[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Mar 7 08:10:31 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
584f0481 by security tracker role at 2020-03-07T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2020-10216 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...)
+	TODO: check
+CVE-2020-10215 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...)
+	TODO: check
+CVE-2020-10214 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is ...)
+	TODO: check
+CVE-2020-10213 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...)
+	TODO: check
+CVE-2020-10212 (upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via ...)
+	TODO: check
+CVE-2020-10211
+	RESERVED
+CVE-2020-10210
+	RESERVED
+CVE-2020-10209
+	RESERVED
+CVE-2020-10208
+	RESERVED
+CVE-2020-10207
+	RESERVED
+CVE-2020-10206
+	RESERVED
+CVE-2020-10205
+	RESERVED
+CVE-2020-10204
+	RESERVED
+CVE-2020-10203
+	RESERVED
+CVE-2020-10202
+	RESERVED
+CVE-2020-10201
+	RESERVED
+CVE-2020-10200
+	RESERVED
+CVE-2020-10199
+	RESERVED
+CVE-2020-10198
+	RESERVED
+CVE-2020-10197
+	RESERVED
+CVE-2020-10196
+	RESERVED
+CVE-2020-10195
+	RESERVED
+CVE-2020-10194
+	RESERVED
+CVE-2020-10193 (ESET Archive Support Module before 1294 allows virus-detection bypass  ...)
+	TODO: check
 CVE-2020-10192
 	RESERVED
 CVE-2020-10191
@@ -181,12 +229,12 @@ CVE-2020-10114
 	RESERVED
 CVE-2020-10113
 	RESERVED
-CVE-2020-10112
-	RESERVED
-CVE-2020-10111
-	RESERVED
-CVE-2020-10110
-	RESERVED
+CVE-2020-10112 (Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. ...)
+	TODO: check
+CVE-2020-10111 (Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation ...)
+	TODO: check
+CVE-2020-10110 (Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Throug ...)
+	TODO: check
 CVE-2020-10109
 	RESERVED
 CVE-2020-10108
@@ -856,7 +904,7 @@ CVE-2020-10022
 CVE-2020-10021
 	RESERVED
 CVE-2020-10020
-	RESERVED
+	REJECTED
 CVE-2020-10019
 	RESERVED
 CVE-2020-10018 (accessibility/AXObjectCache.cpp in WebKit, as used in WebKitGTK throug ...)
@@ -1522,8 +1570,8 @@ CVE-2020-9472
 	RESERVED
 CVE-2020-9471
 	RESERVED
-CVE-2020-9470
-	RESERVED
+CVE-2020-9470 (An issue was discovered in Wing FTP Server 6.2.5 before February 2020. ...)
+	TODO: check
 CVE-2020-9469
 	RESERVED
 CVE-2020-9468
@@ -1998,8 +2046,8 @@ CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for
 	NOTE: https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236
 CVE-2020-9282
 	RESERVED
-CVE-2020-9281
-	RESERVED
+CVE-2020-9281 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor  ...)
+	TODO: check
 CVE-2020-9280
 	RESERVED
 CVE-2020-9279
@@ -3461,10 +3509,10 @@ CVE-2020-8637
 	RESERVED
 CVE-2020-8636 (An issue was discovered in OpServices OpMon 9.3.2 that allows Remote C ...)
 	NOT-FOR-US: OpServices OpMon
-CVE-2020-8635
-	RESERVED
-CVE-2020-8634
-	RESERVED
+CVE-2020-8635 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...)
+	TODO: check
+CVE-2020-8634 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...)
+	TODO: check
 CVE-2020-8633 (An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8 ...)
 	NOT-FOR-US: Zimbra Collaboration Suite (ZCS)
 CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_ ...)
@@ -3919,8 +3967,8 @@ CVE-2020-8441 (JYaml through 1.3 allows remote code execution during deserializa
 	NOT-FOR-US: JYaml
 CVE-2020-8440 (controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is  ...)
 	NOT-FOR-US: Simplejobscript.com SJS
-CVE-2020-8439
-	RESERVED
+CVE-2020-8439 (Monstra CMS through 3.0.4 allows remote authenticated users to take ov ...)
+	TODO: check
 CVE-2020-8438 (Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated att ...)
 	NOT-FOR-US: Ruckus devices
 CVE-2020-8437 (The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505 ...)
@@ -6682,8 +6730,7 @@ CVE-2020-7214
 	RESERVED
 CVE-2020-7213 (Parallels 13 uses cleartext HTTP as part of the update process, allowi ...)
