[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Jan 13 20:10:36 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fc3df740 by security tracker role at 2020-01-13T20:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,187 @@
+CVE-2020-6949 (A privilege escalation issue was discovered in the postUser function i ...)
+	TODO: check
+CVE-2020-6948 (A remote code execution issue was discovered in HashBrown CMS through  ...)
+	TODO: check
+CVE-2020-6947
+	RESERVED
+CVE-2020-6946
+	RESERVED
+CVE-2020-6945
+	RESERVED
+CVE-2020-6944
+	RESERVED
+CVE-2020-6943
+	RESERVED
+CVE-2020-6942
+	RESERVED
+CVE-2020-6941
+	RESERVED
+CVE-2020-6940
+	RESERVED
+CVE-2020-6939
+	RESERVED
+CVE-2020-6938
+	RESERVED
+CVE-2020-6937
+	RESERVED
+CVE-2020-6936
+	RESERVED
+CVE-2020-6935
+	RESERVED
+CVE-2020-6934
+	RESERVED
+CVE-2020-6933
+	RESERVED
+CVE-2020-6932
+	RESERVED
+CVE-2020-6931
+	RESERVED
+CVE-2020-6930
+	RESERVED
+CVE-2020-6929
+	RESERVED
+CVE-2020-6928
+	RESERVED
+CVE-2020-6927
+	RESERVED
+CVE-2020-6926
+	RESERVED
+CVE-2020-6925
+	RESERVED
+CVE-2020-6924
+	RESERVED
+CVE-2020-6923
+	RESERVED
+CVE-2020-6922
+	RESERVED
+CVE-2020-6921
+	RESERVED
+CVE-2020-6920
+	RESERVED
+CVE-2020-6919
+	RESERVED
+CVE-2020-6918
+	RESERVED
+CVE-2020-6917
+	RESERVED
+CVE-2020-6916
+	RESERVED
+CVE-2020-6915
+	RESERVED
+CVE-2020-6914
+	RESERVED
+CVE-2020-6913
+	RESERVED
+CVE-2020-6912
+	RESERVED
+CVE-2020-6911
+	RESERVED
+CVE-2020-6910
+	RESERVED
+CVE-2020-6909
+	RESERVED
+CVE-2020-6908
+	RESERVED
+CVE-2020-6907
+	RESERVED
+CVE-2020-6906
+	RESERVED
+CVE-2020-6905
+	RESERVED
+CVE-2020-6904
+	RESERVED
+CVE-2020-6903
+	RESERVED
+CVE-2020-6902
+	RESERVED
+CVE-2020-6901
+	RESERVED
+CVE-2020-6900
+	RESERVED
+CVE-2020-6899
+	RESERVED
+CVE-2020-6898
+	RESERVED
+CVE-2020-6897
+	RESERVED
+CVE-2020-6896
+	RESERVED
+CVE-2020-6895
+	RESERVED
+CVE-2020-6894
+	RESERVED
+CVE-2020-6893
+	RESERVED
+CVE-2020-6892
+	RESERVED
+CVE-2020-6891
+	RESERVED
+CVE-2020-6890
+	RESERVED
+CVE-2020-6889
+	RESERVED
+CVE-2020-6888
+	RESERVED
+CVE-2020-6887
+	RESERVED
+CVE-2020-6886
+	RESERVED
+CVE-2020-6885
+	RESERVED
+CVE-2020-6884
+	RESERVED
+CVE-2020-6883
+	RESERVED
+CVE-2020-6882
+	RESERVED
+CVE-2020-6881
+	RESERVED
+CVE-2020-6880
+	RESERVED
+CVE-2020-6879
+	RESERVED
+CVE-2020-6878
+	RESERVED
+CVE-2020-6877
+	RESERVED
+CVE-2020-6876
+	RESERVED
+CVE-2020-6875
+	RESERVED
+CVE-2020-6874
+	RESERVED
+CVE-2020-6873
+	RESERVED
+CVE-2020-6872
+	RESERVED
+CVE-2020-6871
+	RESERVED
+CVE-2020-6870
+	RESERVED
+CVE-2020-6869
+	RESERVED
+CVE-2020-6868
+	RESERVED
+CVE-2020-6867
+	RESERVED
+CVE-2020-6866
+	RESERVED
+CVE-2020-6865
+	RESERVED
+CVE-2020-6864
+	RESERVED
+CVE-2020-6863
+	RESERVED
+CVE-2020-6862
+	RESERVED
 CVE-2020-6861
 	RESERVED
 CVE-2020-6860 (libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hd ...)
 	- libmysofa <unfixed>
 	NOTE: https://github.com/hoene/libmysofa/issues/96
 	NOTE: https://github.com/hoene/libmysofa/commit/c31120a4ddfe3fc705cfdd74da7e884e1866da85
-CVE-2020-6859
-	RESERVED
+CVE-2020-6859 (Multiple Insecure Direct Object Reference vulnerabilities in includes/ ...)
