[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 29 08:10:26 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
026e3d2c by security tracker role at 2020-01-29T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,228 @@
-CVE-2020-8428 [user-triggerable read-after-free crash or 1-bit infoleak oracle in open]
+CVE-2020-8427
+ RESERVED
+CVE-2020-8426 (The Elementor plugin before 2.8.5 for WordPress suffers from a reflect ...)
+ TODO: check
+CVE-2020-8425 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that le ...)
+ TODO: check
+CVE-2020-8424 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that le ...)
+ TODO: check
+CVE-2020-8423
+ RESERVED
+CVE-2020-8422
+ RESERVED
+CVE-2020-8421 (An issue was discovered in Joomla! before 3.9.15. Inadequate escaping ...)
+ TODO: check
+CVE-2020-8420 (An issue was discovered in Joomla! before 3.9.15. A missing CSRF token ...)
+ TODO: check
+CVE-2020-8419 (An issue was discovered in Joomla! before 3.9.15. Missing token checks ...)
+ TODO: check
+CVE-2020-8418
+ RESERVED
+CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF becau ...)
+ TODO: check
+CVE-2020-8416
+ RESERVED
+CVE-2020-8415
+ RESERVED
+CVE-2020-8414
+ RESERVED
+CVE-2020-8413
+ RESERVED
+CVE-2020-8412
+ RESERVED
+CVE-2020-8411
+ RESERVED
+CVE-2020-8410
+ RESERVED
+CVE-2020-8409
+ RESERVED
+CVE-2020-8408
+ RESERVED
+CVE-2020-8407
+ RESERVED
+CVE-2020-8406
+ RESERVED
+CVE-2020-8405
+ RESERVED
+CVE-2020-8404
+ RESERVED
+CVE-2020-8403
+ RESERVED
+CVE-2020-8402
+ RESERVED
+CVE-2020-8401
+ RESERVED
+CVE-2020-8400
+ RESERVED
+CVE-2020-8399
+ RESERVED
+CVE-2020-8398
+ RESERVED
+CVE-2020-8397
+ RESERVED
+CVE-2020-8396
+ RESERVED
+CVE-2020-8395
+ RESERVED
+CVE-2020-8394
+ RESERVED
+CVE-2020-8393
+ RESERVED
+CVE-2020-8392
+ RESERVED
+CVE-2020-8391
+ RESERVED
+CVE-2020-8390
+ RESERVED
+CVE-2020-8389
+ RESERVED
+CVE-2020-8388
+ RESERVED
+CVE-2020-8387
+ RESERVED
+CVE-2020-8386
+ RESERVED
+CVE-2020-8385
+ RESERVED
+CVE-2020-8384
+ RESERVED
+CVE-2020-8383
+ RESERVED
+CVE-2020-8382
+ RESERVED
+CVE-2020-8381
+ RESERVED
+CVE-2020-8380
+ RESERVED
+CVE-2020-8379
+ RESERVED
+CVE-2020-8378
+ RESERVED
+CVE-2020-8377
+ RESERVED
+CVE-2020-8376
+ RESERVED
+CVE-2020-8375
+ RESERVED
+CVE-2020-8374
+ RESERVED
+CVE-2020-8373
+ RESERVED
+CVE-2020-8372
+ RESERVED
+CVE-2020-8371
+ RESERVED
+CVE-2020-8370
+ RESERVED
+CVE-2020-8369
+ RESERVED
+CVE-2020-8368
+ RESERVED
+CVE-2020-8367
+ RESERVED
+CVE-2020-8366
+ RESERVED
+CVE-2020-8365
+ RESERVED
+CVE-2020-8364
+ RESERVED
+CVE-2020-8363
+ RESERVED
+CVE-2020-8362
+ RESERVED
+CVE-2020-8361
+ RESERVED
+CVE-2020-8360
+ RESERVED
+CVE-2020-8359
+ RESERVED
+CVE-2020-8358
+ RESERVED
+CVE-2020-8357
+ RESERVED
+CVE-2020-8356
+ RESERVED
+CVE-2020-8355
+ RESERVED
+CVE-2020-8354
+ RESERVED
+CVE-2020-8353
+ RESERVED
+CVE-2020-8352
+ RESERVED
+CVE-2020-8351
+ RESERVED
+CVE-2020-8350
+ RESERVED
+CVE-2020-8349
+ RESERVED
+CVE-2020-8348
+ RESERVED
+CVE-2020-8347
+ RESERVED
+CVE-2020-8346
+ RESERVED
+CVE-2020-8345
+ RESERVED
+CVE-2020-8344
+ RESERVED
+CVE-2020-8343
+ RESERVED
+CVE-2020-8342
+ RESERVED
+CVE-2020-8341
+ RESERVED
+CVE-2020-8340
+ RESERVED
+CVE-2020-8339
+ RESERVED
+CVE-2020-8338
+ RESERVED
+CVE-2020-8337
+ RESERVED
+CVE-2020-8336
+ RESERVED
+CVE-2020-8335
+ RESERVED
+CVE-2020-8334
+ RESERVED
+CVE-2020-8333
+ RESERVED
+CVE-2020-8332
+ RESERVED
+CVE-2020-8331
+ RESERVED
+CVE-2020-8330
+ RESERVED
+CVE-2020-8329
+ RESERVED
+CVE-2020-8328
+ RESERVED
+CVE-2020-8327
+ RESERVED
+CVE-2020-8326
+ RESERVED
+CVE-2020-8325
+ RESERVED
+CVE-2020-8324
+ RESERVED
+CVE-2020-8323
+ RESERVED
+CVE-2020-8322
+ RESERVED
+CVE-2020-8321
+ RESERVED
+CVE-2020-8320
+ RESERVED
+CVE-2020-8319
+ RESERVED
+CVE-2020-8318
+ RESERVED
+CVE-2020-8317
+ RESERVED
+CVE-2020-8316
+ RESERVED
+CVE-2020-8428 (fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky u ...)
