[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Feb 29 08:10:24 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9ca76d7d by security tracker role at 2020-02-29T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2020-9478
+	RESERVED
+CVE-2020-9477
+	RESERVED
+CVE-2020-9476
+	RESERVED
+CVE-2020-9475
+	RESERVED
+CVE-2020-9474
+	RESERVED
+CVE-2020-9473
+	RESERVED
+CVE-2020-9472
+	RESERVED
+CVE-2020-9471
+	RESERVED
+CVE-2020-9470
+	RESERVED
+CVE-2020-9469
+	RESERVED
+CVE-2020-9468
+	RESERVED
+CVE-2020-9467
+	RESERVED
+CVE-2020-9466 (The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV  ...)
+	TODO: check
+CVE-2020-9465 (An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before ...)
+	TODO: check
 CVE-2020-9464
 	RESERVED
 CVE-2020-9463 (Centreon 19.10 allows remote authenticated users to execute arbitrary  ...)
@@ -8,8 +36,8 @@ CVE-2020-9461
 	RESERVED
 CVE-2020-9460
 	RESERVED
-CVE-2020-9459
-	RESERVED
+CVE-2020-9459 (Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webn ...)
+	TODO: check
 CVE-2020-9458
 	RESERVED
 CVE-2020-9457
@@ -28,16 +56,16 @@ CVE-2020-9451
 	RESERVED
 CVE-2020-9450
 	RESERVED
-CVE-2020-9449
-	RESERVED
+CVE-2020-9449 (An insecure random number generation vulnerability in BlaB! AX, BlaB!  ...)
+	TODO: check
 CVE-2020-9448
 	RESERVED
 CVE-2020-9447 (The file-upload feature in GwtUpload 1.0.3 allows XSS via a crafted fi ...)
 	NOT-FOR-US: GwtUpload
 CVE-2020-9446
 	RESERVED
-CVE-2018-21035
-	RESERVED
+CVE-2018-21035 (In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB f ...)
+	TODO: check
 CVE-2020-9445
 	RESERVED
 CVE-2020-9444
@@ -313,6 +341,7 @@ CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Set
 	NOT-FOR-US: fauzantrif eLection
 CVE-2020-6802 [mutation XSS vulnerability]
 	RESERVED
+	{DSA-4636-1}
 	- python-bleach 3.1.1-1 (bug #951907)
 	[stretch] - python-bleach <ignored> (Requires invasive changes to address issue)
 	[jessie] - python-bleach <ignored> (Fix too invasive in jessie; uses external html5 parser)
@@ -2994,9 +3023,9 @@ CVE-2020-8134
 	RESERVED
 CVE-2020-8133
 	RESERVED
-CVE-2020-8132
-	RESERVED
-CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn 1.21.1 and earlier al ...)
+CVE-2020-8132 (Lack of input validation in pdf-image npm package version <= 2.0.0  ...)
+	TODO: check
+CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows  ...)
 	- node-yarnpkg <unfixed>
 	NOTE: https://hackerone.com/reports/730239
 CVE-2020-8130 (There is an OS command injection vulnerability in Ruby Rake < 12.3. ...)
@@ -3010,8 +3039,8 @@ CVE-2020-8129 (An unintended require vulnerability in script-manager npm package
 	NOT-FOR-US: script-manager nodejs module
 CVE-2020-8128 (An unintended require and server-side request forgery vulnerabilities  ...)
 	NOT-FOR-US: jsreport
-CVE-2020-8127
-	RESERVED
+CVE-2020-8127 (Insufficient validation in cross-origin communication (postMessage) in ...)
+	TODO: check
 CVE-2020-8126 (A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CG ...)
 	NOT-FOR-US: Ubiquiti Networks EdgeSwitch
 CVE-2020-8125 (Flaw in input validation in npm package klona version 1.1.0 and earlie ...)
@@ -5451,7 +5480,7 @@ CVE-2020-7061 (In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while e
 	NOTE: Fixed in PHP 7.4.3, 7.3.15
 	NOTE: PHP Bug: http://bugs.php.net/79171
 CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodings,  ...)
