[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Mar 16 20:10:33 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
55e57521 by security tracker role at 2020-03-16T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,107 @@
+CVE-2020-10646
+ RESERVED
+CVE-2020-10645
+ RESERVED
+CVE-2020-10644
+ RESERVED
+CVE-2020-10643
+ RESERVED
+CVE-2020-10642
+ RESERVED
+CVE-2020-10641
+ RESERVED
+CVE-2020-10640
+ RESERVED
+CVE-2020-10639
+ RESERVED
+CVE-2020-10638
+ RESERVED
+CVE-2020-10637
+ RESERVED
+CVE-2020-10636
+ RESERVED
+CVE-2020-10635
+ RESERVED
+CVE-2020-10634
+ RESERVED
+CVE-2020-10633
+ RESERVED
+CVE-2020-10632
+ RESERVED
+CVE-2020-10631
+ RESERVED
+CVE-2020-10630
+ RESERVED
+CVE-2020-10629
+ RESERVED
+CVE-2020-10628
+ RESERVED
+CVE-2020-10627
+ RESERVED
+CVE-2020-10626
+ RESERVED
+CVE-2020-10625
+ RESERVED
+CVE-2020-10624
+ RESERVED
+CVE-2020-10623
+ RESERVED
+CVE-2020-10622
+ RESERVED
+CVE-2020-10621
+ RESERVED
+CVE-2020-10620
+ RESERVED
+CVE-2020-10619
+ RESERVED
+CVE-2020-10618
+ RESERVED
+CVE-2020-10617
+ RESERVED
+CVE-2020-10616
+ RESERVED
+CVE-2020-10615
+ RESERVED
+CVE-2020-10614
+ RESERVED
+CVE-2020-10613
+ RESERVED
+CVE-2020-10612
+ RESERVED
+CVE-2020-10611
+ RESERVED
+CVE-2020-10610
+ RESERVED
+CVE-2020-10609
+ RESERVED
+CVE-2020-10608
+ RESERVED
+CVE-2020-10607
+ RESERVED
+CVE-2020-10606
+ RESERVED
+CVE-2020-10605
+ RESERVED
+CVE-2020-10604
+ RESERVED
+CVE-2020-10603
+ RESERVED
+CVE-2020-10602
+ RESERVED
+CVE-2020-10601
+ RESERVED
+CVE-2020-10600
+ RESERVED
+CVE-2020-10599
+ RESERVED
+CVE-2020-10598
+ RESERVED
+CVE-2020-10597
+ RESERVED
+CVE-2020-10596
+ RESERVED
+CVE-2018-21037
+ RESERVED
CVE-2020-10595
RESERVED
CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows att ...)
@@ -81,8 +185,8 @@ CVE-2020-10559
RESERVED
CVE-2020-10558
RESERVED
-CVE-2020-10557
- RESERVED
+CVE-2020-10557 (An issue was discovered in AContent through 1.4. It allows the user to ...)
+ TODO: check
CVE-2020-10556
RESERVED
CVE-2020-10555
@@ -733,18 +837,18 @@ CVE-2020-10245
RESERVED
CVE-2020-10244 (JPaseto before 0.3.0 generates weak hashes when using v2.local tokens. ...)
NOT-FOR-US: JPaseto
-CVE-2020-10243
- RESERVED
-CVE-2020-10242
- RESERVED
-CVE-2020-10241
- RESERVED
-CVE-2020-10240
- RESERVED
-CVE-2020-10239
- RESERVED
-CVE-2020-10238
- RESERVED
+CVE-2020-10243 (An issue was discovered in Joomla! before 3.9.16. The lack of type cas ...)
+ TODO: check
+CVE-2020-10242 (An issue was discovered in Joomla! before 3.9.16. Inadequate handling ...)
+ TODO: check
+CVE-2020-10241 (An issue was discovered in Joomla! before 3.9.16. Missing token checks ...)
+ TODO: check
+CVE-2020-10240 (An issue was discovered in Joomla! before 3.9.16. Missing length check ...)
