[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 13 20:10:52 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
61ca98e5 by security tracker role at 2020-03-13T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2020-10558
+ RESERVED
+CVE-2020-10557
+ RESERVED
+CVE-2020-10556
+ RESERVED
+CVE-2020-10555
+ RESERVED
+CVE-2020-10554
+ RESERVED
+CVE-2020-10553
+ RESERVED
+CVE-2020-10552
+ RESERVED
+CVE-2020-10551
+ RESERVED
+CVE-2020-10550
+ RESERVED
+CVE-2020-10549
+ RESERVED
+CVE-2020-10548
+ RESERVED
+CVE-2020-10547
+ RESERVED
+CVE-2020-10546
+ RESERVED
+CVE-2020-10545
+ RESERVED
+CVE-2020-10544 (An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFac ...)
+ TODO: check
+CVE-2009-5159 (Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Int ...)
+ TODO: check
CVE-2020-10543
RESERVED
CVE-2020-10542
@@ -680,8 +712,8 @@ CVE-2020-10220 (An issue was discovered in rConfig through 3.9.4. The web interf
NOT-FOR-US: rConfig
CVE-2020-10219
RESERVED
-CVE-2020-10218
- RESERVED
+CVE-2020-10218 (A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 ...)
+ TODO: check
CVE-2020-10217
RESERVED
CVE-2020-10216 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...)
@@ -724,10 +756,10 @@ CVE-2020-10198
RESERVED
CVE-2020-10197
RESERVED
-CVE-2020-10196
- RESERVED
-CVE-2020-10195
- RESERVED
+CVE-2020-10196 (An XSS vulnerability in the popup-builder plugin before 3.64.1 for Wor ...)
+ TODO: check
+CVE-2020-10195 (The popup-builder plugin before 3.64.1 for WordPress allows informatio ...)
+ TODO: check
CVE-2020-10194
RESERVED
CVE-2020-10193 (ESET Archive Support Module before 1294 allows virus-detection bypass ...)
@@ -964,46 +996,46 @@ CVE-2020-10094
RESERVED
CVE-2020-10093
RESERVED
-CVE-2020-10092
- RESERVED
-CVE-2020-10091
- RESERVED
-CVE-2020-10090
- RESERVED
-CVE-2020-10089
- RESERVED
-CVE-2020-10088
- RESERVED
-CVE-2020-10087
- RESERVED
-CVE-2020-10086
- RESERVED
-CVE-2020-10085
- RESERVED
-CVE-2020-10084
- RESERVED
-CVE-2020-10083
- RESERVED
-CVE-2020-10082
- RESERVED
-CVE-2020-10081
- RESERVED
-CVE-2020-10080
- RESERVED
-CVE-2020-10079
- RESERVED
-CVE-2020-10078
- RESERVED
-CVE-2020-10077
- RESERVED
-CVE-2020-10076
- RESERVED
-CVE-2020-10075
- RESERVED
-CVE-2020-10074
- RESERVED
-CVE-2020-10073
- RESERVED
+CVE-2020-10092 (GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerab ...)
+ TODO: check
+CVE-2020-10091 (GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerabi ...)
+ TODO: check
+CVE-2020-10090 (GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certai ...)
+ TODO: check
+CVE-2020-10089 (GitLab 8.11 through 12.8.1 allows a Denial of Service when using sever ...)
+ TODO: check
+CVE-2020-10088 (GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on part ...)
+ TODO: check
+CVE-2020-10087 (GitLab before 12.8.2 allows Information Disclosure. Badge images were ...)
+ TODO: check
+CVE-2020-10086 (GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular en ...)
+ TODO: check
+CVE-2020-10085 (GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particul ...)
+ TODO: check
+CVE-2020-10084 (GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a ...)
+ TODO: check
+CVE-2020-10083 (GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain con ...)
+ TODO: check
+CVE-2020-10082 (GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of servi ...)
+ TODO: check
+CVE-2020-10081 (GitLab before 12.8.2 has Incorrect Access Control. It was internally d ...)
