[Git][security-tracker-team/security-tracker][master] automatic update

Fri Feb 21 20:10:25 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b2cbe6a by security tracker role at 2020-02-21T20:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5517,10 +5517,10 @@ CVE-2020-6844 (In TopManage OLK 2020, login CSRF can be chained with another vul
 	NOT-FOR-US: TopManage
 CVE-2020-6843 (Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This i ...)
 	NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
-CVE-2020-6842
-	RESERVED
-CVE-2020-6841
-	RESERVED
+CVE-2020-6842 (D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated ...)
+	TODO: check
+CVE-2020-6841 (D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to  ...)
+	TODO: check
 CVE-2020-6840 (In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mru ...)
 	- mruby <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/mruby/mruby/issues/4927
@@ -13158,10 +13158,10 @@ CVE-2019-19868
 	RESERVED
 CVE-2019-19867
 	RESERVED
-CVE-2019-19866
-	RESERVED
-CVE-2019-19865
-	RESERVED
+CVE-2019-19866 (Atos Unify OpenScape UC Web Client 1.0 allows remote attackers to obta ...)
+	TODO: check
+CVE-2019-19865 (Atos Unify OpenScape UC Web Client 1.0 allows XSS. An attacker could e ...)
+	TODO: check
 CVE-2020-3824
 	RESERVED
 CVE-2020-3823
@@ -273771,8 +273771,7 @@ CVE-2013-4090 (Varnish HTTP cache before 3.0.4: ACL bug ...)
 	NOTE: https://varnish-cache.org/lists/pipermail/varnish-announce/2013-June/000684.html
 CVE-2013-4089
 	RESERVED
-CVE-2013-4088 [Information Disclosure]
-	RESERVED
+CVE-2013-4088 (Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OT ...)
 	{DSA-2712-1}
 	- otrs2 3.2.8-1
 	[squeeze] - otrs2 2.4.9+dfsg1-3+squeeze4
@@ -274949,8 +274948,7 @@ CVE-2013-3589 (Cross-site scripting (XSS) vulnerability in the login page in the
 	NOT-FOR-US: Dell iDRAC6
 CVE-2013-3588 (The web management interface on Zyxel P660 devices allows remote attac ...)
 	NOT-FOR-US: Zyxel
-CVE-2013-3587 [BREACH attack against HTTP compression]
-	RESERVED
+CVE-2013-3587 (The HTTPS protocol, as used in unspecified web applications, can encry ...)
 	NOTE: not something we can concretely fix somewhere
 	NOTE: mitigations must be done in webapps
 	NOTE: http://web.archive.org/web/20160304210825/http://breachattack.com/
@@ -275054,8 +275052,7 @@ CVE-2013-3553 (Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earl
 	NOT-FOR-US: Nitro Pro
 CVE-2013-3552 (Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier a ...)
 	NOT-FOR-US: Nitro Pro
-CVE-2013-3551
-	RESERVED
+CVE-2013-3551 (Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS ...)
 	{DSA-2696-1}
 	- otrs2 3.2.7-1
 	[squeeze] - otrs2 <not-affected>
@@ -285182,8 +285179,8 @@ CVE-2012-6279
 	REJECTED
 CVE-2012-6278
 	REJECTED
-CVE-2012-6277
-	RESERVED
+CVE-2012-6277 (Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 1 ...)
+	TODO: check
 CVE-2012-6276 (Directory traversal vulnerability in the web-based management interfac ...)
 	NOT-FOR-US: TP-LINK TL-WR841N
 CVE-2012-6275 (Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAn ...)
@@ -298967,8 +298964,7 @@ CVE-2012-1095 (osc before 0.134 might allow remote OBS repository servers or pac
 CVE-2012-1094
 	RESERVED
 	- libapache2-mod-cluster <itp> (bug #731410)
-CVE-2012-1093 [init script x11-common creates directories in insecure manner]
-	RESERVED
+CVE-2012-1093 (The init script in the Debian x11-common package before 1:7.6+12 is vu ...)
 	- xorg 1:7.6+12 (bug #661627)
 	[squeeze] - xorg <no-dsa> (maintainer suggests no-dsa; confirm)
 CVE-2012-1092
@@ -299592,8 +299588,7 @@ CVE-2012-0845 (SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.
 	- python2.6 2.6.8-0.1
 	- python2.5 <removed>
 	[squeeze] - python2.5 <no-dsa> (Minor issue)
-CVE-2012-0844
-	RESERVED
+CVE-2012-0844 (Information-disclosure vulnerability in Netsurf through 2.8 due to a w ...)
 	- netsurf 2.8-2 (bug #659376)
 CVE-2012-0843 (uzbl: Information disclosure via world-readable cookies storage file ...)
 	- uzbl 0.0.0~git.20111128-2 (bug #659379)
@@ -299635,8 +299630,7 @@ CVE-2012-0830 (The php_register_variable_ex function in php_variables.c in PHP 5
 	NOTE: http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
 CVE-2012-0829 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew Me ...)
 	NOT-FOR-US: Mibew Messenger
-CVE-2012-0828
-	RESERVED
+CVE-2012-0828 (Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xch ...)
 	- xchat <not-affected> (Only affects Xchat on Windows and Maemo)
 CVE-2012-0827 (The File module in Drupal 7.x before 7.11, when using unspecified fiel ...)
 	- drupal7 7.11-1
@@ -302584,8 +302578,7 @@ CVE-2012-0064 (xkeyboard-config before 2.5 in X.Org before 7.6 enables certain X
 	[squeeze] - xorg-server <not-affected> (introduced in 1.11)
 	[lenny] - xorg-server <not-affected> (introduced in 1.11)
 	NOTE: actually unfixed in experimental, not marked because of version numbering
-CVE-2012-0063
-	RESERVED
+CVE-2012-0063 (Insecure plugin update mechanism in tucan through 0.3.10 could allow r ...)
 	- tucan <unfixed> (bug #656388)
 	[squeeze] - tucan <no-dsa> (Minor issue)
 CVE-2012-0062 (Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b2cbe6a9af47f02c28b819f58d6689cdf7edb14

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b2cbe6a9af47f02c28b819f58d6689cdf7edb14
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200221/b349814a/attachment.html>
