[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 8 08:10:23 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2b4f7a93 by security tracker role at 2020-01-08T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2020-6176
+ RESERVED
+CVE-2020-6175
+ RESERVED
+CVE-2020-6174
+ RESERVED
+CVE-2020-6173
+ RESERVED
+CVE-2020-6172
+ RESERVED
+CVE-2020-6171
+ RESERVED
+CVE-2020-6170 (An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P ...)
+ TODO: check
+CVE-2020-6169
+ RESERVED
+CVE-2020-6168
+ RESERVED
+CVE-2020-6167
+ RESERVED
+CVE-2020-6166
+ RESERVED
+CVE-2020-6165
+ RESERVED
+CVE-2020-6164
+ RESERVED
+CVE-2020-6163 (The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because ...)
+ TODO: check
+CVE-2020-6162
+ RESERVED
+CVE-2019-20361 (There was a flaw in the WordPress plugin, Email Subscribers & News ...)
+ TODO: check
+CVE-2019-20360 (A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticat ...)
+ TODO: check
+CVE-2019-20359
+ RESERVED
CVE-2020-6161
RESERVED
CVE-2020-6160
@@ -640,10 +676,10 @@ CVE-2020-5844
RESERVED
CVE-2020-5843 (Codoforum 4.8.3 allows XSS in the admin dashboard via a category to th ...)
NOT-FOR-US: Codoforum
-CVE-2020-5842
- RESERVED
-CVE-2020-5841
- RESERVED
+CVE-2020-5842 (Codoforum 4.8.3 allows XSS in the user registration page: via the user ...)
+ TODO: check
+CVE-2020-5841 (An issue was discovered in OpServices OpMon 9.3.1-1. Using password ch ...)
+ TODO: check
CVE-2020-5840 (An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/R ...)
NOT-FOR-US: HashBrown CMS
CVE-2020-5839
@@ -6389,7 +6425,7 @@ CVE-2019-19846 (In Joomla! before 3.9.14, the lack of validation of configuratio
CVE-2019-19845 (In Joomla! before 3.9.14, a missing access check in framework files co ...)
NOT-FOR-US: Joomla!
CVE-2019-19844 (Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows a ...)
- {DLA-2042-1}
+ {DSA-4598-1 DLA-2042-1}
- python-django 2:2.2.9-1 (bug #946937)
NOTE: https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
NOTE: https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70 (master)
@@ -6417,25 +6453,30 @@ CVE-2019-19835
CVE-2019-19834
RESERVED
CVE-2019-20043 (WordPress before 5.3.1 allowed an unauthenticated user to make a post ...)
+ {DSA-4599-1}
- wordpress 5.3.2+dfsg1-1 (bug #946905)
NOTE: https://core.trac.wordpress.org/changeset/46893/trunk
NOTE: https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9
NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
CVE-2019-20042 (WordPress before 5.3.1 allowed an attacker to create a cross-site scri ...)
+ {DSA-4599-1}
- wordpress 5.3.2+dfsg1-1 (bug #946905)
NOTE: https://core.trac.wordpress.org/changeset/46894/trunk
NOTE: https://github.com/WordPress/wordpress-develop/commit/1f7f3f1f59567e2504f0fbebd51ccf004b3ccb1d
NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
CVE-2019-20041 (wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 ...)
+ {DSA-4599-1}
- wordpress 5.3.2+dfsg1-1 (bug #946905)
NOTE: https://github.com/WordPress/wordpress-develop/commit/b1975463dd995da19bb40d3fa0786498717e3c53
NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
CVE-2019-16781 (In WordPress before 5.3.1, authenticated users with lower privileges ( ...)
+ {DSA-4599-1}
- wordpress 5.3.2+dfsg1-1 (bug #946905)
NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pg4x-64rh-3c9v
NOTE: https://hackerone.com/reports/731301
NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
CVE-2019-16780 (WordPress users with lower privileges (like contributors) can inject J ...)
