[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 4 20:10:25 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a34adab5 by security tracker role at 2020-03-04T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,60 @@
-CVE-2020-10029 [sinl() stack corruption from crafted input]
+CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broke ...)
+ TODO: check
+CVE-2020-10056
+ RESERVED
+CVE-2020-10055
+ RESERVED
+CVE-2020-10054
+ RESERVED
+CVE-2020-10053
+ RESERVED
+CVE-2020-10052
+ RESERVED
+CVE-2020-10051
+ RESERVED
+CVE-2020-10050
+ RESERVED
+CVE-2020-10049
+ RESERVED
+CVE-2020-10048
+ RESERVED
+CVE-2020-10047
+ RESERVED
+CVE-2020-10046
+ RESERVED
+CVE-2020-10045
+ RESERVED
+CVE-2020-10044
+ RESERVED
+CVE-2020-10043
+ RESERVED
+CVE-2020-10042
+ RESERVED
+CVE-2020-10041
+ RESERVED
+CVE-2020-10040
+ RESERVED
+CVE-2020-10039
+ RESERVED
+CVE-2020-10038
+ RESERVED
+CVE-2020-10037
+ RESERVED
+CVE-2020-10036
+ RESERVED
+CVE-2020-10035
+ RESERVED
+CVE-2020-10034
+ RESERVED
+CVE-2020-10033
+ RESERVED
+CVE-2020-10032
+ RESERVED
+CVE-2020-10031
+ RESERVED
+CVE-2020-10030
+ RESERVED
+CVE-2020-10029 (The GNU C Library (aka glibc or libc6) before 2.32 could overflow an o ...)
- glibc <unfixed> (bug #953108)
[buster] - glibc <no-dsa> (Minor issue)
[stretch] - glibc <no-dsa> (Minor issue)
@@ -539,16 +595,16 @@ CVE-2020-9763
RESERVED
CVE-2020-9762
RESERVED
-CVE-2020-9761
- RESERVED
+CVE-2020-9761 (An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The ...)
+ TODO: check
CVE-2020-9760
RESERVED
CVE-2020-9759
RESERVED
CVE-2020-9758
RESERVED
-CVE-2020-9757
- RESERVED
+CVE-2020-9757 (The Seomatic component before 3.2.46 for Craft CMS allows Server-Side ...)
+ TODO: check
CVE-2020-9756
RESERVED
CVE-2020-9755
@@ -969,8 +1025,8 @@ CVE-2019-20487 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. M
NOT-FOR-US: Netgear
CVE-2019-20486 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multipl ...)
NOT-FOR-US: Netgear
-CVE-2020-9550
- RESERVED
+CVE-2020-9550 (Rubetek SmartHome 2020 devices use unencrypted 433 MHz communication b ...)
+ TODO: check
CVE-2020-9549 (In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-of-bou ...)
- pdfresurrect <unfixed> (unimportant; bug #952948)
NOTE: https://github.com/enferex/pdfresurrect/issues/8
@@ -990,7 +1046,7 @@ CVE-2020-9546 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the int
NOTE: https://github.com/FasterXML/jackson-databind/issues/2631
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by
NOTE: but still an issue when Default Typing is enabled.
-CVE-2020-9545 (Pale Moon 28.8.x before 28.8.4 has a segmentation fault related to mod ...)
+CVE-2020-9545 (Pale Moon 28.x before 28.8.4 has a segmentation fault related to modul ...)
NOT-FOR-US: Pale Moon
CVE-2020-9544
RESERVED
@@ -1133,10 +1189,10 @@ CVE-2013-7487
RESERVED
CVE-2020-9478
RESERVED
-CVE-2020-9477
- RESERVED
-CVE-2020-9476
- RESERVED
+CVE-2020-9477 (An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vu ...)
+ TODO: check
+CVE-2020-9476 (ARRIS TG1692A devices allow remote attackers to discover the administr ...)
+ TODO: check
CVE-2020-9475
RESERVED
CVE-2020-9474
@@ -1396,10 +1452,10 @@ CVE-2020-9374 (On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command executi
NOT-FOR-US: TP-Link
CVE-2020-9373
RESERVED
-CVE-2020-9372
- RESERVED
-CVE-2020-9371
- RESERVED
+CVE-2020-9372 (The Appointment Booking Calendar plugin before 1.3.35 for WordPress al ...)
+ TODO: check
+CVE-2020-9371 (Stored XSS exists in the Appointment Booking Calendar plugin before 1. ...)
+ TODO: check
CVE-2020-9370
RESERVED
CVE-2020-9369 (Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial ...)
@@ -1419,8 +1475,8 @@ CVE-2020-9365 (An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OO
[stretch] - pure-ftpd <no-dsa> (Minor issue)
[jessie] - pure-ftpd <not-affected> (Vulnerable code does not exist)
NOTE: https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b
-CVE-2020-9364
- RESERVED
+CVE-2020-9364 (An issue was discovered in helpers/mailer.php in the Creative Contact ...)
