[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Jan 30 20:11:39 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03443fa7 by security tracker role at 2020-01-30T20:11:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,91 @@
+CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7  ...)
+	TODO: check
+CVE-2020-8491
+	RESERVED
+CVE-2020-8490
+	RESERVED
+CVE-2020-8489
+	RESERVED
+CVE-2020-8488
+	RESERVED
+CVE-2020-8487
+	RESERVED
+CVE-2020-8486
+	RESERVED
+CVE-2020-8485
+	RESERVED
+CVE-2020-8484
+	RESERVED
+CVE-2020-8483
+	RESERVED
+CVE-2020-8482
+	RESERVED
+CVE-2020-8481
+	RESERVED
+CVE-2020-8480
+	RESERVED
+CVE-2020-8479
+	RESERVED
+CVE-2020-8478
+	RESERVED
+CVE-2020-8477
+	RESERVED
+CVE-2020-8476
+	RESERVED
+CVE-2020-8475
+	RESERVED
+CVE-2020-8474
+	RESERVED
+CVE-2020-8473
+	RESERVED
+CVE-2020-8472
+	RESERVED
+CVE-2020-8471
+	RESERVED
+CVE-2020-8470
+	RESERVED
+CVE-2020-8469
+	RESERVED
+CVE-2020-8468
+	RESERVED
+CVE-2020-8467
+	RESERVED
+CVE-2020-8466
+	RESERVED
+CVE-2020-8465
+	RESERVED
+CVE-2020-8464
+	RESERVED
+CVE-2020-8463
+	RESERVED
+CVE-2020-8462
+	RESERVED
+CVE-2020-8461
+	RESERVED
+CVE-2020-8460
+	RESERVED
+CVE-2020-8459
+	RESERVED
+CVE-2020-8458
+	RESERVED
+CVE-2020-8457
+	RESERVED
+CVE-2020-8456
+	RESERVED
+CVE-2020-8455
+	RESERVED
+CVE-2020-8454
+	RESERVED
+CVE-2020-8453
+	RESERVED
+CVE-2020-8452
+	RESERVED
+CVE-2020-8451
+	RESERVED
+CVE-2020-8450
+	RESERVED
+CVE-2020-8449
+	RESERVED
 CVE-2020-8448 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for  ...)
 	- ossec-hids <itp> (bug #361954)
 CVE-2020-8447 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for  ...)
@@ -1189,26 +1277,26 @@ CVE-2020-7915 (An issue was discovered on Eaton 5P 850 devices. The Ubicacion SA
 	NOT-FOR-US: Eaton devices
 CVE-2020-7914
 	RESERVED
-CVE-2020-7913
-	RESERVED
-CVE-2020-7912
-	RESERVED
-CVE-2020-7911
-	RESERVED
-CVE-2020-7910
-	RESERVED
-CVE-2020-7909
-	RESERVED
-CVE-2020-7908
-	RESERVED
+CVE-2020-7913 (JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS vi ...)
+	TODO: check
+CVE-2020-7912 (In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could  ...)
+	TODO: check
+CVE-2020-7911 (In JetBrains TeamCity before 2019.2, several user-level pages were vul ...)
+	TODO: check
+CVE-2020-7910 (JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack ...)
+	TODO: check
+CVE-2020-7909 (In JetBrains TeamCity before 2019.1.5, some server-stored passwords co ...)
+	TODO: check
+CVE-2020-7908 (In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible ...)
+	TODO: check
 CVE-2020-7907
 	RESERVED
-CVE-2020-7906
-	RESERVED
-CVE-2020-7905
-	RESERVED
-CVE-2020-7904
-	RESERVED
+CVE-2020-7906 (In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there wer ...)
+	TODO: check
+CVE-2020-7905 (Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were expose ...)
+	TODO: check
+CVE-2020-7904 (In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were ...)
+	TODO: check
 CVE-2019-20399 (A timing vulnerability in the Scalar::check_overflow function in Parit ...)
 	NOT-FOR-US: libsecp256k1-rs (Rust Implementation of secp256k1)
 CVE-2019-20398 (A NULL pointer dereference is present in libyang before v1.0-r3 in the ...)
@@ -2125,6 +2213,7 @@ CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlS
 	[jessie] - libxml2 <no-dsa> (Minor issue)
 	NOTE: Proposed merge request: https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68
 CVE-2019-20387 (repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-ba ...)
+	{DLA-2088-1}
 	- libsolv 0.6.36-2 (bug #949611)
 	[buster] - libsolv <no-dsa> (Minor issue)
 	[stretch] - libsolv <no-dsa> (Minor issue)
@@ -6898,8 +6987,8 @@ CVE-2020-5235
 	RESERVED
 CVE-2020-5234
 	RESERVED
-CVE-2020-5233
-	RESERVED
+CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...)
+	TODO: check
 CVE-2020-5232
 	RESERVED
 CVE-2020-5231
@@ -10214,8 +10303,8 @@ CVE-2019-20052 (A memory leak was discovered in Mat_VarCalloc in mat.c in matio
 CVE-2019-20051 (A floating-point exception was discovered in PackLinuxElf::elf_hash in ...)
