[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Mar 4 20:10:25 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a34adab5 by security tracker role at 2020-03-04T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,60 @@
-CVE-2020-10029 [sinl() stack corruption from crafted input]
+CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broke ...)
+	TODO: check
+CVE-2020-10056
+	RESERVED
+CVE-2020-10055
+	RESERVED
+CVE-2020-10054
+	RESERVED
+CVE-2020-10053
+	RESERVED
+CVE-2020-10052
+	RESERVED
+CVE-2020-10051
+	RESERVED
+CVE-2020-10050
+	RESERVED
+CVE-2020-10049
+	RESERVED
+CVE-2020-10048
+	RESERVED
+CVE-2020-10047
+	RESERVED
+CVE-2020-10046
+	RESERVED
+CVE-2020-10045
+	RESERVED
+CVE-2020-10044
+	RESERVED
+CVE-2020-10043
+	RESERVED
+CVE-2020-10042
+	RESERVED
+CVE-2020-10041
+	RESERVED
+CVE-2020-10040
+	RESERVED
+CVE-2020-10039
+	RESERVED
+CVE-2020-10038
+	RESERVED
+CVE-2020-10037
+	RESERVED
+CVE-2020-10036
+	RESERVED
+CVE-2020-10035
+	RESERVED
+CVE-2020-10034
+	RESERVED
+CVE-2020-10033
+	RESERVED
+CVE-2020-10032
+	RESERVED
+CVE-2020-10031
+	RESERVED
+CVE-2020-10030
+	RESERVED
+CVE-2020-10029 (The GNU C Library (aka glibc or libc6) before 2.32 could overflow an o ...)
 	- glibc <unfixed> (bug #953108)
 	[buster] - glibc <no-dsa> (Minor issue)
 	[stretch] - glibc <no-dsa> (Minor issue)
@@ -539,16 +595,16 @@ CVE-2020-9763
 	RESERVED
 CVE-2020-9762
 	RESERVED
-CVE-2020-9761
-	RESERVED
+CVE-2020-9761 (An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The ...)
+	TODO: check
 CVE-2020-9760
 	RESERVED
 CVE-2020-9759
 	RESERVED
 CVE-2020-9758
 	RESERVED
-CVE-2020-9757
-	RESERVED
+CVE-2020-9757 (The Seomatic component before 3.2.46 for Craft CMS allows Server-Side  ...)
+	TODO: check
 CVE-2020-9756
 	RESERVED
 CVE-2020-9755
@@ -969,8 +1025,8 @@ CVE-2019-20487 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. M
 	NOT-FOR-US: Netgear
 CVE-2019-20486 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multipl ...)
 	NOT-FOR-US: Netgear
-CVE-2020-9550
-	RESERVED
+CVE-2020-9550 (Rubetek SmartHome 2020 devices use unencrypted 433 MHz communication b ...)
+	TODO: check
 CVE-2020-9549 (In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-of-bou ...)
 	- pdfresurrect <unfixed> (unimportant; bug #952948)
 	NOTE: https://github.com/enferex/pdfresurrect/issues/8
@@ -990,7 +1046,7 @@ CVE-2020-9546 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the int
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2631
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by
 	NOTE: but still an issue when Default Typing is enabled.
-CVE-2020-9545 (Pale Moon 28.8.x before 28.8.4 has a segmentation fault related to mod ...)
+CVE-2020-9545 (Pale Moon 28.x before 28.8.4 has a segmentation fault related to modul ...)
 	NOT-FOR-US: Pale Moon
 CVE-2020-9544
 	RESERVED
@@ -1133,10 +1189,10 @@ CVE-2013-7487
 	RESERVED
 CVE-2020-9478
 	RESERVED
-CVE-2020-9477
-	RESERVED
-CVE-2020-9476
-	RESERVED
+CVE-2020-9477 (An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vu ...)
+	TODO: check
+CVE-2020-9476 (ARRIS TG1692A devices allow remote attackers to discover the administr ...)
+	TODO: check
 CVE-2020-9475
 	RESERVED
 CVE-2020-9474
@@ -1396,10 +1452,10 @@ CVE-2020-9374 (On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command executi
 	NOT-FOR-US: TP-Link
 CVE-2020-9373
 	RESERVED
-CVE-2020-9372
-	RESERVED
-CVE-2020-9371
-	RESERVED
+CVE-2020-9372 (The Appointment Booking Calendar plugin before 1.3.35 for WordPress al ...)
+	TODO: check
+CVE-2020-9371 (Stored XSS exists in the Appointment Booking Calendar plugin before 1. ...)
+	TODO: check
 CVE-2020-9370
 	RESERVED
 CVE-2020-9369 (Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial  ...)
@@ -1419,8 +1475,8 @@ CVE-2020-9365 (An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OO
 	[stretch] - pure-ftpd <no-dsa> (Minor issue)
 	[jessie] - pure-ftpd <not-affected> (Vulnerable code does not exist)
 	NOTE: https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b
-CVE-2020-9364
-	RESERVED
+CVE-2020-9364 (An issue was discovered in helpers/mailer.php in the Creative Contact  ...)
