[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 10 20:10:25 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4f9dc779 by security tracker role at 2020-03-10T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,219 @@
+CVE-2020-10370
+ RESERVED
+CVE-2020-10369
+ RESERVED
+CVE-2020-10368
+ RESERVED
+CVE-2020-10367
+ RESERVED
+CVE-2020-10366
+ RESERVED
+CVE-2020-10365
+ RESERVED
+CVE-2020-10364
+ RESERVED
+CVE-2020-10363
+ RESERVED
+CVE-2020-10362
+ RESERVED
+CVE-2020-10361
+ RESERVED
+CVE-2020-10360
+ RESERVED
+CVE-2020-10359
+ RESERVED
+CVE-2020-10358
+ RESERVED
+CVE-2020-10357
+ RESERVED
+CVE-2020-10356
+ RESERVED
+CVE-2020-10355
+ RESERVED
+CVE-2020-10354
+ RESERVED
+CVE-2020-10353
+ RESERVED
+CVE-2020-10352
+ RESERVED
+CVE-2020-10351
+ RESERVED
+CVE-2020-10350
+ RESERVED
+CVE-2020-10349
+ RESERVED
+CVE-2020-10348
+ RESERVED
+CVE-2020-10347
+ RESERVED
+CVE-2020-10346
+ RESERVED
+CVE-2020-10345
+ RESERVED
+CVE-2020-10344
+ RESERVED
+CVE-2020-10343
+ RESERVED
+CVE-2020-10342
+ RESERVED
+CVE-2020-10341
+ RESERVED
+CVE-2020-10340
+ RESERVED
+CVE-2020-10339
+ RESERVED
+CVE-2020-10338
+ RESERVED
+CVE-2020-10337
+ RESERVED
+CVE-2020-10336
+ RESERVED
+CVE-2020-10335
+ RESERVED
+CVE-2020-10334
+ RESERVED
+CVE-2020-10333
+ RESERVED
+CVE-2020-10332
+ RESERVED
+CVE-2020-10331
+ RESERVED
+CVE-2020-10330
+ RESERVED
+CVE-2020-10329
+ RESERVED
+CVE-2020-10328
+ RESERVED
+CVE-2020-10327
+ RESERVED
+CVE-2020-10326
+ RESERVED
+CVE-2020-10325
+ RESERVED
+CVE-2020-10324
+ RESERVED
+CVE-2020-10323
+ RESERVED
+CVE-2020-10322
+ RESERVED
+CVE-2020-10321
+ RESERVED
+CVE-2020-10320
+ RESERVED
+CVE-2020-10319
+ RESERVED
+CVE-2020-10318
+ RESERVED
+CVE-2020-10317
+ RESERVED
+CVE-2020-10316
+ RESERVED
+CVE-2020-10315
+ RESERVED
+CVE-2020-10314
+ RESERVED
+CVE-2020-10313
+ RESERVED
+CVE-2020-10312
+ RESERVED
+CVE-2020-10311
+ RESERVED
+CVE-2020-10310
+ RESERVED
+CVE-2020-10309
+ RESERVED
+CVE-2020-10308
+ RESERVED
+CVE-2020-10307
+ RESERVED
+CVE-2020-10306
+ RESERVED
+CVE-2020-10305
+ RESERVED
+CVE-2020-10304
+ RESERVED
+CVE-2020-10303
+ RESERVED
+CVE-2020-10302
+ RESERVED
+CVE-2020-10301
+ RESERVED
+CVE-2020-10300
+ RESERVED
+CVE-2020-10299
+ RESERVED
+CVE-2020-10298
+ RESERVED
+CVE-2020-10297
+ RESERVED
+CVE-2020-10296
+ RESERVED
+CVE-2020-10295
+ RESERVED
+CVE-2020-10294
+ RESERVED
+CVE-2020-10293
+ RESERVED
+CVE-2020-10292
+ RESERVED
+CVE-2020-10291
+ RESERVED
+CVE-2020-10290
+ RESERVED
+CVE-2020-10289
+ RESERVED
+CVE-2020-10288
+ RESERVED
+CVE-2020-10287
+ RESERVED
+CVE-2020-10286
+ RESERVED
+CVE-2020-10285
+ RESERVED
+CVE-2020-10284
+ RESERVED
+CVE-2020-10283
+ RESERVED
+CVE-2020-10282
+ RESERVED
+CVE-2020-10281
+ RESERVED
+CVE-2020-10280
+ RESERVED
+CVE-2020-10279
+ RESERVED
+CVE-2020-10278
+ RESERVED
+CVE-2020-10277
+ RESERVED
+CVE-2020-10276
+ RESERVED
+CVE-2020-10275
+ RESERVED
+CVE-2020-10274
+ RESERVED
+CVE-2020-10273
+ RESERVED
+CVE-2020-10272
+ RESERVED
+CVE-2020-10271
+ RESERVED
+CVE-2020-10270
+ RESERVED
+CVE-2020-10269
+ RESERVED
+CVE-2020-10268
+ RESERVED
+CVE-2020-10267
+ RESERVED
+CVE-2020-10266
+ RESERVED
+CVE-2020-10265
+ RESERVED
+CVE-2020-10264
+ RESERVED
+CVE-2019-20509 (archive_read_support_format_lha.c in libarchive before 3.4.1 does not ...)
