[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Feb 17 20:10:25 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0c77d29f by security tracker role at 2020-02-17T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows disclosure of t ...)
+ TODO: check
+CVE-2020-9042
+ RESERVED
+CVE-2020-9041
+ RESERVED
+CVE-2020-9040
+ RESERVED
+CVE-2020-9039
+ RESERVED
+CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...)
+ TODO: check
+CVE-2020-9037
+ RESERVED
+CVE-2020-9036
+ RESERVED
+CVE-2020-9035
+ RESERVED
+CVE-2019-20474 (An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.4 ...)
+ TODO: check
+CVE-2016-11019
+ RESERVED
CVE-2020-XXXX [privilege escalation vulnerablility]
- network-manager-ssh 1.2.11-1
NOTE: https://github.com/danfruehauf/NetworkManager-ssh/pull/98
@@ -93,10 +115,10 @@ CVE-2019-20457
RESERVED
CVE-2020-9007 (Codoforum 4.8.8 allows self-XSS via the title of a new topic. ...)
NOT-FOR-US: Codoforum
-CVE-2020-9006
- RESERVED
-CVE-2020-9005
- RESERVED
+CVE-2020-9006 (The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulner ...)
+ TODO: check
+CVE-2020-9005 (meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attack ...)
+ TODO: check
CVE-2020-9004
RESERVED
CVE-2020-9003
@@ -564,8 +586,7 @@ CVE-2020-8797
RESERVED
CVE-2020-8796 (Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before ...)
NOT-FOR-US: Biscom Secure File Transfer (SFT)
-CVE-2020-8795
- RESERVED
+CVE-2020-8795 (In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a gro ...)
- gitlab <not-affected> (Only affects EE version)
NOTE: https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/
CVE-2020-8794
@@ -1154,8 +1175,8 @@ CVE-2020-8520
RESERVED
CVE-2020-8519
RESERVED
-CVE-2020-8518
- RESERVED
+CVE-2020-8518 (Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary P ...)
+ TODO: check
CVE-2020-8517 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...)
- squid 4.10-1 (unimportant)
- squid3 <removed> (unimportant)
@@ -1387,8 +1408,8 @@ CVE-2020-8430
RESERVED
CVE-2020-8429 (The Admin web application in Kinetica 7.0.9.2.20191118151947 does not ...)
TODO: check
-CVE-2020-8427
- RESERVED
+CVE-2020-8427 (Kaseya Traverse before 9.5.20 allows OS command injection attacks agai ...)
+ TODO: check
CVE-2020-8426 (The Elementor plugin before 2.8.5 for WordPress suffers from a reflect ...)
NOT-FOR-US: Elementor plugin for WordPress
CVE-2020-8425 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that le ...)
@@ -3244,8 +3265,8 @@ CVE-2020-7599
RESERVED
CVE-2020-7598
RESERVED
-CVE-2020-7597
- RESERVED
+CVE-2020-7597 (codecov-node npm module before 3.6.5 allows remote attackers to execut ...)
+ TODO: check
CVE-2020-7596 (Codecov npm module before 3.6.2 allows remote attackers to execute arb ...)
NOT-FOR-US: Codecov npm module
CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...)
@@ -4870,8 +4891,8 @@ CVE-2020-6851 (OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1
[stretch] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1228
NOTE: https://github.com/uclouvain/openjpeg/commit/024b8407392cb0b82b04b58ed256094ed5799e04
-CVE-2020-6850
- RESERVED
+CVE-2020-6850 (Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4 ...)
+ TODO: check
CVE-2020-6849 (The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allo ...)
NOT-FOR-US: marketo-forms-and-tracking plugin for WordPress
CVE-2020-6848 (Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Na ...)
