[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 9 20:10:35 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5b45111d by security tracker role at 2020-01-09T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,223 @@
+CVE-2020-6749
+ RESERVED
+CVE-2020-6748
+ RESERVED
+CVE-2020-6747
+ RESERVED
+CVE-2020-6746
+ RESERVED
+CVE-2020-6745
+ RESERVED
+CVE-2020-6744
+ RESERVED
+CVE-2020-6743
+ RESERVED
+CVE-2020-6742
+ RESERVED
+CVE-2020-6741
+ RESERVED
+CVE-2020-6740
+ RESERVED
+CVE-2020-6739
+ RESERVED
+CVE-2020-6738
+ RESERVED
+CVE-2020-6737
+ RESERVED
+CVE-2020-6736
+ RESERVED
+CVE-2020-6735
+ RESERVED
+CVE-2020-6734
+ RESERVED
+CVE-2020-6733
+ RESERVED
+CVE-2020-6732
+ RESERVED
+CVE-2020-6731
+ RESERVED
+CVE-2020-6730
+ RESERVED
+CVE-2020-6729
+ RESERVED
+CVE-2020-6728
+ RESERVED
+CVE-2020-6727
+ RESERVED
+CVE-2020-6726
+ RESERVED
+CVE-2020-6725
+ RESERVED
+CVE-2020-6724
+ RESERVED
+CVE-2020-6723
+ RESERVED
+CVE-2020-6722
+ RESERVED
+CVE-2020-6721
+ RESERVED
+CVE-2020-6720
+ RESERVED
+CVE-2020-6719
+ RESERVED
+CVE-2020-6718
+ RESERVED
+CVE-2020-6717
+ RESERVED
+CVE-2020-6716
+ RESERVED
+CVE-2020-6715
+ RESERVED
+CVE-2020-6714
+ RESERVED
+CVE-2020-6713
+ RESERVED
+CVE-2020-6712
+ RESERVED
+CVE-2020-6711
+ RESERVED
+CVE-2020-6710
+ RESERVED
+CVE-2020-6709
+ RESERVED
+CVE-2020-6708
+ RESERVED
+CVE-2020-6707
+ RESERVED
+CVE-2020-6706
+ RESERVED
+CVE-2020-6705
+ RESERVED
+CVE-2020-6704
+ RESERVED
+CVE-2020-6703
+ RESERVED
+CVE-2020-6702
+ RESERVED
+CVE-2020-6701
+ RESERVED
+CVE-2020-6700
+ RESERVED
+CVE-2020-6699
+ RESERVED
+CVE-2020-6698
+ RESERVED
+CVE-2020-6697
+ RESERVED
+CVE-2020-6696
+ RESERVED
+CVE-2020-6695
+ RESERVED
+CVE-2020-6694
+ RESERVED
+CVE-2020-6693
+ RESERVED
+CVE-2020-6692
+ RESERVED
+CVE-2020-6691
+ RESERVED
+CVE-2020-6690
+ RESERVED
+CVE-2020-6689
+ RESERVED
+CVE-2020-6688
+ RESERVED
+CVE-2020-6687
+ RESERVED
+CVE-2020-6686
+ RESERVED
+CVE-2020-6685
+ RESERVED
+CVE-2020-6684
+ RESERVED
+CVE-2020-6683
+ RESERVED
+CVE-2020-6682
+ RESERVED
+CVE-2020-6681
+ RESERVED
+CVE-2020-6680
+ RESERVED
+CVE-2020-6679
+ RESERVED
+CVE-2020-6678
+ RESERVED
+CVE-2020-6677
+ RESERVED
+CVE-2020-6676
+ RESERVED
+CVE-2020-6675
+ RESERVED
+CVE-2020-6674
+ RESERVED
+CVE-2020-6673
+ RESERVED
+CVE-2020-6672
+ RESERVED
+CVE-2020-6671
+ RESERVED
+CVE-2020-6670
+ RESERVED
+CVE-2020-6669
+ RESERVED
+CVE-2020-6668
+ RESERVED
+CVE-2020-6667
+ RESERVED
+CVE-2020-6666
+ RESERVED
+CVE-2020-6665
+ RESERVED
+CVE-2020-6664
+ RESERVED
+CVE-2020-6663
+ RESERVED
+CVE-2020-6662
+ RESERVED
+CVE-2020-6661
+ RESERVED
+CVE-2020-6660
+ RESERVED
+CVE-2020-6659
+ RESERVED
+CVE-2020-6658
+ RESERVED
+CVE-2020-6657
+ RESERVED
+CVE-2020-6656
+ RESERVED
+CVE-2020-6655
+ RESERVED
+CVE-2020-6654
+ RESERVED
+CVE-2020-6653
+ RESERVED
