[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 31 08:10:23 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e1de1610 by security tracker role at 2020-01-31T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2020-8500
+ RESERVED
+CVE-2020-8499
+ RESERVED
+CVE-2020-8498 (XSS exists in the shortcode functionality of the GistPress plugin befo ...)
+ TODO: check
+CVE-2020-8497
+ RESERVED
+CVE-2020-8496 (In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions ...)
+ TODO: check
+CVE-2020-8495 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions ...)
+ TODO: check
+CVE-2020-8494 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions ...)
+ TODO: check
+CVE-2020-8493 (A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) a ...)
+ TODO: check
CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 ...)
- python3.8 <unfixed>
- python3.7 <unfixed>
@@ -780,6 +796,7 @@ CVE-2020-8114
CVE-2020-8113
RESERVED
CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through ...)
+ {DLA-2089-1}
- openjpeg2 <unfixed> (bug #950184)
[buster] - openjpeg2 <no-dsa> (Minor issue)
[stretch] - openjpeg2 <no-dsa> (Minor issue)
@@ -816,8 +833,8 @@ CVE-2020-8097
RESERVED
CVE-2020-8096
RESERVED
-CVE-2020-8095
- RESERVED
+CVE-2020-8095 (A vulnerability in the improper handling of junctions before deletion ...)
+ TODO: check
CVE-2020-8094
RESERVED
CVE-2020-8093 (A vulnerability in the AntivirusforMac binary as used in Bitdefender A ...)
@@ -3161,7 +3178,7 @@ CVE-2020-7040 (storeBackup.pl in storeBackup through 3.5 relies on the /tmp/stor
NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/3
NOTE: SuSE provided patch: https://www.openwall.com/lists/oss-security/2020/01/20/3/1
CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, misman ...)
- {DLA-2076-1}
+ {DLA-2090-1 DLA-2076-1}
- libslirp 4.1.0-2 (bug #949084)
- qemu 1:4.1-2
[buster] - qemu <postponed> (Minor issue)
@@ -5459,8 +5476,8 @@ CVE-2020-5958
RESERVED
CVE-2020-5957
RESERVED
-CVE-2019-20358
- RESERVED
+CVE-2019-20358 (Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below ...)
+ TODO: check
CVE-2019-20357 (A Persistent Arbitrary Code Execution vulnerability exists in the Tren ...)
NOT-FOR-US: Trend Micro
CVE-2020-5956
@@ -6323,8 +6340,8 @@ CVE-2020-5528
RESERVED
CVE-2020-5527
RESERVED
-CVE-2020-5526
- RESERVED
+CVE-2020-5526 (The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2. ...)
+ TODO: check
CVE-2020-5525
RESERVED
CVE-2020-5524
@@ -6996,16 +7013,16 @@ CVE-2020-5234
RESERVED
CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...)
NOT-FOR-US: OAuth2 Proxy
-CVE-2020-5232
- RESERVED
-CVE-2020-5231
- RESERVED
-CVE-2020-5230
- RESERVED
-CVE-2020-5229
- RESERVED
-CVE-2020-5228
- RESERVED
+CVE-2020-5232 (A user who owns an ENS domain can set a trapdoor, allowing them to tra ...)
+ TODO: check
+CVE-2020-5231 (In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN ...)
+ TODO: check
+CVE-2020-5230 (Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for me ...)
+ TODO: check
+CVE-2020-5229 (Opencast before 8.1 stores passwords using the rather outdated and cry ...)
+ TODO: check
+CVE-2020-5228 (Opencast before 8.1 and 7.6 allows unauthorized public access to all m ...)
+ TODO: check
CVE-2020-5227 (Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of ...)
NOT-FOR-US: Feedgen
CVE-2020-5226 (Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/e ...)
@@ -7024,8 +7041,8 @@ CVE-2020-5224 (In Django User Sessions (django-user-sessions) before 1.7.1, the
NOT-FOR-US: Django User Sessions (django-user-sessions)
CVE-2020-5223 (In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a p ...)
NOT-FOR-US: PrivateBin
-CVE-2020-5222
- RESERVED
+CVE-2020-5222 (Opencast before 7.6 and 8.1 enables a remember-me cookie based on a ha ...)
+ TODO: check
CVE-2020-5221 (In uftpd before 2.11, it is possible for an unauthenticated user to pe ...)
NOT-FOR-US: uftpd
CVE-2020-5220 (Sylius ResourceBundle accepts and uses any serialisation groups to be ...)
@@ -7076,8 +7093,8 @@ CVE-2020-5208
RESERVED
CVE-2020-5207 (In Ktor before 1.3.0, request smuggling is possible when running behin ...)
NOT-FOR-US: Ktor
-CVE-2020-5206
- RESERVED
+CVE-2020-5206 (In Opencast before 7.6 and 8.1, using a remember-me cookie with an arb ...)
+ TODO: check
CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plu ...)
NOT-FOR-US: Pow
CVE-2020-5204 (In uftpd before 2.11, there is a buffer overflow vulnerability in hand ...)
@@ -17941,8 +17958,8 @@ CVE-2019-18915
RESERVED
CVE-2019-18914
RESERVED
-CVE-2019-18913
- RESERVED
+CVE-2019-18913 (A potential security vulnerability with pre-boot DMA may allow unautho ...)
