[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Jan 13 20:10:36 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fc3df740 by security tracker role at 2020-01-13T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,187 @@
+CVE-2020-6949 (A privilege escalation issue was discovered in the postUser function i ...)
+ TODO: check
+CVE-2020-6948 (A remote code execution issue was discovered in HashBrown CMS through ...)
+ TODO: check
+CVE-2020-6947
+ RESERVED
+CVE-2020-6946
+ RESERVED
+CVE-2020-6945
+ RESERVED
+CVE-2020-6944
+ RESERVED
+CVE-2020-6943
+ RESERVED
+CVE-2020-6942
+ RESERVED
+CVE-2020-6941
+ RESERVED
+CVE-2020-6940
+ RESERVED
+CVE-2020-6939
+ RESERVED
+CVE-2020-6938
+ RESERVED
+CVE-2020-6937
+ RESERVED
+CVE-2020-6936
+ RESERVED
+CVE-2020-6935
+ RESERVED
+CVE-2020-6934
+ RESERVED
+CVE-2020-6933
+ RESERVED
+CVE-2020-6932
+ RESERVED
+CVE-2020-6931
+ RESERVED
+CVE-2020-6930
+ RESERVED
+CVE-2020-6929
+ RESERVED
+CVE-2020-6928
+ RESERVED
+CVE-2020-6927
+ RESERVED
+CVE-2020-6926
+ RESERVED
+CVE-2020-6925
+ RESERVED
+CVE-2020-6924
+ RESERVED
+CVE-2020-6923
+ RESERVED
+CVE-2020-6922
+ RESERVED
+CVE-2020-6921
+ RESERVED
+CVE-2020-6920
+ RESERVED
+CVE-2020-6919
+ RESERVED
+CVE-2020-6918
+ RESERVED
+CVE-2020-6917
+ RESERVED
+CVE-2020-6916
+ RESERVED
+CVE-2020-6915
+ RESERVED
+CVE-2020-6914
+ RESERVED
+CVE-2020-6913
+ RESERVED
+CVE-2020-6912
+ RESERVED
+CVE-2020-6911
+ RESERVED
+CVE-2020-6910
+ RESERVED
+CVE-2020-6909
+ RESERVED
+CVE-2020-6908
+ RESERVED
+CVE-2020-6907
+ RESERVED
+CVE-2020-6906
+ RESERVED
+CVE-2020-6905
+ RESERVED
+CVE-2020-6904
+ RESERVED
+CVE-2020-6903
+ RESERVED
+CVE-2020-6902
+ RESERVED
+CVE-2020-6901
+ RESERVED
+CVE-2020-6900
+ RESERVED
+CVE-2020-6899
+ RESERVED
+CVE-2020-6898
+ RESERVED
+CVE-2020-6897
+ RESERVED
+CVE-2020-6896
+ RESERVED
+CVE-2020-6895
+ RESERVED
+CVE-2020-6894
+ RESERVED
+CVE-2020-6893
+ RESERVED
+CVE-2020-6892
+ RESERVED
+CVE-2020-6891
+ RESERVED
+CVE-2020-6890
+ RESERVED
+CVE-2020-6889
+ RESERVED
+CVE-2020-6888
+ RESERVED
+CVE-2020-6887
+ RESERVED
+CVE-2020-6886
+ RESERVED
+CVE-2020-6885
+ RESERVED
+CVE-2020-6884
+ RESERVED
+CVE-2020-6883
+ RESERVED
+CVE-2020-6882
+ RESERVED
+CVE-2020-6881
+ RESERVED
+CVE-2020-6880
+ RESERVED
+CVE-2020-6879
+ RESERVED
+CVE-2020-6878
+ RESERVED
+CVE-2020-6877
+ RESERVED
+CVE-2020-6876
+ RESERVED
+CVE-2020-6875
+ RESERVED
+CVE-2020-6874
+ RESERVED
+CVE-2020-6873
+ RESERVED
+CVE-2020-6872
+ RESERVED
+CVE-2020-6871
+ RESERVED
+CVE-2020-6870
+ RESERVED
+CVE-2020-6869
+ RESERVED
+CVE-2020-6868
+ RESERVED
+CVE-2020-6867
+ RESERVED
+CVE-2020-6866
+ RESERVED
+CVE-2020-6865
+ RESERVED
+CVE-2020-6864
+ RESERVED
+CVE-2020-6863
+ RESERVED
+CVE-2020-6862
+ RESERVED
CVE-2020-6861
RESERVED
CVE-2020-6860 (libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hd ...)
