[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 24 20:10:44 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1dfeeb08 by security tracker role at 2020-01-24T20:10:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2020-7962
+ RESERVED
+CVE-2020-7961
+ RESERVED
+CVE-2020-7960
+ RESERVED
+CVE-2020-7959
+ RESERVED
+CVE-2020-7958
+ RESERVED
+CVE-2020-7957
+ RESERVED
+CVE-2020-7956
+ RESERVED
+CVE-2020-7955
+ RESERVED
+CVE-2020-7954
+ RESERVED
+CVE-2020-7953
+ RESERVED
+CVE-2020-7952
+ RESERVED
+CVE-2020-7951
+ RESERVED
+CVE-2020-7950
+ RESERVED
+CVE-2020-7949
+ RESERVED
+CVE-2020-7948
+ RESERVED
+CVE-2020-7947
+ RESERVED
CVE-2020-7946
RESERVED
CVE-2020-7945
@@ -1549,8 +1581,8 @@ CVE-2020-7228 (The Calculated Fields Form plugin through 1.0.353 for WordPress s
NOT-FOR-US: Calculated Fields Form plugin for WordPress
CVE-2020-7227 (Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosur ...)
NOT-FOR-US: Westermo MRD-315 devices
-CVE-2020-7226
- RESERVED
+CVE-2020-7226 (CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and ...)
+ TODO: check
CVE-2020-7225
RESERVED
CVE-2020-7224
@@ -2113,18 +2145,18 @@ CVE-2020-6968
RESERVED
CVE-2020-6967
RESERVED
-CVE-2020-6966
- RESERVED
-CVE-2020-6965
- RESERVED
-CVE-2020-6964
- RESERVED
-CVE-2020-6963
- RESERVED
-CVE-2020-6962
- RESERVED
-CVE-2020-6961
- RESERVED
+CVE-2020-6966 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...)
+ TODO: check
+CVE-2020-6965 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...)
+ TODO: check
+CVE-2020-6964 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...)
+ TODO: check
+CVE-2020-6963 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...)
+ TODO: check
+CVE-2020-6962 (In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemet ...)
+ TODO: check
+CVE-2020-6961 (In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemet ...)
+ TODO: check
CVE-2020-6960 (The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prio ...)
NOT-FOR-US: Honeywell
CVE-2020-6959 (The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prio ...)
@@ -5812,8 +5844,8 @@ CVE-2020-5221 (In uftpd before 2.11, it is possible for an unauthenticated user
NOT-FOR-US: uftpd
CVE-2020-5220
RESERVED
-CVE-2020-5219
- RESERVED
+CVE-2020-5219 (Angular Expressions before version 1.0.1 has a remote code execution v ...)
+ TODO: check
CVE-2020-5218
RESERVED
CVE-2020-5217 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...)
@@ -13166,10 +13198,10 @@ CVE-2019-19634 (class.upload.php in verot.net class.upload through 1.0.3 and 2.x
NOT-FOR-US: K2 extension for Joomla!
CVE-2019-19633
RESERVED
-CVE-2019-19632
- RESERVED
-CVE-2019-19631
- RESERVED
+CVE-2019-19632 (An issue was discovered in Big Switch Big Monitoring Fabric 6.2 throug ...)
+ TODO: check
+CVE-2019-19631 (An issue was discovered in Big Switch Big Monitoring Fabric 6.2 throug ...)
+ TODO: check
CVE-2019-19630 (HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() ...)
{DLA-2026-1}
- htmldoc 1.9.7-1 (low)
@@ -15480,8 +15512,8 @@ CVE-2020-1690
RESERVED
CVE-2019-19364 (A weak malicious user can escalate its privilege whenever CatalystProd ...)
NOT-FOR-US: Sony Catalyst Production Suite
-CVE-2019-19363
- RESERVED
+CVE-2019-19363 (An issue was discovered in Ricoh (including Savin and Lanier) Windows ...)
+ TODO: check
CVE-2019-19362 (An issue was discovered in the Chat functionality of the TeamViewer de ...)
NOT-FOR-US: TeamViewer
CVE-2019-19361
@@ -16709,8 +16741,8 @@ CVE-2019-18902
RESERVED
CVE-2019-18901
RESERVED
-CVE-2019-18900
- RESERVED
+CVE-2019-18900 (: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS ...)
+ TODO: check
CVE-2019-18899 (The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in use ...)