+ TODO: check
+CVE-2020-10080 (GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possib ...)
+ TODO: check
+CVE-2020-10079 (GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain ...)
+ TODO: check
+CVE-2020-10078 (GitLab 12.1 through 12.8.1 allows XSS. The merge request submission fo ...)
+ TODO: check
+CVE-2020-10077 (GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation re ...)
+ TODO: check
+CVE-2020-10076 (GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting v ...)
+ TODO: check
+CVE-2020-10075 (GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error h ...)
+ TODO: check
+CVE-2020-10074 (GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario wa ...)
+ TODO: check
+CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was inter ...)
+ TODO: check
CVE-2020-10072
RESERVED
CVE-2020-10071
@@ -4286,6 +4318,7 @@ CVE-2020-8610
CVE-2020-8609
RESERVED
CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf ...)
+ {DLA-2142-1}
- libslirp <unfixed>
- qemu 1:4.1-2
[buster] - qemu <postponed> (Minor issue)
@@ -4375,8 +4408,8 @@ CVE-2020-8573
RESERVED
CVE-2020-8572
RESERVED
-CVE-2020-8571
- RESERVED
+CVE-2020-8571 (StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11 ...)
+ TODO: check
CVE-2020-8570
RESERVED
CVE-2020-8569
@@ -16663,8 +16696,8 @@ CVE-2019-19801 (In Gallagher Command Centre Server versions of v8.10 prior to v8
NOT-FOR-US: Gallagher Command Centre Server
CVE-2019-19800 (Zoho ManageEngine Applications Manager 14 before 14520 allows a remote ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
-CVE-2019-19799
- RESERVED
+CVE-2019-19799 (Zoho ManageEngine Applications Manager 14590 and before allows a remot ...)
+ TODO: check
CVE-2019-19798
RESERVED
CVE-2019-19797 (read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds wr ...)
@@ -17804,8 +17837,8 @@ CVE-2019-19758 (A vulnerability in the web interface of Lenovo EZ Media & Ba
NOT-FOR-US: Lenovo
CVE-2019-19757 (An internal product security audit of Lenovo XClarity Administrator (L ...)
NOT-FOR-US: Lenovo
-CVE-2019-19756
- RESERVED
+CVE-2019-19756 (An internal product security audit of Lenovo XClarity Administrator (L ...)
+ TODO: check
CVE-2019-19755
RESERVED
CVE-2019-19754
@@ -19497,8 +19530,8 @@ CVE-2019-19613
RESERVED
CVE-2019-19612
RESERVED
-CVE-2019-19611
- RESERVED
+CVE-2019-19611 (An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the ...)
+ TODO: check
CVE-2019-19610
RESERVED
CVE-2019-19609 (The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Co ...)
@@ -20879,8 +20912,8 @@ CVE-2020-1955
RESERVED
CVE-2020-1954
RESERVED
-CVE-2020-1953
- RESERVED
+CVE-2020-1953 (Apache Commons Configuration uses a third-party library to parse YAML ...)
+ TODO: check
CVE-2020-1952
RESERVED
CVE-2020-1951
@@ -33817,8 +33850,8 @@ CVE-2019-16159 (BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through
NOTE: https://gitlab.labs.nic.cz/labs/bird/commit/8388f5a7e14108a1458fea35bfbb5a453e2c563c (2.0.x)
CVE-2019-16158
RESERVED
-CVE-2019-16157
- RESERVED
+CVE-2019-16157 (An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI a ...)
+ TODO: check
CVE-2019-16156 (An Improper Neutralization of Input vulnerability in the Anomaly Detec ...)
TODO: check
CVE-2019-16155 (A privilege escalation vulnerability in FortiClient for Linux 6.2.1 an ...)
@@ -40208,10 +40241,10 @@ CVE-2019-14312 (Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion
NOT-FOR-US: Aptana Jaxer
CVE-2019-14311
RESERVED
-CVE-2019-14310
- RESERVED
-CVE-2019-14309
- RESERVED
+CVE-2019-14310 (Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). U ...)