- libmysofa <unfixed>
NOTE: https://github.com/hoene/libmysofa/issues/96
NOTE: https://github.com/hoene/libmysofa/commit/c31120a4ddfe3fc705cfdd74da7e884e1866da85
-CVE-2020-6859
- RESERVED
+CVE-2020-6859 (Multiple Insecure Direct Object Reference vulnerabilities in includes/ ...)
+ TODO: check
CVE-2020-6858
RESERVED
CVE-2020-6857
@@ -3122,8 +3298,8 @@ CVE-2020-5392
RESERVED
CVE-2020-5391
RESERVED
-CVE-2020-5390
- RESERVED
+CVE-2020-5390 (PySAML2 before 5.0.0 does not check that the signature in a SAML docum ...)
+ TODO: check
CVE-2020-5389
RESERVED
CVE-2020-5388
@@ -3752,8 +3928,8 @@ CVE-2020-5197
NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2020-5196
RESERVED
-CVE-2020-5195
- RESERVED
+CVE-2020-5195 (Reflected XSS through an IMG element in Cerberus FTP Server prior to v ...)
+ TODO: check
CVE-2020-5194
RESERVED
CVE-2019-20225 (MyBB before 1.8.22 allows an open redirect on login. ...)
@@ -3817,14 +3993,14 @@ CVE-2019-20214
RESERVED
CVE-2019-20213 (D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Info ...)
NOT-FOR-US: D-Link
-CVE-2019-20212
- RESERVED
-CVE-2019-20211
- RESERVED
-CVE-2019-20210
- RESERVED
-CVE-2019-20209
- RESERVED
+CVE-2019-20212 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...)
+ TODO: check
+CVE-2019-20211 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...)
+ TODO: check
+CVE-2019-20210 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...)
+ TODO: check
+CVE-2019-20209 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...)
+ TODO: check
CVE-2019-20208 (dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based ...)
- gpac <unfixed>
[buster] - gpac <no-dsa> (Minor issue)
@@ -7189,8 +7365,8 @@ CVE-2019-19893
RESERVED
CVE-2019-19892
RESERVED
-CVE-2019-19891
- RESERVED
+CVE-2019-19891 (An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 ...)
+ TODO: check
CVE-2019-19906 (cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading ...)
{DSA-4591-1 DLA-2044-1}
- cyrus-sasl2 2.1.27+dfsg-2 (bug #947043)
@@ -9253,15 +9429,13 @@ CVE-2019-19730
RESERVED
CVE-2019-19729 (An issue was discovered in the BSON ObjectID (aka bson-objectid) packa ...)
NOT-FOR-US: bsjon-objectid node module
-CVE-2019-19728
- RESERVED
+CVE-2019-19728 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --u ...)
- slurm-llnl <unfixed>
[buster] - slurm-llnl <no-dsa> (Minor issue)
[stretch] - slurm-llnl <no-dsa> (Minor issue)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1159692
NOTE: Fixed upstream in 18.08.9, 19.05.5
-CVE-2019-19727
- RESERVED
+CVE-2019-19727 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd ...)
- slurm-llnl <unfixed> (unimportant)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1155784
NOTE: Fixed upstream in 18.08.9, 19.05.5
@@ -12026,8 +12200,8 @@ CVE-2019-19549
RESERVED
CVE-2019-19548
RESERVED
-CVE-2019-19547
- RESERVED
+CVE-2019-19547 (Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may b ...)
+ TODO: check
CVE-2019-19546 (Norton Password Manager, prior to 6.6.2.5, may be susceptible to an in ...)
NOT-FOR-US: Norton Password Manager
CVE-2019-19545 (Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cro ...)
@@ -12548,7 +12722,7 @@ CVE-2020-1812
RESERVED
CVE-2020-1811
RESERVED
-CVE-2020-1810 (Huawei products CloudEngine 12800, S5700, and S6700 have a weak algori ...)
+CVE-2020-1810 (Huawei products CloudEngine 12800;S5700;S6700 have a weak algorithm vu ...)
NOT-FOR-US: Huawei
CVE-2020-1809
RESERVED
@@ -14243,10 +14417,10 @@ CVE-2019-18896
RESERVED
CVE-2019-18895 (Scanguard through 2019-11-12 on Windows has Insecure Permissions for t ...)
NOT-FOR-US: Scanguard
-CVE-2019-18894
- RESERVED
-CVE-2019-18893
- RESERVED
+CVE-2019-18894 (In Avast Premium Security 19.8.2393, attackers can send a specially cr ...)
+ TODO: check
+CVE-2019-18893 (XSS in the Video Downloader component before 1.5 of Avast Secure Brows ...)
