[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 7 20:10:35 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5aab1a45 by security tracker role at 2020-02-07T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2020-8794
+ RESERVED
+CVE-2020-8793
+ RESERVED
+CVE-2020-8792
+ RESERVED
+CVE-2020-8791
+ RESERVED
+CVE-2020-8790
+ RESERVED
+CVE-2020-8789
+ RESERVED
+CVE-2020-8788 (Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HT ...)
+ TODO: check
+CVE-2020-8787
+ RESERVED
+CVE-2020-8786
+ RESERVED
+CVE-2020-8785
+ RESERVED
+CVE-2020-8784
+ RESERVED
+CVE-2020-8783
+ RESERVED
+CVE-2019-20450
+ RESERVED
+CVE-2019-20449
+ RESERVED
+CVE-2019-20448
+ RESERVED
CVE-2020-8782
RESERVED
CVE-2020-8781
@@ -1377,8 +1407,8 @@ CVE-2020-8128
RESERVED
CVE-2020-8127
RESERVED
-CVE-2020-8126
- RESERVED
+CVE-2020-8126 (A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CG ...)
+ TODO: check
CVE-2020-8125 (Flaw in input validation in npm package klona version 1.1.0 and earlie ...)
NOT-FOR-US: klona node module
CVE-2020-8124 (Insufficient validation and sanitization of user input exists in url-p ...)
@@ -17258,8 +17288,8 @@ CVE-2020-1770
RESERVED
CVE-2020-1769
RESERVED
-CVE-2020-1768
- RESERVED
+CVE-2020-1768 (The external frontend system uses numerous background calls to the bac ...)
+ TODO: check
CVE-2020-1767 (Agent A is able to save a draft (i.e. for customer reply). Then Agent ...)
{DLA-2079-1}
- otrs2 6.0.25-1
@@ -18572,8 +18602,8 @@ CVE-2019-18990
RESERVED
CVE-2019-18989
RESERVED
-CVE-2019-18988
- RESERVED
+CVE-2019-18988 (TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login a ...)
+ TODO: check
CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through 1.34 for ...)
NOT-FOR-US: AbuseFilter MediaWiki extension
CVE-2019-18986 (Pimcore before 6.2.2 allow attackers to brute-force (guess) valid user ...)
@@ -26156,8 +26186,8 @@ CVE-2019-17270 (Yachtcontrol through 2019-10-06: It's possible to perform direct
NOT-FOR-US: Yachtcontrol
CVE-2019-17269 (Intellian Remote Access 3.18 allows remote attackers to execute arbitr ...)
NOT-FOR-US: Intellian Remote Access
-CVE-2019-17268
- RESERVED
+CVE-2019-17268 (The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGe ...)
+ TODO: check
CVE-2019-17267 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
{DLA-2030-1}
- jackson-databind 2.10.0-1
@@ -29333,8 +29363,8 @@ CVE-2019-16157
RESERVED
CVE-2019-16156
RESERVED
-CVE-2019-16155
- RESERVED
+CVE-2019-16155 (A privilege escalation vulnerability in FortiClient for Linux 6.2.1 an ...)
+ TODO: check
CVE-2019-16154 (An improper neutralization of input during web page generation in Fort ...)
NOT-FOR-US: FortiAuthenticator WEB UI
CVE-2019-16153 (A hard-coded password vulnerability in the Fortinet FortiSIEM database ...)
@@ -30901,12 +30931,12 @@ CVE-2019-15608
RESERVED
CVE-2019-15607 (A stored XSS vulnerability is present within node-red (version: <= ...)
TODO: check
-CVE-2019-15606
- RESERVED
-CVE-2019-15605
- RESERVED
-CVE-2019-15604
- RESERVED
+CVE-2019-15606 (Including trailing white space in HTTP header values in Nodejs 10, 12, ...)
+ TODO: check
+CVE-2019-15605 (HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payl ...)