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/d0cb50185ae942b03c4327be322055d622dc79f6
@@ -6613,8 +6837,8 @@ CVE-2020-5229
RESERVED
CVE-2020-5228
RESERVED
-CVE-2020-5227
- RESERVED
+CVE-2020-5227 (Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of ...)
+ TODO: check
CVE-2020-5226 (Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/e ...)
- simplesamlphp 1.18.4-1
[buster] - simplesamlphp <not-affected> (Vulnerable code introduced later)
@@ -6651,8 +6875,8 @@ CVE-2020-5216 (In Secure Headers (RubyGem secure_headers), a directive injection
- ruby-secure-headers <unfixed> (bug #949998)
NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-w978-rmpf-qmwg
NOTE: https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0
-CVE-2020-5215
- RESERVED
+CVE-2020-5215 (In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Pytho ...)
+ TODO: check
CVE-2020-5214 (In NetHack before 3.6.5, detecting an unknown configuration file optio ...)
TODO: check
CVE-2020-5213 (In NetHack before 3.6.5, too long of a value for the SYMBOL configurat ...)
@@ -6971,12 +7195,12 @@ CVE-2019-20218 (selectExpander in select.c in SQLite 3.30.1 proceeds with WITH s
[stretch] - sqlite3 <no-dsa> (Minor issue)
[jessie] - sqlite3 <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387
-CVE-2019-20217
- RESERVED
-CVE-2019-20216
- RESERVED
-CVE-2019-20215
- RESERVED
+CVE-2019-20217 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers ...)
+ TODO: check
+CVE-2019-20216 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers ...)
+ TODO: check
+CVE-2019-20215 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers ...)
+ TODO: check
CVE-2019-20214
RESERVED
CVE-2019-20213 (D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Info ...)
@@ -110570,6 +110794,7 @@ CVE-2018-1000036 (In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF
NOTE: http://git.ghostscript.com/?p=mupdf.git;h=985fdcfc117a3bd4bc097cdcae8347b3787fbab2
NOTE: negligible security impact, memory leak in CLI tool
CVE-2018-1000035 (A heap-based buffer overflow exists in Info-Zip UnZip version <= 6. ...)
+ {DLA-2082-1}
- unzip 6.0-22 (bug #889838)
[stretch] - unzip 6.0-21+deb9u1
[wheezy] - unzip <no-dsa> (Harmless crash, builds with fortified source)
@@ -220617,8 +220842,8 @@ CVE-2015-5485 (Cross-site scripting (XSS) vulnerability in the Event Import page
NOT-FOR-US: Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin for WordPress
CVE-2015-5484 (Cross-site scripting (XSS) vulnerability in the Plotly plugin before 1 ...)
NOT-FOR-US: Plotly plugin for WordPress
-CVE-2015-5483
- RESERVED
+CVE-2015-5483 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Priv ...)
+ TODO: check
CVE-2015-5482 (Directory traversal vulnerability in the GD bbPress Attachments plugin ...)
NOT-FOR-US: GD bbPress Attachments plugin for WordPress
CVE-2015-5481 (Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD ...)
@@ -240438,8 +240663,8 @@ CVE-2014-8492 (Multiple cross-site scripting (XSS) vulnerabilities in assets/mis
NOT-FOR-US: Wordpress plugin
CVE-2014-8491 (The Grand Flagallery plugin before 4.25 for WordPress allows remote at ...)
NOT-FOR-US: Grand Flagallery plugin for WordPress
-CVE-2014-8490
- RESERVED
+CVE-2014-8490 (Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9 ...)
+ TODO: check
CVE-2014-8990 (default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attacke ...)
{DSA-3130-1}
- lsyncd 2.1.5-2 (low; bug #767227)
@@ -272965,12 +273190,12 @@ CVE-2013-3216
RESERVED
CVE-2013-3215
RESERVED
-CVE-2013-3214
- RESERVED
+CVE-2013-3214 (vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerabilit ...)
+ TODO: check
CVE-2013-3213 (Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4 ...)
NOT-FOR-US: vTiger CRM
-CVE-2013-3212
- RESERVED
+CVE-2013-3212 (vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilitie ...)
