[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 22 20:10:32 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
10f0a19a by security tracker role at 2020-01-22T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,205 @@
+CVE-2020-7903
+ RESERVED
+CVE-2020-7902
+ RESERVED
+CVE-2020-7901
+ RESERVED
+CVE-2020-7900
+ RESERVED
+CVE-2020-7899
+ RESERVED
+CVE-2020-7898
+ RESERVED
+CVE-2020-7897
+ RESERVED
+CVE-2020-7896
+ RESERVED
+CVE-2020-7895
+ RESERVED
+CVE-2020-7894
+ RESERVED
+CVE-2020-7893
+ RESERVED
+CVE-2020-7892
+ RESERVED
+CVE-2020-7891
+ RESERVED
+CVE-2020-7890
+ RESERVED
+CVE-2020-7889
+ RESERVED
+CVE-2020-7888
+ RESERVED
+CVE-2020-7887
+ RESERVED
+CVE-2020-7886
+ RESERVED
+CVE-2020-7885
+ RESERVED
+CVE-2020-7884
+ RESERVED
+CVE-2020-7883
+ RESERVED
+CVE-2020-7882
+ RESERVED
+CVE-2020-7881
+ RESERVED
+CVE-2020-7880
+ RESERVED
+CVE-2020-7879
+ RESERVED
+CVE-2020-7878
+ RESERVED
+CVE-2020-7877
+ RESERVED
+CVE-2020-7876
+ RESERVED
+CVE-2020-7875
+ RESERVED
+CVE-2020-7874
+ RESERVED
+CVE-2020-7873
+ RESERVED
+CVE-2020-7872
+ RESERVED
+CVE-2020-7871
+ RESERVED
+CVE-2020-7870
+ RESERVED
+CVE-2020-7869
+ RESERVED
+CVE-2020-7868
+ RESERVED
+CVE-2020-7867
+ RESERVED
+CVE-2020-7866
+ RESERVED
+CVE-2020-7865
+ RESERVED
+CVE-2020-7864
+ RESERVED
+CVE-2020-7863
+ RESERVED
+CVE-2020-7862
+ RESERVED
+CVE-2020-7861
+ RESERVED
+CVE-2020-7860
+ RESERVED
+CVE-2020-7859
+ RESERVED
+CVE-2020-7858
+ RESERVED
+CVE-2020-7857
+ RESERVED
+CVE-2020-7856
+ RESERVED
+CVE-2020-7855
+ RESERVED
+CVE-2020-7854
+ RESERVED
+CVE-2020-7853
+ RESERVED
+CVE-2020-7852
+ RESERVED
+CVE-2020-7851
+ RESERVED
+CVE-2020-7850
+ RESERVED
+CVE-2020-7849
+ RESERVED
+CVE-2020-7848
+ RESERVED
+CVE-2020-7847
+ RESERVED
+CVE-2020-7846
+ RESERVED
+CVE-2020-7845
+ RESERVED
+CVE-2020-7844
+ RESERVED
+CVE-2020-7843
+ RESERVED
+CVE-2020-7842
+ RESERVED
+CVE-2020-7841
+ RESERVED
+CVE-2020-7840
+ RESERVED
+CVE-2020-7839
+ RESERVED
+CVE-2020-7838
+ RESERVED
+CVE-2020-7837
+ RESERVED
+CVE-2020-7836
+ RESERVED
+CVE-2020-7835
+ RESERVED
+CVE-2020-7834
+ RESERVED
+CVE-2020-7833
+ RESERVED
+CVE-2020-7832
+ RESERVED
+CVE-2020-7831
+ RESERVED
+CVE-2020-7830
+ RESERVED
+CVE-2020-7829
+ RESERVED
+CVE-2020-7828
+ RESERVED
+CVE-2020-7827
+ RESERVED
+CVE-2020-7826
+ RESERVED
+CVE-2020-7825
+ RESERVED
+CVE-2020-7824
+ RESERVED
+CVE-2020-7823
+ RESERVED
+CVE-2020-7822
+ RESERVED
+CVE-2020-7821
+ RESERVED
+CVE-2020-7820
+ RESERVED
+CVE-2020-7819
+ RESERVED
+CVE-2020-7818
+ RESERVED
+CVE-2020-7817
+ RESERVED
+CVE-2020-7816
+ RESERVED
+CVE-2020-7815
+ RESERVED
+CVE-2020-7814
+ RESERVED
+CVE-2020-7813
+ RESERVED
+CVE-2020-7812
+ RESERVED
+CVE-2020-7811
+ RESERVED
+CVE-2020-7810
+ RESERVED
