[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Feb 3 20:10:38 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dcaa946f by security tracker role at 2020-02-03T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,149 @@
+CVE-2020-8590
+ RESERVED
+CVE-2020-8589
+ RESERVED
+CVE-2020-8588
+ RESERVED
+CVE-2020-8587
+ RESERVED
+CVE-2020-8586
+ RESERVED
+CVE-2020-8585
+ RESERVED
+CVE-2020-8584
+ RESERVED
+CVE-2020-8583
+ RESERVED
+CVE-2020-8582
+ RESERVED
+CVE-2020-8581
+ RESERVED
+CVE-2020-8580
+ RESERVED
+CVE-2020-8579
+ RESERVED
+CVE-2020-8578
+ RESERVED
+CVE-2020-8577
+ RESERVED
+CVE-2020-8576
+ RESERVED
+CVE-2020-8575
+ RESERVED
+CVE-2020-8574
+ RESERVED
+CVE-2020-8573
+ RESERVED
+CVE-2020-8572
+ RESERVED
+CVE-2020-8571
+ RESERVED
+CVE-2020-8570
+ RESERVED
+CVE-2020-8569
+ RESERVED
+CVE-2020-8568
+ RESERVED
+CVE-2020-8567
+ RESERVED
+CVE-2020-8566
+ RESERVED
+CVE-2020-8565
+ RESERVED
+CVE-2020-8564
+ RESERVED
+CVE-2020-8563
+ RESERVED
+CVE-2020-8562
+ RESERVED
+CVE-2020-8561
+ RESERVED
+CVE-2020-8560
+ RESERVED
+CVE-2020-8559
+ RESERVED
+CVE-2020-8558
+ RESERVED
+CVE-2020-8557
+ RESERVED
+CVE-2020-8556
+ RESERVED
+CVE-2020-8555
+ RESERVED
+CVE-2020-8554
+ RESERVED
+CVE-2020-8553
+ RESERVED
+CVE-2020-8552
+ RESERVED
+CVE-2020-8551
+ RESERVED
+CVE-2020-8550
+ RESERVED
+CVE-2020-8549 (Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPre ...)
+ TODO: check
+CVE-2020-8548 (massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resu ...)
+ TODO: check
+CVE-2020-8547 (phpList 3.5.0 allows type juggling for admin login bypass because == i ...)
+ TODO: check
+CVE-2020-8546
+ RESERVED
+CVE-2020-8545 (Global.py in AIL framework 2.8 allows path traversal. ...)
+ TODO: check
+CVE-2020-8544
+ RESERVED
+CVE-2020-8543
+ RESERVED
+CVE-2020-8542
+ RESERVED
+CVE-2020-8541
+ RESERVED
+CVE-2020-8540
+ RESERVED
+CVE-2020-8539
+ RESERVED
+CVE-2020-8538
+ RESERVED
+CVE-2020-8537
+ RESERVED
+CVE-2020-8536
+ RESERVED
+CVE-2020-8535
+ RESERVED
+CVE-2020-8534
+ RESERVED
+CVE-2020-8533
+ RESERVED
+CVE-2020-8532
+ RESERVED
+CVE-2020-8531
+ RESERVED
+CVE-2020-8530
+ RESERVED
+CVE-2020-8529
+ RESERVED
+CVE-2020-8528
+ RESERVED
+CVE-2020-8527
+ RESERVED
+CVE-2020-8526
+ RESERVED
+CVE-2020-8525
+ RESERVED
+CVE-2020-8524
+ RESERVED
+CVE-2020-8523
+ RESERVED
+CVE-2020-8522
+ RESERVED
+CVE-2020-8521
+ RESERVED
+CVE-2020-8520
+ RESERVED
+CVE-2020-8519
+ RESERVED
+CVE-2020-8518
+ RESERVED
CVE-2020-8517
RESERVED
CVE-2020-8516 (The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not ...)
@@ -16,8 +162,8 @@ CVE-2020-8512 (In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /
NOT-FOR-US: IceWarp Webmail Server
CVE-2020-8511
RESERVED
-CVE-2020-8510
- RESERVED
+CVE-2020-8510 (An issue was discovered in phpABook 0.9 Intermediate. On the login pag ...)
+ TODO: check
CVE-2020-8509
RESERVED
CVE-2020-8508 (nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbi ...)
@@ -1111,8 +1257,8 @@ CVE-2020-7995 (The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6
- dolibarr <removed>
CVE-2020-7994 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 ...)
