[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Mar 16 20:10:33 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
55e57521 by security tracker role at 2020-03-16T20:10:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,107 @@
+CVE-2020-10646
+	RESERVED
+CVE-2020-10645
+	RESERVED
+CVE-2020-10644
+	RESERVED
+CVE-2020-10643
+	RESERVED
+CVE-2020-10642
+	RESERVED
+CVE-2020-10641
+	RESERVED
+CVE-2020-10640
+	RESERVED
+CVE-2020-10639
+	RESERVED
+CVE-2020-10638
+	RESERVED
+CVE-2020-10637
+	RESERVED
+CVE-2020-10636
+	RESERVED
+CVE-2020-10635
+	RESERVED
+CVE-2020-10634
+	RESERVED
+CVE-2020-10633
+	RESERVED
+CVE-2020-10632
+	RESERVED
+CVE-2020-10631
+	RESERVED
+CVE-2020-10630
+	RESERVED
+CVE-2020-10629
+	RESERVED
+CVE-2020-10628
+	RESERVED
+CVE-2020-10627
+	RESERVED
+CVE-2020-10626
+	RESERVED
+CVE-2020-10625
+	RESERVED
+CVE-2020-10624
+	RESERVED
+CVE-2020-10623
+	RESERVED
+CVE-2020-10622
+	RESERVED
+CVE-2020-10621
+	RESERVED
+CVE-2020-10620
+	RESERVED
+CVE-2020-10619
+	RESERVED
+CVE-2020-10618
+	RESERVED
+CVE-2020-10617
+	RESERVED
+CVE-2020-10616
+	RESERVED
+CVE-2020-10615
+	RESERVED
+CVE-2020-10614
+	RESERVED
+CVE-2020-10613
+	RESERVED
+CVE-2020-10612
+	RESERVED
+CVE-2020-10611
+	RESERVED
+CVE-2020-10610
+	RESERVED
+CVE-2020-10609
+	RESERVED
+CVE-2020-10608
+	RESERVED
+CVE-2020-10607
+	RESERVED
+CVE-2020-10606
+	RESERVED
+CVE-2020-10605
+	RESERVED
+CVE-2020-10604
+	RESERVED
+CVE-2020-10603
+	RESERVED
+CVE-2020-10602
+	RESERVED
+CVE-2020-10601
+	RESERVED
+CVE-2020-10600
+	RESERVED
+CVE-2020-10599
+	RESERVED
+CVE-2020-10598
+	RESERVED
+CVE-2020-10597
+	RESERVED
+CVE-2020-10596
+	RESERVED
+CVE-2018-21037
+	RESERVED
 CVE-2020-10595
 	RESERVED
 CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows att ...)
@@ -81,8 +185,8 @@ CVE-2020-10559
 	RESERVED
 CVE-2020-10558
 	RESERVED
-CVE-2020-10557
-	RESERVED
+CVE-2020-10557 (An issue was discovered in AContent through 1.4. It allows the user to ...)
+	TODO: check
 CVE-2020-10556
 	RESERVED
 CVE-2020-10555
@@ -733,18 +837,18 @@ CVE-2020-10245
 	RESERVED
 CVE-2020-10244 (JPaseto before 0.3.0 generates weak hashes when using v2.local tokens. ...)
 	NOT-FOR-US: JPaseto
-CVE-2020-10243
-	RESERVED
-CVE-2020-10242
-	RESERVED
-CVE-2020-10241
-	RESERVED
-CVE-2020-10240
-	RESERVED
-CVE-2020-10239
-	RESERVED
-CVE-2020-10238
-	RESERVED
+CVE-2020-10243 (An issue was discovered in Joomla! before 3.9.16. The lack of type cas ...)
+	TODO: check
+CVE-2020-10242 (An issue was discovered in Joomla! before 3.9.16. Inadequate handling  ...)
+	TODO: check
+CVE-2020-10241 (An issue was discovered in Joomla! before 3.9.16. Missing token checks ...)
+	TODO: check
+CVE-2020-10240 (An issue was discovered in Joomla! before 3.9.16. Missing length check ...)
+	TODO: check
+CVE-2020-10239 (An issue was discovered in Joomla! before 3.9.16. Incorrect Access Con ...)
+	TODO: check
+CVE-2020-10238 (An issue was discovered in Joomla! before 3.9.16. Various actions in c ...)
+	TODO: check
 CVE-2020-10237 (An issue was discovered in Froxlor through 0.10.15. The installer wrot ...)