+CVE-2020-6652
+ RESERVED
+CVE-2020-6651
+ RESERVED
+CVE-2020-6650
+ RESERVED
+CVE-2020-6649
+ RESERVED
+CVE-2020-6648
+ RESERVED
+CVE-2020-6647
+ RESERVED
+CVE-2020-6646
+ RESERVED
+CVE-2020-6645
+ RESERVED
+CVE-2020-6644
+ RESERVED
+CVE-2020-6643
+ RESERVED
+CVE-2020-6642
+ RESERVED
+CVE-2020-6641
+ RESERVED
+CVE-2020-6640
+ RESERVED
CVE-2020-6639
RESERVED
CVE-2020-6638
@@ -970,8 +1190,8 @@ CVE-2020-6169
RESERVED
CVE-2020-6168
RESERVED
-CVE-2020-6167
- RESERVED
+CVE-2020-6167 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance ...)
+ TODO: check
CVE-2020-6166
RESERVED
CVE-2020-6165
@@ -2782,8 +3002,8 @@ CVE-2020-5310 (libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decodin
NOTE: https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4 (6.2.2)
CVE-2020-5309
RESERVED
-CVE-2020-5308
- RESERVED
+CVE-2020-5308 (PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, ...)
+ TODO: check
CVE-2020-5307 (PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL ...)
NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System
CVE-2020-5306 (Codoforum 4.8.3 allows XSS via a post using parameters display name, t ...)
@@ -3271,8 +3491,8 @@ CVE-2020-5181
RESERVED
CVE-2020-5180
RESERVED
-CVE-2019-20224
- RESERVED
+CVE-2019-20224 (netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows ...)
+ TODO: check
CVE-2019-20223 (In Support Incident Tracker (SiT!) 3.67, the id parameter is affected ...)
NOT-FOR-US: Support Incident Tracker
CVE-2019-20222 (In Support Incident Tracker (SiT!) 3.67, the Short Application Name an ...)
@@ -11657,8 +11877,7 @@ CVE-2020-1927
RESERVED
CVE-2020-1926
RESERVED
-CVE-2020-1925
- RESERVED
+CVE-2020-1925 (Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperI ...)
NOT-FOR-US: Olingo
CVE-2019-19517
RESERVED
@@ -11786,8 +12005,8 @@ CVE-2019-19496 (Alfresco Enterprise before 5.2.5 allows stored XSS via an upload
NOT-FOR-US: Alfresco
CVE-2019-19495 (The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable t ...)
NOT-FOR-US: Technicolor
-CVE-2019-19494
- RESERVED
+CVE-2019-19494 (Broadcom based cable modems across multiple vendors are vulnerable to ...)
+ TODO: check
CVE-2019-19493 (Kentico before 12.0.50 allows file uploads in which the Content-Type h ...)
NOT-FOR-US: Kentico
CVE-2019-19492 (FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socke ...)
@@ -11979,8 +12198,8 @@ CVE-2020-1828
RESERVED
CVE-2020-1827
RESERVED
-CVE-2020-1826
- RESERVED
+CVE-2020-1826 (Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.17 ...)
+ TODO: check
CVE-2020-1825
RESERVED
CVE-2020-1824
@@ -12011,8 +12230,8 @@ CVE-2020-1812
RESERVED
CVE-2020-1811
RESERVED
-CVE-2020-1810
- RESERVED
+CVE-2020-1810 (Huawei products CloudEngine 12800, S5700, and S6700 have a weak algori ...)