+ TODO: check
+CVE-2020-10239 (An issue was discovered in Joomla! before 3.9.16. Incorrect Access Con ...)
+ TODO: check
+CVE-2020-10238 (An issue was discovered in Joomla! before 3.9.16. Various actions in c ...)
+ TODO: check
CVE-2020-10237 (An issue was discovered in Froxlor through 0.10.15. The installer wrot ...)
NOT-FOR-US: Froxlor
CVE-2020-10236 (An issue was discovered in Froxlor before 0.10.14. It created files wi ...)
@@ -766,8 +870,8 @@ CVE-2020-10232 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a
NOTE: https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1
CVE-2020-10231
RESERVED
-CVE-2020-10230
- RESERVED
+CVE-2020-10230 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) al ...)
+ TODO: check
CVE-2020-10229
RESERVED
CVE-2020-10228
@@ -1751,6 +1855,7 @@ CVE-2020-10020
CVE-2020-10019
RESERVED
CVE-2020-10018 (WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the ...)
+ {DSA-4641-1}
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -2313,10 +2418,10 @@ CVE-2020-9521
RESERVED
CVE-2020-9520
RESERVED
-CVE-2020-9519
- RESERVED
-CVE-2020-9518
- RESERVED
+CVE-2020-9519 (HTTP methods reveled in Web services vulnerability in Micro Focus Serv ...)
+ TODO: check
+CVE-2020-9518 (Login filter can access configuration files vulnerability in Micro Foc ...)
+ TODO: check
CVE-2020-9517 (There is an improper restriction of rendered UI layers or frames vulne ...)
NOT-FOR-US: Micro Focus
CVE-2020-9516
@@ -2467,7 +2572,7 @@ CVE-2020-9449 (An insecure random number generation vulnerability in BlaB! AX, B
NOT-FOR-US: BlaB!
CVE-2020-9448
RESERVED
-CVE-2020-9447 (The file-upload feature in GwtUpload 1.0.3 allows XSS via a crafted fi ...)
+CVE-2020-9447 (There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0. ...)
NOT-FOR-US: GwtUpload
CVE-2020-9446
RESERVED
@@ -2808,8 +2913,8 @@ CVE-2020-9323
RESERVED
CVE-2020-9322
RESERVED
-CVE-2020-9321
- RESERVED
+CVE-2020-9321 (configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0. ...)
+ TODO: check
CVE-2020-9320 (Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a ...)
NOT-FOR-US: Avira
CVE-2020-9319
@@ -4433,7 +4538,7 @@ CVE-2020-8610
CVE-2020-8609
RESERVED
CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf ...)
- {DLA-2142-1}
+ {DLA-2144-1 DLA-2142-1}
- libslirp <unfixed>
- qemu 1:4.1-2
[buster] - qemu <postponed> (Minor issue)
@@ -6061,8 +6166,8 @@ CVE-2020-7918
RESERVED
CVE-2020-7917
RESERVED
-CVE-2020-7916
- RESERVED
+CVE-2020-7916 (be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 ...)
+ TODO: check
CVE-2020-7915 (An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI fie ...)
NOT-FOR-US: Eaton devices
CVE-2020-7914 (In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfigur ...)
@@ -8141,28 +8246,28 @@ CVE-2020-6992
RESERVED
CVE-2020-6991
RESERVED
-CVE-2020-6990
- RESERVED
+CVE-2020-6990 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
+ TODO: check
CVE-2020-6989
RESERVED
-CVE-2020-6988
- RESERVED
+CVE-2020-6988 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
+ TODO: check
CVE-2020-6987
RESERVED
CVE-2020-6986 (In all versions of Omron PLC CJ Series, an attacker can send a series ...)