+ {DSA-4599-1}
- wordpress 5.3.2+dfsg1-1 (bug #946905)
NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-x3wp-h3qx-9w94
NOTE: https://github.com/WordPress/wordpress-develop/commit/505dd6a20b6fc3d06130018c1caeff764248c29e
@@ -15455,8 +15496,8 @@ CVE-2019-18654 (A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Inte
NOT-FOR-US: AVG
CVE-2019-18653 (A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, In ...)
NOT-FOR-US: Avast
-CVE-2019-18652
- RESERVED
+CVE-2019-18652 (A DOM based XSS vulnerability has been identified on the WatchGuard XM ...)
+ TODO: check
CVE-2019-18651 (A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias ...)
NOT-FOR-US: 3xLogic
CVE-2019-18650 (An issue was discovered in Joomla! before 3.9.13. A missing token chec ...)
@@ -18879,17 +18920,19 @@ CVE-2019-17623
CVE-2019-17622
RESERVED
CVE-2019-17675 (WordPress before 5.2.4 does not properly consider type confusion durin ...)
- {DLA-1980-1}
+ {DSA-4599-1 DLA-1980-1}
- wordpress 5.2.4+dfsg1-1 (bug #942459)
NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
NOTE: https://core.trac.wordpress.org/changeset/46477
NOTE: https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0
NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
CVE-2019-17674 (WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripti ...)
+ {DSA-4599-1}
- wordpress 5.2.4+dfsg1-1 (bug #942459)
NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
CVE-2019-17673 (WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON ...)
+ {DSA-4599-1}
- wordpress 5.2.4+dfsg1-1 (bug #942459)
[jessie] - wordpress <not-affected> (vulnerable code not present)
NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
@@ -18897,11 +18940,12 @@ CVE-2019-17673 (WordPress before 5.2.4 is vulnerable to poisoning of the cache o
NOTE: https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de
NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
CVE-2019-17672 (WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject ...)
+ {DSA-4599-1}
- wordpress 5.2.4+dfsg1-1 (bug #942459)
NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
CVE-2019-17671 (In WordPress before 5.2.4, unauthenticated viewing of certain content ...)
- {DLA-1980-1}
+ {DSA-4599-1 DLA-1980-1}
- wordpress 5.2.4+dfsg1-1 (bug #942459)
NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
NOTE: https://core.trac.wordpress.org/changeset/46474
@@ -18914,7 +18958,7 @@ CVE-2019-17670 (WordPress before 5.2.4 has a Server Side Request Forgery (SSRF)
NOTE: https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2
NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
CVE-2019-17669 (WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulner ...)
- {DLA-1980-1}
+ {DSA-4599-1 DLA-1980-1}
- wordpress 5.2.4+dfsg1-1 (bug #942459)
NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
NOTE: https://core.trac.wordpress.org/changeset/46475
@@ -20235,18 +20279,18 @@ CVE-2019-17153
RESERVED
CVE-2019-17152
RESERVED
-CVE-2019-17151
- RESERVED
+CVE-2019-17151 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
CVE-2019-17150
RESERVED
CVE-2019-17149
RESERVED
-CVE-2019-17148
- RESERVED
-CVE-2019-17147
- RESERVED
-CVE-2019-17146
- RESERVED
+CVE-2019-17148 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
+CVE-2019-17147 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-17146 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
CVE-2019-17145 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Foxit
CVE-2019-17144 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -22922,29 +22966,29 @@ CVE-2019-16224 (An issue was discovered in py-lmdb 0.97. For certain values of m
NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all
NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023
CVE-2019-16223 (WordPress before 5.2.3 allows XSS in post previews by authenticated us ...)
- {DLA-1960-1}
+ {DSA-4599-1 DLA-1960-1}
- wordpress 5.2.3+dfsg1-1 (bug #939543)
CVE-2019-16222 (WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_b ...)
