
+CVE-2019-18193 (In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114,  ...)
+	TODO: check
 CVE-2020-0500
 	RESERVED
 CVE-2020-0499
@@ -26457,8 +26602,8 @@ CVE-2019-16895
 	REJECTED
 CVE-2019-16894 (download.php in inoERP 4.15 allows SQL injection through insecure dese ...)
 	NOT-FOR-US: inoERP
-CVE-2019-16893
-	RESERVED
+CVE-2019-16893 (The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 device ...)
+	TODO: check
 CVE-2019-16892 (In Rubyzip before 1.3.0, a crafted ZIP file can bypass application che ...)
 	- ruby-zip 2.0.0-1 (low; bug #941222)
 	[buster] - ruby-zip <no-dsa> (Minor issue)
@@ -44350,29 +44495,29 @@ CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other
 	NOTE: https://phabricator.wikimedia.org/T221739
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
 CVE-2019-11267
-	RESERVED
+	REJECTED
 CVE-2019-11266
-	RESERVED
+	REJECTED
 CVE-2019-11265
-	RESERVED
+	REJECTED
 CVE-2019-11264
-	RESERVED
+	REJECTED
 CVE-2019-11263
-	RESERVED
+	REJECTED
 CVE-2019-11262
-	RESERVED
+	REJECTED
 CVE-2019-11261
-	RESERVED
+	REJECTED
 CVE-2019-11260
-	RESERVED
+	REJECTED
 CVE-2019-11259
-	RESERVED
+	REJECTED
 CVE-2019-11258
-	RESERVED
+	REJECTED
 CVE-2019-11257
-	RESERVED
+	REJECTED
 CVE-2019-11256
-	RESERVED
+	REJECTED
 CVE-2019-11255 (Improper input validation in Kubernetes CSI sidecar containers for ext ...)
 	NOT-FOR-US: kubernetes-csi
 CVE-2019-11254
@@ -44382,8 +44527,7 @@ CVE-2019-11253 (Improper input validation in the Kubernetes API server in versio
 	NOTE: https://github.com/kubernetes/kubernetes/issues/83253
 CVE-2019-11252
 	RESERVED
-CVE-2019-11251 [kubectl cp allows for arbitrary file write via double symlinks]
-	RESERVED
+CVE-2019-11251 (The Kubernetes kubectl cp command in versions 1.1-1.12, and versions p ...)
 	- kubernetes <not-affected> (Vulnerable code not present)
 CVE-2019-11250 (The Kubernetes client-go library logs request headers at verbosity lev ...)
 	- kubernetes <unfixed> (bug #934801)
@@ -62461,8 +62605,8 @@ CVE-2019-4734
 	RESERVED
 CVE-2019-4733
 	RESERVED
-CVE-2019-4732
-	RESERVED
+CVE-2019-4732 (IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7. ...)
+	TODO: check
 CVE-2019-4731
 	RESERVED
 CVE-2019-4730
@@ -192254,8 +192398,8 @@ CVE-2016-1000106
 	REJECTED
 CVE-2016-1000105
 	REJECTED
-CVE-2016-1000103
-	RESERVED
+CVE-2016-1000103 (A Security Bypass vulnerability exists in Nginx 2016-07-07 in the HTTP ...)
+	TODO: check
 CVE-2016-1000102
 	REJECTED
 CVE-2016-1000027 (Pivotal Spring Framework 4.1.4 suffers from a potential remote code ex ...)
@@ -194831,7 +194975,7 @@ CVE-2016-1000108 (yaws before 2.0.4 does not attempt to address RFC 3875 section
 	[jessie] - yaws 1.98-4+deb8u1
 	[wheezy] - yaws <no-dsa> (Minor issue; can be fixed along with a future DSA)
 	NOTE: https://github.com/klacke/yaws/commit/9d8fb070e782c95821c90d0ca7372fc6d7316c78#diff-54053c47eb173a90c26ed19bd9d106c1
-CVE-2016-1000104 (A security Bypass vulnerability exists in mod_fcgid through 2016-07-07 ...)
+CVE-2016-1000104 (A security Bypass vulnerability exists in the FcgidPassHeader Proxy in ...)
 	NOTE: libapache2-mod-fcgid does not set HTTP_PROXY based on Proxy: header unless
 	NOTE: explicitly configured so and mitigations for Apache in CVE-2016-5387 prevent
 	NOTE: exploitation anyway
@@ -197719,8 +197863,8 @@ CVE-2016-4678 (An issue was discovered in certain Apple products. macOS before 1
 	NOT-FOR-US: Apple
 CVE-2016-4677 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
 	NOT-FOR-US: Apple
-CVE-2016-4676
-	RESERVED
+CVE-2016-4676 (A Cross-origin vulnerability exists in WebKit in Apple Safari before 1 ...)