- apt-cacher-ng <not-affected> (openSUSE specific systemd service unit configuration)
CVE-2019-18898 (UNIX Symbolic Link (Symlink) Following vulnerability in the trousers p ...)
@@ -63359,24 +63391,24 @@ CVE-2019-3701 (An issue was discovered in can_can_gw_rcv in net/can/gw.c in the
[stretch] - linux 4.9.161-1
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1120386
NOTE: https://marc.info/?l=linux-netdev&m=154651842302479&w=2
-CVE-2019-3700
- RESERVED
-CVE-2019-3699
- RESERVED
+CVE-2019-3700 (yast2-security didn't use secure defaults to protect passwords. This b ...)
+ TODO: check
+CVE-2019-3699 (UNIX Symbolic Link (Symlink) Following vulnerability in the packaging ...)
+ TODO: check
CVE-2019-3698
RESERVED
-CVE-2019-3697
- RESERVED
+CVE-2019-3697 (UNIX Symbolic Link (Symlink) Following vulnerability in the packaging ...)
+ TODO: check
CVE-2019-3696
RESERVED
CVE-2019-3695
RESERVED
-CVE-2019-3694
- RESERVED
-CVE-2019-3693
- RESERVED
-CVE-2019-3692
- RESERVED
+CVE-2019-3694 (A Symbolic Link (Symlink) Following vulnerability in the packaging of ...)
+ TODO: check
+CVE-2019-3693 (A symlink following vulnerability in the packaging of mailman in SUSE ...)
+ TODO: check
+CVE-2019-3692 (The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Fact ...)
+ TODO: check
CVE-2019-3691 (A Symbolic Link (Symlink) Following vulnerability in the packaging of ...)
TODO: check
CVE-2019-3690 (The chkstat tool in the permissions package followed symlinks before c ...)
@@ -63392,8 +63424,8 @@ CVE-2019-3689 (The nfs-utils package in SUSE Linux Enterprise Server 12 before a
CVE-2019-3688 (The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterpri ...)
- squid <not-affected> (/usr/lib/squid/pinger permissions are root:root)
- squid3 <not-affected> (/usr/lib/squid/pinger permissions are root:root)
-CVE-2019-3687
- RESERVED
+CVE-2019-3687 (The permission package in SUSE Linux Enterprise Server allowed all loc ...)
+ TODO: check
CVE-2019-3686 (openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vuln ...)
TODO: check
CVE-2019-3685 (Open Build Service before version 0.165.4 diddn't validate TLS certifi ...)
@@ -224059,13 +224091,11 @@ CVE-2015-4012
RESERVED
CVE-2015-4011
RESERVED
-CVE-2015-4042 [buffer overflow related to SIZE_MAX - lenb - 2 < lena test]
- RESERVED
+CVE-2015-4042 (Integer overflow in the keycompare_mb function in sort.c in sort in GN ...)
- coreutils <not-affected> (Debian does not apply coreutils-i18n.patch)
NOTE: https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940
NOTE: http://pkgs.fedoraproject.org/cgit/coreutils.git/plain/coreutils-i18n.patch
-CVE-2015-4041 [heap overflow; size calculation without properly considering the number of bytes occupied by multibyte characters]
- RESERVED
+CVE-2015-4041 (The keycompare_mb function in sort.c in sort in GNU Coreutils through ...)
- coreutils <not-affected> (Debian does not apply coreutils-i18n.patch)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=928749
NOTE: https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940
@@ -224166,8 +224196,7 @@ CVE-2015-3990 (The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS,
NOT-FOR-US: Dell
CVE-2015-3989 (Multiple cross-site scripting (XSS) vulnerabilities in concrete5 befor ...)
NOT-FOR-US: concrete5
-CVE-2014-9720
- RESERVED
+CVE-2014-9720 (Tornado before 3.2.2 sends arbitrary responses that contain a fixed CS ...)
{DLA-475-1 DLA-279-1}
- python-tornado 3.2.2-1
NOTE: https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308
@@ -227472,14 +227501,12 @@ CVE-2015-2839 (The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses a
NOT-FOR-US: Citrix NetScaler
CVE-2015-2838 (Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix ...)
NOT-FOR-US: Citrix NetScaler
-CVE-2015-2929 [Dos against tor client; client to crash with an assertion failure]
- RESERVED
+CVE-2015-2929 (The Hidden Service (HS) client implementation in Tor before 0.2.4.27, ...)
