[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Feb 14 08:10:21 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1b4c746c by security tracker role at 2020-02-14T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2020-8994
+	RESERVED
+CVE-2020-8993
+	RESERVED
+CVE-2020-8992 (ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux k ...)
+	TODO: check
+CVE-2020-8991 (vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages me ...)
+	TODO: check
+CVE-2020-8990
+	RESERVED
+CVE-2020-8989 (In the Voatz application 2020-01-01 for Android, the amount of data tr ...)
+	TODO: check
+CVE-2020-8988 (The Voatz application 2020-01-01 for Android allows only 100 million d ...)
+	TODO: check
+CVE-2020-8987
+	RESERVED
 CVE-2020-8986
 	RESERVED
 CVE-2020-8985
@@ -264,36 +280,36 @@ CVE-2020-8860
 	RESERVED
 CVE-2020-8859
 	RESERVED
-CVE-2020-8858
-	RESERVED
-CVE-2020-8857
-	RESERVED
-CVE-2020-8856
-	RESERVED
-CVE-2020-8855
-	RESERVED
-CVE-2020-8854
-	RESERVED
-CVE-2020-8853
-	RESERVED
-CVE-2020-8852
-	RESERVED
-CVE-2020-8851
-	RESERVED
-CVE-2020-8850
-	RESERVED
-CVE-2020-8849
-	RESERVED
-CVE-2020-8848
-	RESERVED
-CVE-2020-8847
-	RESERVED
-CVE-2020-8846
-	RESERVED
-CVE-2020-8845
-	RESERVED
-CVE-2020-8844
-	RESERVED
+CVE-2020-8858 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-8857 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-8856 (This vulnerability allows remote atackers to execute arbitrary code on ...)
+	TODO: check
+CVE-2020-8855 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-8854 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-8853 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-8852 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2020-8851 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-8850 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-8849 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-8848 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-8847 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-8846 (This vulnerability allows remote atackers to execute arbitrary code on ...)
+	TODO: check
+CVE-2020-8845 (This vulnerability allows remote atackers to execute arbitrary code on ...)
+	TODO: check
+CVE-2020-8844 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2020-8843
 	RESERVED
 CVE-2020-8842
@@ -17962,6 +17978,7 @@ CVE-2020-1721
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1777579
 CVE-2020-1720
 	RESERVED
+	{DSA-4623-1 DSA-4622-1}
 	- postgresql-12 12.2-1
 	- postgresql-11 <unfixed>
 	- postgresql-9.6 <removed>
@@ -65405,8 +65422,8 @@ CVE-2019-4000
 	RESERVED
 CVE-2019-3999
 	RESERVED
-CVE-2019-3998
-	RESERVED
+CVE-2019-3998 (Authentication bypass using an alternate path or channel in SimpliSafe ...)
+	TODO: check
 CVE-2019-3997 (Authentication bypass using an alternate path or channel in SimpliSafe ...)
 	NOT-FOR-US: SimpliSafe SS3 firmware
 CVE-2019-3996 (ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy  ...)
@@ -219805,8 +219822,8 @@ CVE-2015-6591 (Directory traversal vulnerability in application/templates/amelia
 	NOT-FOR-US: Free Reprintables ArticleFR
 CVE-2015-6590
 	RESERVED
-CVE-2015-6589
-	RESERVED
+CVE-2015-6589 (Directory traversal vulnerability in Kaseya Virtual System Administrat ...)
+	TODO: check
 CVE-2015-6588 (Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Rev ...)
 	NOT-FOR-US: MODX Revolution
 CVE-2015-6587 (The vlserver in OpenAFS before 1.6.13 allows remote authenticated user ...)
@@ -228879,8 +228896,7 @@ CVE-2015-3329 (Multiple stack-based buffer overflows in the phar_set_inode funct
 	NOTE: Fixed in 5.6.8 and 5.4.40
 CVE-2015-3315 (Automatic Bug Reporting Tool (ABRT) allows local users to read, change ...)
 	NOT-FOR-US: abrt is Red Hat / Fedora specific
-CVE-2015-3309 [incomplete fix for CVE-2015-3297]
-	RESERVED
+CVE-2015-3309 (Directory traversal vulnerability in node/utils/Minify.js in Etherpad  ...)
 	- etherpad-lite <itp> (bug #576998)
 CVE-2015-3308 (Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3. ...)