+	TODO: check
 CVE-2020-9363 (The Sophos AV parsing engine before 2020-01-14 allows virus-detection  ...)
 	NOT-FOR-US: Sophos AV
 CVE-2020-9362 (The Quick Heal AV parsing engine (November 2019) allows virus-detectio ...)
@@ -4527,8 +4583,8 @@ CVE-2020-7990 (Adive Framework 2.0.8 has admin/user/add userName XSS. ...)
 	NOT-FOR-US: Adive Framework
 CVE-2020-7989 (Adive Framework 2.0.8 has admin/user/add userUsername XSS. ...)
 	NOT-FOR-US: Adive Framework
-CVE-2020-7988
-	RESERVED
+CVE-2020-7988 (An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4 ...)
+	TODO: check
 CVE-2020-7987
 	RESERVED
 CVE-2020-7986
@@ -10625,8 +10681,8 @@ CVE-2020-5253
 	RESERVED
 CVE-2020-5252
 	RESERVED
-CVE-2020-5251
-	RESERVED
+CVE-2020-5251 (In parser-server before version 4.1.0, you can fetch all the users obj ...)
+	TODO: check
 CVE-2020-5250
 	RESERVED
 CVE-2020-5249 (In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Pum ...)
@@ -16342,14 +16398,14 @@ CVE-2020-3195
 	RESERVED
 CVE-2020-3194
 	RESERVED
-CVE-2020-3193
-	RESERVED
-CVE-2020-3192
-	RESERVED
+CVE-2020-3193 (A vulnerability in the web-based management interface of Cisco Prime C ...)
+	TODO: check
+CVE-2020-3192 (A vulnerability in the web-based management interface of Cisco Prime C ...)
+	TODO: check
 CVE-2020-3191
 	RESERVED
-CVE-2020-3190
-	RESERVED
+CVE-2020-3190 (A vulnerability in the IPsec packet processor of Cisco IOS XR Software ...)
+	TODO: check
 CVE-2020-3189
 	RESERVED
 CVE-2020-3188
@@ -16358,16 +16414,16 @@ CVE-2020-3187
 	RESERVED
 CVE-2020-3186
 	RESERVED
-CVE-2020-3185
-	RESERVED
+CVE-2020-3185 (A vulnerability in the web-based management interface of Cisco TelePre ...)
+	TODO: check
 CVE-2020-3184
 	RESERVED
 CVE-2020-3183
 	RESERVED
-CVE-2020-3182
-	RESERVED
-CVE-2020-3181
-	RESERVED
+CVE-2020-3182 (A vulnerability in the multicast DNS (mDNS) protocol configuration of  ...)
+	TODO: check
+CVE-2020-3181 (A vulnerability in the malware detection functionality in Cisco Advanc ...)
+	TODO: check
 CVE-2020-3180
 	RESERVED
 CVE-2020-3179
@@ -16376,8 +16432,8 @@ CVE-2020-3178
 	RESERVED
 CVE-2020-3177
 	RESERVED
-CVE-2020-3176
-	RESERVED
+CVE-2020-3176 (A vulnerability in Cisco Remote PHY Device Software could allow an aut ...)
+	TODO: check
 CVE-2020-3175 (A vulnerability in the resource handling system of Cisco NX-OS Softwar ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3174 (A vulnerability in the anycast gateway feature of Cisco NX-OS Software ...)
@@ -16400,8 +16456,8 @@ CVE-2020-3166 (A vulnerability in the CLI of Cisco FXOS Software could allow an
 	NOT-FOR-US: Cisco
 CVE-2020-3165 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...)
 	NOT-FOR-US: Cisco
-CVE-2020-3164
-	RESERVED
+CVE-2020-3164 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
+	TODO: check
 CVE-2020-3163 (A vulnerability in the Live Data server of Cisco Unified Contact Cente ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3162
@@ -16414,12 +16470,12 @@ CVE-2020-3159 (A vulnerability in the web-based management interface of Cisco Fi
 	NOT-FOR-US: Cisco
 CVE-2020-3158 (A vulnerability in the High Availability (HA) service of Cisco Smart S ...)
 	NOT-FOR-US: Cisco
-CVE-2020-3157
-	RESERVED
+CVE-2020-3157 (A vulnerability in the web-based management interface of Cisco Identit ...)
+	TODO: check
 CVE-2020-3156 (A vulnerability in the logging component of Cisco Identity Services En ...)
 	NOT-FOR-US: Cisco
-CVE-2020-3155
-	RESERVED
+CVE-2020-3155 (A vulnerability in the SSL implementation of the Cisco Intelligent Pro ...)
+	TODO: check
 CVE-2020-3154 (A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could  ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3153 (A vulnerability in the installer component of Cisco AnyConnect Secure  ...)
@@ -16432,8 +16488,8 @@ CVE-2020-3150
 	RESERVED
 CVE-2020-3149 (A vulnerability in the web-based management interface of Cisco Identit ...)
 	NOT-FOR-US: Cisco
-CVE-2020-3148
-	RESERVED
+CVE-2020-3148 (A vulnerability in the web-based interface of Cisco Prime Network Regi ...)