+CVE-2020-7809
+ RESERVED
+CVE-2020-7808
+ RESERVED
+CVE-2020-7807
+ RESERVED
+CVE-2020-7806
+ RESERVED
+CVE-2020-7805
+ RESERVED
+CVE-2020-7804
+ RESERVED
+CVE-2020-7803
+ RESERVED
CVE-2020-7802
RESERVED
CVE-2020-7801
@@ -1174,8 +1376,8 @@ CVE-2020-7230
RESERVED
CVE-2020-7229 (An issue was discovered in Simplejobscript.com SJS before 1.65. There ...)
TODO: check
-CVE-2020-7228
- RESERVED
+CVE-2020-7228 (The Calculated Fields Form plugin through 1.0.353 for WordPress suffer ...)
+ TODO: check
CVE-2020-7227 (Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosur ...)
NOT-FOR-US: Westermo MRD-315 devices
CVE-2020-7226
@@ -1414,8 +1616,8 @@ CVE-2020-7111
RESERVED
CVE-2020-7110
RESERVED
-CVE-2020-7109
- RESERVED
+CVE-2020-7109 (The Elementor Page Builder plugin before 2.8.4 for WordPress does not ...)
+ TODO: check
CVE-2020-7108 (The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ...)
NOT-FOR-US: LearnDash LMS plugin for WordPress
CVE-2020-7107 (The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Dis ...)
@@ -1752,10 +1954,10 @@ CVE-2020-6962
RESERVED
CVE-2020-6961
RESERVED
-CVE-2020-6960
- RESERVED
-CVE-2020-6959
- RESERVED
+CVE-2020-6960 (The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prio ...)
+ TODO: check
+CVE-2020-6959 (The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prio ...)
+ TODO: check
CVE-2020-6958 (An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrappe ...)
NOT-FOR-US: Yet Another Java Service Wrapper (YAJSW)
CVE-2020-6957
@@ -5434,8 +5636,8 @@ CVE-2020-5223
RESERVED
CVE-2020-5222
RESERVED
-CVE-2020-5221
- RESERVED
+CVE-2020-5221 (In uftpd before 2.11, it is possible for an unauthenticated user to pe ...)
+ TODO: check
CVE-2020-5220
RESERVED
CVE-2020-5219
@@ -9920,8 +10122,8 @@ CVE-2019-19844 (Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 al
NOTE: https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26 (3.0.x branch)
NOTE: https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e (2.2.x branch)
NOTE: https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2 (1.11.x branch)
-CVE-2019-19843
- RESERVED
+CVE-2019-19843 (Incorrect access control in the web interface in Ruckus Wireless Unlea ...)
+ TODO: check
CVE-2019-19842
RESERVED
CVE-2019-19841
@@ -9934,12 +10136,12 @@ CVE-2019-19838
RESERVED
CVE-2019-19837
RESERVED
-CVE-2019-19836
- RESERVED
+CVE-2019-19836 (AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200. ...)
+ TODO: check
CVE-2019-19835
RESERVED
-CVE-2019-19834
- RESERVED
+CVE-2019-19834 (Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed throug ...)
+ TODO: check
CVE-2019-20043 (In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.ph ...)