+ TODO: check
CVE-2020-10263
RESERVED
CVE-2020-10262
@@ -14,8 +230,8 @@ CVE-2020-10257 (The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks
NOT-FOR-US: ThemeREX Addons plugin for WordPress
CVE-2020-10256
RESERVED
-CVE-2020-10255
- RESERVED
+CVE-2020-10255 (Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulne ...)
+ TODO: check
CVE-2020-10254
RESERVED
CVE-2020-10253
@@ -1753,8 +1969,8 @@ CVE-2020-9442 (OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for
NOT-FOR-US: OpenVPN Connect on Windows
CVE-2020-9441
RESERVED
-CVE-2020-9440
- RESERVED
+CVE-2020-9440 (A cross-site scripting (XSS) vulnerability in the WSC plugin through 5 ...)
+ TODO: check
CVE-2020-9439
RESERVED
CVE-2020-9438
@@ -11170,20 +11386,20 @@ CVE-2020-5261
RESERVED
CVE-2020-5260
RESERVED
-CVE-2020-5259
- RESERVED
-CVE-2020-5258
- RESERVED
+CVE-2020-5259 (In affected versions of dojox (NPM package), the jqMix method is vulne ...)
+ TODO: check
+CVE-2020-5258 (In affected versions of dojo (NPM package), the deepCopy method is vul ...)
+ TODO: check
CVE-2020-5257
RESERVED
CVE-2020-5256 (BookStack before version 0.25.5 has a vulnerability where a user could ...)
TODO: check
CVE-2020-5255
RESERVED
-CVE-2020-5254
- RESERVED
-CVE-2020-5253
- RESERVED
+CVE-2020-5254 (In NetHack before 3.6.6, some out-of-bound values for the hilite_statu ...)
+ TODO: check
+CVE-2020-5253 (NetHack before version 3.6.0 allowed malicious use of escaping of char ...)
+ TODO: check
CVE-2020-5252
RESERVED
CVE-2020-5251 (In parser-server before version 4.1.0, you can fetch all the users obj ...)
@@ -13873,8 +14089,8 @@ CVE-2020-4164
RESERVED
CVE-2020-4163 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under special ...)
NOT-FOR-US: IBM
-CVE-2020-4162
- RESERVED
+CVE-2020-4162 (IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross ...)
+ TODO: check
CVE-2020-4161 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
NOT-FOR-US: IBM
CVE-2020-4160
@@ -28818,8 +29034,8 @@ CVE-2019-17638
RESERVED
CVE-2019-17637
RESERVED
-CVE-2019-17636
- RESERVED
+CVE-2019-17636 (In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre ...)
+ TODO: check
CVE-2019-17635 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a dese ...)
NOT-FOR-US: Eclipse Memory Analyzer
CVE-2019-17634 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cros ...)
@@ -36584,8 +36800,8 @@ CVE-2019-15036 (An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCi
NOT-FOR-US: JetBrains TeamCity
CVE-2019-15035 (An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Pro ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2019-15034
- RESERVED
+CVE-2019-15034 (hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient ...)
+ TODO: check
CVE-2019-15033 (Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature dow ...)
- ajaxplorer <itp> (bug #668381)
CVE-2019-15032 (Pydio 6.0.8 mishandles error reporting when a directory allows unauthe ...)