+ TODO: check
CVE-2012-6551 (The default configuration of Apache ActiveMQ before 5.8.0 enables a sa ...)
- activemq <not-affected> (Example code not shipped in .deb)
CVE-2013-3211 (Unspecified vulnerability in Opera before 12.15 has unknown impact and ...)
@@ -273209,8 +273434,8 @@ CVE-2013-3095 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-L
NOT-FOR-US: D-Link
CVE-2013-3094
RESERVED
-CVE-2013-3093
- RESERVED
+CVE-2013-3093 (ASUS RT-N56U devices allow CSRF. ...)
+ TODO: check
CVE-2013-3092 (The Belkin N300 (F7D7301v1) router allows remote attackers to bypass a ...)
NOT-FOR-US: Belkin router
CVE-2013-3091
@@ -273254,14 +273479,14 @@ CVE-2013-3076 (The crypto API in the Linux kernel through 3.9-rc8 does not initi
- linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2013-3075 (Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Comp ...)
NOT-FOR-US: Mitsubishi MX Component 3
-CVE-2013-3074
- RESERVED
+CVE-2013-3074 (NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow rem ...)
+ TODO: check
CVE-2013-3073 (A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 F ...)
NOT-FOR-US: NETGEAR
CVE-2013-3072 (An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4 ...)
NOT-FOR-US: NETGEAR
-CVE-2013-3071
- RESERVED
+CVE-2013-3071 (NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authenti ...)
+ TODO: check
CVE-2013-3070 (An Information Disclosure vulnerability exists in Netgear WNDR4700 run ...)
NOT-FOR-US: NETGEAR
CVE-2013-3069 (Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR470 ...)
@@ -274085,8 +274310,7 @@ CVE-2013-2765 (The ModSecurity module before 2.7.4 for the Apache HTTP Server al
[squeeze] - libapache-mod-security 2.5.12-1+squeeze2
NOTE: https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES
NOTE: https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba
-CVE-2013-2764
- RESERVED
+CVE-2013-2764 (Secure Entry Server before 4.7.0 contains a URI Redirection vulnerabil ...)
NOT-FOR-US: Secure Entry Server
CVE-2013-2763 (** DISPUTED ** The Schneider Electric M340 PLC modules allow remote at ...)
NOT-FOR-US: Schneider Electric M340 modules
@@ -274118,8 +274342,8 @@ CVE-2013-2750 (Cross-site scripting (XSS) vulnerability in e107_plugins/content/
NOT-FOR-US: e107
CVE-2013-2749
REJECTED
-CVE-2013-2748
- RESERVED
+CVE-2013-2748 (Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote att ...)
+ TODO: check
CVE-2013-2747 (The password reset feature in Courion Access Risk Management Suite Ver ...)
NOT-FOR-US: Courion Access Risk Management Suite
CVE-2013-2746
@@ -274197,8 +274421,8 @@ CVE-2013-2716 (Puppet Labs Puppet Enterprise before 2.8.0 does not use a "random
NOT-FOR-US: Puppet Labs Puppet Enterprise
CVE-2013-2715 (Cross-site scripting (XSS) vulnerability in the admin view in the Sear ...)
NOT-FOR-US: Drupal module search_api
-CVE-2013-2714
- RESERVED
+CVE-2013-2714 (Cross-site Scripting (XSS) in WordPress podPress Plugin 8.8.10.13 coul ...)
+ TODO: check
CVE-2013-2713 (Cross-site request forgery (CSRF) vulnerability in users_maint.html in ...)
NOT-FOR-US: KrisonAV
CVE-2013-2712 (Cross-site scripting (XSS) vulnerability in services/get_article.php i ...)
@@ -277806,16 +278030,16 @@ CVE-2013-1605 (Buffer overflow in MayGion IP Cameras with firmware before 2013.0
NOT-FOR-US: MayGion IP Cameras
CVE-2013-1604 (Directory traversal vulnerability in MayGion IP Cameras with firmware ...)
NOT-FOR-US: MayGion IP Cameras
-CVE-2013-1603
- RESERVED
-CVE-2013-1602
- RESERVED
-CVE-2013-1601
- RESERVED
-CVE-2013-1600
- RESERVED
-CVE-2013-1599
- RESERVED
+CVE-2013-1603 (An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO ...)
+ TODO: check
+CVE-2013-1602 (An Information Disclosure vulnerability exists due to insufficient val ...)
+ TODO: check
+CVE-2013-1601 (An Information Disclosure vulnerability exists due to a failure to res ...)
+ TODO: check
+CVE-2013-1600 (An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when ...)
+ TODO: check
+CVE-2013-1599 (A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd. ...)
+ TODO: check
CVE-2013-1598 (A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras ...)
NOT-FOR-US: Vivotek PT7135 IP Cameras
CVE-2013-1597 (A Directory Traversal vulnerability exists in Vivotek PT7135 IP Camera ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/026e3d2c68f22fe9bb9fd636f0f5f7414e5784a3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/026e3d2c68f22fe9bb9fd636f0f5f7414e5784a3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200129/c987cb94/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list