 	- upx-ucl <unfixed> (unimportant)
 	NOTE: https://github.com/upx/upx/issues/313
-CVE-2019-20050
-	RESERVED
+CVE-2019-20050 (Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerab ...)
+	TODO: check
 CVE-2019-20054 (In the Linux kernel before 5.0.6, there is a NULL pointer dereference  ...)
 	- linux 5.2.6-1
 	[buster] - linux 4.19.67-1
@@ -15769,13 +15858,11 @@ CVE-2020-1933 (A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Mal
 	NOT-FOR-US: Apache NiFi
 CVE-2020-1932 (An information disclosure issue was found in Apache Superset 0.34.0, 0 ...)
 	NOT-FOR-US: Apache Superset
-CVE-2020-1931
-	RESERVED
+CVE-2020-1931 (A command execution issue was found in Apache SpamAssassin prior to 3. ...)
 	- spamassassin 3.4.4~rc1-1 (bug #950258)
 	NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt
 	NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/2
-CVE-2020-1930
-	RESERVED
+CVE-2020-1930 (A command execution issue was found in Apache SpamAssassin prior to 3. ...)
 	- spamassassin 3.4.4~rc1-1 (bug #950258)
 	NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt
 	NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/3
@@ -17025,7 +17112,7 @@ CVE-2019-19236
 	RESERVED
 CVE-2019-19235 (AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 note ...)
 	NOT-FOR-US: ASUS
-CVE-2019-19234 (In Sudo through 1.8.29, the fact that a user has been blocked (e.g., b ...)
+CVE-2019-19234 (** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been b ...)
 	- sudo <unfixed> (bug #947225)
 	[buster] - sudo <no-dsa> (Minor issue)
 	[stretch] - sudo <no-dsa> (Minor issue)
@@ -17033,7 +17120,7 @@ CVE-2019-19234 (In Sudo through 1.8.29, the fact that a user has been blocked (e
 	NOTE: https://www.sudo.ws/devel.html#1.8.30b2
 CVE-2019-19233
 	RESERVED
-CVE-2019-19232 (In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer  ...)
+CVE-2019-19232 (** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Ru ...)
 	- sudo <unfixed> (bug #947225)
 	[buster] - sudo <no-dsa> (Minor issue)
 	[stretch] - sudo <no-dsa> (Minor issue)
@@ -18178,6 +18265,7 @@ CVE-2019-18793 (Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/hel
 CVE-2017-18639 (Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter :  ...)
 	NOT-FOR-US: Progress Sitefinity CMS
 CVE-2019-18792 (An issue was discovered in Suricata 5.0.0. It is possible to bypass/ev ...)
+	{DLA-2087-1}
 	- suricata <unfixed>
 	NOTE: https://github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4b (master-4.1.x)
 	NOTE: https://github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006 (suricata-5.0.1)
@@ -20737,6 +20825,7 @@ CVE-2018-21029 (** DISPUTED ** systemd 239 through 244 accepts any certificate s
 	[jessie] - systemd <not-affected> (Only affected v243)
 	NOTE: https://github.com/systemd/systemd/issues/9397
 CVE-2019-18625 (An issue was discovered in Suricata 5.0.0. It was possible to bypass/e ...)
+	{DLA-2087-1}
 	- suricata <unfixed>
 	NOTE: https://github.com/OISF/suricata/commit/9f0294fadca3dcc18c919424242a41e01f3e8318 (suricata-5.0.1)
 	NOTE: https://github.com/OISF/suricata/commit/ea0659de7640cf6a51de5bbd1dbbb0414e4623a0 (master-4.1.x)
@@ -25223,8 +25312,8 @@ CVE-2019-17275
 	RESERVED
 CVE-2019-17274
 	RESERVED
-CVE-2019-17273
-	RESERVED
+CVE-2019-17273 (E-Series SANtricity OS Controller Software version 11.60.0 is suscepti ...)
+	TODO: check
 CVE-2019-17272 (All versions of ONTAP Select Deploy administration utility are suscept ...)
 	NOT-FOR-US: ONTAP
 CVE-2019-17271 (vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList ...)
@@ -252464,8 +252553,8 @@ CVE-2014-3721
 	RESERVED
 CVE-2014-3720
 	RESERVED
-CVE-2014-3718
-	RESERVED
+CVE-2014-3718 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.c ...)
+	TODO: check
 CVE-2014-3713
 	RESERVED
 CVE-2014-3712 (Katello allows remote attackers to cause a denial of service (memory c ...)
@@ -253532,8 +253621,7 @@ CVE-2014-3775 (libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pi
 	[squeeze] - libgadu <not-affected> (Vulnerable code not present)
 CVE-2014-3749 (SQL injection vulnerability in Construtiva CIS Manager allows remote a ...)