@@ -42863,8 +43079,8 @@ CVE-2019-13458 (An issue was discovered in Open Ticket Request System (OTRS) 7.0
NOTE: https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/
NOTE: OTRS 6.0: https://github.com/OTRS/otrs/commit/69430f260d52e5a7afc185048da0cfc2eef2659a
NOTE: OTRS 5.0: https://github.com/OTRS/otrs/commit/0e26066dfff8efff0039da13e29609ca7f00d9a2
-CVE-2019-13457
- RESERVED
+CVE-2019-13457 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
+ TODO: check
CVE-2019-13456 (In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd h ...)
- freeradius 3.0.17+dfsg-1.1
[stretch] - freeradius <no-dsa> (Minor issue; plugin not enabled by default)
@@ -43797,8 +44013,7 @@ CVE-2019-13123 (Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCal
NOT-FOR-US: Foxit Reader
CVE-2019-13122 (A Cross Site Scripting (XSS) vulnerability exists in the template tag ...)
NOT-FOR-US: Patchwork
-CVE-2019-13121 [SSRF Vulnerability in Project GitHub Integration]
- RESERVED
+CVE-2019-13121 (An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0 ...)
[experimental] - gitlab 11.10.8+dfsg-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
@@ -44122,53 +44337,43 @@ CVE-2019-13014 (Little Snitch versions 4.4.0 fixes a vulnerability in a privileg
NOT-FOR-US: Little Snitch
CVE-2019-13013 (Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalatio ...)
NOT-FOR-US: Little Snitch
-CVE-2019-13011 [Merge Request Template Name Disclosure]
- RESERVED
+CVE-2019-13011 (An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12 ...)
[experimental] - gitlab 11.10.8+dfsg-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
-CVE-2019-13010 [Decoding Color Codes Caused Reseource Depletion]
- RESERVED
+CVE-2019-13010 (An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0. ...)
[experimental] - gitlab 11.10.8+dfsg-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
-CVE-2019-13009 [Broken Access Control for the Content of Personal Snippets]
- RESERVED
+CVE-2019-13009 (An issue was discovered in GitLab Community and Enterprise Edition 9.2 ...)
[experimental] - gitlab 11.10.8+dfsg-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13008
RESERVED
-CVE-2019-13007 [Enabling One of the Service Templates Could Cause Resource Depletion]
- RESERVED
+CVE-2019-13007 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
- gitlab <not-affected> (Only affects 11.1 and later)
NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
-CVE-2019-13006 [Number of Merge Requests was Accessible]
- RESERVED
+CVE-2019-13006 (An issue was discovered in GitLab Community and Enterprise Edition 9.0 ...)
[experimental] - gitlab 11.10.8+dfsg-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
-CVE-2019-13005 [Authorization Issues in GraphQL]
- RESERVED
+CVE-2019-13005 (An issue was discovered in GitLab Enterprise Edition and Community Edi ...)
[experimental] - gitlab 11.10.8+dfsg-1
- gitlab <not-affected> (Only affects 11.10 and later)
NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
-CVE-2019-13004 [Error Caused by Encoded Characters in Comments]
- RESERVED
+CVE-2019-13004 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
- gitlab <not-affected> (Only affects 11.1 and later)
NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
-CVE-2019-13003 [Resource Exhaustion Attack]
- RESERVED
+CVE-2019-13003 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
[experimental] - gitlab 11.10.8+dfsg-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
-CVE-2019-13002 [Recent Pipeline Information Disclosed to Unauthorised Users]
- RESERVED
+CVE-2019-13002 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
[experimental] - gitlab 11.10.8+dfsg-1
- gitlab <not-affected> (Only affects 11.10 and later)
NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
-CVE-2019-13001 [Ability to Write a Note to a Private Snippet]
- RESERVED
+CVE-2019-13001 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
[experimental] - gitlab 11.10.8+dfsg-1
- gitlab <not-affected> (Only affects 11.9 and later)
NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
@@ -45660,33 +45865,27 @@ CVE-2019-12447 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. dae
[jessie] - gvfs <not-affected> (Vulnerable code introduced later)
NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/daf1163aba229afcfddf0f925aef7e97047e8959
NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/3895e09d784ebec0fbc4614d5c37068736120e1d
-CVE-2019-12446 [Repository Password Disclosed on Import Error Page]
- RESERVED
+CVE-2019-12446 (An issue was discovered in GitLab Community and Enterprise Edition 8.3 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