+ TODO: check
CVE-2019-18912
RESERVED
CVE-2019-18911
@@ -20808,7 +20825,7 @@ CVE-2019-18636 (A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum
NOT-FOR-US: Jitbit .NET Forum
CVE-2019-18635 (An issue was discovered in Mooltipass Moolticute through v0.42.1 and v ...)
NOT-FOR-US: Mooltipass Moolticute
-CVE-2019-18634 (In Sudo through 1.8.29, if pwfeedback is enabled in /etc/sudoers, user ...)
+CVE-2019-18634 (In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users ...)
- sudo <unfixed>
NOTE: https://www.sudo.ws/alerts/pwfeedback.html
NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/6
@@ -45498,8 +45515,8 @@ CVE-2019-10784
RESERVED
CVE-2019-10783 (All versions including 0.0.4 of lsof npm module are vulnerable to Comm ...)
TODO: check
-CVE-2019-10782
- RESERVED
+CVE-2019-10782 (All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulner ...)
+ TODO: check
CVE-2019-10781 (In schema-inspector before 1.6.9, a maliciously crafted JavaScript obj ...)
TODO: check
CVE-2019-10780 (BibTeX-ruby before 5.1.0 allows shell command injection due to unsanit ...)
@@ -199552,8 +199569,7 @@ CVE-2016-4020 (The patch_instruction function in hw/i386/kvmvapic.c in QEMU does
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1313686
NOTE: http://www.openwall.com/lists/oss-security/2016/04/13/6
-CVE-2015-8851
- RESERVED
+CVE-2015-8851 (node-uuid before 1.4.4 uses insufficiently random data to create a GUI ...)
- node-uuid 1.4.7-1 (unimportant)
NOTE: https://github.com/broofa/node-uuid/issues/108
NOTE: https://github.com/broofa/node-uuid/issues/118
@@ -235054,8 +235070,8 @@ CVE-2015-0951 (X-Cart before 5.1.11 allows remote authenticated users to read or
NOT-FOR-US: X-Cart
CVE-2015-0950 (Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 ...)
NOT-FOR-US: X-Cart
-CVE-2015-0949
- RESERVED
+CVE-2015-0949 (The System Management Mode (SMM) implementation in Dell Latitude E6430 ...)
+ TODO: check
CVE-2015-0948
RESERVED
CVE-2015-0947
@@ -270876,8 +270892,7 @@ CVE-2013-4242 (GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG
{DSA-2731-1 DSA-2730-1}
- gnupg 1.4.14-1 (bug #717880)
- libgcrypt11 1.5.3-1
-CVE-2013-4241
- RESERVED
+CVE-2013-4241 (Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimo ...)
NOT-FOR-US: WordPress plugin HMS Testimonials
CVE-2013-4240 (Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS ...)
NOT-FOR-US: WordPress plugin HMS Testimonials
@@ -271052,8 +271067,7 @@ CVE-2013-4189 (Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get
NOT-FOR-US: Plone
CVE-2013-4188 (traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x ...)
NOT-FOR-US: Plone
-CVE-2013-4187 [Access Bypass]
- RESERVED
+CVE-2013-4187 (The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly ...)
NOT-FOR-US: Flippy Contributed Drupal module
CVE-2013-4186
REJECTED
@@ -275795,8 +275809,7 @@ CVE-2013-2296 (Walrus in Eucalyptus before 3.2.2 does not verify authorization f
NOTE: https://eucalyptus.atlassian.net/browse/EUCA-3074
CVE-2013-2295
RESERVED
-CVE-2013-2294
- RESERVED
+CVE-2013-2294 (Multiple cross-site scripting (XSS) vulnerabilities in ViewGit before ...)
NOT-FOR-US: ViewGit
CVE-2013-2293 (The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before ...)
- bitcoin 0.8.1-2 (bug #705265)
@@ -276087,8 +276100,7 @@ CVE-2013-2200 (WordPress before 3.5.2 does not properly check the capabilities o
CVE-2013-2199 (The HTTP API in WordPress before 3.5.2 allows remote attackers to send ...)
{DSA-2718-1}
- wordpress 3.5.2+dfsg-1 (bug #713947)
-CVE-2013-2198
- RESERVED
+CVE-2013-2198 (The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7. ...)
NOT-FOR-US: Login Security Drupal contributed module
CVE-2013-2197 (The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7. ...)
NOT-FOR-US: Login Security Drupal contributed module
@@ -283126,8 +283138,7 @@ CVE-2012-6135 (RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to
NOTE: 4.0.0 betas only
CVE-2012-6134 (Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 ...)
- ruby-omniauth-oauth2 <not-affected> (Fixed in the first version uploaded to Debian)
-CVE-2012-6133 [XSS flaws in ok and error messages]
- RESERVED
+CVE-2012-6133 (Multiple cross-site scripting (XSS) vulnerabilities in Roundup before ...)
{DLA-298-1}
- roundup 1.4.20-1
NOTE: http://issues.roundup-tracker.org/issue2550724
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e1de16107d07f07859c1991586fa98ea49746a11
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e1de16107d07f07859c1991586fa98ea49746a11
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200131/c4c54ec8/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list