+ TODO: check
CVE-2020-1809
RESERVED
CVE-2020-1808
@@ -12057,10 +12276,10 @@ CVE-2020-1789
RESERVED
CVE-2020-1788
RESERVED
-CVE-2020-1787
- RESERVED
-CVE-2020-1786
- RESERVED
+CVE-2020-1787 (HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1 ...)
+ TODO: check
+CVE-2020-1786 (HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69 ...)
+ TODO: check
CVE-2020-1785 (Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of ser ...)
NOT-FOR-US: Huawei
CVE-2019-19466 (SCEditor 2.1.3 allows XSS. ...)
@@ -12548,8 +12767,7 @@ CVE-2019-19333 (In all versions of libyang before 1.0-r5, a stack-based buffer o
- libyang 0.16.105-2 (bug #946217)
[buster] - libyang <no-dsa> (Minor issue)
NOTE: https://github.com/CESNET/libyang/commit/f6d684ade99dd37b21babaa8a856f64faa1e2e0d
-CVE-2019-19332 [KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID]
- RESERVED
+CVE-2019-19332 (An out-of-bounds memory write issue was found in the Linux Kernel, ver ...)
- linux 5.4.6-1
NOTE: https://git.kernel.org/linus/433f4ba1904100da65a311033f17a9bf586b287e
CVE-2019-19331 (knot-resolver before version 4.3.0 is vulnerable to denial of service ...)
@@ -17309,7 +17527,7 @@ CVE-2019-18388 (A NULL pointer dereference in vrend_renderer.c in virglrenderer
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#diff-content-3cd772559e0d73afa136d6818023cfd0c4c8ecc0
CVE-2019-18387 (Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to ...)
NOT-FOR-US: Sourcecodester Hotel and Lodge Management System
-CVE-2019-18386 (Systems management on Unisys Libra and Libra Software Series, with MCP ...)
+CVE-2019-18386 (Systems management on Unisys ClearPath Forward Libra and ClearPath MCP ...)
NOT-FOR-US: Unisys
CVE-2019-18385 (An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unaut ...)
NOT-FOR-US: TerraMaster
@@ -21564,6 +21782,7 @@ CVE-2019-17027
RESERVED
CVE-2019-17026
RESERVED
+ {DSA-4600-1 DLA-2061-1}
- firefox 72.0.1-1 (bug #948452)
- firefox-esr 68.4.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/#CVE-2019-17026
@@ -21571,6 +21790,7 @@ CVE-2019-17025 (Mozilla developers reported memory safety bugs present in Firefo
- firefox 72.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17025
CVE-2019-17024 (Mozilla developers reported memory safety bugs present in Firefox 71 a ...)
+ {DSA-4600-1 DLA-2061-1}
- firefox 72.0-1
- firefox-esr 68.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17024
@@ -21582,6 +21802,7 @@ CVE-2019-17023 (After a HelloRetryRequest has been sent, the client may negotiat
NOTE: https://hg.mozilla.org/projects/nss/rev/d64102b76a437f24d98a20480dcc9f1655143e7c
NOTE: https://hg.mozilla.org/projects/nss/rev/8a2bd40e7f89a796cf24a0ff7cfb67c6e69c5c78
CVE-2019-17022 (When pasting a <style> tag from the clipboard into a ric ...)
+ {DSA-4600-1 DLA-2061-1}
- firefox 72.0-1
- firefox-esr 68.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17022
@@ -21601,11 +21822,13 @@ CVE-2019-17018 (When in Private Browsing Mode on Windows 10, the Windows keyboar
- firefox <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17018
CVE-2019-17017 (Due to a missing case handling object types, a type confusion vulnerab ...)
+ {DSA-4600-1 DLA-2061-1}
- firefox 72.0-1
- firefox-esr 68.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17017
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17017
CVE-2019-17016 (When pasting a <style> tag from the clipboard into a ric ...)