{DSA-4599-1}
- wordpress 5.3.2+dfsg1-1 (bug #946905)
@@ -13938,7 +14140,7 @@ CVE-2019-19594 (reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adob
NOT-FOR-US: Adobe Stock API integration for PrestaShop
CVE-2019-19593
RESERVED
-CVE-2019-19592 (Jama Connect 8.44.0 has XSS via the "Import File and Destination" tab ...)
+CVE-2019-19592 (Jama Connect 8.44.0 is vulnerable to stored Cross-Site Scripting ...)
NOT-FOR-US: Jama Connect
CVE-2019-19591
RESERVED
@@ -19290,13 +19492,13 @@ CVE-2019-18588 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell
CVE-2019-18587
RESERVED
CVE-2019-18586
- RESERVED
+ REJECTED
CVE-2019-18585
- RESERVED
+ REJECTED
CVE-2019-18584
- RESERVED
+ REJECTED
CVE-2019-18583
- RESERVED
+ REJECTED
CVE-2019-18582
RESERVED
CVE-2019-18581
@@ -24989,8 +25191,8 @@ CVE-2019-16794
RESERVED
CVE-2019-16793
RESERVED
-CVE-2019-16792
- RESERVED
+CVE-2019-16792 (Waitress through version 1.3.1 allows request smuggling by sending the ...)
+ TODO: check
CVE-2019-16791 (In postfix-mta-sts-resolver before 0.5.1, All users can receive incorr ...)
TODO: check
CVE-2019-16790 (In Tiny File Manager before 2.3.9, there is a remote code execution vi ...)
@@ -43818,10 +44020,10 @@ CVE-2019-10783
RESERVED
CVE-2019-10782
RESERVED
-CVE-2019-10781
- RESERVED
-CVE-2019-10780
- RESERVED
+CVE-2019-10781 (In schema-inspector before 1.6.9, a maliciously crafted JavaScript obj ...)
+ TODO: check
+CVE-2019-10780 (BibTeX-ruby before 5.1.0 allows shell command injection due to unsanit ...)
+ TODO: check
CVE-2019-10779
RESERVED
CVE-2019-10778 (devcert-sanscache before 0.4.7 allows remote attackers to execute arbi ...)
@@ -55308,8 +55510,8 @@ CVE-2019-6860
RESERVED
CVE-2019-6859
RESERVED
-CVE-2019-6858
- RESERVED
+CVE-2019-6858 (A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX ...)
+ TODO: check
CVE-2019-6857 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
NOT-FOR-US: Modicon
CVE-2019-6856 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
@@ -57111,8 +57313,8 @@ CVE-2019-6148
RESERVED
CVE-2019-6147 (Forcepoint NGFW Security Management Center (SMC) versions lower than 6 ...)
NOT-FOR-US: Forcepoint NGFW Security Management Center
-CVE-2019-6146
- RESERVED
+CVE-2019-6146 (It has been reported that cross-site scripting (XSS) is possible in Fo ...)
+ TODO: check
CVE-2019-6145 (Forcepoint VPN Client for Windows versions lower than 6.6.1 have an un ...)
NOT-FOR-US: Forcepoint
CVE-2019-6144 (This vulnerability allows a normal (non-admin) user to disable the For ...)
@@ -58504,8 +58706,8 @@ CVE-2019-5649
RESERVED
CVE-2019-5648
RESERVED
-CVE-2019-5647
- RESERVED
+CVE-2019-5647 (The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser se ...)