+ TODO: check
CVE-2020-9363 (The Sophos AV parsing engine before 2020-01-14 allows virus-detection ...)
NOT-FOR-US: Sophos AV
CVE-2020-9362 (The Quick Heal AV parsing engine (November 2019) allows virus-detectio ...)
@@ -4527,8 +4583,8 @@ CVE-2020-7990 (Adive Framework 2.0.8 has admin/user/add userName XSS. ...)
NOT-FOR-US: Adive Framework
CVE-2020-7989 (Adive Framework 2.0.8 has admin/user/add userUsername XSS. ...)
NOT-FOR-US: Adive Framework
-CVE-2020-7988
- RESERVED
+CVE-2020-7988 (An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4 ...)
+ TODO: check
CVE-2020-7987
RESERVED
CVE-2020-7986
@@ -10625,8 +10681,8 @@ CVE-2020-5253
RESERVED
CVE-2020-5252
RESERVED
-CVE-2020-5251
- RESERVED
+CVE-2020-5251 (In parser-server before version 4.1.0, you can fetch all the users obj ...)
+ TODO: check
CVE-2020-5250
RESERVED
CVE-2020-5249 (In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Pum ...)
@@ -16342,14 +16398,14 @@ CVE-2020-3195
RESERVED
CVE-2020-3194
RESERVED
-CVE-2020-3193
- RESERVED
-CVE-2020-3192
- RESERVED
+CVE-2020-3193 (A vulnerability in the web-based management interface of Cisco Prime C ...)
+ TODO: check
+CVE-2020-3192 (A vulnerability in the web-based management interface of Cisco Prime C ...)
+ TODO: check
CVE-2020-3191
RESERVED
-CVE-2020-3190
- RESERVED
+CVE-2020-3190 (A vulnerability in the IPsec packet processor of Cisco IOS XR Software ...)
+ TODO: check
CVE-2020-3189
RESERVED
CVE-2020-3188
@@ -16358,16 +16414,16 @@ CVE-2020-3187
RESERVED
CVE-2020-3186
RESERVED
-CVE-2020-3185
- RESERVED
+CVE-2020-3185 (A vulnerability in the web-based management interface of Cisco TelePre ...)
+ TODO: check
CVE-2020-3184
RESERVED
CVE-2020-3183
RESERVED
-CVE-2020-3182
- RESERVED
-CVE-2020-3181
- RESERVED
+CVE-2020-3182 (A vulnerability in the multicast DNS (mDNS) protocol configuration of ...)
+ TODO: check
+CVE-2020-3181 (A vulnerability in the malware detection functionality in Cisco Advanc ...)
+ TODO: check
CVE-2020-3180
RESERVED
CVE-2020-3179
@@ -16376,8 +16432,8 @@ CVE-2020-3178
RESERVED
CVE-2020-3177
RESERVED
-CVE-2020-3176
- RESERVED
+CVE-2020-3176 (A vulnerability in Cisco Remote PHY Device Software could allow an aut ...)
+ TODO: check
CVE-2020-3175 (A vulnerability in the resource handling system of Cisco NX-OS Softwar ...)
NOT-FOR-US: Cisco
CVE-2020-3174 (A vulnerability in the anycast gateway feature of Cisco NX-OS Software ...)
@@ -16400,8 +16456,8 @@ CVE-2020-3166 (A vulnerability in the CLI of Cisco FXOS Software could allow an
NOT-FOR-US: Cisco
CVE-2020-3165 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...)
NOT-FOR-US: Cisco
-CVE-2020-3164
- RESERVED
+CVE-2020-3164 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
+ TODO: check
CVE-2020-3163 (A vulnerability in the Live Data server of Cisco Unified Contact Cente ...)
NOT-FOR-US: Cisco
CVE-2020-3162
@@ -16414,12 +16470,12 @@ CVE-2020-3159 (A vulnerability in the web-based management interface of Cisco Fi
NOT-FOR-US: Cisco
CVE-2020-3158 (A vulnerability in the High Availability (HA) service of Cisco Smart S ...)
NOT-FOR-US: Cisco
-CVE-2020-3157
- RESERVED
+CVE-2020-3157 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ TODO: check
CVE-2020-3156 (A vulnerability in the logging component of Cisco Identity Services En ...)
NOT-FOR-US: Cisco
-CVE-2020-3155
- RESERVED
+CVE-2020-3155 (A vulnerability in the SSL implementation of the Cisco Intelligent Pro ...)
+ TODO: check
CVE-2020-3154 (A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could ...)
NOT-FOR-US: Cisco
CVE-2020-3153 (A vulnerability in the installer component of Cisco AnyConnect Secure ...)
@@ -16432,8 +16488,8 @@ CVE-2020-3150
RESERVED
CVE-2020-3149 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
-CVE-2020-3148
- RESERVED
+CVE-2020-3148 (A vulnerability in the web-based interface of Cisco Prime Network Regi ...)
