[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 11 20:10:29 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5ab37263 by security tracker role at 2020-03-11T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16,8 +16,8 @@ CVE-2020-10378
RESERVED
CVE-2020-10377
RESERVED
-CVE-2020-10376
- RESERVED
+CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to ...)
+ TODO: check
CVE-2020-10375
RESERVED
CVE-2020-10374
@@ -424,6 +424,7 @@ CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote
NOTE: https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html
TODO: check further details
CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_address ...)
+ {DSA-4639-1}
- libusrsctp <unfixed> (bug #953270)
- firefox <unfixed>
- firefox-esr 68.6.0esr-1
@@ -448,8 +449,8 @@ CVE-2020-10183
RESERVED
CVE-2020-10182
RESERVED
-CVE-2020-10181
- RESERVED
+CVE-2020-10181 (goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4. ...)
+ TODO: check
CVE-2019-20502 (An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer ...)
NOT-FOR-US: EFS Easy Chat Server
CVE-2020-10180 (The ESET AV parsing engine allows virus-detection bypass via a crafted ...)
@@ -4108,8 +4109,8 @@ CVE-2020-8542
RESERVED
CVE-2020-8541
RESERVED
-CVE-2020-8540
- RESERVED
+CVE-2020-8540 (An XML external entity (XXE) vulnerability iin Zoho ManageEngine Deskt ...)
+ TODO: check
CVE-2020-8539
RESERVED
CVE-2020-8538
@@ -8045,6 +8046,7 @@ CVE-2020-6815
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815
CVE-2020-6814
RESERVED
+ {DSA-4639-1}
- firefox <unfixed>
- firefox-esr 68.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6814
@@ -8055,12 +8057,14 @@ CVE-2020-6813
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6813
CVE-2020-6812
RESERVED
+ {DSA-4639-1}
- firefox <unfixed>
- firefox-esr 68.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6812
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812
CVE-2020-6811
RESERVED
+ {DSA-4639-1}
- firefox <unfixed>
- firefox-esr 68.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6811
@@ -8079,18 +8083,21 @@ CVE-2020-6808
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6808
CVE-2020-6807
RESERVED
+ {DSA-4639-1}
- firefox <unfixed>
- firefox-esr 68.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6807
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807
CVE-2020-6806
RESERVED
+ {DSA-4639-1}
- firefox <unfixed>
- firefox-esr 68.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6806
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806
CVE-2020-6805
RESERVED
+ {DSA-4639-1}
- firefox <unfixed>
- firefox-esr 68.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6805
@@ -11501,11 +11508,13 @@ CVE-2020-5261
CVE-2020-5260
RESERVED
CVE-2020-5259 (In affected versions of dojox (NPM package), the jqMix method is vulne ...)
+ {DLA-2139-1}
- dojo 1.15.3+dfsg1-1 (bug #953587)
[buster] - dojo <no-dsa> (Minor issue)
NOTE: https://github.com/dojo/dojox/security/advisories/GHSA-3hw5-q855-g6cw
NOTE: https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da
CVE-2020-5258 (In affected versions of dojo (NPM package), the deepCopy method is vul ...)
+ {DLA-2139-1}
- dojo 1.15.3+dfsg1-1 (bug #953585)
[buster] - dojo <no-dsa> (Minor issue)
NOTE: https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2
@@ -11678,8 +11687,8 @@ CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in Po
NOT-FOR-US: Pow
CVE-2020-5204 (In uftpd before 2.11, there is a buffer overflow vulnerability in hand ...)
NOT-FOR-US: uftpd
-CVE-2020-5203
- RESERVED
+CVE-2020-5203 (In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code exec ...)
+ TODO: check
CVE-2020-5202 (apt-cacher-ng through 3.3 allows local users to obtain sensitive infor ...)
- apt-cacher-ng 3.3.1-1
[buster] - apt-cacher-ng <no-dsa> (Minor issue)
@@ -20222,12 +20231,12 @@ CVE-2020-1983
RESERVED
CVE-2020-1982
RESERVED
-CVE-2020-1981
- RESERVED
-CVE-2020-1980
- RESERVED
-CVE-2020-1979
- RESERVED
+CVE-2020-1981 (A predictable temporary filename vulnerability in PAN-OS allows local ...)
+ TODO: check
+CVE-2020-1980 (A shell command injection vulnerability in the PAN-OS CLI allows a loc ...)
+ TODO: check
+CVE-2020-1979 (A format string vulnerability in the PAN-OS log daemon (logd) on Panor ...)
+ TODO: check
CVE-2020-1978
RESERVED
CVE-2020-1977 (Insufficient Cross-Site Request Forgery (XSRF) protection on Expeditio ...)
@@ -21281,8 +21290,8 @@ CVE-2019-19383 (freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a c
NOT-FOR-US: freeFTPd
CVE-2019-19382 (Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the ...)
NOT-FOR-US: Max Secure Anti Virus Plus
-CVE-2019-19381
- RESERVED
+CVE-2019-19381 (oauth/oauth2/v1/saml/ in Abacus OAuth Login 2019_01_r4_20191021_0000 b ...)
+ TODO: check
CVE-2019-19380
RESERVED
CVE-2019-19379 (In app/Controller/TagsController.php in MISP 2.4.118, users can bypass ...)