+ TODO: check
CVE-2019-5646
RESERVED
CVE-2019-5645
@@ -83002,28 +83204,28 @@ CVE-2018-16274
RESERVED
CVE-2018-16273
RESERVED
-CVE-2018-16272
- RESERVED
-CVE-2018-16271
- RESERVED
-CVE-2018-16270
- RESERVED
-CVE-2018-16269
- RESERVED
-CVE-2018-16268
- RESERVED
-CVE-2018-16267
- RESERVED
-CVE-2018-16266
- RESERVED
-CVE-2018-16265
- RESERVED
-CVE-2018-16264
- RESERVED
-CVE-2018-16263
- RESERVED
-CVE-2018-16262
- RESERVED
+CVE-2018-16272 (The wpa_supplicant system service in Samsung Galaxy Gear series allows ...)
+ TODO: check
+CVE-2018-16271 (The wemail_consumer_service (from the built-in application wemail) in ...)
+ TODO: check
+CVE-2018-16270 (Samsung Galaxy Gear series before build RE2 includes the hcidump utili ...)
+ TODO: check
+CVE-2018-16269 (The wnoti system service in Samsung Galaxy Gear series allows an unpri ...)
+ TODO: check
+CVE-2018-16268 (The SoundServer/FocusServer system services in Tizen allow an unprivil ...)
+ TODO: check
+CVE-2018-16267 (The system-popup system service in Tizen allows an unprivileged proces ...)
+ TODO: check
+CVE-2018-16266 (The Enlightenment system service in Tizen allows an unprivileged proce ...)
+ TODO: check
+CVE-2018-16265 (The bt/bt_core system service in Tizen allows an unprivileged process ...)
+ TODO: check
+CVE-2018-16264 (The BlueZ system service in Tizen allows an unprivileged process to pa ...)
+ TODO: check
+CVE-2018-16263 (The PulseAudio system service in Tizen allows an unprivileged process ...)
+ TODO: check
+CVE-2018-16262 (The pkgmgr system service in Tizen allows an unprivileged process to p ...)
+ TODO: check
CVE-2018-16261 (In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, the ...)
NOT-FOR-US: Pulse Secure Pulse Desktop Client
CVE-2018-16260
@@ -90371,7 +90573,7 @@ CVE-2018-13385 (There was an argument injection vulnerability in Sourcetree for
NOT-FOR-US: Atlassian Sourcetree
CVE-2018-13384 (A Host Header Redirection vulnerability in Fortinet FortiOS all versio ...)
NOT-FOR-US: Fortinet FortiOS
-CVE-2018-13383 (A heap buffer overflow in Fortinet FortiOS all versions below 6.0.5 in ...)
+CVE-2018-13383 (A heap buffer overflow in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5. ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2018-13382 (An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6 ...)
NOT-FOR-US: Fortinet FortiOS
@@ -195746,8 +195948,8 @@ CVE-2016-4763 (WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1
NOT-FOR-US: Webkit as used by Apple
CVE-2016-4762 (WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud ...)
NOT-FOR-US: Webkit as used by Apple
-CVE-2016-4761
- RESERVED
+CVE-2016-4761 (WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow rem ...)
+ TODO: check
CVE-2016-4760 (WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Sa ...)
NOT-FOR-US: Webkit as used by Apple
CVE-2016-4759 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on ...)
@@ -284948,8 +285150,8 @@ CVE-2012-4921 (Multiple cross-site request forgery (CSRF) vulnerabilities in the
NOT-FOR-US: WordPress plugin DVS Custom Notification
CVE-2012-4920 (Directory traversal vulnerability in the zing_forum_output function in ...)
NOT-FOR-US: Wordpress plugin Zingiri Forum
-CVE-2012-4919
- RESERVED
+CVE-2012-4919 (Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerabilit ...)
+ TODO: check
CVE-2012-4918 (Call of Duty Elite for iOS 2.0.1 does not properly validate the server ...)
NOT-FOR-US: Call of Duty Elite for iOS
CVE-2012-4917 (The TripAdvisor app 6.6 for iOS sends cleartext credentials, which all ...)