-CVE-2019-12445 [Stored Cross-Site Scripting on Notes]
- RESERVED
+CVE-2019-12445 (An issue was discovered in GitLab Community and Enterprise Edition 8.4 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
-CVE-2019-12444 [Stored Cross-Site Scripting on Wiki Pages]
- RESERVED
+CVE-2019-12444 (An issue was discovered in GitLab Community and Enterprise Edition 8.9 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
-CVE-2019-12443 [Server-Side Request Forgery Through DNS Rebinding]
- RESERVED
+CVE-2019-12443 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
[experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
-CVE-2019-12442 [Stored Cross-Site Scripting Vulnerability on Child Epics]
- RESERVED
+CVE-2019-12442 (An issue was discovered in GitLab Enterprise Edition 11.7 through 11.1 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
-CVE-2019-12441 [Protected Branches Restriction Rules Bypass]
- RESERVED
+CVE-2019-12441 (An issue was discovered in GitLab Community and Enterprise Edition 8.4 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
@@ -45704,36 +45903,29 @@ CVE-2019-12435 (Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL poi
[stretch] - samba <not-affected> (Only affects Samba since 4.9)
[jessie] - samba <not-affected> (Only affects Samba since 4.9)
NOTE: https://www.samba.org/samba/security/CVE-2019-12435.html
-CVE-2019-12434 [Private Project Discovery via Comment Links]
- RESERVED
+CVE-2019-12434 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
[experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
-CVE-2019-12433 [Internal Projects Allowed to Be Created on in Private Groups]
- RESERVED
+CVE-2019-12433 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
[experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
-CVE-2019-12432 [Confidential Issue Titles Revealed to Restricted Users on Unsubscribe]
- RESERVED
+CVE-2019-12432 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
-CVE-2019-12431 [Disclosure of Milestone Metadata through the Search API]
- RESERVED
+CVE-2019-12431 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
-CVE-2019-12430 [Remote Command Execution Vulnerability on Repository Download Feature]
- RESERVED
+CVE-2019-12430 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
- gitlab <not-affected> (Only affects 11.11)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
-CVE-2019-12429 [Metadata of Confidential Issues Disclosed to Restricted Users]
- RESERVED
+CVE-2019-12429 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
- gitlab <not-affected> (Only affects 11.9 and later)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
-CVE-2019-12428 [Mandatory External Authentication Provider Sign-In Restrictions Bypass]
- RESERVED
+CVE-2019-12428 (An issue was discovered in GitLab Community and Enterprise Edition 6.8 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
@@ -47914,8 +48106,8 @@ CVE-2019-11688
RESERVED
CVE-2019-11687 (An issue was discovered in the DICOM Part 10 File Format in the NEMA D ...)
NOT-FOR-US: DICOM
-CVE-2019-11686
- RESERVED
+CVE-2019-11686 (Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnera ...)
+ TODO: check
CVE-2019-11685
RESERVED
CVE-2019-11684
@@ -48863,8 +49055,8 @@ CVE-2019-11555 (The EAP-pwd implementation in hostapd (EAP server) before 2.8 an
NOTE: Patches: https://w1.fi/security/2019-5/
CVE-2019-11346
RESERVED
-CVE-2019-11345
- RESERVED
+CVE-2019-11345 (Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center ...)
+ TODO: check
CVE-2019-11344 (data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute a ...)
NOT-FOR-US: Pluck CMS
CVE-2019-11343
@@ -50722,10 +50914,10 @@ CVE-2019-10708 (S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=un
NOT-FOR-US: S-CMS PHP
CVE-2019-10707 (MKCMS V5.0 has SQL injection via the bplay.php play parameter. ...)
NOT-FOR-US: MKCMS
-CVE-2019-10706
- RESERVED
-CVE-2019-10705
- RESERVED
+CVE-2019-10706 (Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: T ...)
+ TODO: check
+CVE-2019-10705 (Western Digital SanDisk X600 devices in certain configurations, a vuln ...)
+ TODO: check
CVE-2019-10704
RESERVED
CVE-2019-10703
@@ -52434,8 +52626,8 @@ CVE-2019-10066 (An issue was discovered in Open Ticket Request System (OTRS) 7.x
[jessie] - otrs2 <not-affected> (vulnerable code is not present)
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/b99cad21f2dd1c2d52299424a589b0b2f20d7ba8
NOTE: https://community.otrs.com/security-advisory-2019-06-security-update-for-otrs-framework/
-CVE-2019-10065
- RESERVED
+CVE-2019-10065 (An issue was discovered in Open Ticket Request System (OTRS) 7.0 throu ...)