NOT-FOR-US: Omron
CVE-2020-6985
RESERVED
-CVE-2020-6984
- RESERVED
+CVE-2020-6984 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
+ TODO: check
CVE-2020-6983
RESERVED
CVE-2020-6982
RESERVED
CVE-2020-6981
RESERVED
-CVE-2020-6980
- RESERVED
+CVE-2020-6980 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
+ TODO: check
CVE-2020-6979
RESERVED
CVE-2020-6978
@@ -9116,12 +9221,12 @@ CVE-2020-6588
RESERVED
CVE-2020-6587
RESERVED
-CVE-2020-6586
- RESERVED
-CVE-2020-6585
- RESERVED
-CVE-2020-6584
- RESERVED
+CVE-2020-6586 (Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a ...)
+ TODO: check
+CVE-2020-6585 (Nagios Log Server 2.1.3 has CSRF. ...)
+ TODO: check
+CVE-2020-6584 (Nagios Log Server 2.1.3 has Incorrect Access Control. ...)
+ TODO: check
CVE-2019-20371
RESERVED
CVE-2019-20370
@@ -9132,10 +9237,10 @@ CVE-2019-20368
RESERVED
CVE-2020-6583 (BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be ...)
NOT-FOR-US: BigProf Online Invoicing System (OIS)
-CVE-2020-6582
- RESERVED
-CVE-2020-6581
- RESERVED
+CVE-2020-6582 (Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by ...)
+ TODO: check
+CVE-2020-6581 (Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nas ...)
+ TODO: check
CVE-2020-6580
RESERVED
CVE-2020-6579
@@ -10720,18 +10825,18 @@ CVE-2020-5851 (On impacted versions and platforms the Trusted Platform Module (T
NOT-FOR-US: F5 BIG-IP
CVE-2020-5850
RESERVED
-CVE-2020-5849
- RESERVED
+CVE-2020-5849 (Unraid 6.8.0 allows authentication bypass. ...)
+ TODO: check
CVE-2020-5848
RESERVED
-CVE-2020-5847
- RESERVED
+CVE-2020-5847 (Unraid through 6.8.0 allows Remote Code Execution. ...)
+ TODO: check
CVE-2020-5846 (An insecure file upload and code execution issue was discovered in Ahs ...)
NOT-FOR-US: Ahsay Cloud Backup Suite
CVE-2020-5845
RESERVED
-CVE-2020-5844
- RESERVED
+CVE-2020-5844 (index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pan ...)
+ TODO: check
CVE-2020-5843 (Codoforum 4.8.3 allows XSS in the admin dashboard via a category to th ...)
NOT-FOR-US: Codoforum
CVE-2020-5842 (Codoforum 4.8.3 allows XSS in the user registration page: via the user ...)
@@ -15152,10 +15257,10 @@ CVE-2020-3950
RESERVED
CVE-2020-3949
RESERVED
-CVE-2020-3948
- RESERVED
-CVE-2020-3947
- RESERVED
+CVE-2020-3948 (Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and ...)
+ TODO: check
+CVE-2020-3947 (VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2 ...)
+ TODO: check
CVE-2020-3946
RESERVED
CVE-2020-3945 (vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6. ...)
@@ -15730,20 +15835,20 @@ CVE-2019-19947 (In the Linux kernel through 5.4.6, there are information leaks o
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
NOTE: https://git.kernel.org/linus/da2311a6385c3b499da2ed5d9be59ce331fa93e9
-CVE-2019-19946
- RESERVED
-CVE-2019-19945
- RESERVED
+CVE-2019-19946 (The API in Dradis Pro 3.4.1 allows any user to extract the content of ...)
+ TODO: check
+CVE-2019-19945 (uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an ...)
+ TODO: check
CVE-2019-19944 (In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c ...)
NOT-FOR-US: libIEC61850
CVE-2019-19943 (The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3 ...)
NOT-FOR-US: Pablo Quick 'n Easy Web Server
-CVE-2019-19942
- RESERVED
-CVE-2019-19941
- RESERVED
-CVE-2019-19940
- RESERVED
+CVE-2019-19942 (Missing output sanitation in Swisscom Centro Grande Centro Grande befo ...)
+ TODO: check
+CVE-2019-19941 (Missing hostname validation in Swisscom Centro Grande before 6.16.12 a ...)
