[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Jan 11 08:10:25 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
000e91d2 by security tracker role at 2020-01-11T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2020-6847 (OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is exec ...)
+	TODO: check
+CVE-2020-6846
+	RESERVED
+CVE-2020-6845
+	RESERVED
+CVE-2020-6844
+	RESERVED
+CVE-2020-6843
+	RESERVED
+CVE-2020-6842
+	RESERVED
+CVE-2020-6841
+	RESERVED
+CVE-2020-6840 (In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mru ...)
+	TODO: check
+CVE-2020-6839 (In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_ ...)
+	TODO: check
+CVE-2020-6838 (In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems ...)
+	TODO: check
+CVE-2020-6837
+	RESERVED
+CVE-2020-6836 (grammar-parser.jison in the hot-formula-parser package before 3.0.1 fo ...)
+	TODO: check
+CVE-2020-6835 (An issue was discovered in Bftpd before 5.4. There is a heap-based off ...)
+	TODO: check
+CVE-2020-6834
+	RESERVED
+CVE-2020-6833
+	RESERVED
+CVE-2020-6832
+	RESERVED
+CVE-2019-20379 (ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via th ...)
+	TODO: check
+CVE-2019-20378 (ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via th ...)
+	TODO: check
+CVE-2019-20377 (TopList before 2019-09-03 allows XSS via a title. ...)
+	TODO: check
 CVE-2020-6831
 	RESERVED
 CVE-2020-6830
@@ -967,8 +1005,7 @@ CVE-2020-6379
 	RESERVED
 CVE-2020-6378
 	RESERVED
-CVE-2020-6377
-	RESERVED
+CVE-2020-6377 (Use after free in audio in Google Chrome prior to 79.0.3945.117 allowe ...)
 	- chromium <unfixed>
 CVE-2020-6376
 	RESERVED
@@ -7865,13 +7902,13 @@ CVE-2019-19835
 	RESERVED
 CVE-2019-19834
 	RESERVED
-CVE-2019-20043 (WordPress before 5.3.1 allowed an unauthenticated user to make a post  ...)
+CVE-2019-20043 (In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.ph ...)
 	{DSA-4599-1}
 	- wordpress 5.3.2+dfsg1-1 (bug #946905)
 	NOTE: https://core.trac.wordpress.org/changeset/46893/trunk
 	NOTE: https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9
 	NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
-CVE-2019-20042 (WordPress before 5.3.1 allowed an attacker to create a cross-site scri ...)
+CVE-2019-20042 (In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function  ...)
 	{DSA-4599-1}
 	- wordpress 5.3.2+dfsg1-1 (bug #946905)
 	NOTE: https://core.trac.wordpress.org/changeset/46894/trunk
@@ -12281,8 +12318,8 @@ CVE-2019-19477
 	RESERVED
 CVE-2019-19476
 	RESERVED
-CVE-2019-19475
-	RESERVED
+CVE-2019-19475 (An issue was discovered in ManageEngine Applications Manager 14 with B ...)
+	TODO: check
 CVE-2019-19474
 	RESERVED
 CVE-2019-19473
@@ -22760,7 +22797,8 @@ CVE-2019-16789 (In Waitress through version 1.4.0, if a proxy server is used in
 	[stretch] - waitress <no-dsa> (Minor issue)
 	NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4
 	NOTE: https://github.com/Pylons/waitress/commit/11d9e138125ad46e951027184b13242a3c1de017
-CVE-2019-16788 (In WordPress versions from 3.7 to 5.3.0, authenticated users who do no ...)
+CVE-2019-16788
+	REJECTED
 	TODO: check, is a duplicate of CVE-2019-20043, contacted MITRE
 CVE-2019-16786 (Waitress through version 1.3.1 would parse the Transfer-Encoding heade ...)
 	- waitress 1.4.1-1 (bug #947306)
@@ -22819,7 +22857,8 @@ CVE-2019-16774 (In phpfastcache before 5.1.3, there is a possible object injecti
 	NOTE: https://github.com/PHPSocialNetwork/phpfastcache/commit/c4527205cb7a402b595790c74310791f5b04a1a4 (5.0.13)
 	NOTE: https://github.com/PHPSocialNetwork/phpfastcache/commit/82a84adff6e8fc9b564c616d0fdc9238ae2e86c3 (4.3.18)
 	NOTE: Affected phpfastcache code is not used in kopano-webapp-plugin-files.
-CVE-2019-16773 (In WordPress versions from 3.7 to 5.3.0, the function wp_targeted_link ...)
+CVE-2019-16773
+	REJECTED
 	TODO: check, is a duplicate of CVE-2019-20042, MITRE contacted for handling
 CVE-2019-16772 (The serialize-to-js NPM package before version 3.0.1 is vulnerable to  ...)
 	NOT-FOR-US: serialize-to-js Node package
@@ -32129,8 +32168,7 @@ CVE-2019-13769
 	RESERVED
 CVE-2019-13768
 	RESERVED
-CVE-2019-13767
-	RESERVED
+CVE-2019-13767 (Use after free in media picker in Google Chrome prior to 79.0.3945.88  ...)
 	- chromium <unfixed>
 CVE-2019-13766 (Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 ...)
 	{DSA-4562-1}
@@ -283688,8 +283726,8 @@ CVE-2012-4605 (The default configuration of the SMTP component in Websense Email
 	NOT-FOR-US: Websense Email Security
 CVE-2012-4604 (The TRITON management console in Websense Web Security before 7.6 Hotf ...)
 	NOT-FOR-US: Websense Web Security
-CVE-2012-4603
-	RESERVED
+CVE-2012-4603 (Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix  ...)
+	TODO: check
 CVE-2012-4602 (Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_ ...)
 	NOT-FOR-US: Nicola Asuni TCExam
 CVE-2012-4601 (Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 1 ...)
@@ -284607,8 +284645,8 @@ CVE-2012-4286 (The pcapng_read_packet_block function in wiretap/pcapng.c in the
 CVE-2012-4285 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the D ...)
 	- wireshark 1.8.2-1 (unimportant)
 	NOTE: not suitable for code injection
-CVE-2012-4284
-	RESERVED
+CVE-2012-4284 (A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac  ...)
+	TODO: check
 CVE-2011-5099 (SQL injection vulnerability in helper/popup.php in the ccNewsletter (m ...)
 	NOT-FOR-US: Joomla addon
 CVE-2012-4283 (Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin ...)
@@ -285853,8 +285891,8 @@ CVE-2012-3823 (Arial Campaign Enterprise before 11.0.551 stores passwords in cle
 	NOT-FOR-US: Arial Campaign Enterprise
 CVE-2012-3822 (Arial Campaign Enterprise before 11.0.551 has unauthorized access to t ...)
 	NOT-FOR-US: Arial Campaign Enterprise
-CVE-2012-3821
-	RESERVED
+CVE-2012-3821 (A Security Bypass vulnerability exists in the activate.asp page in Ari ...)
+	TODO: check
 CVE-2012-3820 (Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Soft ...)
 	NOT-FOR-US: Arial Software Campaign Enterprise
 CVE-2012-3819 (Stack consumption vulnerability in dartwebserver.dll 1.9 and earlier,  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/000e91d2e2135e6c95229bbed448642f0df41230

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/000e91d2e2135e6c95229bbed448642f0df41230
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200111/1411f8aa/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list