+ {DSA-4600-1 DLA-2061-1}
- firefox 72.0-1
- firefox-esr 68.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17016
@@ -27933,12 +28156,12 @@ CVE-2019-14922
RESERVED
CVE-2019-14921
RESERVED
-CVE-2019-14920
- RESERVED
-CVE-2019-14919
- RESERVED
-CVE-2019-14918
- RESERVED
+CVE-2019-14920 (Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authe ...)
+ TODO: check
+CVE-2019-14919 (An exposed Telnet Service on the Billion Smart Energy Router SG600R2 w ...)
+ TODO: check
+CVE-2019-14918 (XSS in the DHCP lease-status table in Billion Smart Energy Router SG60 ...)
+ TODO: check
CVE-2019-14917
RESERVED
CVE-2019-14916 (An issue was discovered in PRiSE adAS 1.7.0. A file's format is not pr ...)
@@ -37549,7 +37772,7 @@ CVE-2019-11983 (A remote buffer overflow vulnerability was identified in HPE Int
CVE-2019-11982 (A remote cross site scripting vulnerability was identified in HPE Inte ...)
NOT-FOR-US: HPE
CVE-2019-11981
- RESERVED
+ REJECTED
CVE-2019-11980 (A remote code exection vulnerability was identified in HPE Intelligent ...)
NOT-FOR-US: HPE
CVE-2019-11979 (A SQL injection code execution vulnerability was identified in HPE Int ...)
@@ -53794,12 +54017,12 @@ CVE-2019-6334 (HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed
NOT-FOR-US: HP printers
CVE-2019-6333 (A potential security vulnerability has been identified with certain ve ...)
NOT-FOR-US: HP Touchpoint Analytics
-CVE-2019-6332
- RESERVED
-CVE-2019-6331
- RESERVED
-CVE-2019-6330
- RESERVED
+CVE-2019-6332 (A potential security vulnerability has been identified with certain HP ...)
+ TODO: check
+CVE-2019-6331 (An issue was found in Samsung Mobile Print (Android) versions prior to ...)
+ TODO: check
+CVE-2019-6330 (A potential security vulnerability has been identified in the software ...)
+ TODO: check
CVE-2019-6329 (HP Support Assistant 8.7.50 and earlier allows a user to gain system p ...)
NOT-FOR-US: HP Support Assistant
CVE-2019-6328 (HP Support Assistant 8.7.50 and earlier allows a user to gain system p ...)
@@ -53818,10 +54041,10 @@ CVE-2019-6322 (HP has identified a security vulnerability with some versions of
NOT-FOR-US: HP
CVE-2019-6321 (HP has identified a security vulnerability with some versions of Works ...)
NOT-FOR-US: HP
-CVE-2019-6320
- RESERVED
-CVE-2019-6319
- RESERVED
+CVE-2019-6320 (Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4 ...)
+ TODO: check
+CVE-2019-6319 (HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K ...)
+ TODO: check
CVE-2019-6318 (HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP L ...)
NOT-FOR-US: HP
CVE-2018-20720 (ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1 ...)
@@ -57941,8 +58164,8 @@ CVE-2019-4653
RESERVED
CVE-2019-4652 (IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file per ...)
NOT-FOR-US: IBM Spectrum Protect Plus
-CVE-2019-4651
- RESERVED
+CVE-2019-4651 (IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injectio ...)
+ TODO: check
CVE-2019-4650
RESERVED
CVE-2019-4649
@@ -74044,11 +74267,11 @@ CVE-2018-18518
CVE-2018-18517 (Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1 ...)
NOT-FOR-US: Citrix
CVE-2018-18516
- RESERVED
+ REJECTED
CVE-2018-18515
- RESERVED
+ REJECTED
CVE-2018-18514
- RESERVED
+ REJECTED
CVE-2018-18513 (A crash can occur when processing a crafted S/MIME message or an XPI p ...)
{DSA-4392-1 DLA-1678-1}
- thunderbird 1:60.5.0-1
@@ -90335,7 +90558,7 @@ CVE-2018-12381 (Manually dragging and dropping an Outlook email message into the
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12381
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12381
CVE-2018-12380
- RESERVED
+ REJECTED
CVE-2018-12379 (When the Mozilla Updater opens a MAR format file which contains a very ...)