-	{DSA-4628-1 DSA-4626-1}
+	{DSA-4628-1 DSA-4626-1 DLA-2124-1}
 	- php7.4 7.4.2-7
 	- php7.3 7.3.15-1
 	- php7.0 <removed>
@@ -5459,7 +5488,7 @@ CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodi
 	NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27
 	NOTE: PHP Bug: http://bugs.php.net/79037
 CVE-2020-7059 (When using fgetss() function to read data with stripping tags, in PHP  ...)
-	{DSA-4628-1 DSA-4626-1}
+	{DSA-4628-1 DSA-4626-1 DLA-2124-1}
 	- php7.4 7.4.2-7
 	- php7.3 7.3.15-1
 	- php7.0 <removed>
@@ -6049,10 +6078,10 @@ CVE-2020-6806
 	RESERVED
 CVE-2020-6805
 	RESERVED
-CVE-2020-6804
-	RESERVED
-CVE-2020-6803
-	RESERVED
+CVE-2020-6804 (A reflected XSS vulnerability exists within the gateway, allowing an a ...)
+	TODO: check
+CVE-2020-6803 (An open redirect is present on the gateway's login page, which could c ...)
+	TODO: check
 CVE-2020-6801
 	RESERVED
 	- firefox 73.0-1
@@ -13134,8 +13163,8 @@ CVE-2019-19945
 	RESERVED
 CVE-2019-19944 (In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c ...)
 	NOT-FOR-US: libIEC61850
-CVE-2019-19943
-	RESERVED
+CVE-2019-19943 (The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3 ...)
+	TODO: check
 CVE-2019-19942
 	RESERVED
 CVE-2019-19941
@@ -13615,7 +13644,7 @@ CVE-2019-19867
 	RESERVED
 CVE-2019-19866 (Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V1 ...)
 	NOT-FOR-US: Atos Unify OpenScape UC Web Client
-CVE-2019-19865 (Atos Unify OpenScape UC Web Client 1.0 allows XSS. An attacker could e ...)
+CVE-2019-19865 (Atos Unify OpenScape UC Application V9 before version V9 R4.31.0 and V ...)
 	NOT-FOR-US: Atos Unify OpenScape UC Web Client
 CVE-2020-3824
 	RESERVED
@@ -32900,8 +32929,8 @@ CVE-2019-15611 (Violation of Secure Design Principles in the iOS App 2.23.0 caus
 	NOT-FOR-US: Nextcloud iOS App
 CVE-2019-15610 (Improper authorization in the Circles app 0.17.7 causes retaining acce ...)
 	NOT-FOR-US: Circles app
-CVE-2019-15609
-	RESERVED
+CVE-2019-15609 (The kill-port-process package version < 2.2.0 is vulnerable to a Co ...)
+	TODO: check
 CVE-2019-15608
 	RESERVED
 CVE-2019-15607 (A stored XSS vulnerability is present within node-red (version: <=  ...)
@@ -48491,16 +48520,16 @@ CVE-2019-10807
 	RESERVED
 CVE-2019-10806
 	RESERVED
-CVE-2019-10805
-	RESERVED
-CVE-2019-10804
-	RESERVED
-CVE-2019-10803
-	RESERVED
-CVE-2019-10802
-	RESERVED
-CVE-2019-10801
-	RESERVED
+CVE-2019-10805 (valib through 2.0.0 allows Internal Property Tampering. A maliciously  ...)
+	TODO: check
+CVE-2019-10804 (serial-number through 1.3.0 allows execution of arbritary commands. Th ...)
+	TODO: check
+CVE-2019-10803 (push-dir through 0.4.1 allows execution of arbritary commands. Argumen ...)
+	TODO: check
+CVE-2019-10802 (giting version prior to 0.0.8 allows execution of arbritary commands.  ...)
+	TODO: check
+CVE-2019-10801 (enpeem through 2.2.0 allows execution of arbitrary commands. The "opti ...)
+	TODO: check
 CVE-2019-10800
 	RESERVED
 CVE-2019-10799 (compile-sass prior to 1.0.5 allows execution of arbritary commands. Th ...)
@@ -59729,8 +59758,8 @@ CVE-2019-7009
 	RESERVED
 CVE-2019-7008
 	RESERVED
-CVE-2019-7007
-	RESERVED
+CVE-2019-7007 (A directory traversal vulnerability has been found in the Avaya Equino ...)