- dolibarr <removed>
-CVE-2020-7993
- RESERVED
+CVE-2020-7993 (Prototype 1.6.0.1 allows remote authenticated users to forge ticket cr ...)
+ TODO: check
CVE-2020-7992
RESERVED
CVE-2020-7991 (Adive Framework 2.0.8 has admin/config CSRF to change the Administrato ...)
@@ -2321,8 +2467,7 @@ CVE-2019-20387 (repodata_schema2id in repodata.c in libsolv before 0.7.6 has a h
[buster] - libsolv <no-dsa> (Minor issue)
[stretch] - libsolv <no-dsa> (Minor issue)
NOTE: https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da (0.7.6)
-CVE-2020-7471 [Potential SQL injection via StringAgg(delimiter)]
- RESERVED
+CVE-2020-7471 (Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 al ...)
- python-django <unfixed> (bug #950581)
NOTE: https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
NOTE: https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136 (master)
@@ -7461,8 +7606,8 @@ CVE-2020-5184
RESERVED
CVE-2020-5183 (FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption ...)
NOT-FOR-US: FTPGetter Professional
-CVE-2020-5182
- RESERVED
+CVE-2020-5182 (The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reve ...)
+ TODO: check
CVE-2020-5181
RESERVED
CVE-2020-5180 (Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to se ...)
@@ -7694,8 +7839,8 @@ CVE-2019-20175 (** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide
NOTE: Marked unimportant, as negligible security impact (a privileged guest
NOTE: can trigger similar issues without triggering the specific assert) and
NOTE: is disputed by QEMU security team.
-CVE-2019-20174
- RESERVED
+CVE-2019-20174 (Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is us ...)
+ TODO: check
CVE-2019-20173
RESERVED
CVE-2019-20172 (Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not r ...)
@@ -9596,8 +9741,8 @@ CVE-2020-4226
RESERVED
CVE-2020-4225
RESERVED
-CVE-2020-4224
- RESERVED
+CVE-2020-4224 (IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive inform ...)
+ TODO: check
CVE-2020-4223
RESERVED
CVE-2020-4222
@@ -10823,12 +10968,12 @@ CVE-2020-3929
RESERVED
CVE-2020-3928
RESERVED
-CVE-2020-3927
- RESERVED
-CVE-2020-3926
- RESERVED
-CVE-2020-3925
- RESERVED
+CVE-2020-3927 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...)
+ TODO: check
+CVE-2020-3926 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...)
+ TODO: check
+CVE-2020-3925 (A Remote Code Execution(RCE) vulnerability exists in some designated a ...)
+ TODO: check
CVE-2020-3924
RESERVED
CVE-2020-3923
@@ -17505,8 +17650,8 @@ CVE-2019-19121
RESERVED
CVE-2019-19120
RESERVED
-CVE-2019-19119
- RESERVED
+CVE-2019-19119 (An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficie ...)
+ TODO: check
CVE-2019-19118 (Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model ...)
- python-django 2:2.2.8-1 (bug #946011)
[buster] - python-django <not-affected> (Vulnerable code introduced later)
@@ -21308,8 +21453,8 @@ CVE-2019-18569
RESERVED
CVE-2019-18568 (Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege esca ...)
NOT-FOR-US: Avira Free Antivirus
-CVE-2019-18567
- RESERVED
+CVE-2019-18567 (Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an o ...)
+ TODO: check
CVE-2019-18566
REJECTED
CVE-2019-18565
@@ -22199,8 +22344,8 @@ CVE-2019-18195 (An issue was discovered on TerraMaster FS-210 4.0.19 devices. No
NOT-FOR-US: TerraMaster FS-210 devices
CVE-2019-18194 (TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escal ...)
NOT-FOR-US: TotalAV
-CVE-2019-18193
- RESERVED
+CVE-2019-18193 (In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, ...)
+ TODO: check
CVE-2020-0500
RESERVED
CVE-2020-0499
@@ -26457,8 +26602,8 @@ CVE-2019-16895
REJECTED
CVE-2019-16894 (download.php in inoERP 4.15 allows SQL injection through insecure dese ...)
NOT-FOR-US: inoERP
-CVE-2019-16893
- RESERVED
+CVE-2019-16893 (The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 device ...)
+ TODO: check
CVE-2019-16892 (In Rubyzip before 1.3.0, a crafted ZIP file can bypass application che ...)