 	[experimental] - gnutls28 3.3.14-1
@@ -255824,8 +255840,8 @@ CVE-2014-3211 (Publify before 8.0.1 is vulnerable to a Denial of Service attack
 	NOT-FOR-US: Publify
 CVE-2014-3210 (SQL injection vulnerability in dopbs-backend-forms.php in the Booking  ...)
 	NOT-FOR-US: WordPress plugin Booking System
-CVE-2014-3208
-	RESERVED
+CVE-2014-3208 (A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (ps ...)
+	TODO: check
 CVE-2014-3206 (Seagate BlackArmor NAS allows remote attackers to execute arbitrary co ...)
 	NOT-FOR-US: Seagate
 CVE-2014-3205 (backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a h ...)
@@ -260259,8 +260275,8 @@ CVE-2014-1619 (Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2,
 	NOT-FOR-US: Cubic CMS
 CVE-2014-1618 (Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script a ...)
 	NOT-FOR-US: UAEPD Shopping Cart Script
-CVE-2014-1617
-	RESERVED
+CVE-2014-1617 (Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Over ...)
+	TODO: check
 CVE-2014-1616
 	RESERVED
 CVE-2014-1615 (Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon B ...)
@@ -261673,8 +261689,8 @@ CVE-2013-7290 (The do_item_get function in items.c in memcached 1.4.4 and other
 	NOTE: actual patch should be adjusted in case there is a further memcached upload accoring to upstream commit
 CVE-2013-7289 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
 	NOT-FOR-US: Andy's PHP Knowledgebase (Aphpkb)
-CVE-2013-7287
-	RESERVED
+CVE-2013-7287 (MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encrypti ...)
+	TODO: check
 CVE-2013-7286 (MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfu ...)
 	TODO: check
 CVE-2013-7283 (Race condition in the libreswan.spec files for Red Hat Enterprise Linu ...)
@@ -263080,8 +263096,8 @@ CVE-2013-7175 (Multiple SQL injection vulnerabilities in Avanset Visual CertExam
 	NOT-FOR-US: Avanset Visual CertExam Manager
 CVE-2013-7174 (Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS be ...)
 	NOT-FOR-US: QNAP QTS
-CVE-2013-7173
-	RESERVED
+CVE-2013-7173 (Belkin n750 routers have a buffer overflow. ...)
+	TODO: check
 CVE-2013-7172 (Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permission ...)
 	- libiodbc2 <not-affected> (RPATH issue slackware specific)
 CVE-2013-7171 (Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, ...)
@@ -263594,8 +263610,8 @@ CVE-2013-7100 (Buffer overflow in the unpacksms16 function in apps/app_sms.c in
 	- asterisk 1:11.7.0~dfsg-1 (bug #732355)
 CVE-2013-7099
 	RESERVED
-CVE-2013-7098
-	RESERVED
+CVE-2013-7098 (OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflo ...)
+	TODO: check
 CVE-2013-7097 (Directory traversal vulnerability in 7 Media Web Solutions eduTrac bef ...)
 	NOT-FOR-US: eduTrac
 CVE-2013-7096 (Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote ...)
@@ -264212,8 +264228,8 @@ CVE-2013-6929 (SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier
 	NOT-FOR-US: Cybozu Garoon
 CVE-2013-6928
 	RESERVED
-CVE-2013-6927
-	RESERVED
+CVE-2013-6927 (Internet TRiLOGI Server (unknown versions) could allow a local user to ...)
+	TODO: check
 CVE-2013-6926 (The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 all ...)
 	NOT-FOR-US: Siemens
 CVE-2013-6925 (The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 all ...)
@@ -266892,12 +266908,12 @@ CVE-2013-6367 (The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM su
 	[wheezy] - linux 3.2.54-1
 CVE-2013-6363
 	RESERVED
-CVE-2013-6362
-	RESERVED
+CVE-2013-6362 (Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and s ...)
+	TODO: check
 CVE-2013-6361
 	RESERVED
-CVE-2013-6360
-	RESERVED
+CVE-2013-6360 (TRENDnet TS-S402 has a backdoor to enable TELNET. ...)
+	TODO: check
 CVE-2013-6359 (Munin::Master::Node in Munin before 2.0.18 allows remote attackers to  ...)