{DSA-3216-1 DLA-187-1}
- tor 0.2.5.12-1
NOTE: https://trac.torproject.org/projects/tor/ticket/15601
NOTE: http://www.openwall.com/lists/oss-security/2015/04/06/5
-CVE-2015-2928 [DoS against hidden services]
- RESERVED
+CVE-2015-2928 (The Hidden Service (HS) server implementation in Tor before 0.2.4.27, ...)
{DSA-3216-1 DLA-187-1}
- tor 0.2.5.12-1
NOTE: https://trac.torproject.org/projects/tor/ticket/15600
@@ -228191,13 +228218,11 @@ CVE-2015-2677 (Multiple cross-site scripting (XSS) vulnerabilities in ocPortal b
- ocportal <itp> (bug #625865)
CVE-2015-2676 (Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 rou ...)
NOT-FOR-US: Asus
-CVE-2015-2689 [Assertion failure in dns.c, possibly connected to UDP DoS attack]
- RESERVED
+CVE-2015-2689 (Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly hand ...)
{DSA-3203-1 DLA-178-1}
- tor 0.2.5.11-1
NOTE: https://bugs.torproject.org/14129
-CVE-2015-2688 [relay could crash with an assertion]
- RESERVED
+CVE-2015-2688 (buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not ...)
{DSA-3203-1 DLA-178-1}
- tor 0.2.5.11-1
NOTE: https://trac.torproject.org/projects/tor/ticket/15083
@@ -231513,8 +231538,8 @@ CVE-2015-1532
RESERVED
CVE-2015-1531
RESERVED
-CVE-2015-1530
- RESERVED
+CVE-2015-1530 (media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows at ...)
+ TODO: check
CVE-2015-1529 (Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android ...)
NOT-FOR-US: Android
CVE-2015-1528 (Integer overflow in the native_handle_create function in libcutils/nat ...)
@@ -231523,8 +231548,8 @@ CVE-2015-1527 (Integer overflow in IAudioPolicyService.cpp in Android allows loc
NOT-FOR-US: Android
CVE-2015-1526 (The media_server component in Android allows remote attackers to cause ...)
NOT-FOR-US: Android
-CVE-2015-1525
- RESERVED
+CVE-2015-1525 (audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attacker ...)
+ TODO: check
CVE-2015-1524
RESERVED
CVE-2015-1523
@@ -250252,8 +250277,7 @@ CVE-2014-4174 (wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x
[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
CVE-2014-4173
RESERVED
-CVE-2014-4172 [php-cas unencoded tickets]
- RESERVED
+CVE-2014-4172 (A URL parameter injection vulnerability was found in the back-channel ...)
{DSA-3017-1}
- php-cas 1.3.3-1 (bug #759718)
NOTE: https://github.com/Jasig/phpCAS/pull/125
@@ -256640,17 +256664,13 @@ CVE-2014-1928 (The shell_quote function in python-gnupg 0.3.5 does not properly
CVE-2014-1927 (The shell_quote function in python-gnupg 0.3.5 does not properly quote ...)
{DSA-2946-1}
- python-gnupg 0.3.6-1 (bug #738509)
-CVE-2014-1925 [SQL injection]
- RESERVED
+CVE-2014-1925 (SQL injection vulnerability in the MARC framework import/export functi ...)
- koha <itp> (bug #702134)
-CVE-2014-1924 [MARC framework import/export function did not require authentication]
- RESERVED
+CVE-2014-1924 (The MARC framework import/export function (admin/import_export_framewo ...)
- koha <itp> (bug #702134)
-CVE-2014-1923 [arbitrary file write trough edithelp.pl]
- RESERVED
+CVE-2014-1923 (Multiple directory traversal vulnerabilities in the (1) staff interfac ...)
- koha <itp> (bug #702134)
-CVE-2014-1922 [path traversal]
- RESERVED
+CVE-2014-1922 (Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha be ...)
- koha <itp> (bug #702134)
CVE-2014-1921 (parcimonie before 0.8.1, when using a large keyring, sleeps for the sa ...)
{DSA-2860-1}
@@ -269328,8 +269348,7 @@ CVE-2013-4335
CVE-2013-4334
RESERVED
NOT-FOR-US: opWebAPIPlugin
-CVE-2013-4333
- RESERVED
+CVE-2013-4333 (OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an Ex ...)
NOT-FOR-US: OpenPNE
CVE-2013-4332 (Multiple integer overflows in malloc/malloc.c in the GNU C Library (ak ...)