+	TODO: check
 CVE-2019-7006 (Avaya one-X Communicator uses weak cryptographic algorithms in the cli ...)
 	NOT-FOR-US: Avaya
 CVE-2019-7005
@@ -66235,8 +66264,8 @@ CVE-2019-4303 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scrip
 	NOT-FOR-US: IBM
 CVE-2019-4302
 	RESERVED
-CVE-2019-4301
-	RESERVED
+CVE-2019-4301 (BigFix Self-Service Application (SSA) is vulnerable to arbitrary code  ...)
+	TODO: check
 CVE-2019-4300
 	RESERVED
 CVE-2019-4299 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
@@ -168840,7 +168869,7 @@ CVE-2017-5845 (The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777532
 CVE-2017-5844 (The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-medi ...)
-	{DSA-3819-1 DLA-827-1}
+	{DSA-3819-1 DLA-2126-1 DLA-827-1}
 	- gst-plugins-base1.0 1.10.3-1 (low)
 	- gst-plugins-base0.10 <removed> (low)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
@@ -168884,7 +168913,7 @@ CVE-2017-5838 (The gst_date_time_new_from_iso8601_string function in gst/gstdate
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777263
 CVE-2017-5837 (The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-medi ...)
-	{DSA-3819-1 DLA-827-1}
+	{DSA-3819-1 DLA-2126-1 DLA-827-1}
 	- gst-plugins-base1.0 1.10.3-1 (low)
 	- gst-plugins-base0.10 <removed> (low)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
@@ -184233,7 +184262,7 @@ CVE-2016-9812 (The gst_mpegts_section_new function in the mpegts decoder in GStr
 	- gst-plugins-bad0.10 <not-affected> (Vulnerable code introduced in 1.1.1 of 1.0 series)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775048
 CVE-2016-9811 (The windows_icon_typefind function in gst-plugins-base in GStreamer be ...)
-	{DSA-3819-1 DLA-735-1}
+	{DSA-3819-1 DLA-2126-1 DLA-735-1}
 	- gst-plugins-base1.0 1.10.2-1
 	- gst-plugins-base0.10 <removed>
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774902
@@ -224425,8 +224454,8 @@ CVE-2015-5363 (The SRX Network Security Daemon (nsd) in Juniper SRX Series servi
 	NOT-FOR-US: Juniper
 CVE-2015-5362 (The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 ...)
 	NOT-FOR-US: Juniper
-CVE-2015-5361
-	RESERVED
+CVE-2015-5361 (Background For regular, unencrypted FTP traffic, the FTP ALG can inspe ...)
+	TODO: check
 CVE-2015-5360 (IPv6 sendd in Juniper Junos 12.1X44 before 12.1X44-D51, 12.1X46 before ...)
 	NOT-FOR-US: Juniper
 CVE-2015-5359 (Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D3 ...)
@@ -231370,8 +231399,8 @@ CVE-2015-3008 (Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12
 	NOTE: Patch: https://issues.asterisk.org/jira/secure/attachment/52082/asterisk-null-in-cn.patch
 CVE-2015-3007 (The Juniper SRX Series services gateways with Junos OS 12.1X46 before  ...)
 	NOT-FOR-US: Juniper
-CVE-2015-3006
-	RESERVED
+CVE-2015-3006 (On the QFX3500 and QFX3600 platforms, the number of bytes collected fr ...)
+	TODO: check
 CVE-2015-3005 (Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper ...)
 	NOT-FOR-US: Juniper
 CVE-2015-3004 (J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35 ...)
@@ -242010,6 +242039,7 @@ CVE-2015-0259 (OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.
 	- nova 2014.1.3-11 (bug #780250)
 	[wheezy] - nova <not-affected> (Vulnerable code not present)
 CVE-2015-0258 (Multiple incomplete blacklist vulnerabilities in the avatar upload fun ...)
+	{DLA-2125-1}
 	- collabtive <removed>
 	NOTE: https://github.com/philippK-de/Collabtive/commit/9ce6301583669d0a8ecb4d23fb56e34b68511335
 CVE-2015-0257 (Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses wea ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ca76d7d7602b5bb471c72c5ecc4401d190956d8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ca76d7d7602b5bb471c72c5ecc4401d190956d8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200229/d0538a94/attachment.html>

More information about the debian-security-tracker-commits mailing list