@@ -4997,7 +5018,7 @@ CVE-2020-6801
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6801
CVE-2020-6800
RESERVED
- {DSA-4625-1 DSA-4620-1 DLA-2102-1}
+ {DSA-4625-1 DSA-4620-1 DLA-2104-1 DLA-2102-1}
- firefox 73.0-1
- firefox-esr 68.5.0esr-1
- thunderbird 1:68.5.0-1
@@ -5012,7 +5033,7 @@ CVE-2020-6799
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6799
CVE-2020-6798
RESERVED
- {DSA-4625-1 DSA-4620-1 DLA-2102-1}
+ {DSA-4625-1 DSA-4620-1 DLA-2104-1 DLA-2102-1}
- firefox 73.0-1
- firefox-esr 68.5.0esr-1
- thunderbird 1:68.5.0-1
@@ -5036,22 +5057,22 @@ CVE-2020-6796
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6796
CVE-2020-6795
RESERVED
- {DSA-4625-1}
+ {DSA-4625-1 DLA-2104-1}
- thunderbird 1:68.5.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6795
CVE-2020-6794
RESERVED
- {DSA-4625-1}
+ {DSA-4625-1 DLA-2104-1}
- thunderbird 1:68.5.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6794
CVE-2020-6793
RESERVED
- {DSA-4625-1}
+ {DSA-4625-1 DLA-2104-1}
- thunderbird 1:68.5.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6793
CVE-2020-6792
RESERVED
- {DSA-4625-1}
+ {DSA-4625-1 DLA-2104-1}
- thunderbird 1:68.5.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6792
CVE-2020-6791
@@ -18151,7 +18172,7 @@ CVE-2020-1721
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1777579
CVE-2020-1720
RESERVED
- {DSA-4623-1 DSA-4622-1}
+ {DSA-4623-1 DSA-4622-1 DLA-2105-1}
- postgresql-12 12.2-1
- postgresql-11 <unfixed>
- postgresql-9.6 <removed>
@@ -18210,8 +18231,7 @@ CVE-2020-1706
CVE-2020-1705
RESERVED
NOT-FOR-US: openshift
-CVE-2020-1704
- RESERVED
+CVE-2020-1704 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
CVE-2020-1703
RESERVED
@@ -18252,8 +18272,7 @@ CVE-2020-1694
CVE-2020-1693
RESERVED
NOT-FOR-US: NOT-FOR-US: Red Hat Satellite / Spacewalk
-CVE-2020-1692
- RESERVED
+CVE-2020-1692 (Moodle before version 3.7.2 is vulnerable to information exposure of s ...)
- moodle <removed>
CVE-2020-1691
RESERVED
@@ -19314,8 +19333,8 @@ CVE-2019-19000
RESERVED
CVE-2019-18999
RESERVED
-CVE-2019-18998
- RESERVED
+CVE-2019-18998 (Insufficient access control in the web interface of ABB Asset Suite ve ...)
+ TODO: check
CVE-2019-18997 (The HMISimulator component of ABB PB610 Panel Builder 600 uses the rea ...)
NOT-FOR-US: ABB PB610 Panel Builder
CVE-2019-18996 (Path settings in HMIStudio component of ABB PB610 Panel Builder 600 ve ...)
@@ -41257,8 +41276,8 @@ CVE-2019-12956
RESERVED
CVE-2019-12955
RESERVED
-CVE-2019-12954
- RESERVED
+CVE-2019-12954 (SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, ...)
+ TODO: check
CVE-2019-12953
RESERVED
CVE-2019-12952
@@ -41589,8 +41608,8 @@ CVE-2019-12827 (Buffer overflow in res_pjsip_messaging in Digium Asterisk versio
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28447
CVE-2019-12826 (A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php ...)
NOT-FOR-US: 2by2host Widget Logic plugin for WordPress
-CVE-2019-12825
- RESERVED
+CVE-2019-12825 (Unauthorized Access to the Container Registry of other groups was disc ...)
+ TODO: check
CVE-2019-12824
RESERVED
CVE-2019-12823 (Craft CMS 3.1.30 has XSS. ...)
@@ -219008,8 +219027,8 @@ CVE-2015-6924
RESERVED
CVE-2015-6923 (The ndvbs module in VBox Communications Satellite Express Protocol 2.3 ...)
NOT-FOR-US: VBox Communications Satellite Express Protocol
-CVE-2015-6922
- RESERVED
+CVE-2015-6922 (Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x bef ...)
+ TODO: check
CVE-2015-6921 (Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab m ...)
NOT-FOR-US: Zendesk Feedback Tab for Drupal
CVE-2015-6920 (Cross-site scripting (XSS) vulnerability in js/window.php in the sourc ...)
@@ -223772,11 +223791,9 @@ CVE-2015-5218 (Buffer overflow in text-utils/colcrt.c in colcrt in util-linux be
NOTE: https://www.spinics.net/lists/util-linux-ng/msg11873.html
CVE-2015-5217 (providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsi ...)
- ipsilon <itp> (bug #826838)
-CVE-2015-5216
- RESERVED
+CVE-2015-5216 (The Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does ...)
- ipsilon <itp> (bug #826838)
-CVE-2015-5215
- RESERVED
+CVE-2015-5215 (** DISPUTED ** The default configuration of the Jinja templating engin ...)
- ipsilon <itp> (bug #826838)
CVE-2015-5214 (LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice be ...)