- ruby-zip 2.0.0-1 (low; bug #941222)
[buster] - ruby-zip <no-dsa> (Minor issue)
@@ -44350,29 +44495,29 @@ CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other
NOTE: https://phabricator.wikimedia.org/T221739
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
CVE-2019-11267
- RESERVED
+ REJECTED
CVE-2019-11266
- RESERVED
+ REJECTED
CVE-2019-11265
- RESERVED
+ REJECTED
CVE-2019-11264
- RESERVED
+ REJECTED
CVE-2019-11263
- RESERVED
+ REJECTED
CVE-2019-11262
- RESERVED
+ REJECTED
CVE-2019-11261
- RESERVED
+ REJECTED
CVE-2019-11260
- RESERVED
+ REJECTED
CVE-2019-11259
- RESERVED
+ REJECTED
CVE-2019-11258
- RESERVED
+ REJECTED
CVE-2019-11257
- RESERVED
+ REJECTED
CVE-2019-11256
- RESERVED
+ REJECTED
CVE-2019-11255 (Improper input validation in Kubernetes CSI sidecar containers for ext ...)
NOT-FOR-US: kubernetes-csi
CVE-2019-11254
@@ -44382,8 +44527,7 @@ CVE-2019-11253 (Improper input validation in the Kubernetes API server in versio
NOTE: https://github.com/kubernetes/kubernetes/issues/83253
CVE-2019-11252
RESERVED
-CVE-2019-11251 [kubectl cp allows for arbitrary file write via double symlinks]
- RESERVED
+CVE-2019-11251 (The Kubernetes kubectl cp command in versions 1.1-1.12, and versions p ...)
- kubernetes <not-affected> (Vulnerable code not present)
CVE-2019-11250 (The Kubernetes client-go library logs request headers at verbosity lev ...)
- kubernetes <unfixed> (bug #934801)
@@ -62461,8 +62605,8 @@ CVE-2019-4734
RESERVED
CVE-2019-4733
RESERVED
-CVE-2019-4732
- RESERVED
+CVE-2019-4732 (IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7. ...)
+ TODO: check
CVE-2019-4731
RESERVED
CVE-2019-4730
@@ -192254,8 +192398,8 @@ CVE-2016-1000106
REJECTED
CVE-2016-1000105
REJECTED
-CVE-2016-1000103
- RESERVED
+CVE-2016-1000103 (A Security Bypass vulnerability exists in Nginx 2016-07-07 in the HTTP ...)
+ TODO: check
CVE-2016-1000102
REJECTED
CVE-2016-1000027 (Pivotal Spring Framework 4.1.4 suffers from a potential remote code ex ...)
@@ -194831,7 +194975,7 @@ CVE-2016-1000108 (yaws before 2.0.4 does not attempt to address RFC 3875 section
[jessie] - yaws 1.98-4+deb8u1
[wheezy] - yaws <no-dsa> (Minor issue; can be fixed along with a future DSA)
NOTE: https://github.com/klacke/yaws/commit/9d8fb070e782c95821c90d0ca7372fc6d7316c78#diff-54053c47eb173a90c26ed19bd9d106c1
-CVE-2016-1000104 (A security Bypass vulnerability exists in mod_fcgid through 2016-07-07 ...)
+CVE-2016-1000104 (A security Bypass vulnerability exists in the FcgidPassHeader Proxy in ...)
NOTE: libapache2-mod-fcgid does not set HTTP_PROXY based on Proxy: header unless
NOTE: explicitly configured so and mitigations for Apache in CVE-2016-5387 prevent
NOTE: exploitation anyway
@@ -197719,8 +197863,8 @@ CVE-2016-4678 (An issue was discovered in certain Apple products. macOS before 1
NOT-FOR-US: Apple
CVE-2016-4677 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
NOT-FOR-US: Apple
-CVE-2016-4676
- RESERVED
+CVE-2016-4676 (A Cross-origin vulnerability exists in WebKit in Apple Safari before 1 ...)
+ TODO: check
CVE-2016-4675 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
NOT-FOR-US: Apple
CVE-2016-4674 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
@@ -215796,7 +215940,7 @@ CVE-2015-7543 (aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly creat
- kdelibs <removed>
- arts <removed>
NOTE: https://quickgit.kde.org/?p=kdelibs.git&a=blobdiff&h=8c0f6401271c495c68e340e06b09239eb755ce5e&hp=45b72f0d5c3421b571e9515497352a0a9942a075&hb=cc5515ed7ce8884c9b18169158ba29ab2f7a3db7&f=kinit%2Flnusertemp.c
-CVE-2015-7542 (An issue exists in libgwenhywfar through 4.12.0 due to the usage of ou ...)
