[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Jan 31 20:10:32 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ee03af7d by security tracker role at 2020-01-31T20:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2020-8501
+	RESERVED
 CVE-2020-8500
 	RESERVED
 CVE-2020-8499
@@ -125,8 +127,8 @@ CVE-2020-8442 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible
 	- ossec-hids <itp> (bug #361954)
 CVE-2020-8441
 	RESERVED
-CVE-2020-8440
-	RESERVED
+CVE-2020-8440 (controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is  ...)
+	TODO: check
 CVE-2020-8439
 	RESERVED
 CVE-2020-8438 (Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated att ...)
@@ -169,8 +171,8 @@ CVE-2020-8424 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF th
 	NOT-FOR-US: Cups Easy (Purchase & Inventory)
 CVE-2020-8423
 	RESERVED
-CVE-2020-8422
-	RESERVED
+CVE-2020-8422 (An authorization issue was discovered in the Credential Manager featur ...)
+	TODO: check
 CVE-2020-8421 (An issue was discovered in Joomla! before 3.9.15. Inadequate escaping  ...)
 	NOT-FOR-US:  Joomla!
 CVE-2020-8420 (An issue was discovered in Joomla! before 3.9.15. A missing CSRF token ...)
@@ -1175,10 +1177,10 @@ CVE-2020-7958
 	RESERVED
 CVE-2020-7957
 	RESERVED
-CVE-2020-7956
-	RESERVED
-CVE-2020-7955
-	RESERVED
+CVE-2020-7956 (HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validate ...)
+	TODO: check
+CVE-2020-7955 (HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uni ...)
+	TODO: check
 CVE-2020-7954
 	RESERVED
 CVE-2020-7953
@@ -1299,8 +1301,8 @@ CVE-2020-7916
 	RESERVED
 CVE-2020-7915 (An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI fie ...)
 	NOT-FOR-US: Eaton devices
-CVE-2020-7914
-	RESERVED
+CVE-2020-7914 (In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfigur ...)
+	TODO: check
 CVE-2020-7913 (JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS vi ...)
 	NOT-FOR-US: JetBrains
 CVE-2020-7912 (In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could  ...)
@@ -2782,10 +2784,10 @@ CVE-2020-7221
 	RESERVED
 CVE-2020-7220 (HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circ ...)
 	NOT-FOR-US: HashiCorp Vault
-CVE-2020-7219
-	RESERVED
-CVE-2020-7218
-	RESERVED
+CVE-2020-7219 (HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services a ...)
+	TODO: check
+CVE-2020-7218 (HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded res ...)
+	TODO: check
 CVE-2020-7217
 	RESERVED
 CVE-2020-7216
@@ -7011,8 +7013,8 @@ CVE-2020-5236
 	RESERVED
 CVE-2020-5235
 	RESERVED
-CVE-2020-5234
-	RESERVED
+CVE-2020-5234 (MessagePack for C# and Unity before version 1.9.3 and 2.1.80 has a vul ...)
+	TODO: check
 CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...)
 	NOT-FOR-US: OAuth2 Proxy
 CVE-2020-5232 (A user who owns an ENS domain can set a trapdoor, allowing them to tra ...)
@@ -15712,8 +15714,8 @@ CVE-2020-1966
 	RESERVED
 CVE-2020-1965
 	RESERVED
-CVE-2019-19550
-	RESERVED
+CVE-2019-19550 (Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 ...)
+	TODO: check
 CVE-2019-19549
 	RESERVED
 CVE-2019-19548 (Norton Power Eraser, prior to 5.3.0.67, may be susceptible to a privil ...)
@@ -21577,8 +21579,8 @@ CVE-2019-18414 (Sourcecodester Restaurant Management System 1.0 is affected by a
 	NOT-FOR-US: Sourcecodester Restaurant Management System
 CVE-2019-18413 (In TypeStack class-validator 0.10.2, validate() input validation can b ...)
 	NOT-FOR-US: TypeStack class-validator
-CVE-2019-18412
-	REJECTED
+CVE-2019-18412 (JetBrains IDETalk plugin before version 193.4099.10 allows XXE ...)
+	TODO: check
 CVE-2019-18411 (Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the  ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2019-18410
@@ -62331,8 +62333,8 @@ CVE-2019-4722
 	RESERVED
 CVE-2019-4721
 	RESERVED
-CVE-2019-4720
-	RESERVED
+CVE-2019-4720 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable  ...)
+	TODO: check
 CVE-2019-4719
 	RESERVED
 CVE-2019-4718
@@ -249847,12 +249849,10 @@ CVE-2014-4862 (The Netmaster CBW700N cable modem with software 81.447.392110.729
 	NOT-FOR-US: Netmaster CBW700N cable modem
 CVE-2014-4861 (The Remote Desktop Launcher in Thycotic Secret Server before 8.6.00001 ...)
 	NOT-FOR-US: Remote Desktop Launcher in Thycotic Secret Server
-CVE-2014-4860
-	RESERVED
+CVE-2014-4860 (Multiple integer overflows in the Pre-EFI Initialization (PEI) boot ph ...)
 	- edk2 <not-affected> (No support for updates of hypervisor-supplied firmware from guests)
 	NOTE: https://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation-presentation.pdf
-CVE-2014-4859
-	RESERVED
+CVE-2014-4859 (Integer overflow in the Drive Execution Environment (DXE) phase in the ...)
