[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 14 08:10:21 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1b4c746c by security tracker role at 2020-02-14T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2020-8994
+ RESERVED
+CVE-2020-8993
+ RESERVED
+CVE-2020-8992 (ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux k ...)
+ TODO: check
+CVE-2020-8991 (vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages me ...)
+ TODO: check
+CVE-2020-8990
+ RESERVED
+CVE-2020-8989 (In the Voatz application 2020-01-01 for Android, the amount of data tr ...)
+ TODO: check
+CVE-2020-8988 (The Voatz application 2020-01-01 for Android allows only 100 million d ...)
+ TODO: check
+CVE-2020-8987
+ RESERVED
CVE-2020-8986
RESERVED
CVE-2020-8985
@@ -264,36 +280,36 @@ CVE-2020-8860
RESERVED
CVE-2020-8859
RESERVED
-CVE-2020-8858
- RESERVED
-CVE-2020-8857
- RESERVED
-CVE-2020-8856
- RESERVED
-CVE-2020-8855
- RESERVED
-CVE-2020-8854
- RESERVED
-CVE-2020-8853
- RESERVED
-CVE-2020-8852
- RESERVED
-CVE-2020-8851
- RESERVED
-CVE-2020-8850
- RESERVED
-CVE-2020-8849
- RESERVED
-CVE-2020-8848
- RESERVED
-CVE-2020-8847
- RESERVED
-CVE-2020-8846
- RESERVED
-CVE-2020-8845
- RESERVED
-CVE-2020-8844
- RESERVED
+CVE-2020-8858 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-8857 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-8856 (This vulnerability allows remote atackers to execute arbitrary code on ...)
+ TODO: check
+CVE-2020-8855 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-8854 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-8853 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-8852 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2020-8851 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-8850 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-8849 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-8848 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-8847 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-8846 (This vulnerability allows remote atackers to execute arbitrary code on ...)
+ TODO: check
+CVE-2020-8845 (This vulnerability allows remote atackers to execute arbitrary code on ...)
+ TODO: check
+CVE-2020-8844 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
CVE-2020-8843
RESERVED
CVE-2020-8842
@@ -17962,6 +17978,7 @@ CVE-2020-1721
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1777579
CVE-2020-1720
RESERVED
+ {DSA-4623-1 DSA-4622-1}
- postgresql-12 12.2-1
- postgresql-11 <unfixed>
- postgresql-9.6 <removed>
@@ -65405,8 +65422,8 @@ CVE-2019-4000
RESERVED
CVE-2019-3999
RESERVED
-CVE-2019-3998
- RESERVED
+CVE-2019-3998 (Authentication bypass using an alternate path or channel in SimpliSafe ...)
+ TODO: check
CVE-2019-3997 (Authentication bypass using an alternate path or channel in SimpliSafe ...)
NOT-FOR-US: SimpliSafe SS3 firmware
CVE-2019-3996 (ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy ...)
@@ -219805,8 +219822,8 @@ CVE-2015-6591 (Directory traversal vulnerability in application/templates/amelia
NOT-FOR-US: Free Reprintables ArticleFR
CVE-2015-6590
RESERVED
-CVE-2015-6589
- RESERVED
+CVE-2015-6589 (Directory traversal vulnerability in Kaseya Virtual System Administrat ...)
+ TODO: check
CVE-2015-6588 (Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Rev ...)
NOT-FOR-US: MODX Revolution
CVE-2015-6587 (The vlserver in OpenAFS before 1.6.13 allows remote authenticated user ...)
@@ -228879,8 +228896,7 @@ CVE-2015-3329 (Multiple stack-based buffer overflows in the phar_set_inode funct
NOTE: Fixed in 5.6.8 and 5.4.40
CVE-2015-3315 (Automatic Bug Reporting Tool (ABRT) allows local users to read, change ...)
NOT-FOR-US: abrt is Red Hat / Fedora specific
-CVE-2015-3309 [incomplete fix for CVE-2015-3297]
- RESERVED
+CVE-2015-3309 (Directory traversal vulnerability in node/utils/Minify.js in Etherpad ...)