+ TODO: check
+CVE-2019-15604 (Improper Certificate Validation in Node.js 10, 12, and 13 causes the p ...)
+ TODO: check
CVE-2019-15603 (The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scriptin ...)
NOT-FOR-US: seefl
CVE-2019-15602 (The fileview package v0.1.6 has inadequate output encoding and escapin ...)
@@ -58954,7 +58984,7 @@ CVE-2019-6467 (A programming error in the nxdomain-redirect feature can cause an
- bind9 <not-affected> (Vulnerable code only present in 9.12 onwards)
NOTE: https://kb.isc.org/docs/cve-2019-6467
CVE-2019-6466
- RESERVED
+ REJECTED
CVE-2019-6465 (Controls for zone transfers may not be properly applied to Dynamically ...)
{DSA-4440-1 DLA-1697-1}
- bind9 1:9.11.5.P4+dfsg-1 (low; bug #922955)
@@ -61177,35 +61207,35 @@ CVE-2019-5666 (NVIDIA Windows GPU Display Driver contains a vulnerability in the
CVE-2019-5665 (NVIDIA Windows GPU Display driver contains a vulnerability in the 3D v ...)
NOT-FOR-US: Nvidia drivers on Windows
CVE-2019-5664
- RESERVED
+ REJECTED
CVE-2019-5663
- RESERVED
+ REJECTED
CVE-2019-5662
- RESERVED
+ REJECTED
CVE-2019-5661
- RESERVED
+ REJECTED
CVE-2019-5660
- RESERVED
+ REJECTED
CVE-2019-5659
- RESERVED
+ REJECTED
CVE-2019-5658
- RESERVED
+ REJECTED
CVE-2019-5657
- RESERVED
+ REJECTED
CVE-2019-5656
- RESERVED
+ REJECTED
CVE-2019-5655
- RESERVED
+ REJECTED
CVE-2019-5654
- RESERVED
+ REJECTED
CVE-2019-5653
- RESERVED
+ REJECTED
CVE-2019-5652
- RESERVED
+ REJECTED
CVE-2019-5651
- RESERVED
+ REJECTED
CVE-2019-5650
- RESERVED
+ REJECTED
CVE-2019-5649
RESERVED
CVE-2019-5648
@@ -114924,7 +114954,7 @@ CVE-2018-5747 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/90
CVE-2018-5746
- RESERVED
+ REJECTED
CVE-2018-5745 ("managed-keys" is a feature which allows a BIND resolver to automatica ...)
{DSA-4440-1 DLA-1697-1}
- bind9 1:9.11.5.P4+dfsg-1 (low; bug #922954)
@@ -174632,13 +174662,13 @@ CVE-2016-9909 (The serializer in html5lib before 0.99999999 might allow remote a
NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/5
CVE-2017-3149
- RESERVED
+ REJECTED
CVE-2017-3148
- RESERVED
+ REJECTED
CVE-2017-3147
- RESERVED
+ REJECTED
CVE-2017-3146
- RESERVED
+ REJECTED
CVE-2017-3145 (BIND was improperly sequencing cleanup operations on upstream recursio ...)
{DSA-4089-1 DLA-1255-1}
- bind9 1:9.11.2.P1-1
@@ -237362,8 +237392,8 @@ CVE-2014-9532
RESERVED
CVE-2014-9531
RESERVED
-CVE-2014-9530
- RESERVED
+CVE-2014-9530 (A vulnerability exists in nw.js before 0.11.3 when calling nw methods ...)
+ TODO: check
CVE-2014-9528 (SQL injection vulnerability in the actionIndex function in protected/m ...)
NOT-FOR-US: HumHub
CVE-2014-9527 (HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cau ...)
@@ -245132,8 +245162,7 @@ CVE-2014-7226 (The file comment feature in Rejetto HTTP File Server (hfs) 2.3c a
NOT-FOR-US: Rejetto HTTP File Server
CVE-2014-7225
RESERVED
-CVE-2014-7224
- RESERVED
+CVE-2014-7224 (A Code Execution vulnerability exists in Android prior to 4.4.0 relate ...)