+	TODO: check
 CVE-2020-6858
 	RESERVED
 CVE-2020-6857
@@ -3122,8 +3298,8 @@ CVE-2020-5392
 	RESERVED
 CVE-2020-5391
 	RESERVED
-CVE-2020-5390
-	RESERVED
+CVE-2020-5390 (PySAML2 before 5.0.0 does not check that the signature in a SAML docum ...)
+	TODO: check
 CVE-2020-5389
 	RESERVED
 CVE-2020-5388
@@ -3752,8 +3928,8 @@ CVE-2020-5197
 	NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
 CVE-2020-5196
 	RESERVED
-CVE-2020-5195
-	RESERVED
+CVE-2020-5195 (Reflected XSS through an IMG element in Cerberus FTP Server prior to v ...)
+	TODO: check
 CVE-2020-5194
 	RESERVED
 CVE-2019-20225 (MyBB before 1.8.22 allows an open redirect on login. ...)
@@ -3817,14 +3993,14 @@ CVE-2019-20214
 	RESERVED
 CVE-2019-20213 (D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Info ...)
 	NOT-FOR-US: D-Link
-CVE-2019-20212
-	RESERVED
-CVE-2019-20211
-	RESERVED
-CVE-2019-20210
-	RESERVED
-CVE-2019-20209
-	RESERVED
+CVE-2019-20212 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...)
+	TODO: check
+CVE-2019-20211 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...)
+	TODO: check
+CVE-2019-20210 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...)
+	TODO: check
+CVE-2019-20209 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...)
+	TODO: check
 CVE-2019-20208 (dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based  ...)
 	- gpac <unfixed>
 	[buster] - gpac <no-dsa> (Minor issue)
@@ -7189,8 +7365,8 @@ CVE-2019-19893
 	RESERVED
 CVE-2019-19892
 	RESERVED
-CVE-2019-19891
-	RESERVED
+CVE-2019-19891 (An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 ...)
+	TODO: check
 CVE-2019-19906 (cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading  ...)
 	{DSA-4591-1 DLA-2044-1}
 	- cyrus-sasl2 2.1.27+dfsg-2 (bug #947043)
@@ -9253,15 +9429,13 @@ CVE-2019-19730
 	RESERVED
 CVE-2019-19729 (An issue was discovered in the BSON ObjectID (aka bson-objectid) packa ...)
 	NOT-FOR-US: bsjon-objectid node module
-CVE-2019-19728
-	RESERVED
+CVE-2019-19728 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --u ...)
 	- slurm-llnl <unfixed>
 	[buster] - slurm-llnl <no-dsa> (Minor issue)
 	[stretch] - slurm-llnl <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1159692
 	NOTE: Fixed upstream in 18.08.9, 19.05.5
-CVE-2019-19727
-	RESERVED
+CVE-2019-19727 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd ...)
 	- slurm-llnl <unfixed> (unimportant)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1155784
 	NOTE: Fixed upstream in 18.08.9, 19.05.5
@@ -12026,8 +12200,8 @@ CVE-2019-19549
 	RESERVED
 CVE-2019-19548
 	RESERVED
-CVE-2019-19547
-	RESERVED
+CVE-2019-19547 (Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may b ...)
+	TODO: check
 CVE-2019-19546 (Norton Password Manager, prior to 6.6.2.5, may be susceptible to an in ...)
 	NOT-FOR-US: Norton Password Manager
 CVE-2019-19545 (Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cro ...)
@@ -12548,7 +12722,7 @@ CVE-2020-1812
 	RESERVED
 CVE-2020-1811
 	RESERVED
-CVE-2020-1810 (Huawei products CloudEngine 12800, S5700, and S6700 have a weak algori ...)
+CVE-2020-1810 (Huawei products CloudEngine 12800;S5700;S6700 have a weak algorithm vu ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1809
 	RESERVED
@@ -14243,10 +14417,10 @@ CVE-2019-18896
 	RESERVED
 CVE-2019-18895 (Scanguard through 2019-11-12 on Windows has Insecure Permissions for t ...)
 	NOT-FOR-US: Scanguard
-CVE-2019-18894
-	RESERVED
-CVE-2019-18893
-	RESERVED
+CVE-2019-18894 (In Avast Premium Security 19.8.2393, attackers can send a specially cr ...)
+	TODO: check
+CVE-2019-18893 (XSS in the Video Downloader component before 1.5 of Avast Secure Brows ...)