+ TODO: check
CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches could a ...)
NOT-FOR-US: Cisco
CVE-2020-3146
@@ -16472,10 +16528,10 @@ CVE-2020-3130
RESERVED
CVE-2020-3129 (A vulnerability in the web-based management interface of Cisco Unity C ...)
NOT-FOR-US: Cisco
-CVE-2020-3128
- RESERVED
-CVE-2020-3127
- RESERVED
+CVE-2020-3128 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
+ TODO: check
+CVE-2020-3127 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
+ TODO: check
CVE-2020-3126
RESERVED
CVE-2020-3125
@@ -19652,6 +19708,7 @@ CVE-2020-1940 (The optional initial password change and password expiration feat
CVE-2020-1939
RESERVED
CVE-2020-1938 (When using the Apache JServ Protocol (AJP), care must be taken when tr ...)
+ {DLA-2133-1}
- tomcat9 9.0.31-1 (bug #952437)
- tomcat8 <removed> (bug #952438)
- tomcat7 <removed> (bug #952436)
@@ -19677,6 +19734,7 @@ CVE-2020-1937 (Kylin has some restful apis which will concatenate SQLs with the
CVE-2020-1936
RESERVED
CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0. ...)
+ {DLA-2133-1}
- tomcat9 9.0.31-1
- tomcat8 <removed>
- tomcat7 <removed>
@@ -21049,16 +21107,16 @@ CVE-2019-19227 (In the AppleTalk subsystem in the Linux kernel before 5.1, there
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
NOTE: https://git.kernel.org/linus/9804501fa1228048857910a6bf23e085aade37cc
-CVE-2019-19226
- RESERVED
-CVE-2019-19225
- RESERVED
-CVE-2019-19224
- RESERVED
-CVE-2019-19223
- RESERVED
-CVE-2019-19222
- RESERVED
+CVE-2019-19226 (A Broken Access Control vulnerability in the D-Link DSL-2680 web admin ...)
+ TODO: check
+CVE-2019-19225 (A Broken Access Control vulnerability in the D-Link DSL-2680 web admin ...)
+ TODO: check
+CVE-2019-19224 (A Broken Access Control vulnerability in the D-Link DSL-2680 web admin ...)
+ TODO: check
+CVE-2019-19223 (A Broken Access Control vulnerability in the D-Link DSL-2680 web admin ...)
+ TODO: check
+CVE-2019-19222 (A Stored XSS issue in the D-Link DSL-2680 web administration interface ...)
+ TODO: check
CVE-2019-19221 (In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string ...)
- libarchive <unfixed> (bug #945287)
[buster] - libarchive <no-dsa> (Minor issue)
@@ -28421,6 +28479,7 @@ CVE-2019-17570 (An untrusted deserialization was found in the org.apache.xmlrpc.
NOTE: Proposed patch: https://bugzilla.redhat.com/show_bug.cgi?id=1775193
NOTE: https://github.com/orangecertcc/xmlrpc-common-deserialization
CVE-2019-17569 (The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8 ...)
+ {DLA-2133-1}
- tomcat9 9.0.31-1
- tomcat8 <removed>
- tomcat7 <removed>
@@ -49088,7 +49147,7 @@ CVE-2019-11029 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the D
NOT-FOR-US: Mirasys VMS
CVE-2019-11028 (GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing ...)
NOT-FOR-US: GAT-Ship Web Module
-CVE-2015-9284 (The request phase of the OmniAuth Ruby gem is vulnerable to Cross-Site ...)
+CVE-2015-9284 (The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vuln ...)
- ruby-omniauth <unfixed>
[stretch] - ruby-omniauth <no-dsa> (Minor issue)
[jessie] - ruby-omniauth <no-dsa> (Fix is in additional gem and needs CSRF protection in apps)
@@ -57452,7 +57511,7 @@ CVE-2016-10742 (Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x b
NOTE: https://support.zabbix.com/browse/ZBX-10272
NOTE: https://support.zabbix.com/browse/ZBX-13133
CVE-2019-8401
- RESERVED
+ REJECTED
CVE-2019-8400 (ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/ ...)
NOT-FOR-US: ORY Hydra
CVE-2019-8399
@@ -70857,8 +70916,8 @@ CVE-2019-3406
RESERVED
CVE-2019-3405
RESERVED
-CVE-2019-3404
- RESERVED
+CVE-2019-3404 (By adding some special fields to the uri ofrouter app function, the us ...)
+ TODO: check
CVE-2019-3403 (The /rest/api/2/user/picker rest resource in Jira before version 7.13. ...)
NOT-FOR-US: Atlassian Jira
CVE-2019-3402 (The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a34adab5803b5ffbf6ead4002d54c918d94c473a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a34adab5803b5ffbf6ead4002d54c918d94c473a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200304/05a90a2e/attachment.html>
More information about the debian-security-tracker-commits
mailing list