 	{DSA-2815-1 DLA-20-1}
 	- munin 2.0.18-1
@@ -267098,8 +267114,8 @@ CVE-2013-6279
 	RESERVED
 CVE-2013-6278
 	RESERVED
-CVE-2013-6277
-	RESERVED
+CVE-2013-6277 (QNAP VioCard 300 has hardcoded RSA private keys. ...)
+	TODO: check
 CVE-2013-6276
 	RESERVED
 CVE-2013-6274
@@ -268482,8 +268498,8 @@ CVE-2013-5691 (The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in
 	[wheezy] - kfreebsd-8 8.3-6+deb7u1
 CVE-2013-5690 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Ap ...)
 	NOT-FOR-US: Open-Xchange
-CVE-2013-5687
-	RESERVED
+CVE-2013-5687 (RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean ...)
+	TODO: check
 CVE-2013-5686
 	RESERVED
 CVE-2013-5685
@@ -269672,8 +269688,7 @@ CVE-2013-5214
 	RESERVED
 CVE-2013-5213
 	RESERVED
-CVE-2013-5212
-	RESERVED
+CVE-2013-5212 (Cross-site Scripting (XSS) in EasyXDM before 2.4.18 allows remote atta ...)
 	NOT-FOR-US: easyXDM
 CVE-2013-5211 (The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 al ...)
 	- ntp 1:4.2.8p3+dfsg-1 (low; bug #733940)
@@ -270606,10 +270621,10 @@ CVE-2013-4793 (The update function in umbraco.webservices/templates/templateServ
 	NOT-FOR-US: Umbraco
 CVE-2011-5266 (Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2 ...)
 	NOT-FOR-US: Imperva SecureSphere Web Application Firewall (WAF)
-CVE-2013-4792
-	RESERVED
-CVE-2013-4791
-	RESERVED
+CVE-2013-4792 (PrestaShop before 1.4.11 allows logout CSRF. ...)
+	TODO: check
+CVE-2013-4791 (PrestaShop before 1.4.11 allows Logistician, translators and other low ...)
+	TODO: check
 CVE-2013-4790 (Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 be ...)
 	NOT-FOR-US: Open-Xchange
 CVE-2013-4789 (SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0 ...)
@@ -279675,8 +279690,8 @@ CVE-2013-1635 (ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does
 	- php5 5.4.4-14 (unimportant; bug #702221)
 	NOTE: open_basedir not supported
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=702b436ef470cc02f8e2cc21f2fadeee42103c74
-CVE-2013-1634
-	RESERVED
+CVE-2013-1634 (A denial of service vulnerability exists in some motherboard implement ...)
+	TODO: check
 CVE-2013-1633 (easy_install in setuptools before 0.7 uses HTTP to retrieve packages f ...)
 	- distribute <unfixed> (unimportant)
 	NOTE: Lack of a security feature, not a vulnerability
@@ -280466,10 +280481,10 @@ CVE-2013-1403
 	RESERVED
 CVE-2013-1402 (DigiLIBE 3.4 and possibly other versions sends a redirect but does not ...)
 	NOT-FOR-US: DigiLIBE
-CVE-2013-1401
-	RESERVED
-CVE-2013-1400
-	RESERVED
+CVE-2013-1401 (Multiple security bypass vulnerabilities in the editAnswer, deleteAnsw ...)
+	TODO: check
+CVE-2013-1400 (Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll ...)
+	TODO: check
 CVE-2009-5134 (Buffer overflow in the "create torrent dialog" functionality in uTorre ...)
 	NOT-FOR-US: uTorrent
 CVE-2013-0243 (haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnera ...)
@@ -283616,7 +283631,7 @@ CVE-2013-0296 (Race condition in pigz before 2.2.5 uses permissions derived from
 	- pigz 2.2.4-2 (low; bug #700608)
 	[squeeze] - pigz 2.1.6-1+squeeze1
 CVE-2013-0295
-	RESERVED
+	REJECTED
 CVE-2013-0294 (packet.py in pyrad before 2.1 uses weak random numbers to generate RAD ...)
 	- pyrad 2.0-2 (low; bug #700669)
 	[wheezy] - pyrad 1.2-1+deb7u2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b4c746c44a6767d1f77d66472f6945c86d00764

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b4c746c44a6767d1f77d66472f6945c86d00764
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200214/121975bc/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list