- etherpad-lite <itp> (bug #576998)
CVE-2015-3308 (Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3. ...)
[experimental] - gnutls28 3.3.14-1
@@ -255824,8 +255840,8 @@ CVE-2014-3211 (Publify before 8.0.1 is vulnerable to a Denial of Service attack
NOT-FOR-US: Publify
CVE-2014-3210 (SQL injection vulnerability in dopbs-backend-forms.php in the Booking ...)
NOT-FOR-US: WordPress plugin Booking System
-CVE-2014-3208
- RESERVED
+CVE-2014-3208 (A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (ps ...)
+ TODO: check
CVE-2014-3206 (Seagate BlackArmor NAS allows remote attackers to execute arbitrary co ...)
NOT-FOR-US: Seagate
CVE-2014-3205 (backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a h ...)
@@ -260259,8 +260275,8 @@ CVE-2014-1619 (Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2,
NOT-FOR-US: Cubic CMS
CVE-2014-1618 (Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script a ...)
NOT-FOR-US: UAEPD Shopping Cart Script
-CVE-2014-1617
- RESERVED
+CVE-2014-1617 (Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Over ...)
+ TODO: check
CVE-2014-1616
RESERVED
CVE-2014-1615 (Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon B ...)
@@ -261673,8 +261689,8 @@ CVE-2013-7290 (The do_item_get function in items.c in memcached 1.4.4 and other
NOTE: actual patch should be adjusted in case there is a further memcached upload accoring to upstream commit
CVE-2013-7289 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
NOT-FOR-US: Andy's PHP Knowledgebase (Aphpkb)
-CVE-2013-7287
- RESERVED
+CVE-2013-7287 (MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encrypti ...)
+ TODO: check
CVE-2013-7286 (MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfu ...)
TODO: check
CVE-2013-7283 (Race condition in the libreswan.spec files for Red Hat Enterprise Linu ...)
@@ -263080,8 +263096,8 @@ CVE-2013-7175 (Multiple SQL injection vulnerabilities in Avanset Visual CertExam
NOT-FOR-US: Avanset Visual CertExam Manager
CVE-2013-7174 (Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS be ...)
NOT-FOR-US: QNAP QTS
-CVE-2013-7173
- RESERVED
+CVE-2013-7173 (Belkin n750 routers have a buffer overflow. ...)
+ TODO: check
CVE-2013-7172 (Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permission ...)
- libiodbc2 <not-affected> (RPATH issue slackware specific)
CVE-2013-7171 (Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, ...)
@@ -263594,8 +263610,8 @@ CVE-2013-7100 (Buffer overflow in the unpacksms16 function in apps/app_sms.c in
- asterisk 1:11.7.0~dfsg-1 (bug #732355)
CVE-2013-7099
RESERVED
-CVE-2013-7098
- RESERVED
+CVE-2013-7098 (OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflo ...)
+ TODO: check
CVE-2013-7097 (Directory traversal vulnerability in 7 Media Web Solutions eduTrac bef ...)
NOT-FOR-US: eduTrac
CVE-2013-7096 (Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote ...)
@@ -264212,8 +264228,8 @@ CVE-2013-6929 (SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier
NOT-FOR-US: Cybozu Garoon
CVE-2013-6928
RESERVED
-CVE-2013-6927
- RESERVED
+CVE-2013-6927 (Internet TRiLOGI Server (unknown versions) could allow a local user to ...)
+ TODO: check
CVE-2013-6926 (The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 all ...)
NOT-FOR-US: Siemens
CVE-2013-6925 (The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 all ...)
@@ -266892,12 +266908,12 @@ CVE-2013-6367 (The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM su
[wheezy] - linux 3.2.54-1
CVE-2013-6363
RESERVED
-CVE-2013-6362
- RESERVED
+CVE-2013-6362 (Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and s ...)
+ TODO: check
CVE-2013-6361
RESERVED
-CVE-2013-6360
- RESERVED
+CVE-2013-6360 (TRENDnet TS-S402 has a backdoor to enable TELNET. ...)
+ TODO: check
CVE-2013-6359 (Munin::Master::Node in Munin before 2.0.18 allows remote attackers to ...)