+ TODO: check
+CVE-2019-19940 (Incorrect input sanitation in text-oriented user interfaces (telnet, s ...)
+ TODO: check
CVE-2019-19939
RESERVED
CVE-2019-19938
@@ -16679,8 +16784,8 @@ CVE-2019-19853
RESERVED
CVE-2019-19852
RESERVED
-CVE-2019-19851
- RESERVED
+CVE-2019-19851 (An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13 ...)
+ TODO: check
CVE-2019-19850 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and ...)
NOT-FOR-US: TYPO3
CVE-2019-19849 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and ...)
@@ -16784,8 +16889,8 @@ CVE-2019-19823 (A certain router administration interface (that includes Realtek
NOT-FOR-US: Realtek
CVE-2019-19822 (A certain router administration interface (that includes Realtek APMIB ...)
NOT-FOR-US: Realtek
-CVE-2019-19821
- RESERVED
+CVE-2019-19821 (A post-authentication privilege escalation in the web application of C ...)
+ TODO: check
CVE-2019-19820 (An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys dr ...)
NOT-FOR-US: Kyrol Internet Security
CVE-2019-19819 (The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.1 ...)
@@ -21849,8 +21954,7 @@ CVE-2020-1755
RESERVED
CVE-2020-1754
RESERVED
-CVE-2020-1753 [kubectl connection plugin leaks sensitive information]
- RESERVED
+CVE-2020-1753 (A security flaw was found in Ansible Engine, all Ansible 2.7.x version ...)
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1811008
CVE-2020-1752 [use-after-free in glob() function when expanding ~user]
@@ -21903,8 +22007,7 @@ CVE-2020-1742
NOT-FOR-US: OpenShift jenkins-slave-base-rhel7-container
CVE-2020-1741
RESERVED
-CVE-2020-1740 [secrets readable after ansible-vault edit]
- RESERVED
+CVE-2020-1740 (A flaw was found in Ansible Engine when using Ansible Vault for editin ...)
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802193
NOTE: https://github.com/ansible/ansible/issues/67798
@@ -21912,8 +22015,7 @@ CVE-2020-1739 (A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, an
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802178
NOTE: https://github.com/ansible/ansible/issues/67797
-CVE-2020-1738 [module package can be selected by the ansible facts]
- RESERVED
+CVE-2020-1738 (A flaw was found in Ansible Engine when the module package or service ...)
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802164
NOTE: https://github.com/ansible/ansible/issues/67796
@@ -21921,13 +22023,11 @@ CVE-2020-1737 (A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, an
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802154
NOTE: https://github.com/ansible/ansible/issues/67795
-CVE-2020-1736 [atomic_move primitive sets permissive permissions]
- RESERVED
+CVE-2020-1736 (A flaw was found in Ansible Engine when a file is moved using atomic_m ...)
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802124
NOTE: https://github.com/ansible/ansible/issues/67794
-CVE-2020-1735 [path injection on dest parameter in fetch module]
- RESERVED
+CVE-2020-1735 (A flaw was found in the Ansible Engine when the fetch module is used. ...)
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802085
NOTE: https://github.com/ansible/ansible/issues/67793
@@ -22008,6 +22108,7 @@ CVE-2020-1712 [heap use-after-free vulnerability]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1794578
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1971
CVE-2020-1711 (An out-of-bounds heap buffer access flaw was found in the way the iSCS ...)
+ {DLA-2144-1}
- qemu 1:4.2-2 (bug #949731)
[buster] - qemu 1:3.1+dfsg-8+deb10u4
[stretch] - qemu <postponed> (Intrusive to backport, revisit later)
@@ -22528,14 +22629,14 @@ CVE-2019-19213
RESERVED
CVE-2019-19212
RESERVED
-CVE-2019-19211
- RESERVED
-CVE-2019-19210
- RESERVED
-CVE-2019-19209
- RESERVED
-CVE-2019-19208
- RESERVED
+CVE-2019-19211 (Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue tha ...)
+ TODO: check
+CVE-2019-19210 (Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML docume ...)