NOT-FOR-US: Android addJavascriptInterface
CVE-2014-7223
RESERVED
@@ -247049,8 +247078,8 @@ CVE-2014-6419
RESERVED
CVE-2014-6415
RESERVED
-CVE-2014-6413
- RESERVED
+CVE-2014-6413 (A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11 ...)
+ TODO: check
CVE-2014-6412 (WordPress before 4.4 makes it easier for remote attackers to predict p ...)
- wordpress <not-affected> (Affects only Wordpress on Windows systems)
CVE-2014-6411
@@ -249135,8 +249164,8 @@ CVE-2014-5470
RESERVED
CVE-2014-5469
RESERVED
-CVE-2014-5468
- RESERVED
+CVE-2014-5468 (A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a ...)
+ TODO: check
CVE-2014-5467
RESERVED
CVE-2014-5466 (Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk We ...)
@@ -249228,7 +249257,7 @@ CVE-2014-5441 (Multiple cross-site scripting (XSS) vulnerabilities in app/views/
NOT-FOR-US: Fat Free CRM
CVE-2014-5440 (SQL injection vulnerability in Login.aspx in MPEX Business Solutions M ...)
NOT-FOR-US: MX-SmartTimer
-CVE-2014-5439 (sniffit 0.3.7 and prior: A configuration file can be leveraged to exec ...)
+CVE-2014-5439 (Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit ...)
{DLA-713-1}
- sniffit 0.3.7.beta-20 (bug #845122)
[jessie] - sniffit 0.3.7.beta-17+deb8u1
@@ -249620,8 +249649,8 @@ CVE-2014-5290
RESERVED
CVE-2014-5289 (Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execu ...)
NOT-FOR-US: Senkas Kolibri
-CVE-2014-5288
- RESERVED
+CVE-2014-5288 (A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via uns ...)
+ TODO: check
CVE-2014-5287 (A Bash script injection vulnerability exists in Kemp Load Master 7.1-1 ...)
NOT-FOR-US: Kemp Load Master
CVE-2014-5286 (The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveM ...)
@@ -249640,8 +249669,8 @@ CVE-2014-5280 (boot2docker 1.2 and earlier allows attackers to conduct cross-sit
NOT-FOR-US: boot2docker
CVE-2014-5279 (The Docker daemon managed by boot2docker 1.2 and earlier improperly en ...)
NOT-FOR-US: boot2docker
-CVE-2014-5278
- RESERVED
+CVE-2014-5278 (A vulnerability exists in Docker before 1.2 via container names, which ...)
+ TODO: check
CVE-2014-5277 (Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when ...)
- docker.io 1.3.1~dfsg1-1
NOTE: https://groups.google.com/d/topic/docker-user/oYm0i3xShJU/discussion
@@ -250196,16 +250225,16 @@ CVE-2014-5093 (Status2k does not remove the install directory allowing credentia
NOT-FOR-US: Status2k
CVE-2014-5092 (Status2k allows Remote Command Execution in admin/options/editpl.php. ...)
NOT-FOR-US: Status2k
-CVE-2014-5091
- RESERVED
+CVE-2014-5091 (A vulnerability exits in Status2K 2.5 Server Monitoring Software via t ...)
+ TODO: check
CVE-2014-5090 (admin/options/logs.php in Status2k allows remote authenticated adminis ...)
NOT-FOR-US: Status2k
CVE-2014-5089 (SQL injection vulnerability in admin/options/logs.php in Status2k allo ...)
NOT-FOR-US: Status2k
CVE-2014-5088 (Cross-site scripting (XSS) vulnerability in Status2k allows remote att ...)
NOT-FOR-US: Status2k
-CVE-2014-5087
- RESERVED
+CVE-2014-5087 (A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to ...)