- {DLA-1960-1}
+ {DSA-4599-1 DLA-1960-1}
- wordpress 5.2.3+dfsg1-1 (bug #939543)
NOTE: https://core.trac.wordpress.org/changeset/45997
NOTE: https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68
CVE-2019-16221 (WordPress before 5.2.3 allows reflected XSS in the dashboard. ...)
- {DLA-1960-1}
+ {DSA-4599-1 DLA-1960-1}
- wordpress 5.2.3+dfsg1-1 (bug #939543)
CVE-2019-16220 (In WordPress before 5.2.3, validation and sanitization of a URL in wp_ ...)
- {DLA-1960-1}
+ {DSA-4599-1 DLA-1960-1}
- wordpress 5.2.3+dfsg1-1 (bug #939543)
NOTE: https://core.trac.wordpress.org/changeset/45971
NOTE: https://github.com/WordPress/WordPress/commit/c86ee39ff4c1a79b93c967eb88522f5c09614a28
CVE-2019-16219 (WordPress before 5.2.3 allows XSS in shortcode previews. ...)
- {DLA-1960-1}
+ {DSA-4599-1 DLA-1960-1}
- wordpress 5.2.3+dfsg1-1 (bug #939543)
CVE-2019-16218 (WordPress before 5.2.3 allows XSS in stored comments. ...)
- {DLA-1960-1}
+ {DSA-4599-1 DLA-1960-1}
- wordpress 5.2.3+dfsg1-1 (bug #939543)
CVE-2019-16217 (WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upl ...)
- {DLA-1960-1}
+ {DSA-4599-1 DLA-1960-1}
- wordpress 5.2.3+dfsg1-1 (bug #939543)
NOTE: https://core.trac.wordpress.org/changeset/45936
CVE-2019-16216 (Zulip server before 2.0.5 incompletely validated the MIME types of upl ...)
@@ -26952,8 +26996,7 @@ CVE-2019-14908
RESERVED
CVE-2019-14907
RESERVED
-CVE-2019-14906
- RESERVED
+CVE-2019-14906 (A flaw was found with the RHSA-2019:3950 erratum, where it did not fix ...)
NOT-FOR-US: Specific CVE assignment for incorrect/incomplete fix of CVE-2019-13616 in RHEL 7
CVE-2019-14905 [malicious code could craft filename in nxos_file_copy module]
RESERVED
@@ -52220,8 +52263,8 @@ CVE-2019-6531 (An attacker could retrieve passwords from a HTTP GET request from
NOT-FOR-US: Kunbus
CVE-2019-6530 (Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created ...)
NOT-FOR-US: Panasonic
-CVE-2019-6529
- RESERVED
+CVE-2019-6529 (An attacker could specially craft an FTP request that could crash the ...)
+ TODO: check
CVE-2019-6528 (PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit fa ...)
NOT-FOR-US: PSI GridConnect GmbH
CVE-2019-6527 (PR100088 Modbus gateway versions prior to Release R02 (or Software Ver ...)
@@ -243489,8 +243532,8 @@ CVE-2014-5211 (Stack-based buffer overflow in the Attachmate Reflection FTP Clie
NOT-FOR-US: Attachmate Reflection FTP Client
CVE-2014-5210 (The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows re ...)
NOT-FOR-US: AlienVault OSSIM
-CVE-2014-5209
- RESERVED
+CVE-2014-5209 (An Information Disclosure vulnerability exists in NTP 4.2.7p25 private ...)
+ TODO: check
CVE-2014-5208 (BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 30 ...)
NOT-FOR-US: Batch Management Packages in Yokogawa and Exaopc
CVE-2014-5202 (Cross-site scripting (XSS) vulnerability in compfight-search.php in th ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2b4f7a93934f18fd1ff7d8ca832beabd35c5cd81
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2b4f7a93934f18fd1ff7d8ca832beabd35c5cd81
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200108/79311988/attachment.html>
More information about the debian-security-tracker-commits
mailing list