[Git][security-tracker-team/security-tracker][master] automatic update

Wed Jan 1 08:10:21 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7aaddf9a by security tracker role at 2020-01-01T08:10:14Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2019-20202 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
+	TODO: check
+CVE-2019-20201 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_ ...)
+	TODO: check
+CVE-2019-20200 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
+	TODO: check
+CVE-2019-20199 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
+	TODO: check
+CVE-2019-20198 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
+	TODO: check
 CVE-2020-5178
 	RESERVED
 CVE-2020-5177
@@ -13471,8 +13481,8 @@ CVE-2019-18570
 	RESERVED
 CVE-2019-18569
 	RESERVED
-CVE-2019-18568
-	RESERVED
+CVE-2019-18568 (Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege esca ...)
+	TODO: check
 CVE-2019-18567
 	RESERVED
 CVE-2019-18566
@@ -212721,19 +212731,15 @@ CVE-2015-5597
 	RESERVED
 CVE-2015-5596
 	RESERVED
-CVE-2015-5595
-	RESERVED
+CVE-2015-5595 (Cross-site request forgery (CSRF) vulnerability in admin.php in Zenpho ...)
 	NOT-FOR-US: Zenphoto
 CVE-2015-5594 (The sanitize_string function in ZenPhoto before 1.4.9 utilized the htm ...)
 	NOT-FOR-US: Zenphoto
-CVE-2015-5593
-	RESERVED
+CVE-2015-5593 (The sanitize_string function in Zenphoto before 1.4.9 does not properl ...)
 	NOT-FOR-US: Zenphoto
-CVE-2015-5592
-	RESERVED
+CVE-2015-5592 (Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allow ...)
 	NOT-FOR-US: Zenphoto
-CVE-2015-5591
-	RESERVED
+CVE-2015-5591 (SQL injection vulnerability in Zenphoto before 1.4.9 allow remote admi ...)
 	NOT-FOR-US: Zenphoto
 CVE-2015-5588 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Win ...)
 	NOT-FOR-US: Adobe Flash Player
@@ -254285,11 +254291,9 @@ CVE-2013-7073 (The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.
 	NOTE: https://review.typo3.org/#/c/26180/
 CVE-2013-7072
 	REJECTED
-CVE-2013-7071
-	RESERVED
+CVE-2013-7071 (Cross-site scripting (XSS) vulnerability in the handle_request functio ...)
 	NOT-FOR-US: Monitorix
-CVE-2013-7070
-	RESERVED
+CVE-2013-7070 (The handle_request function in lib/HTTPServer.pm in Monitorix before 3 ...)
 	NOT-FOR-US: Monitorix
 CVE-2013-7062 [XSS]
 	RESERVED
@@ -290777,8 +290781,7 @@ CVE-2011-5049 (MySQL 5.5.8, when running on Windows, allows remote attackers to
 	NOT-FOR-US: MySQL on Windows
 CVE-2007-6751 (Cross-site scripting (XSS) vulnerability in the MailForm plugin before ...)
 	NOT-FOR-US: MailForm plugin for Movable Type
-CVE-2004-2776
-	RESERVED
+CVE-2004-2776 (go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary co ...)
 	NOT-FOR-US: Montitorix
 CVE-2004-2775
 	RESERVED
@@ -295867,8 +295870,7 @@ CVE-2011-3587 (Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in P
 	- zope2.12 2.12.20-2
 CVE-2011-3586
 	REJECTED
-CVE-2011-3585
-	RESERVED
+CVE-2011-3585 (Multiple race conditions in the (1) mount.cifs and (2) umount.cifs pro ...)
 	- samba 2:3.4.7~dfsg-2 (low)
 	- cifs-utils 2:4.5-1 (low)
 	NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7aaddf9a9fdd510c59f695306e66314a6104b043

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7aaddf9a9fdd510c59f695306e66314a6104b043
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200101/975fde54/attachment.html>