@@ -21422,8 +21431,7 @@ CVE-2020-1734 (A flaw was found in the pipe lookup plugin of ansible. Arbitrary
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801804
NOTE: https://github.com/ansible/ansible/issues/6550
NOTE: https://github.com/ansible/ansible/issues/67792
-CVE-2020-1733 [insecure temporary directory when running become_user from become directive]
- RESERVED
+CVE-2020-1733 (A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2. ...)
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801735
CVE-2020-1732
@@ -30082,7 +30090,7 @@ CVE-2019-17373 (Certain NETGEAR devices allow unauthenticated access to critical
NOT-FOR-US: NETGEAR
CVE-2019-17372 (Certain NETGEAR devices allow remote attackers to disable all authenti ...)
NOT-FOR-US: NETGEAR
-CVE-2019-17371 (libpng 1.6.37 has memory leaks in png_malloc_warn and png_create_info_ ...)
+CVE-2019-17371 (gif2png 2.5.13 has a memory leak in the writefile function. ...)
- gif2png <removed> (unimportant)
NOTE: https://github.com/glennrp/libpng/issues/307
NOTE: Initially filed for libpng, but the bug is actually in gif2png
@@ -33586,8 +33594,8 @@ CVE-2019-16109 (An issue was discovered in Plataformatec Devise before 4.7.1. It
NOT-FOR-US: Plataformatec Devise
CVE-2019-16108
RESERVED
-CVE-2019-16107
- RESERVED
+CVE-2019-16107 (Missing form token validation in phpBB 3.2.7 allows CSRF in deleting p ...)
+ TODO: check
CVE-2018-21014 (The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. ...)
NOT-FOR-US: Wordpress plugin
CVE-2018-21013 (The Swape theme before 1.2.1 for WordPress has incorrect access contro ...)
@@ -56398,26 +56406,26 @@ CVE-2019-9106 (The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEB
NOT-FOR-US: SAET Impianti Speciali TEBE Small devices
CVE-2019-9105 (The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Sma ...)
NOT-FOR-US: SAET Impianti Speciali TEBE Small devices
-CVE-2019-9104
- RESERVED
-CVE-2019-9103
- RESERVED
-CVE-2019-9102
- RESERVED
-CVE-2019-9101
- RESERVED
+CVE-2019-9104 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
+ TODO: check
+CVE-2019-9103 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
+ TODO: check
+CVE-2019-9102 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
+ TODO: check
+CVE-2019-9101 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
+ TODO: check
CVE-2019-9100
RESERVED
-CVE-2019-9099
- RESERVED
-CVE-2019-9098
- RESERVED
-CVE-2019-9097
- RESERVED
-CVE-2019-9096
- RESERVED
-CVE-2019-9095
- RESERVED
+CVE-2019-9099 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
+ TODO: check
+CVE-2019-9098 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
+ TODO: check
+CVE-2019-9097 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
+ TODO: check
+CVE-2019-9096 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
+ TODO: check
+CVE-2019-9095 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
+ TODO: check
CVE-2019-9094 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
NOT-FOR-US: Humhub
CVE-2019-9093 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
@@ -199894,8 +199902,7 @@ CVE-2016-5388 (Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the
NOTE: versions in Debian.
NOTE: https://svn.apache.org/r1756941 (8.0.x)
NOTE: https://svn.apache.org/r1756942 (7.0.x)
-CVE-2016-1000111
- RESERVED
+CVE-2016-1000111 (Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1 ...)
- twisted <unfixed> (unimportant)
[wheezy] - twisted <not-affected> (For wheezy affected file twcgi.py is in src:twisted-web)
- twisted-web <removed>
@@ -282673,8 +282680,7 @@ CVE-2013-1755
RESERVED
CVE-2013-1754
RESERVED
-CVE-2013-1753
- RESERVED
+CVE-2013-1753 (The gzip_decode function in the xmlrpc client library in Python 3.4 an ...)
- python2.5 <removed> (low)
- python2.6 <removed> (low)
- python2.7 2.7.9-1 (low; bug #742929)
@@ -301661,8 +301667,7 @@ CVE-2012-1104 (A Security Bypass vulnerability exists in the phpCAS 1.2.2 librar
CVE-2012-1103 (emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs in ...)
{DSA-2416-1}
- notmuch 0.11.1-1
-CVE-2012-1101
- RESERVED
+CVE-2012-1101 (systemd 37-1 does not properly handle non-existent services, which cau ...)
- systemd 43-1 (bug #662029)
CVE-2012-1100 (Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and ...)
NOT-FOR-US: JBoss Operations Network
@@ -312183,8 +312188,7 @@ CVE-2011-2489 (Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-te
- opie <removed> (bug #631344)
CVE-2011-2488 (Joomla! before 1.5.23 does not properly check for errors, which allows ...)
NOT-FOR-US: Joomla!
-CVE-2011-2487
- RESERVED
+CVE-2011-2487 (The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncr ...)
NOT-FOR-US: Apache CXF
CVE-2011-2486 (nspluginwrapper before 1.4.4 does not properly provide access to NPNVp ...)
- nspluginwrapper <unfixed> (bug #671846)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ab3726323d6016c4ece7dfcffee1f008780bdf9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ab3726323d6016c4ece7dfcffee1f008780bdf9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200311/4d5ccabe/attachment.html>
More information about the debian-security-tracker-commits
mailing list