+ TODO: check
CVE-2019-18892
RESERVED
CVE-2019-18891
@@ -29503,6 +29677,7 @@ CVE-2019-14609 (Improper input validation in firmware for Intel(R) NUC(R) may al
CVE-2019-14608 (Improper buffer restrictions in firmware for Intel(R) NUC(R) may allow ...)
NOT-FOR-US: Intel
CVE-2019-14607 (Improper conditions check in multiple Intel® Processors may allow ...)
+ {DSA-4565-2}
- intel-microcode 3.20191115.1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html
CVE-2019-14606
@@ -233719,8 +233894,8 @@ CVE-2014-9384
RESERVED
CVE-2014-9383
RESERVED
-CVE-2014-9382
- RESERVED
+CVE-2014-9382 (Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user accou ...)
+ TODO: check
CVE-2014-9375 (Directory traversal vulnerability in the LibraryFileUploadServlet serv ...)
NOT-FOR-US: Lexmark
CVE-2014-9373 (Directory traversal vulnerability in the CollectorConfInfoServlet serv ...)
@@ -243157,8 +243332,8 @@ CVE-2014-6062
RESERVED
CVE-2014-6061
RESERVED
-CVE-2014-6059
- RESERVED
+CVE-2014-6059 (WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary ...)
+ TODO: check
CVE-2014-6058
RESERVED
CVE-2014-6057
@@ -243223,11 +243398,9 @@ CVE-2014-6042
RESERVED
CVE-2014-6041 (The Android WebView in Android before 4.4 allows remote attackers to b ...)
NOT-FOR-US: Android Browser application
-CVE-2014-6039
- RESERVED
+CVE-2014-6039 (ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a ...)
NOT-FOR-US: ManageEngine EventLog Analyzer
-CVE-2014-6038
- RESERVED
+CVE-2014-6038 (Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 ...)
NOT-FOR-US: ManageEngine EventLog Analyzer
CVE-2014-6037 (Directory traversal vulnerability in the agentUpload servlet in ZOHO M ...)
NOT-FOR-US: ZOHO ManageEngine EventLog Analyzer
@@ -244614,10 +244787,10 @@ CVE-2014-5388 (Off-by-one error in the pci_read function in the ACPI PCI hotplug
NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=db4728e6fec0364b866d3106125974eedc00e091
CVE-2014-5382 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...)
NOT-FOR-US: Schrack Technik microControl
-CVE-2014-5381
- RESERVED
-CVE-2014-5380
- RESERVED
+CVE-2014-5381 (Grand MA 300 allows a brute-force attack on the PIN. ...)
+ TODO: check
+CVE-2014-5380 (Grand MA 300 allows retrieval of the access PIN from sniffed data. ...)
+ TODO: check
CVE-2014-5379
RESERVED
CVE-2014-5378
@@ -261860,8 +262033,8 @@ CVE-2013-6227 (Unrestricted file upload vulnerability in plugins/editor.zoho/age
NOT-FOR-US: Zoho plugin in Pydio (AjaXplorer)
CVE-2013-6226 (Directory traversal vulnerability in plugins/editor.zoho/agent/save_zo ...)
NOT-FOR-US: Pydio (AjaXplorer) Zoho Editor plugin
-CVE-2013-6225
- RESERVED
+CVE-2013-6225 (LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability ...)
+ TODO: check
CVE-2013-6224 (Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla befor ...)
NOT-FOR-US: Livezilla
CVE-2013-6223 (LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and ...)
@@ -283105,8 +283278,8 @@ CVE-2012-4769
RESERVED
CVE-2012-4768 (Cross-site scripting (XSS) vulnerability in the Download Monitor plugi ...)
NOT-FOR-US: Download Monitor plugin for WordPress
-CVE-2012-4767
- RESERVED
+CVE-2012-4767 (An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the se ...)
+ TODO: check
CVE-2012-4766
RESERVED
CVE-2012-4765
@@ -302872,8 +303045,8 @@ CVE-2011-2672 (Cross-site scripting (XSS) vulnerability in SemanticScuttle befor
NOT-FOR-US: SemanticScuttle
CVE-2011-2671 (Unspecified vulnerability in Megalith 12th edition through 27th editio ...)
NOT-FOR-US: Megalith
-CVE-2011-2670
- RESERVED
+CVE-2011-2670 (Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of C ...)
+ TODO: check
CVE-2011-2669
RESERVED
CVE-2011-2668
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc3df7402831329f2c8383c3665487c7efe156c6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc3df7402831329f2c8383c3665487c7efe156c6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200113/0b692b63/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list