+ TODO: check
CVE-2014-5086
RESERVED
CVE-2014-5085
@@ -271486,11 +271515,9 @@ CVE-2013-4337
REJECTED
CVE-2013-4336
REJECTED
-CVE-2013-4335
- RESERVED
+CVE-2013-4335 (opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML ...)
NOT-FOR-US: opOpenSocialPlugin
-CVE-2013-4334
- RESERVED
+CVE-2013-4334 (opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities ...)
NOT-FOR-US: opWebAPIPlugin
CVE-2013-4333 (OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an Ex ...)
NOT-FOR-US: OpenPNE
@@ -273383,12 +273410,12 @@ CVE-2013-3639 (Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4
NOT-FOR-US: Xaraya
CVE-2013-3638 (SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remo ...)
TODO: check
-CVE-2013-3637
- RESERVED
-CVE-2013-3636
- RESERVED
-CVE-2013-3635
- RESERVED
+CVE-2013-3637 (ProjectPier 0.8.8 does not use the Secure flag for cookies ...)
+ TODO: check
+CVE-2013-3636 (ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because ...)
+ TODO: check
+CVE-2013-3635 (ProjectPier 0.8.8 has stored XSS ...)
+ TODO: check
CVE-2013-3634 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
NOT-FOR-US: Siemens switches
CVE-2013-3633 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
@@ -273401,10 +273428,10 @@ CVE-2013-3630 (Moodle through 2.5.2 allows remote authenticated administrators t
NOTE: For Moodle: Not a securiy issue according to upstream, only applicable to administrators, see bug #775842
NOTE: https://tracker.moodle.org/browse/MDL-41449
NOTE: https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
-CVE-2013-3629
- RESERVED
-CVE-2013-3628
- RESERVED
+CVE-2013-3629 (ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution ...)
+ TODO: check
+CVE-2013-3628 (Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability ...)
+ TODO: check
CVE-2013-3627 (FrameworkService.exe in McAfee Framework Service in McAfee Managed Age ...)
NOT-FOR-US: McAfee
CVE-2013-3626 (Directory traversal vulnerability in the Session Server in Attachmate ...)
@@ -273477,8 +273504,8 @@ CVE-2013-3593 (Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1)
NOT-FOR-US: Baramundi Management Suite
CVE-2013-3592
RESERVED
-CVE-2013-3591
- RESERVED
+CVE-2013-3591 (vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execu ...)
+ TODO: check
CVE-2013-3590 (Unrestricted file upload vulnerability in admin/uploadImage.html in Se ...)
NOT-FOR-US: SearchBlox
CVE-2013-3589 (Cross-site scripting (XSS) vulnerability in the login page in the Admi ...)
@@ -274579,8 +274606,8 @@ CVE-2013-3098 (Multiple cross-site request forgery (CSRF) vulnerabilities in TRE
NOT-FOR-US: TRENDnet TEW-812DRU router
CVE-2013-3097 (Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FI ...)
NOT-FOR-US: Verizon
-CVE-2013-3096
- RESERVED
+CVE-2013-3096 (D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking ...)
+ TODO: check
CVE-2013-3095 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link D ...)
NOT-FOR-US: D-Link
CVE-2013-3094
@@ -274589,8 +274616,8 @@ CVE-2013-3093 (ASUS RT-N56U devices allow CSRF. ...)
NOT-FOR-US: ASUS RT-N56U devices
CVE-2013-3092 (The Belkin N300 (F7D7301v1) router allows remote attackers to bypass a ...)
NOT-FOR-US: Belkin router
-CVE-2013-3091
- RESERVED
+CVE-2013-3091 (An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) rout ...)
+ TODO: check
CVE-2013-3090 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 rou ...)
NOT-FOR-US: Belkin N300 router
CVE-2013-3089 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin ...)
@@ -274644,8 +274671,8 @@ CVE-2013-3069 (Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WN
NOT-FOR-US: NETGEAR devices
CVE-2013-3068 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksy ...)
NOT-FOR-US: Linksys
-CVE-2013-3067
- RESERVED
+CVE-2013-3067 (Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS. ...)