+	TODO: check
 CVE-2016-4675 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
 	NOT-FOR-US: Apple
 CVE-2016-4674 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
@@ -215796,7 +215940,7 @@ CVE-2015-7543 (aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly creat
 	- kdelibs <removed>
 	- arts <removed>
 	NOTE: https://quickgit.kde.org/?p=kdelibs.git&a=blobdiff&h=8c0f6401271c495c68e340e06b09239eb755ce5e&hp=45b72f0d5c3421b571e9515497352a0a9942a075&hb=cc5515ed7ce8884c9b18169158ba29ab2f7a3db7&f=kinit%2Flnusertemp.c
-CVE-2015-7542 (An issue exists in libgwenhywfar through 4.12.0 due to the usage of ou ...)
+CVE-2015-7542 (A vulnerability exists in libgwenhywfar through 4.12.0 due to the usag ...)
 	{DLA-469-1}
 	- libgwenhywfar 4.12.0beta-3 (bug #748955; medium)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1272503
@@ -221830,7 +221974,7 @@ CVE-2015-5291 (Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM
 	[experimental] - polarssl 1.3.14-0.1
 	- polarssl <unfixed> (bug #801413)
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
-CVE-2015-5290 (ircd-ratbox 3.0.9 mishandles the MONITOR command which allows remote a ...)
+CVE-2015-5290 (A Denial of Service vulnerability exists in ircd-ratbox 3.0.9 in the M ...)
 	- charybdis 3.4.2-5
 	[jessie] - charybdis 3.4.2-5~deb8u1
 	[wheezy] - charybdis <no-dsa> (Minor issue)
@@ -241493,8 +241637,7 @@ CVE-2014-8333 (The VMware driver in OpenStack Compute (Nova) before 2014.1.4 all
 	NOTE: versions affected up to to 2014.1.3
 	NOTE: https://launchpad.net/bugs/1359138
 	NOTE: https://review.openstack.org/125492
-CVE-2014-8328
-	RESERVED
+CVE-2014-8328 (The default configuration in the Dynamic Content Elements (dce) extens ...)
 	NOT-FOR-US: TYPO3 extension dce
 CVE-2014-8327 (The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions fo ...)
 	NOT-FOR-US: TYPO3 extension fal_sftp
@@ -274834,12 +274977,12 @@ CVE-2013-2676
 	RESERVED
 CVE-2013-2675
 	RESERVED
-CVE-2013-2674
-	RESERVED
-CVE-2013-2673
-	RESERVED
-CVE-2013-2672
-	RESERVED
+CVE-2013-2674 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...)
+	TODO: check
+CVE-2013-2673 (Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass  ...)
+	TODO: check
+CVE-2013-2672 (Brother MFC-9970CDW devices with firmware 0D allow cleartext submissio ...)
+	TODO: check
 CVE-2013-2671 (Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC ...)
 	NOT-FOR-US: Brother printer
 CVE-2013-2670 (Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW pr ...)
@@ -274890,8 +275033,8 @@ CVE-2013-2648
 	RESERVED
 CVE-2013-2647
 	RESERVED
-CVE-2013-2646
-	RESERVED
+CVE-2013-2646 (TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of ...)
+	TODO: check
 CVE-2013-2645 (Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-L ...)
 	NOT-FOR-US: TP-LINK Router
 CVE-2013-2644
@@ -274929,8 +275072,8 @@ CVE-2013-2632 (Google V8 before 3.17.13, as used in Google Chrome before 27.0.14
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	- libv8-3.14 <removed> (unimportant; bug #773671)
 	NOTE: libv8 not covered by security support
-CVE-2013-2631
-	RESERVED
+CVE-2013-2631 (TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure ...)
+	TODO: check
 CVE-2013-2630 (Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12 ...)
 	NOT-FOR-US: CA Service Desk Manager
 CVE-2013-2629 (Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers ...)
@@ -274946,16 +275089,13 @@ CVE-2013-2625 (An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1
 	[squeeze] - otrs2 2.4.9+dfsg1-3+squeeze4
 	NOTE: DSA-2733-1
 	NOTE: http://web.archive.org/web/20130716120019/http://www.otrs.com:80/en/open-source/community-news/security-advisories/security-advisory-2013-01/
-CVE-2013-2624
-	RESERVED
-CVE-2013-2623
-	RESERVED
+CVE-2013-2624 (Telean before 1.3.1 contains a full path disclosure vulnerability whic ...)
+	TODO: check
+CVE-2013-2623 (Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attack ...)
 	NOT-FOR-US: Uebimiau Webmail
-CVE-2013-2622
-	RESERVED
+CVE-2013-2622 (Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remot ...)
 	NOT-FOR-US: Uebimiau Webmail
-CVE-2013-2621
-	RESERVED
+CVE-2013-2621 (Open Redirection Vulnerability in the redir.php script in Telaen befor ...)
 	NOT-FOR-US: Uebimiau Webmail
 CVE-2013-2620
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dcaa946f929ed43e227934159cb8b1345659b7c4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dcaa946f929ed43e227934159cb8b1345659b7c4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200203/a5a27879/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list