+ TODO: check
CVE-2019-10064 (hostapd before 2.6, in EAP mode, makes calls to the rand() and random( ...)
- wpa 2:2.6-7
NOTE: https://www.openwall.com/lists/oss-security/2020/02/27/1
@@ -53797,8 +53989,8 @@ CVE-2019-9861 (Due to the use of an insecure RFID technology (MIFARE Classic), A
NOT-FOR-US: ABUS
CVE-2019-9860 (Due to unencrypted signal communication and predictability of rolling ...)
NOT-FOR-US: ABUS
-CVE-2019-9859
- RESERVED
+CVE-2019-9859 (Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 is vulnerable to ...)
+ TODO: check
CVE-2019-9858 (Remote code execution was discovered in Horde Groupware Webmail 5.2.22 ...)
{DSA-4468-1 DLA-1822-1}
- php-horde-form 2.0.18-3.1 (bug #930321)
@@ -67498,8 +67690,8 @@ CVE-2019-4610
RESERVED
CVE-2019-4609 (IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic alg ...)
NOT-FOR-US: IBM
-CVE-2019-4608
- RESERVED
+CVE-2019-4608 (IBM Tivoli Workload Scheduler 9.3 is vulnerable to cross-site scriptin ...)
+ TODO: check
CVE-2019-4607
RESERVED
CVE-2019-4606 (IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a ...)
@@ -82571,8 +82763,8 @@ CVE-2018-18896
RESERVED
CVE-2018-18895
REJECTED
-CVE-2018-18894
- RESERVED
+CVE-2018-18894 (Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) c ...)
+ TODO: check
CVE-2018-18893 (Jinjava before 2.4.6 does not block the getClass method, related to co ...)
NOT-FOR-US: Jinjava
CVE-2018-18892 (MiniCMS 1.10 allows execution of arbitrary PHP code via the install.ph ...)
@@ -94250,8 +94442,8 @@ CVE-2018-14504 (An issue was discovered in manage_filter_edit_page.php in Mantis
NOTE: https://mantisbt.org/bugs/view.php?id=24608
CVE-2018-14503 (Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Corem ...)
NOT-FOR-US: Coremail XT
-CVE-2018-14502
- RESERVED
+CVE-2018-14502 (controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 ...)
+ TODO: check
CVE-2018-14501 (manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demo ...)
NOT-FOR-US: joyplus-cms
CVE-2018-14500 (joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.p ...)
@@ -154246,8 +154438,8 @@ CVE-2017-10994 (Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Ar
NOT-FOR-US: Foxit Reader
CVE-2017-10993 (Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to i ...)
NOT-FOR-US: Contao
-CVE-2017-10992
- RESERVED
+CVE-2017-10992 (In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Des ...)
+ TODO: check
CVE-2017-10991 (The WP Statistics plugin through 12.0.9 for WordPress has XSS in the r ...)
NOT-FOR-US: Wordpress plugin
CVE-2017-10990
@@ -301383,8 +301575,7 @@ CVE-2012-1098 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x b
CVE-2012-1097 (The regset (aka register set) feature in the Linux kernel before 3.2.1 ...)
{DSA-2443-1}
- linux-2.6 3.2.10-1 (low)
-CVE-2012-1096
- RESERVED
+CVE-2012-1096 (NetworkManager 0.9 and earlier allows local users to use other users' ...)
- network-manager <unfixed> (low; bug #684259)
[buster] - network-manager <ignored> (Minor issue)
[stretch] - network-manager <ignored> (Minor issue)
@@ -301395,8 +301586,7 @@ CVE-2012-1096
CVE-2012-1095 (osc before 0.134 might allow remote OBS repository servers or package ...)
- osc <unfixed> (unimportant)
NOTE: This is ultimately a bug in the respectice terminal emulations and not a vulnerability in osc
-CVE-2012-1094
- RESERVED
+CVE-2012-1094 (JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostna ...)
- libapache2-mod-cluster <itp> (bug #731410)
CVE-2012-1093 (The init script in the Debian x11-common package before 1:7.6+12 is vu ...)
- xorg 1:7.6+12 (bug #661627)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f9dc779973e0b699126ec64f1e610c14c50e6ac
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f9dc779973e0b699126ec64f1e610c14c50e6ac
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200310/28c223d1/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list