 	NOT-FOR-US: Construtiva CIS Manager CMS
-CVE-2014-3719
-	RESERVED
+CVE-2014-3719 (Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex L ...)
 	NOT-FOR-US: ALEPH500 Integrated library management system
 CVE-2014-3717 (Xen 4.4.x does not properly validate the load address for 64-bit ARM g ...)
 	- xen <not-affected> (Only ARM systems are affected from Xen 4.4 onwards)
@@ -277088,10 +277176,10 @@ CVE-2013-1868 (Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and
 	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://www.videolan.org/security/sa1301.html
 	NOTE: The freetype issue is a harmless NULL deref and won't be fixed
-CVE-2013-1867
-	RESERVED
-CVE-2013-1866
-	RESERVED
+CVE-2013-1867 (Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerabi ...)
+	TODO: check
+CVE-2013-1866 (OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerab ...)
+	TODO: check
 CVE-2013-1865 (OpenStack Keystone Folsom (2012.2) does not properly perform revocatio ...)
 	- keystone <not-affected> (only affects folsom)
 	NOTE: fixed in experimental with keystone/2012.2.3-2
@@ -278074,8 +278162,8 @@ CVE-2013-1633 (easy_install in setuptools before 0.7 uses HTTP to retrieve packa
 	NOTE: Lack of a security feature, not a vulnerability
 CVE-2013-1632
 	RESERVED
-CVE-2013-1631
-	RESERVED
+CVE-2013-1631 (Verax NMS prior to 2.1.0 leaks connection details when any user execut ...)
+	TODO: check
 CVE-2013-1630 (pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repos ...)
 	NOT-FOR-US: pyshop
 CVE-2013-1629 (pip before 1.3 uses HTTP to retrieve packages from the PyPI repository ...)
@@ -278966,12 +279054,12 @@ CVE-2013-1354
 	RESERVED
 CVE-2013-1353
 	RESERVED
-CVE-2013-1352
-	RESERVED
-CVE-2013-1351
-	RESERVED
-CVE-2013-1350
-	RESERVED
+CVE-2013-1352 (Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a ...)
+	TODO: check
+CVE-2013-1351 (Verax NMS prior to 2.10 allows authentication via the encrypted passwo ...)
+	TODO: check
+CVE-2013-1350 (Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities ...)
+	TODO: check
 CVE-2013-1349 (Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 al ...)
 	NOT-FOR-US: openSIS
 CVE-2013-1348 (The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attacke ...)
@@ -280645,10 +280733,10 @@ CVE-2013-0741 (Cross-site scripting (XSS) vulnerability in imagegen.ashx in Perc
 	NOT-FOR-US: Percipient Studios ImageGen
 CVE-2013-0740 (Open redirect vulnerability in Dell OpenManage Server Administrator (O ...)
 	NOT-FOR-US: Dell OpenManage Server Administrator
-CVE-2013-0739
-	RESERVED
-CVE-2013-0738
-	RESERVED
+CVE-2013-0739 (Chamilo 1.9.4 has XSS due to improper validation of user-supplied inpu ...)
+	TODO: check
+CVE-2013-0738 (Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blo ...)
+	TODO: check
 CVE-2013-0737 (Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier a ...)
 	NOT-FOR-US: BoltWire
 CVE-2013-0736 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Ming ...)
@@ -280673,8 +280761,8 @@ CVE-2013-0727 (Multiple untrusted search path vulnerabilities in Global Mapper 1
 	NOT-FOR-US: Global Mapper
 CVE-2013-0726 (Stack-based buffer overflow in the ERM_convert_to_correct_webpath func ...)
 	NOT-FOR-US: ERDAS ER Viewer
-CVE-2013-0725
-	RESERVED
+CVE-2013-0725 (ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries arbitrary c ...)
+	TODO: check
 CVE-2013-0724 (PHP remote file inclusion vulnerability in includes/generate-pdf.php i ...)
 	NOT-FOR-US: Wordpress plugin ecommerce Shop Styling
 CVE-2013-0723 (Multiple heap-based buffer overflows in etxrw.dll in Kingsoft Spreadsh ...)
@@ -282018,8 +282106,8 @@ CVE-2013-0293 (oVirt Node: Lock screen accepts F2 to drop to shell causing privi
 CVE-2013-0292 (The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib b ...)
 	- dbus-glib 0.100.1-1 (bug #700638; high)
 	[squeeze] - dbus-glib 0.88-2.1+squeeze1
-CVE-2013-0291
-	RESERVED
+CVE-2013-0291 (NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disc ...)
+	TODO: check
 CVE-2013-0290 (The __skb_recv_datagram function in net/core/datagram.c in the Linux k ...)
 	- linux <not-affected> (Introduced in 3.4, fixed in 3.8)
 	- linux-2.6 <not-affected> (Introduced in 3.4)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/03443fa7bd1c56d39bcda21139fa8276b23848ee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/03443fa7bd1c56d39bcda21139fa8276b23848ee
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200130/95836d11/attachment.html>

More information about the debian-security-tracker-commits mailing list