{DSA-2815-1 DLA-20-1}
- munin 2.0.18-1
@@ -267098,8 +267114,8 @@ CVE-2013-6279
RESERVED
CVE-2013-6278
RESERVED
-CVE-2013-6277
- RESERVED
+CVE-2013-6277 (QNAP VioCard 300 has hardcoded RSA private keys. ...)
+ TODO: check
CVE-2013-6276
RESERVED
CVE-2013-6274
@@ -268482,8 +268498,8 @@ CVE-2013-5691 (The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in
[wheezy] - kfreebsd-8 8.3-6+deb7u1
CVE-2013-5690 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Ap ...)
NOT-FOR-US: Open-Xchange
-CVE-2013-5687
- RESERVED
+CVE-2013-5687 (RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean ...)
+ TODO: check
CVE-2013-5686
RESERVED
CVE-2013-5685
@@ -269672,8 +269688,7 @@ CVE-2013-5214
RESERVED
CVE-2013-5213
RESERVED
-CVE-2013-5212
- RESERVED
+CVE-2013-5212 (Cross-site Scripting (XSS) in EasyXDM before 2.4.18 allows remote atta ...)
NOT-FOR-US: easyXDM
CVE-2013-5211 (The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 al ...)
- ntp 1:4.2.8p3+dfsg-1 (low; bug #733940)
@@ -270606,10 +270621,10 @@ CVE-2013-4793 (The update function in umbraco.webservices/templates/templateServ
NOT-FOR-US: Umbraco
CVE-2011-5266 (Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2 ...)
NOT-FOR-US: Imperva SecureSphere Web Application Firewall (WAF)
-CVE-2013-4792
- RESERVED
-CVE-2013-4791
- RESERVED
+CVE-2013-4792 (PrestaShop before 1.4.11 allows logout CSRF. ...)
+ TODO: check
+CVE-2013-4791 (PrestaShop before 1.4.11 allows Logistician, translators and other low ...)
+ TODO: check
CVE-2013-4790 (Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 be ...)
NOT-FOR-US: Open-Xchange
CVE-2013-4789 (SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0 ...)
@@ -279675,8 +279690,8 @@ CVE-2013-1635 (ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does
- php5 5.4.4-14 (unimportant; bug #702221)
NOTE: open_basedir not supported
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=702b436ef470cc02f8e2cc21f2fadeee42103c74
-CVE-2013-1634
- RESERVED
+CVE-2013-1634 (A denial of service vulnerability exists in some motherboard implement ...)
+ TODO: check
CVE-2013-1633 (easy_install in setuptools before 0.7 uses HTTP to retrieve packages f ...)
- distribute <unfixed> (unimportant)
NOTE: Lack of a security feature, not a vulnerability
@@ -280466,10 +280481,10 @@ CVE-2013-1403
RESERVED
CVE-2013-1402 (DigiLIBE 3.4 and possibly other versions sends a redirect but does not ...)
NOT-FOR-US: DigiLIBE
-CVE-2013-1401
- RESERVED
-CVE-2013-1400
- RESERVED
+CVE-2013-1401 (Multiple security bypass vulnerabilities in the editAnswer, deleteAnsw ...)
+ TODO: check
+CVE-2013-1400 (Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll ...)
+ TODO: check
CVE-2009-5134 (Buffer overflow in the "create torrent dialog" functionality in uTorre ...)
NOT-FOR-US: uTorrent
CVE-2013-0243 (haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnera ...)
@@ -283616,7 +283631,7 @@ CVE-2013-0296 (Race condition in pigz before 2.2.5 uses permissions derived from
- pigz 2.2.4-2 (low; bug #700608)
[squeeze] - pigz 2.1.6-1+squeeze1
CVE-2013-0295
- RESERVED
+ REJECTED
CVE-2013-0294 (packet.py in pyrad before 2.1 uses weak random numbers to generate RAD ...)
- pyrad 2.0-2 (low; bug #700669)
[wheezy] - pyrad 1.2-1+deb7u2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b4c746c44a6767d1f77d66472f6945c86d00764
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b4c746c44a6767d1f77d66472f6945c86d00764
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200214/121975bc/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list