+ TODO: check
+CVE-2019-14309 (Ricoh SP C250DN 1.05 devices have a fixed password. FTP service creden ...)
+ TODO: check
CVE-2019-14308 (Several Ricoh printers have multiple buffer overflows parsing LPD pack ...)
NOT-FOR-US: Ricoh
CVE-2019-14307 (Several Ricoh printers have multiple buffer overflows parsing HTTP par ...)
@@ -40222,16 +40255,16 @@ CVE-2019-14305 (Several Ricoh printers have multiple buffer overflows parsing HT
NOT-FOR-US: Ricoh
CVE-2019-14304 (Ricoh SP C250DN 1.06 devices allow CSRF. ...)
NOT-FOR-US: Ricoh SP C250DN 1.06 devices
-CVE-2019-14303
- RESERVED
+CVE-2019-14303 (Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). S ...)
+ TODO: check
CVE-2019-14302 (On Ricoh SP C250DN 1.06 devices, a debug port can be used. ...)
NOT-FOR-US: Ricoh SP C250DN 1.06 devices
CVE-2019-14301 (Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of ...)
NOT-FOR-US: Ricoh SP C250DN 1.06 devices
CVE-2019-14300 (Several Ricoh printers have multiple buffer overflows parsing HTTP coo ...)
NOT-FOR-US: Ricoh
-CVE-2019-14299
- RESERVED
+CVE-2019-14299 (Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable ...)
+ TODO: check
CVE-2019-14298 (Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(con ...)
NOT-FOR-US: Veeam ONE Reporter
CVE-2019-14297 (Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with ...)
@@ -43686,12 +43719,12 @@ CVE-2019-13397 (Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote at
NOT-FOR-US: osTicket
CVE-2019-13396 (FlightPath 4.x and 5.0-x allows directory traversal and Local File Inc ...)
NOT-FOR-US: FlightPath
-CVE-2019-13395
- RESERVED
-CVE-2019-13394
- RESERVED
-CVE-2019-13393
- RESERVED
+CVE-2019-13395 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF a ...)
+ TODO: check
+CVE-2019-13394 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Bas ...)
+ TODO: check
+CVE-2019-13393 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same ...)
+ TODO: check
CVE-2019-13392 (A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette Na ...)
NOT-FOR-US: MindPalette NateMail
CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has ...)
@@ -44237,36 +44270,36 @@ CVE-2019-13207 (nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer O
- nsd3 <removed>
NOTE: https://github.com/NLnetLabs/nsd/issues/20
NOTE: https://github.com/NLnetLabs/nsd/commit/91102da24d5949ccfec8fdab5bae2d01c4cabab5
-CVE-2019-13206
- RESERVED
-CVE-2019-13205
- RESERVED
-CVE-2019-13204
- RESERVED
-CVE-2019-13203
- RESERVED
-CVE-2019-13202
- RESERVED
-CVE-2019-13201
- RESERVED
-CVE-2019-13200
- RESERVED
-CVE-2019-13199
- RESERVED
-CVE-2019-13198
- RESERVED
-CVE-2019-13197
- RESERVED
-CVE-2019-13196
- RESERVED
-CVE-2019-13195
- RESERVED
-CVE-2019-13194
- RESERVED
-CVE-2019-13193
- RESERVED
-CVE-2019-13192
- RESERVED
+CVE-2019-13206 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...)
+ TODO: check
+CVE-2019-13205 (All configuration parameters of certain Kyocera printers (such as the ...)
+ TODO: check
+CVE-2019-13204 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...)
+ TODO: check
+CVE-2019-13203 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...)
+ TODO: check
+CVE-2019-13202 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...)
+ TODO: check
+CVE-2019-13201 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...)
+ TODO: check
+CVE-2019-13200 (The web application of several Kyocera printers (such as the ECOSYS M5 ...)
+ TODO: check
+CVE-2019-13199 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) d ...)