+ TODO: check
CVE-2013-3066 (Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict ...)
NOT-FOR-US: Linksys
CVE-2013-3065 (Cross-site scripting (XSS) vulnerability in the Parental Controls sect ...)
@@ -277668,11 +277695,9 @@ CVE-2013-2011 (WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-
CVE-2013-2010
RESERVED
NOT-FOR-US: W3 Total Cache
-CVE-2013-2009
- RESERVED
+CVE-2013-2009 (WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution ...)
NOT-FOR-US: WP Super Cache
-CVE-2013-2008
- RESERVED
+CVE-2013-2008 (WordPress Super Cache Plugin 1.3 has XSS. ...)
NOT-FOR-US: WP Super Cache
CVE-2013-2007 (The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when s ...)
- qemu <not-affected> (qemu guest agent introduced in 1.4, vulnerable versions were only in experimental)
@@ -280310,8 +280335,8 @@ CVE-2013-1204 (Memory leak in the SNMP process in Cisco IOS XR allows remote att
NOT-FOR-US: Cisco IOS XR
CVE-2013-1203 (Cisco ASA CX Context-Aware Security Software allows remote attackers t ...)
NOT-FOR-US: Cisco ASA
-CVE-2013-1202
- RESERVED
+CVE-2013-1202 (Cisco ACE A2(3.6) allows log retention DoS. ...)
+ TODO: check
CVE-2013-1201
RESERVED
CVE-2013-1200 (Session fixation vulnerability in Cisco Secure Access Control System ( ...)
@@ -283369,8 +283394,7 @@ CVE-2013-0194 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote a
CVE-2013-0193 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attack ...)
- piwik <itp> (bug #506933)
NOTE: http://piwik.org/blog/2013/01/piwik-1-10/
-CVE-2013-0192
- RESERVED
+CVE-2013-0192 (File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin ...)
NOT-FOR-US: Simple Machines Forum
CVE-2013-0188
REJECTED
@@ -296432,11 +296456,9 @@ CVE-2012-1569 (The asn1_get_length_der function in decoding.c in GNU Libtasn1 be
- libtasn1-3 2.12-1 (high)
CVE-2012-1568 (The ExecShield feature in a certain Red Hat patch for the Linux kernel ...)
- linux-2.6 <not-affected> (execshield issue)
-CVE-2012-1567
- RESERVED
+CVE-2012-1567 (LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities ...)
NOT-FOR-US: LinuxMint
-CVE-2012-1566
- RESERVED
+CVE-2012-1566 (LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities ...)
NOT-FOR-US: LinuxMint
CVE-2012-1565 (Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and ...)
NOT-FOR-US: eZ Publish
@@ -314414,8 +314436,7 @@ CVE-2010-4660 (Unspecified vulnerability in statusnet through 2010 due to the wa
- statusnet <itp> (bug #491723)
CVE-2010-4659 (Cross-site scripting (XSS) vulnerability in statusnet through 2010 in ...)
- statusnet <itp> (bug #491723)
-CVE-2010-4658
- RESERVED
+CVE-2010-4658 (statusnet through 2010 allows attackers to spoof syslog messages via n ...)
- statusnet <itp> (bug #491723)
CVE-2010-4657 (PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlText ...)
- php5 5.4.4-1 (low)
@@ -349119,7 +349140,7 @@ CVE-2008-3796 (Swfdec 0.6 before 0.6.8 allows remote attackers to cause a denial
CVE-2008-3795 (Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP serve ...)
NOT-FOR-US: WS_FTP Home
CVE-2008-3793
- RESERVED
+ REJECTED
NOT-FOR-US: Adobe Flash Player
CVE-2008-3792 (net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) i ...)
{DSA-1636-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5aab1a4548543066d21ac434869334bab68f9dd3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5aab1a4548543066d21ac434869334bab68f9dd3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200207/5968b71f/attachment.html>
More information about the debian-security-tracker-commits
mailing list