[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 14 08:10:33 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
11718e6a by security tracker role at 2020-01-14T08:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-6958 (An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrappe ...)
+ TODO: check
+CVE-2020-6957
+ RESERVED
+CVE-2020-6956
+ RESERVED
+CVE-2020-6955 (An issue was discovered on Cayin SMP-PRO4 devices. They allow image_pr ...)
+ TODO: check
+CVE-2020-6954 (An issue was discovered on Cayin SMP-PRO4 devices. A user can discover ...)
+ TODO: check
+CVE-2020-6953
+ RESERVED
+CVE-2020-6952
+ RESERVED
+CVE-2020-6951
+ RESERVED
+CVE-2020-6950
+ RESERVED
CVE-2020-6949 (A privilege escalation issue was discovered in the postUser function i ...)
NOT-FOR-US: HashBrown CMS
CVE-2020-6948 (A remote code execution issue was discovered in HashBrown CMS through ...)
@@ -246,8 +264,7 @@ CVE-2020-6834
RESERVED
CVE-2020-6833
RESERVED
-CVE-2020-6832
- RESERVED
+CVE-2020-6832 (An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 throug ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released/
CVE-2019-20379 (ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via th ...)
@@ -3924,8 +3941,7 @@ CVE-2020-5199
RESERVED
CVE-2020-5198
RESERVED
-CVE-2020-5197
- RESERVED
+CVE-2020-5197 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
[experimental] - gitlab 12.6.2-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
@@ -6655,37 +6671,30 @@ CVE-2019-20149 (ctorName in index.js in kind-of v6.0.2 allows external user inpu
[stretch] - node-kind-of <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://github.com/jonschlinkert/kind-of/issues/30
NOTE: https://github.com/jonschlinkert/kind-of/pull/31
-CVE-2019-20148
- RESERVED
+CVE-2019-20148 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
[experimental] - gitlab 12.6.2-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
-CVE-2019-20147
- RESERVED
+CVE-2019-20147 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
[experimental] - gitlab 12.6.2-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
-CVE-2019-20146
- RESERVED
+CVE-2019-20146 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
[experimental] - gitlab 12.6.2-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
-CVE-2019-20145
- RESERVED
+CVE-2019-20145 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
[experimental] - gitlab 12.6.2-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
-CVE-2019-20144
- RESERVED
+CVE-2019-20144 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
[experimental] - gitlab 12.6.2-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
-CVE-2019-20143
- RESERVED
+CVE-2019-20143 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
- gitlab <not-affected> (Only affects Gitlab CE 12.6)
NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
-CVE-2019-20142
- RESERVED
+CVE-2019-20142 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
- gitlab <not-affected> (Only affects Gitlab CE 12.3 and later)
NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2019-20141 (An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPr ...)
@@ -10811,8 +10820,8 @@ CVE-2019-19682 (nopCommerce through 4.20 allows XSS in the SaveStoreMappings of
NOT-FOR-US: nopCommerce
CVE-2019-19681 (Pandora FMS 7.x suffers from remote code execution vulnerability. With ...)
NOT-FOR-US: Pandora FMS
-CVE-2019-19680
- RESERVED
+CVE-2019-19680 (A file-extension filtering vulnerability in ProofPoint Protection Serv ...)
+ TODO: check
CVE-2019-19679 (In "Xray Test Management for Jira" prior to version 3.5.5, remote auth ...)
NOT-FOR-US: Xray Test Management for Jira
CVE-2019-19678 (In "Xray Test Management for Jira" prior to version 3.5.5, remote auth ...)
@@ -12102,24 +12111,31 @@ CVE-2019-19585 (An issue was discovered in rConfig 3.9.3. The install script upd
CVE-2019-19584
RESERVED
CVE-2019-19583 (An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH gue ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-308.html
CVE-2019-19582 (An issue was discovered in Xen through 4.12.x allowing x86 guest OS us ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-307.html
CVE-2019-19581 (An issue was discovered in Xen through 4.12.x allowing 32-bit Arm gues ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-307.html
CVE-2019-19580 (An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-310.html
CVE-2019-19578 (An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-309.html
CVE-2019-19577 (An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM gue ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-311.html
CVE-2019-19579 (An issue was discovered in Xen through 4.12.x allowing attackers to ga ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-306.html
CVE-2019-19576 (class.upload.php in verot.net class.upload before 1.0.3 and 2.x before ...)
@@ -12576,7 +12592,7 @@ CVE-2019-19472
RESERVED
CVE-2019-19471
RESERVED
-CVE-2019-19470 (An attacker who has already compromised the local system could use Tin ...)
+CVE-2019-19470 (Unsafe usage of .NET deserialization in Named Pipe message processing ...)
NOT-FOR-US: TinyWall Controller
CVE-2019-19469 (In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks ...)
NOT-FOR-US: Zmanda Management Console
@@ -17948,21 +17964,27 @@ CVE-2019-18427
CVE-2019-18426
RESERVED
CVE-2019-18425 (An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-298.html
CVE-2019-18424 (An issue was discovered in Xen through 4.12.x allowing attackers to ga ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-302.html
CVE-2019-18423 (An issue was discovered in Xen through 4.12.x allowing ARM guest OS us ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-301.html
CVE-2019-18422 (An issue was discovered in Xen through 4.12.x allowing ARM guest OS us ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-303.html
CVE-2019-18421 (An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-299.html
CVE-2019-18420 (An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-296.html
CVE-2019-18419 (A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB ...)
@@ -46137,9 +46159,11 @@ CVE-2019-9578 (In devs.c in Yubico libu2f-host before 1.1.8, the response to ini
CVE-2019-9577
RESERVED
CVE-2019-17350 (An issue was discovered in Xen through 4.12.x allowing Arm domU attack ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1
NOTE: https://xenbits.xen.org/xsa/advisory-295.html
CVE-2019-17349 (An issue was discovered in Xen through 4.12.x allowing Arm domU attack ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1
NOTE: https://xenbits.xen.org/xsa/advisory-295.html
CVE-2019-17348 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
@@ -283324,10 +283348,10 @@ CVE-2012-4763
RESERVED
CVE-2012-4762
RESERVED
-CVE-2012-4761
- RESERVED
-CVE-2012-4760
- RESERVED
+CVE-2012-4761 (A Privilege Escalation vulnerability exists in the unquoted Service Bi ...)
+ TODO: check
+CVE-2012-4760 (A Privilege Escalation vulnerability exists in the SDBagent service in ...)
+ TODO: check
CVE-2011-5158 (Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and ...)
NOT-FOR-US: DATEV Grundpaket Basis
CVE-2010-5274 (Untrusted search path vulnerability in PKZIP before 12.50.0014 allows ...)
@@ -283529,8 +283553,8 @@ CVE-2012-4751 (Cross-site scripting (XSS) vulnerability in Open Ticket Request S
- otrs2 3.1.7+dfsg1-6
[squeeze] - otrs2 2.4.9+dfsg1-3+squeeze4
NOTE: DSA-2733-1
-CVE-2012-4750
- RESERVED
+CVE-2012-4750 (A Code Execution vulnerability exists in the memcpy function when proc ...)
+ TODO: check
CVE-2012-4749
RESERVED
CVE-2012-4748
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/11718e6a35007c05d66935b8b6c482a4516814d3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/11718e6a35007c05d66935b8b6c482a4516814d3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200114/d3686a5a/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list