 	- edk2 <not-affected> (No support for updates of hypervisor-supplied firmware from guests)
 	NOTE: https://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation-presentation.pdf
 CVE-2014-4858 (Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCe ...)
@@ -255277,8 +255277,8 @@ CVE-2014-2845 (Cyberduck before 4.4.4 on Windows does not properly validate X.50
 	NOT-FOR-US: Cyberduck on Windows
 CVE-2014-2844 (Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure  ...)
 	NOT-FOR-US: F-Secure Messaging Secure Gateway
-CVE-2014-2843
-	RESERVED
+CVE-2014-2843 (Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1 ...)
+	TODO: check
 CVE-2014-2842 (Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a de ...)
 	NOT-FOR-US: Juniper ScreenOS
 CVE-2014-2841
@@ -268362,16 +268362,16 @@ CVE-2013-5118 (Cross-site scripting (XSS) vulnerability in the Good for Enterpri
 	NOT-FOR-US: Good for Enterprise app for iOS
 CVE-2013-5117 (SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in th ...)
 	NOT-FOR-US: DotNetNuke
-CVE-2013-5116
-	RESERVED
+CVE-2013-5116 (Evernote prior to 5.5.1 has insecure password change ...)
+	TODO: check
 CVE-2013-5115
 	RESERVED
-CVE-2013-5114
-	RESERVED
-CVE-2013-5113
-	RESERVED
-CVE-2013-5112
-	RESERVED
+CVE-2013-5114 (LastPass prior to 2.5.1 allows secure wipe bypass. ...)
+	TODO: check
+CVE-2013-5113 (LastPass prior to 2.5.1 has an insecure PIN implementation. ...)
+	TODO: check
+CVE-2013-5112 (Evernote before 5.5.1 has insecure PIN storage ...)
+	TODO: check
 CVE-2013-5111
 	RESERVED
 CVE-2013-5110
@@ -272803,10 +272803,10 @@ CVE-2013-3491 (Multiple cross-site request forgery (CSRF) vulnerabilities in the
 	NOT-FOR-US: WordPress plugin sharebar
 CVE-2013-3490
 	RESERVED
-CVE-2013-3489
-	RESERVED
-CVE-2013-3488
-	RESERVED
+CVE-2013-3489 (Buffer overflow in Media Player Classic - Home Cinema (MPC-HC) before  ...)
+	TODO: check
+CVE-2013-3488 (Stack-based buffer overflow in Media Player Classic - Home Cinema (MPC ...)
+	TODO: check
 CVE-2013-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the security lo ...)
 	NOT-FOR-US: BulletProof Security plugin for WordPress
 CVE-2013-3486 (IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerabilit ...)
@@ -273151,8 +273151,8 @@ CVE-2013-3324 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.20
 	NOT-FOR-US: Adobe Flash Player
 CVE-2013-3323
 	RESERVED
-CVE-2013-3322
-	RESERVED
+CVE-2013-3322 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...)
+	TODO: check
 CVE-2013-3321 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...)
 	NOT-FOR-US: NetApp
 CVE-2013-3320 (Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Ma ...)
@@ -302017,16 +302017,13 @@ CVE-2011-4120 (Yubico PAM Module before 2.10 performed user authentication when
 	- yubico-pam 2.10-1
 CVE-2011-4119
 	RESERVED
-CVE-2011-4117
-	RESERVED
+CVE-2011-4117 (The Batch::BatchRun module 1.03 for Perl does not properly handle temp ...)
 	NOT-FOR-US: perl Batch::BatchRun CPAN module
-CVE-2011-4116 [unsafe traversal of symlinks]
-	RESERVED
+CVE-2011-4116 (_is_safe in the File::Temp module for Perl does not properly handle sy ...)
 	- perl <unfixed> (unimportant; bug #776268)
 	NOTE: http://thread.gmane.org/gmane.comp.security.oss.general/6174/focus=6177
 	NOTE: https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14
-CVE-2011-4115
-	RESERVED
+CVE-2011-4115 (Parallel::ForkManager module before 1.0.0 for Perl does not properly h ...)
 	- libparallel-forkmanager-perl <not-affected> (issue introduced in 0.7.6 upstream, never in Debian)
 	NOTE: affected code was never in Debian. Upstream fixed in 1.0.0
 	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=68298
@@ -302125,8 +302122,7 @@ CVE-2011-4089 (The bzexe command in bzip2 1.0.5 and earlier generates compressed
 	- bzip2 1.0.6-1 (low; bug #632862)
 	[squeeze] - bzip2 1.0.5-6+squeeze1
 	[lenny] - bzip2 <no-dsa> (Minor issue)
-CVE-2011-4088
-	RESERVED
+CVE-2011-4088 (ABRT might allow attackers to obtain sensitive information from crash  ...)
 	NOT-FOR-US: abrt/libreport
 CVE-2011-4087 (The br_parse_ip_options function in net/bridge/br_netfilter.c in the L ...)
 	- linux-2.6 3.0.0-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ee03af7d955a877a9cf229167805b4d2fe1a7885

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ee03af7d955a877a9cf229167805b4d2fe1a7885
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200131/f06cd0de/attachment.html>

More information about the debian-security-tracker-commits mailing list