+ TODO: check
+CVE-2019-13198 (The web application of several Kyocera printers (such as the ECOSYS M5 ...)
+ TODO: check
+CVE-2019-13197 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...)
+ TODO: check
+CVE-2019-13196 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...)
+ TODO: check
+CVE-2019-13195 (The web application of some Kyocera printers (such as the ECOSYS M5526 ...)
+ TODO: check
+CVE-2019-13194 (Some Brother printers (such as the HL-L8360CDW v1.20) were affected by ...)
+ TODO: check
+CVE-2019-13193 (Some Brother printers (such as the HL-L8360CDW v1.20) were affected by ...)
+ TODO: check
+CVE-2019-13192 (Some Brother printers (such as the HL-L8360CDW v1.20) were affected by ...)
+ TODO: check
CVE-2019-13191 (A SQL injection vulnerability in IntraMaps MapControl 8 allows attacke ...)
NOT-FOR-US: IntraMaps MapControl
CVE-2019-13190 (In Knowage through 6.1.1, the sign up page does not invalidate a valid ...)
@@ -44323,22 +44356,22 @@ CVE-2019-13173 (fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite.
[jessie] - node-fstream <end-of-life> (Nodejs in jessie not covered by security support)
NOTE: https://www.npmjs.com/advisories/886
NOTE: https://github.com/npm/fstream/commit/6a77d2fa6e1462693cf8e46f930da96ec1b0bb22
-CVE-2019-13172
- RESERVED
-CVE-2019-13171
- RESERVED
-CVE-2019-13170
- RESERVED
-CVE-2019-13169
- RESERVED
-CVE-2019-13168
- RESERVED
-CVE-2019-13167
- RESERVED
-CVE-2019-13166
- RESERVED
-CVE-2019-13165
- RESERVED
+CVE-2019-13172 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...)
+ TODO: check
+CVE-2019-13171 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...)
+ TODO: check
+CVE-2019-13170 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not i ...)
+ TODO: check
+CVE-2019-13169 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...)
+ TODO: check
+CVE-2019-13168 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...)
+ TODO: check
+CVE-2019-13167 (Multiple Stored XSS vulnerabilities were found in the Xerox Web Applic ...)
+ TODO: check
+CVE-2019-13166 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not i ...)
+ TODO: check
+CVE-2019-13165 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...)
+ TODO: check
CVE-2019-13164 (qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a network inte ...)
{DSA-4512-1 DSA-4506-1 DLA-1927-1}
- qemu 1:4.1-1 (bug #931351)
@@ -47078,8 +47111,8 @@ CVE-2019-12184 (There is XSS in browser/components/MarkdownPreview.js in BoostIO
NOT-FOR-US: Boostnote
CVE-2019-12183 (Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 serie ...)
NOT-FOR-US: Safescan Timemoto
-CVE-2019-12182
- RESERVED
+CVE-2019-12182 (Directory Traversal in Safescan Timemoto and TA-8000 series version 1. ...)
+ TODO: check
CVE-2019-12181 (A privilege escalation vulnerability exists in SolarWinds Serv-U befor ...)
NOT-FOR-US: SolarWinds
CVE-2019-12180 (An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 ...)
@@ -62967,8 +63000,8 @@ CVE-2019-6701
RESERVED
CVE-2019-6700 (An information exposure vulnerability in the external authentication p ...)
NOT-FOR-US: FortiSIEM (Fortiguard)
-CVE-2019-6699
- RESERVED
+CVE-2019-6699 (An improper neutralization of input vulnerability in Fortinet FortiADC ...)
+ TODO: check
CVE-2019-6698 (Use of Hard-coded Credentials vulnerability in FortiRecorder all versi ...)
NOT-FOR-US: Fortinet
CVE-2019-6697
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61ca98e5c50e5e0baf199a929c24325ca22cd72a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61ca98e5c50e5e0baf199a929c24325ca22cd72a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200313/8a24c9ba/attachment.html>
More information about the debian-security-tracker-commits
mailing list