+ TODO: check
+CVE-2019-19209 (Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. ...)
+ TODO: check
+CVE-2019-19208 (Codiad Web IDE through 2.8.4 allows PHP Code injection. ...)
+ TODO: check
CVE-2019-19207 (rConfig 3.9.2 allows devices.php?searchColumn= SQL injection. ...)
NOT-FOR-US: rConfig
CVE-2019-19206 (Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to J ...)
@@ -22697,8 +22798,8 @@ CVE-2019-19137
RESERVED
CVE-2019-19136
RESERVED
-CVE-2019-19135
- RESERVED
+CVE-2019-19135 (In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do ...)
+ TODO: check
CVE-2019-19134 (The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to ...)
NOT-FOR-US: Hero Maps Premium plugin for WordPress
CVE-2019-19133 (The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected ...)
@@ -38002,8 +38103,7 @@ CVE-2019-14889 (A flaw was found with the libssh API function ssh_scp_new() in v
CVE-2019-14888 (A vulnerability was found in the Undertow HTTP server in versions befo ...)
- undertow <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1772464
-CVE-2019-14887
- RESERVED
+CVE-2019-14887 (A flaw was found when an OpenSSL security provider is used with Wildfl ...)
- wildfly <itp> (bug #752018)
CVE-2019-14886 (A vulnerability was found in business-central, as shipped in rhdm-7.5. ...)
NOT-FOR-US: Business central
@@ -39229,8 +39329,8 @@ CVE-2019-14513 (Improper bounds checking in Dnsmasq before 2.76 allows an attack
[stretch] - dnsmasq <no-dsa> (Minor issue)
NOTE: https://github.com/Slovejoy/dnsmasq-pre2.76
NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=d3a8b39c7df2f0debf3b5f274a1c37a9e261f94e
-CVE-2019-14512
- RESERVED
+CVE-2019-14512 (LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/P ...)
+ TODO: check
CVE-2019-14511 (Sphinx Technologies Sphinx 3.1.1 by default has no authentication and ...)
- sphinxsearch <unfixed> (unimportant; bug #939762)
NOTE: Issue is just with the default configuration, but can be easily reconfigured
@@ -45476,7 +45576,7 @@ CVE-2019-12839 (In OrangeHRM 4.3.1 and before, there is an input validation erro
CVE-2013-7472 (The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via t ...)
NOT-FOR-US: "Count per Day" plugin for WordPress
CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL ...)
- {DSA-4572-1}
+ {DSA-4572-1 DLA-2143-1}
- slurm-llnl 19.05.3.2-1 (bug #931880)
[stretch] - slurm-llnl <no-dsa> (Too intrusive to backport)
NOTE: https://github.com/SchedMD/slurm/commit/afa7d743f407c60a7c8a4bd98a10be32c82988b5
@@ -50369,8 +50469,8 @@ CVE-2019-11075
RESERVED
CVE-2019-11074
RESERVED
-CVE-2019-11073
- RESERVED
+CVE-2019-11073 (A Remote Code Execution vulnerability exists in PRTG Network Monitor b ...)
+ TODO: check
CVE-2019-11072 (** DISPUTED ** lighttpd before 1.4.54 has a signed integer overflow, w ...)
- lighttpd 1.4.53-4 (bug #926885)
[stretch] - lighttpd <not-affected> (Vulnerable code introduced later)
@@ -53184,8 +53284,7 @@ CVE-2019-10092 (In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripti
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=63688#c5
NOTE: https://svn.apache.org/r1864191
NOTE: Regression: https://bugs.debian.org/941202
-CVE-2019-10091
- RESERVED
+CVE-2019-10091 (When TLS is enabled with ssl-endpoint-identification-enabled set to tr ...)
NOT-FOR-US: Apache Geode
CVE-2019-10090 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...)
- jspwiki <removed>
@@ -63885,6 +63984,7 @@ CVE-2019-6439 (examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL thr
NOTE: https://github.com/wolfSSL/wolfssl/issues/2032
NOTE: Issue only in example code
CVE-2019-6438 (SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bi ...)