 	NOT-FOR-US: Parallels
-CVE-2020-7212 [denial of service (CPU consumption) because of inefficient algorithm in _encode_invalid_chars function]
-	RESERVED
+CVE-2020-7212 (The _encode_invalid_chars function in util/url.py in the urllib3 libra ...)
 	- python-urllib 1.25.8-1
 	[buster] - python-urllib3 <not-affected> (Vulnerable code introduced later)
 	[stretch] - python-urllib3 <not-affected> (Vulnerable code introduced later)
@@ -10833,10 +10880,10 @@ CVE-2020-5330
 	RESERVED
 CVE-2020-5329
 	RESERVED
-CVE-2020-5328
-	RESERVED
-CVE-2020-5327
-	RESERVED
+CVE-2020-5328 (Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized  ...)
+	TODO: check
+CVE-2020-5327 (Dell Security Management Server versions prior to 10.2.10 contain a Ja ...)
+	TODO: check
 CVE-2020-5326 (Affected Dell Client platforms contain a BIOS Setup configuration auth ...)
 	NOT-FOR-US: Dell
 CVE-2020-5325
@@ -15885,10 +15932,10 @@ CVE-2019-19775 (The image thumbnailing handler in Zulip Server versions 1.9.0 to
 	NOT-FOR-US: Zulip
 CVE-2019-19774 (An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP ...)
 	NOT-FOR-US: Zoho ManageEngine EventLog Analyzer
-CVE-2019-19773
-	RESERVED
-CVE-2019-19772
-	RESERVED
+CVE-2019-19773 (Various Lexmark products have stored XSS in the embedded web server us ...)
+	TODO: check
+CVE-2019-19772 (Various Lexmark products have reflected XSS in the embedded web server ...)
+	TODO: check
 CVE-2019-19771 (The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have b ...)
 	NOT-FOR-US: lodahs malicious package on npm
 CVE-2019-19830 (_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authent ...)
@@ -38199,25 +38246,25 @@ CVE-2019-14510 (An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When
 CVE-2019-14509
 	RESERVED
 CVE-2019-14508
-	RESERVED
+	REJECTED
 CVE-2019-14507
-	RESERVED
+	REJECTED
 CVE-2019-14506
-	RESERVED
+	REJECTED
 CVE-2019-14505
-	RESERVED
+	REJECTED
 CVE-2019-14504
-	RESERVED
+	REJECTED
 CVE-2019-14503
-	RESERVED
+	REJECTED
 CVE-2019-14502
-	RESERVED
+	REJECTED
 CVE-2019-14501
-	RESERVED
+	REJECTED
 CVE-2019-14500
-	RESERVED
+	REJECTED
 CVE-2019-14499
-	RESERVED
+	REJECTED
 CVE-2019-14498 (A divide-by-zero error exists in the Control function of demux/caf.c i ...)
 	{DSA-4504-1}
 	- vlc 3.0.8-1
@@ -45960,7 +46007,7 @@ CVE-2016-10750 (In Hazelcast before 3.11, the cluster join procedure is vulnerab
 	- hazelcast <itp> (bug #745640)
 CVE-2019-12274 (In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to de ...)
 	NOT-FOR-US: Rancher
-CVE-2019-12273 (OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF ...)
+CVE-2019-12273 (** DISPUTED ** OutSystems Platform 10 through 11 allows ImageResourceD ...)
 	NOT-FOR-US: OutSystems Platform
 CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/band ...)
 	NOT-FOR-US: OpenWrt LuCI
@@ -144239,17 +144286,17 @@ CVE-2017-14210
 CVE-2017-14209
 	RESERVED
 CVE-2017-14208
-	RESERVED
+	REJECTED
 CVE-2017-14207
-	RESERVED
+	REJECTED
 CVE-2017-14206
-	RESERVED
+	REJECTED
 CVE-2017-14205
-	RESERVED
+	REJECTED
 CVE-2017-14204
-	RESERVED
+	REJECTED
 CVE-2017-14203
-	RESERVED
+	REJECTED
 CVE-2017-14202 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
 	NOT-FOR-US: Zephyr
 CVE-2017-14201 (Use After Free vulnerability in the Zephyr shell allows a serial or te ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/584f048172c4d50634fec29e759f196114ce14fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/584f048172c4d50634fec29e759f196114ce14fc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200307/136ce120/attachment.html>

More information about the debian-security-tracker-commits mailing list