{DSA-3394-1}
@@ -225187,8 +225204,7 @@ CVE-2015-4716 (Directory traversal vulnerability in the routing component in own
- owncloud 7.0.6+dfsg-1 (unimportant)
NOTE: Specific to installations on Windows
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-006
-CVE-2015-4715 [Mounted Dropbox storage allows "Dropbox.com" to access any file]
- RESERVED
+CVE-2015-4715 (The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownClo ...)
- php-dropbox 1.0.0-4 (unimportant)
[jessie] - php-dropbox 1.0.0-3+deb8u1
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-005
@@ -235216,7 +235232,7 @@ CVE-2015-1389 (Cross-site scripting (XSS) vulnerability in Aruba Networks ClearP
CVE-2015-1388 (The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6 ...)
NOT-FOR-US: ArubaOS
CVE-2015-1387
- RESERVED
+ REJECTED
CVE-2015-1385 (Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Pod ...)
NOT-FOR-US: WordPress plugin powerpress
CVE-2015-1384 (Cross-site scripting (XSS) vulnerability in the Banner Effect Header p ...)
@@ -239290,7 +239306,7 @@ CVE-2014-9406 (ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59
CVE-2014-9405 (A Cross-Site Scripting (XSS) vulnerability exists in the description f ...)
NOT-FOR-US: Freebox OS
CVE-2014-9404
- RESERVED
+ REJECTED
CVE-2014-9401 (Cross-site request forgery (CSRF) vulnerability in the WP Limit Posts ...)
NOT-FOR-US: WP Limit Posts Automatically plugin for WordPress
CVE-2014-9400 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Wp U ...)
@@ -240783,8 +240799,8 @@ CVE-2015-0260 (RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authentica
CVE-2015-0259 (OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, an ...)
- nova 2014.1.3-11 (bug #780250)
[wheezy] - nova <not-affected> (Vulnerable code not present)
-CVE-2015-0258
- RESERVED
+CVE-2015-0258 (Multiple incomplete blacklist vulnerabilities in the avatar upload fun ...)
+ TODO: check
CVE-2015-0257 (Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses wea ...)
NOT-FOR-US: ovirt / RHEV
CVE-2015-0256
@@ -259402,8 +259418,8 @@ CVE-2013-7327 (The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9
[squeeze] - php5 <not-affected> (Vulnerable code was introduced in 5.5.0)
CVE-2013-7326 (Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows re ...)
NOT-FOR-US: vTiger CRM
-CVE-2013-7324
- RESERVED
+CVE-2013-7324 (Webkit-GTK 2.x (any version with HTML5 audio/video support based on GS ...)
+ TODO: check
CVE-2012-6638 (The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linu ...)
- linux 3.2.29-1
- linux-2.6 <removed>
@@ -271871,7 +271887,8 @@ CVE-2013-4449 (The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not
[squeeze] - openldap <no-dsa> (Minor issue)
NOTE: http://www.openldap.org/its/index.cgi/Incoming?id=7723
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1019490
-CVE-2013-4448 (echoping through 6.0.2 has buffer overflow vulnerabilities ...)
+CVE-2013-4448
+ REJECTED
TODO: contacted MITRE, should be rejected, cf. https://www.openwall.com/lists/oss-security/2013/10/21/9
CVE-2013-4447 (Cross-site scripting (XSS) vulnerability in the API in the Simplenews ...)
NOT-FOR-US: Simplenews Drupal contributed module
@@ -273916,8 +273933,8 @@ CVE-2013-3740
RESERVED
CVE-2013-3739 (Directory traversal vulnerability in editor.php in Network Weathermap ...)
NOT-FOR-US: Network Weathermap
-CVE-2013-3738
- RESERVED
+CVE-2013-3738 (A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequat ...)
+ TODO: check
CVE-2013-3843 (Stack-based buffer overflow in the mk_request_header_process function ...)
- monkey <removed>
[squeeze] - monkey <no-dsa> (Minor issue)
@@ -273960,8 +273977,8 @@ CVE-2013-3724 (The mk_request_header_process function in mk_request.c in Monkey
[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2013-3723
RESERVED
-CVE-2013-3722
- RESERVED
+CVE-2013-3722 (A Denial of Service (infinite loop) exists in OpenSIPS before 1.10 in ...)
+ TODO: check
CVE-2013-3721 (SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows ...)
NOT-FOR-US: PsychoStats
CVE-2013-3720 (Cross-site scripting (XSS) vulnerability in widget_remove.php in the F ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c77d29fead65ce71335d5734369dfea0b924a0a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c77d29fead65ce71335d5734369dfea0b924a0a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200217/bd54f21f/attachment.html>
More information about the debian-security-tracker-commits
mailing list