{DSA-4327-1 DLA-1575-1}
- firefox 62.0-1 (unimportant)
@@ -91902,6 +92125,7 @@ CVE-2018-1000183 (A exposure of sensitive information vulnerability exists in Je
CVE-2018-1000182 (A server-side request forgery vulnerability exists in Jenkins Git Plug ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-19920 (sa-exim 4.2.1 allows attackers to execute arbitrary code if they can w ...)
+ {DLA-2062-1}
- sa-exim <unfixed> (bug #947198)
[buster] - sa-exim <no-dsa> (Minor issue; can be fixed via point release)
[stretch] - sa-exim <no-dsa> (Minor issue; can be fixed via point release)
@@ -248060,8 +248284,8 @@ CVE-2014-3757 (SQL injection vulnerability in sorter.php in the phpManufaktur ki
NOT-FOR-US: phpManufaktur extension
CVE-2014-3754
RESERVED
-CVE-2014-3753
- RESERVED
+CVE-2014-3753 (AgileBits 1Password through 1.0.9.340 allows security feature bypass ...)
+ TODO: check
CVE-2014-3752 (The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and ea ...)
NOT-FOR-US: G Data TotalProtection
CVE-2014-3751
@@ -249244,14 +249468,11 @@ CVE-2014-3451 (OpenFire XMPP Server before 3.10 accepts self-signed certificates
NOT-FOR-US: Openfire
CVE-2014-3450 (Unspecified vulnerability in Panda Gold Protection and Global Protecti ...)
NOT-FOR-US: Panda
-CVE-2014-3449
- RESERVED
+CVE-2014-3449 (BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerabil ...)
NOT-FOR-US: BSS Continuity CMS
-CVE-2014-3448
- RESERVED
+CVE-2014-3448 (BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerabili ...)
NOT-FOR-US: BSS Continuity CMS
-CVE-2014-3447
- RESERVED
+CVE-2014-3447 (BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vulnerab ...)
NOT-FOR-US: BSS Continuity CMS
CVE-2014-3446 (SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in ...)
NOT-FOR-US: BSS Continuity CMS
@@ -249824,8 +250045,8 @@ CVE-2014-3213
RESERVED
CVE-2014-3212
RESERVED
-CVE-2014-3211
- RESERVED
+CVE-2014-3211 (Publify before 8.0.1 is vulnerable to a Denial of Service attack ...)
+ TODO: check
CVE-2014-3210 (SQL injection vulnerability in dopbs-backend-forms.php in the Booking ...)
NOT-FOR-US: WordPress plugin Booking System
CVE-2014-3208
@@ -251278,8 +251499,8 @@ CVE-2014-2706 (Race condition in the mac80211 subsystem in the Linux kernel befo
- linux-2.6 <removed> (low)
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33)
NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1d147bfa64293b2723c4fec50922168658e613ba
-CVE-2014-2686
- RESERVED
+CVE-2014-2686 (Ansible prior to 1.5.4 mishandles the evaluation of some strings. ...)
+ TODO: check
CVE-2014-2680
RESERVED
CVE-2014-2679
@@ -251400,10 +251621,10 @@ CVE-2014-2653 (The verify_host_key function in sshconnect.c in the client in Ope
- openssh 1:6.6p1-1 (low; bug #742513)
CVE-2014-2652 (SQL injection vulnerability in OpenScape Deployment Service (DLS) befo ...)
NOT-FOR-US: OpenScape Deployment Service
-CVE-2014-2651
- RESERVED
-CVE-2014-2650
- RESERVED
+CVE-2014-2651 (Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an a ...)
+ TODO: check
+CVE-2014-2650 (Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an ...)
+ TODO: check
CVE-2014-2649 (Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows ...)
NOT-FOR-US: HP Operations Manager
CVE-2014-2648 (Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UN ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b45111dcda232e6997da080e6566337edd7c3e7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b45111dcda232e6997da080e6566337edd7c3e7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200109/6e767d63/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list