+	TODO: check
 CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches could a ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3146
@@ -16472,10 +16528,10 @@ CVE-2020-3130
 	RESERVED
 CVE-2020-3129 (A vulnerability in the web-based management interface of Cisco Unity C ...)
 	NOT-FOR-US: Cisco
-CVE-2020-3128
-	RESERVED
-CVE-2020-3127
-	RESERVED
+CVE-2020-3128 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
+	TODO: check
+CVE-2020-3127 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
+	TODO: check
 CVE-2020-3126
 	RESERVED
 CVE-2020-3125
@@ -19652,6 +19708,7 @@ CVE-2020-1940 (The optional initial password change and password expiration feat
 CVE-2020-1939
 	RESERVED
 CVE-2020-1938 (When using the Apache JServ Protocol (AJP), care must be taken when tr ...)
+	{DLA-2133-1}
 	- tomcat9 9.0.31-1 (bug #952437)
 	- tomcat8 <removed> (bug #952438)
 	- tomcat7 <removed> (bug #952436)
@@ -19677,6 +19734,7 @@ CVE-2020-1937 (Kylin has some restful apis which will concatenate SQLs with the
 CVE-2020-1936
 	RESERVED
 CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0. ...)
+	{DLA-2133-1}
 	- tomcat9 9.0.31-1
 	- tomcat8 <removed>
 	- tomcat7 <removed>
@@ -21049,16 +21107,16 @@ CVE-2019-19227 (In the AppleTalk subsystem in the Linux kernel before 5.1, there
 	[buster] - linux 4.19.98-1
 	[stretch] - linux 4.9.210-1
 	NOTE: https://git.kernel.org/linus/9804501fa1228048857910a6bf23e085aade37cc
-CVE-2019-19226
-	RESERVED
-CVE-2019-19225
-	RESERVED
-CVE-2019-19224
-	RESERVED
-CVE-2019-19223
-	RESERVED
-CVE-2019-19222
-	RESERVED
+CVE-2019-19226 (A Broken Access Control vulnerability in the D-Link DSL-2680 web admin ...)
+	TODO: check
+CVE-2019-19225 (A Broken Access Control vulnerability in the D-Link DSL-2680 web admin ...)
+	TODO: check
+CVE-2019-19224 (A Broken Access Control vulnerability in the D-Link DSL-2680 web admin ...)
+	TODO: check
+CVE-2019-19223 (A Broken Access Control vulnerability in the D-Link DSL-2680 web admin ...)
+	TODO: check
+CVE-2019-19222 (A Stored XSS issue in the D-Link DSL-2680 web administration interface ...)
+	TODO: check
 CVE-2019-19221 (In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string ...)
 	- libarchive <unfixed> (bug #945287)
 	[buster] - libarchive <no-dsa> (Minor issue)
@@ -28421,6 +28479,7 @@ CVE-2019-17570 (An untrusted deserialization was found in the org.apache.xmlrpc.
 	NOTE: Proposed patch: https://bugzilla.redhat.com/show_bug.cgi?id=1775193
 	NOTE: https://github.com/orangecertcc/xmlrpc-common-deserialization
 CVE-2019-17569 (The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8 ...)
+	{DLA-2133-1}
 	- tomcat9 9.0.31-1
 	- tomcat8 <removed>
 	- tomcat7 <removed>
@@ -49088,7 +49147,7 @@ CVE-2019-11029 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the D
 	NOT-FOR-US: Mirasys VMS
 CVE-2019-11028 (GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing  ...)
 	NOT-FOR-US: GAT-Ship Web Module
-CVE-2015-9284 (The request phase of the OmniAuth Ruby gem is vulnerable to Cross-Site ...)
+CVE-2015-9284 (The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vuln ...)
 	- ruby-omniauth <unfixed>
 	[stretch] - ruby-omniauth <no-dsa> (Minor issue)
 	[jessie] - ruby-omniauth <no-dsa> (Fix is in additional gem and needs CSRF protection in apps)
@@ -57452,7 +57511,7 @@ CVE-2016-10742 (Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x b
 	NOTE: https://support.zabbix.com/browse/ZBX-10272
 	NOTE: https://support.zabbix.com/browse/ZBX-13133
 CVE-2019-8401
-	RESERVED
+	REJECTED
 CVE-2019-8400 (ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/ ...)
 	NOT-FOR-US: ORY Hydra
 CVE-2019-8399
@@ -70857,8 +70916,8 @@ CVE-2019-3406
 	RESERVED
 CVE-2019-3405
 	RESERVED
-CVE-2019-3404
-	RESERVED
+CVE-2019-3404 (By adding some special fields to the uri ofrouter app function, the us ...)
+	TODO: check
 CVE-2019-3403 (The /rest/api/2/user/picker rest resource in Jira before version 7.13. ...)
 	NOT-FOR-US: Atlassian Jira
 CVE-2019-3402 (The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a34adab5803b5ffbf6ead4002d54c918d94c473a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a34adab5803b5ffbf6ead4002d54c918d94c473a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200304/05a90a2e/attachment.html>


More information about the debian-security-tracker-commits mailing list