@@ -297500,8 +297702,8 @@ CVE-2011-4944 (Python 2.6 through 3.2 creates ~/.pypirc with world-readable perm
- python2.7 2.7.3~rc2-2 (low; bug #650555)
- python2.6 2.6.8-1 (unimportant; bug #615118)
NOTE: Negligible impact
-CVE-2011-4943
- RESERVED
+CVE-2011-4943 (ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed ...)
+ TODO: check
CVE-2011-4942 (Multiple cross-site scripting (XSS) vulnerabilities in admin/configura ...)
NOT-FOR-US: Geeklog
CVE-2011-4941 (Unspecified vulnerability in Piwik 1.2 through 1.4 allows remote attac ...)
@@ -302061,8 +302263,7 @@ CVE-2011-3623 (Multiple stack-based buffer overflows in VideoLAN VLC media playe
CVE-2011-3622
RESERVED
NOT-FOR-US: phorum
-CVE-2011-3621
- RESERVED
+CVE-2011-3621 (A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_ ...)
NOT-FOR-US: fluxbb
CVE-2011-3620 (Apache Qpid 0.12 does not properly verify credentials during the joini ...)
- qpid-cpp <not-affected> (Red Hat-specific extension, see bug #672124)
@@ -302082,20 +302283,15 @@ CVE-2011-3616 (The getSkillname function in the eve module in Conky 1.8.1 and ea
[lenny] - conky 1.6.0-2+lenny1
CVE-2011-3615 (Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) ...)
NOT-FOR-US: Simple Machines Forum
-CVE-2011-3614 [vanilla plugin access control]
- RESERVED
+CVE-2011-3614 (An Access Control vulnerability exists in the Facebook, Twitter, and E ...)
NOT-FOR-US: Vanilla Forums
-CVE-2011-3613 [vanilla forums cookie theft]
- RESERVED
+CVE-2011-3613 (An issue exists in Vanilla Forums before 2.0.17.9 due to the way cooki ...)
NOT-FOR-US: Vanilla Forums
-CVE-2011-3612 [HTB22913: Multiple CSRF in UseBB]
- RESERVED
+CVE-2011-3612 (Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in ...)
NOT-FOR-US: UseBB
-CVE-2011-3611 [HTB22914: Local File Inclusion in UseBB]
- RESERVED
+CVE-2011-3611 (A File Inclusion vulnerability exists in act parameter to admin.php in ...)
NOT-FOR-US: UseBB
-CVE-2011-3610 [serendipity freetag plugin before 3.30 and probably others]
- RESERVED
+CVE-2011-3610 (A Cross-site Scripting (XSS) vulnerability exists in the Serendipity f ...)
NOT-FOR-US: Serendipity plugin
CVE-2011-3609 (A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBo ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
@@ -302149,8 +302345,7 @@ CVE-2011-3596 (Polipo before 1.0.4.1 suffers from a DoD vulnerability via specia
- polipo 1.0.4.1-1.2 (bug #644289)
[squeeze] - polipo <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2011/Oct/10
-CVE-2011-3595
- RESERVED
+CVE-2011-3595 (Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! t ...)
NOT-FOR-US: Joomla!
CVE-2011-3594 (The g_markup_escape_text function in the SILC protocol plug-in in libp ...)
- pidgin 2.10.1-1 (unimportant)
@@ -302193,8 +302388,7 @@ CVE-2011-3583 (It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared
- typo3-src 4.5.6+dfsg1-1 (low; bug #641682)
[squeeze] - typo3-src <not-affected> (Only affects 4.5.x)
[lenny] - typo3-src <not-affected> (Only affects 4.5.x)
-CVE-2011-3582
- RESERVED
+CVE-2011-3582 (A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced E ...)
NOT-FOR-US: Advanced Electron Forums
CVE-2011-3581 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal functio ...)
{DSA-2353-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10f0a19a6b81b09c8941c5ea4688a40a50d51208
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10f0a19a6b81b09c8941c5ea4688a40a50d51208
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200122/2016545d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list