+	TODO: check
 CVE-2019-18892
 	RESERVED
 CVE-2019-18891
@@ -29503,6 +29677,7 @@ CVE-2019-14609 (Improper input validation in firmware for Intel(R) NUC(R) may al
 CVE-2019-14608 (Improper buffer restrictions in firmware for Intel(R) NUC(R) may allow ...)
 	NOT-FOR-US: Intel
 CVE-2019-14607 (Improper conditions check in multiple Intel® Processors may allow ...)
+	{DSA-4565-2}
 	- intel-microcode 3.20191115.1
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html
 CVE-2019-14606
@@ -233719,8 +233894,8 @@ CVE-2014-9384
 	RESERVED
 CVE-2014-9383
 	RESERVED
-CVE-2014-9382
-	RESERVED
+CVE-2014-9382 (Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user accou ...)
+	TODO: check
 CVE-2014-9375 (Directory traversal vulnerability in the LibraryFileUploadServlet serv ...)
 	NOT-FOR-US: Lexmark
 CVE-2014-9373 (Directory traversal vulnerability in the CollectorConfInfoServlet serv ...)
@@ -243157,8 +243332,8 @@ CVE-2014-6062
 	RESERVED
 CVE-2014-6061
 	RESERVED
-CVE-2014-6059
-	RESERVED
+CVE-2014-6059 (WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary ...)
+	TODO: check
 CVE-2014-6058
 	RESERVED
 CVE-2014-6057
@@ -243223,11 +243398,9 @@ CVE-2014-6042
 	RESERVED
 CVE-2014-6041 (The Android WebView in Android before 4.4 allows remote attackers to b ...)
 	NOT-FOR-US: Android Browser application
-CVE-2014-6039
-	RESERVED
+CVE-2014-6039 (ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a  ...)
 	NOT-FOR-US: ManageEngine EventLog Analyzer
-CVE-2014-6038
-	RESERVED
+CVE-2014-6038 (Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002  ...)
 	NOT-FOR-US: ManageEngine EventLog Analyzer
 CVE-2014-6037 (Directory traversal vulnerability in the agentUpload servlet in ZOHO M ...)
 	NOT-FOR-US: ZOHO ManageEngine EventLog Analyzer
@@ -244614,10 +244787,10 @@ CVE-2014-5388 (Off-by-one error in the pci_read function in the ACPI PCI hotplug
 	NOTE: Introduced in  http://git.qemu.org/?p=qemu.git;a=commit;h=db4728e6fec0364b866d3106125974eedc00e091
 CVE-2014-5382 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...)
 	NOT-FOR-US: Schrack Technik microControl
-CVE-2014-5381
-	RESERVED
-CVE-2014-5380
-	RESERVED
+CVE-2014-5381 (Grand MA 300 allows a brute-force attack on the PIN. ...)
+	TODO: check
+CVE-2014-5380 (Grand MA 300 allows retrieval of the access PIN from sniffed data. ...)
+	TODO: check
 CVE-2014-5379
 	RESERVED
 CVE-2014-5378
@@ -261860,8 +262033,8 @@ CVE-2013-6227 (Unrestricted file upload vulnerability in plugins/editor.zoho/age
 	NOT-FOR-US: Zoho plugin in Pydio (AjaXplorer)
 CVE-2013-6226 (Directory traversal vulnerability in plugins/editor.zoho/agent/save_zo ...)
 	NOT-FOR-US: Pydio (AjaXplorer) Zoho Editor plugin
-CVE-2013-6225
-	RESERVED
+CVE-2013-6225 (LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability ...)
+	TODO: check
 CVE-2013-6224 (Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla befor ...)
 	NOT-FOR-US: Livezilla
 CVE-2013-6223 (LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and  ...)
@@ -283105,8 +283278,8 @@ CVE-2012-4769
 	RESERVED
 CVE-2012-4768 (Cross-site scripting (XSS) vulnerability in the Download Monitor plugi ...)
 	NOT-FOR-US: Download Monitor plugin for WordPress
-CVE-2012-4767
-	RESERVED
+CVE-2012-4767 (An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the se ...)
+	TODO: check
 CVE-2012-4766
 	RESERVED
 CVE-2012-4765
@@ -302872,8 +303045,8 @@ CVE-2011-2672 (Cross-site scripting (XSS) vulnerability in SemanticScuttle befor
 	NOT-FOR-US: SemanticScuttle
 CVE-2011-2671 (Unspecified vulnerability in Megalith 12th edition through 27th editio ...)
 	NOT-FOR-US: Megalith
-CVE-2011-2670
-	RESERVED
+CVE-2011-2670 (Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of C ...)
+	TODO: check
 CVE-2011-2669
 	RESERVED
 CVE-2011-2668



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc3df7402831329f2c8383c3665487c7efe156c6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc3df7402831329f2c8383c3665487c7efe156c6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200113/0b692b63/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list