{DLA-165-1}
@@ -270454,8 +270473,8 @@ CVE-2013-3962 (Cross-site scripting (XSS) vulnerability in Grandstream GXV3501,
NOT-FOR-US: Grandstream
CVE-2013-3961 (SQL injection vulnerability in edit_event.php in Simple PHP Agenda bef ...)
NOT-FOR-US: Simple PHP Agenda
-CVE-2013-3960
- RESERVED
+CVE-2013-3960 (Easytime Studio Easy File Manager 1.1 has a HTTP request security bypa ...)
+ TODO: check
CVE-2013-3959 (The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIM ...)
NOT-FOR-US: Siemens WinCC
CVE-2013-3958 (The login implementation in the Web Navigator in Siemens WinCC before ...)
@@ -277034,16 +277053,16 @@ CVE-2013-1600
RESERVED
CVE-2013-1599
RESERVED
-CVE-2013-1598
- RESERVED
-CVE-2013-1597
- RESERVED
-CVE-2013-1596
- RESERVED
-CVE-2013-1595
- RESERVED
-CVE-2013-1594
- RESERVED
+CVE-2013-1598 (A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras ...)
+ TODO: check
+CVE-2013-1597 (A Directory Traversal vulnerability exists in Vivotek PT7135 IP Camera ...)
+ TODO: check
+CVE-2013-1596 (An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Cam ...)
+ TODO: check
+CVE-2013-1595 (A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 030 ...)
+ TODO: check
+CVE-2013-1594 (An Information Disclosure vulnerability exists via a GET request in Vi ...)
+ TODO: check
CVE-2013-1593 (A Denial of Service vulnerability exists in the WRITE_C function in th ...)
NOT-FOR-US: SAP
CVE-2013-1592 (A Buffer Overflow vulnerability exists in the Message Server service _ ...)
@@ -279698,8 +279717,8 @@ CVE-2012-6454
RESERVED
CVE-2012-6452 (Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway ...)
NOT-FOR-US: Axway Secure Messenger
-CVE-2012-6451
- RESERVED
+CVE-2012-6451 (Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass ...)
+ TODO: check
CVE-2012-6450
RESERVED
CVE-2012-6449
@@ -281535,8 +281554,8 @@ CVE-2012-6303 (Heap-based buffer overflow in the GetWavHeader function in generi
- wavesurfer <not-affected> (originally reported in wavesurfer, but actually a bug in libsnack, see bug #695615)
NOTE: http://secunia.com/advisories/49889/
NOTE: http://www.openwall.com/lists/oss-security/2012/12/10/2
-CVE-2012-6302
- RESERVED
+CVE-2012-6302 (Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soap ...)
+ TODO: check
CVE-2012-6301 (The Browser application in Android 4.0.3 allows remote attackers to ca ...)
NOT-FOR-US: Android browser
CVE-2012-6300
@@ -303733,7 +303752,7 @@ CVE-2011-3174 (Buffer overflow in the DoFindReplace function in the ISGrid.Grid2
NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2011-3173 (Stack-based buffer overflow in the GetDriverSettings function in nippl ...)
NOT-FOR-US: Novell Open Enterprise Server
-CVE-2011-3172 (A vulnerability in pam_modules of SUSE SUSE Linux Enterprise allows at ...)
+CVE-2011-3172 (A vulnerability in pam_modules of SUSE Linux Enterprise allows attacke ...)
- libpam-unix2 <removed>
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=707645
NOTE: Issue was not fixed up to the version removed from unstable.
@@ -311715,7 +311734,7 @@ CVE-2011-0469 (Code injection in openSUSE when running some source services used
NOTE: Secondary fix: https://github.com/openSUSE/open-build-service/commit/23c8d21c75242999e29379e6ca8418a14c8725c6
CVE-2011-0468 (The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and befo ...)
NOT-FOR-US: OpenSUSE aaa_base package
-CVE-2011-0467 (A vulnerability in the listing of available software of SUSE SUSE Stud ...)
+CVE-2011-0467 (A vulnerability in the listing of available software of SUSE Studio On ...)
NOT-FOR-US: SUSE Studio Onsite
CVE-2011-0466 (The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2. ...)
NOT-FOR-US: openSUSE Build Service
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1dfeeb0815a091f7e2a49baf5ce15211a9b42f4a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1dfeeb0815a091f7e2a49baf5ce15211a9b42f4a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200124/7956d630/attachment.html>
More information about the debian-security-tracker-commits
mailing list