+ {DLA-2143-1}
- slurm-llnl 18.08.5.2-1 (low; bug #920997)
[stretch] - slurm-llnl 16.05.9-1+deb9u3
NOTE: https://www.schedmd.com/news.php?id=213
@@ -66225,8 +66325,8 @@ CVE-2019-5544 (OpenSLP as used in ESXi and the Horizon DaaS appliances has a hea
{DLA-2025-1}
- openslp-dfsg <removed>
NOTE: https://www.openwall.com/lists/oss-security/2019/12/06/1
-CVE-2019-5543
- RESERVED
+CVE-2019-5543 (For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VM ...)
+ TODO: check
CVE-2019-5542 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1 ...)
NOT-FOR-US: VMware
CVE-2019-5541 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1 ...)
@@ -68118,8 +68218,8 @@ CVE-2019-4721
RESERVED
CVE-2019-4720 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
NOT-FOR-US: IBM
-CVE-2019-4719
- RESERVED
+CVE-2019-4719 (IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C ...)
+ TODO: check
CVE-2019-4718
RESERVED
CVE-2019-4717
@@ -68244,8 +68344,8 @@ CVE-2019-4658
RESERVED
CVE-2019-4657
RESERVED
-CVE-2019-4656
- RESERVED
+CVE-2019-4656 (IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C ...)
+ TODO: check
CVE-2019-4655 (IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is ...)
NOT-FOR-US: IBM
CVE-2019-4654
@@ -68318,12 +68418,12 @@ CVE-2019-4621 (IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 thro
NOT-FOR-US: IBM
CVE-2019-4620 (IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypas ...)
NOT-FOR-US: IBM
-CVE-2019-4619
- RESERVED
+CVE-2019-4619 (IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C ...)
+ TODO: check
CVE-2019-4618
RESERVED
-CVE-2019-4617
- RESERVED
+CVE-2019-4617 (IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable ...)
+ TODO: check
CVE-2019-4616 (IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute ...)
NOT-FOR-US: IBM
CVE-2019-4615
@@ -81947,8 +82047,8 @@ CVE-2018-19327 (An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php
NOT-FOR-US: JTBC(PHP)
CVE-2018-19326 (Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory T ...)
NOT-FOR-US: Zyxel
-CVE-2018-19325
- RESERVED
+CVE-2018-19325 (tcpdump 4.9.2 (and probably lower versions) is prone to a heap-based b ...)
+ TODO: check
CVE-2018-19324 (kimsQ Rb 2.3.0 allows XSS via the second input field to the /?r=home&a ...)
NOT-FOR-US: kimsQ Rb
CVE-2018-19323 (The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, ...)
@@ -98588,14 +98688,14 @@ CVE-2018-13065 (** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribut
NOT-FOR-US: Bogus claim for ModSecurity, to be revoked
CVE-2018-13064
RESERVED
-CVE-2018-13063
- RESERVED
+CVE-2018-13063 (Easy!Appointments 1.3.0 has a Missing Authorization issue allowing ret ...)
+ TODO: check
CVE-2018-13062
RESERVED
CVE-2018-13061
RESERVED
-CVE-2018-13060
- RESERVED
+CVE-2018-13060 (Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue. ...)
+ TODO: check
CVE-2018-13059
RESERVED
CVE-2018-13058
@@ -107021,8 +107121,8 @@ CVE-2018-10126 (LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16
- tiff <unfixed> (unimportant)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2786
NOTE: Crash in CLI tool, no security impact
-CVE-2018-10125
- RESERVED
+CVE-2018-10125 (Contao before 4.5.7 has XSS in the system log. ...)
+ TODO: check
CVE-2018-10123 (p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to r ...)
NOT-FOR-US: p910nd on Inteno IOPSYS
CVE-2018-10122 (QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55e575211258758b2948be2fa5e70d081d9d956d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55e575211258758b2948be2fa5e70d081d9d956d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200316/01e69350/attachment.html>
More information about the debian-security-tracker-commits
mailing list