+CVE-2015-7542 (A vulnerability exists in libgwenhywfar through 4.12.0 due to the usag ...)
{DLA-469-1}
- libgwenhywfar 4.12.0beta-3 (bug #748955; medium)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1272503
@@ -221830,7 +221974,7 @@ CVE-2015-5291 (Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM
[experimental] - polarssl 1.3.14-0.1
- polarssl <unfixed> (bug #801413)
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
-CVE-2015-5290 (ircd-ratbox 3.0.9 mishandles the MONITOR command which allows remote a ...)
+CVE-2015-5290 (A Denial of Service vulnerability exists in ircd-ratbox 3.0.9 in the M ...)
- charybdis 3.4.2-5
[jessie] - charybdis 3.4.2-5~deb8u1
[wheezy] - charybdis <no-dsa> (Minor issue)
@@ -241493,8 +241637,7 @@ CVE-2014-8333 (The VMware driver in OpenStack Compute (Nova) before 2014.1.4 all
NOTE: versions affected up to to 2014.1.3
NOTE: https://launchpad.net/bugs/1359138
NOTE: https://review.openstack.org/125492
-CVE-2014-8328
- RESERVED
+CVE-2014-8328 (The default configuration in the Dynamic Content Elements (dce) extens ...)
NOT-FOR-US: TYPO3 extension dce
CVE-2014-8327 (The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions fo ...)
NOT-FOR-US: TYPO3 extension fal_sftp
@@ -274834,12 +274977,12 @@ CVE-2013-2676
RESERVED
CVE-2013-2675
RESERVED
-CVE-2013-2674
- RESERVED
-CVE-2013-2673
- RESERVED
-CVE-2013-2672
- RESERVED
+CVE-2013-2674 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...)
+ TODO: check
+CVE-2013-2673 (Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass ...)
+ TODO: check
+CVE-2013-2672 (Brother MFC-9970CDW devices with firmware 0D allow cleartext submissio ...)
+ TODO: check
CVE-2013-2671 (Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC ...)
NOT-FOR-US: Brother printer
CVE-2013-2670 (Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW pr ...)
@@ -274890,8 +275033,8 @@ CVE-2013-2648
RESERVED
CVE-2013-2647
RESERVED
-CVE-2013-2646
- RESERVED
+CVE-2013-2646 (TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of ...)
+ TODO: check
CVE-2013-2645 (Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-L ...)
NOT-FOR-US: TP-LINK Router
CVE-2013-2644
@@ -274929,8 +275072,8 @@ CVE-2013-2632 (Google V8 before 3.17.13, as used in Google Chrome before 27.0.14
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
- libv8-3.14 <removed> (unimportant; bug #773671)
NOTE: libv8 not covered by security support
-CVE-2013-2631
- RESERVED
+CVE-2013-2631 (TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure ...)
+ TODO: check
CVE-2013-2630 (Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12 ...)
NOT-FOR-US: CA Service Desk Manager
CVE-2013-2629 (Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers ...)
@@ -274946,16 +275089,13 @@ CVE-2013-2625 (An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1
[squeeze] - otrs2 2.4.9+dfsg1-3+squeeze4
NOTE: DSA-2733-1
NOTE: http://web.archive.org/web/20130716120019/http://www.otrs.com:80/en/open-source/community-news/security-advisories/security-advisory-2013-01/
-CVE-2013-2624
- RESERVED
-CVE-2013-2623
- RESERVED
+CVE-2013-2624 (Telean before 1.3.1 contains a full path disclosure vulnerability whic ...)
+ TODO: check
+CVE-2013-2623 (Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attack ...)
NOT-FOR-US: Uebimiau Webmail
-CVE-2013-2622
- RESERVED
+CVE-2013-2622 (Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remot ...)
NOT-FOR-US: Uebimiau Webmail
-CVE-2013-2621
- RESERVED
+CVE-2013-2621 (Open Redirection Vulnerability in the redir.php script in Telaen befor ...)
NOT-FOR-US: Uebimiau Webmail
CVE-2013-2620
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dcaa946f929ed43e227934159cb8b1345659b7c4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dcaa946f929ed43e227934159cb8b1345659b7c4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200203/a5a27879/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list