 	NOT-FOR-US: Froxlor
 CVE-2020-10236 (An issue was discovered in Froxlor before 0.10.14. It created files wi ...)
@@ -766,8 +870,8 @@ CVE-2020-10232 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a
 	NOTE: https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1
 CVE-2020-10231
 	RESERVED
-CVE-2020-10230
-	RESERVED
+CVE-2020-10230 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) al ...)
+	TODO: check
 CVE-2020-10229
 	RESERVED
 CVE-2020-10228
@@ -1751,6 +1855,7 @@ CVE-2020-10020
 CVE-2020-10019
 	RESERVED
 CVE-2020-10018 (WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the  ...)
+	{DSA-4641-1}
 	- webkit2gtk 2.28.0-2
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -2313,10 +2418,10 @@ CVE-2020-9521
 	RESERVED
 CVE-2020-9520
 	RESERVED
-CVE-2020-9519
-	RESERVED
-CVE-2020-9518
-	RESERVED
+CVE-2020-9519 (HTTP methods reveled in Web services vulnerability in Micro Focus Serv ...)
+	TODO: check
+CVE-2020-9518 (Login filter can access configuration files vulnerability in Micro Foc ...)
+	TODO: check
 CVE-2020-9517 (There is an improper restriction of rendered UI layers or frames vulne ...)
 	NOT-FOR-US: Micro Focus
 CVE-2020-9516
@@ -2467,7 +2572,7 @@ CVE-2020-9449 (An insecure random number generation vulnerability in BlaB! AX, B
 	NOT-FOR-US: BlaB!
 CVE-2020-9448
 	RESERVED
-CVE-2020-9447 (The file-upload feature in GwtUpload 1.0.3 allows XSS via a crafted fi ...)
+CVE-2020-9447 (There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0. ...)
 	NOT-FOR-US: GwtUpload
 CVE-2020-9446
 	RESERVED
@@ -2808,8 +2913,8 @@ CVE-2020-9323
 	RESERVED
 CVE-2020-9322
 	RESERVED
-CVE-2020-9321
-	RESERVED
+CVE-2020-9321 (configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0. ...)
+	TODO: check
 CVE-2020-9320 (Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a  ...)
 	NOT-FOR-US: Avira
 CVE-2020-9319
@@ -4433,7 +4538,7 @@ CVE-2020-8610
 CVE-2020-8609
 	RESERVED
 CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf  ...)
-	{DLA-2142-1}
+	{DLA-2144-1 DLA-2142-1}
 	- libslirp <unfixed>
 	- qemu 1:4.1-2
 	[buster] - qemu <postponed> (Minor issue)
@@ -6061,8 +6166,8 @@ CVE-2020-7918
 	RESERVED
 CVE-2020-7917
 	RESERVED
-CVE-2020-7916
-	RESERVED
+CVE-2020-7916 (be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 ...)
+	TODO: check
 CVE-2020-7915 (An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI fie ...)
 	NOT-FOR-US: Eaton devices
 CVE-2020-7914 (In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfigur ...)
@@ -8141,28 +8246,28 @@ CVE-2020-6992
 	RESERVED
 CVE-2020-6991
 	RESERVED
-CVE-2020-6990
-	RESERVED
+CVE-2020-6990 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
+	TODO: check
 CVE-2020-6989
 	RESERVED
-CVE-2020-6988
-	RESERVED
+CVE-2020-6988 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
+	TODO: check
 CVE-2020-6987
 	RESERVED
 CVE-2020-6986 (In all versions of Omron PLC CJ Series, an attacker can send a series  ...)
 	NOT-FOR-US: Omron
 CVE-2020-6985
 	RESERVED
-CVE-2020-6984
-	RESERVED
+CVE-2020-6984 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
+	TODO: check
 CVE-2020-6983
 	RESERVED
 CVE-2020-6982
 	RESERVED
 CVE-2020-6981
 	RESERVED
-CVE-2020-6980
-	RESERVED
+CVE-2020-6980 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
+	TODO: check
 CVE-2020-6979
 	RESERVED
 CVE-2020-6978
@@ -9116,12 +9221,12 @@ CVE-2020-6588
 	RESERVED
 CVE-2020-6587
 	RESERVED
-CVE-2020-6586
-	RESERVED
-CVE-2020-6585
-	RESERVED
-CVE-2020-6584
-	RESERVED
+CVE-2020-6586 (Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a ...)
+	TODO: check
+CVE-2020-6585 (Nagios Log Server 2.1.3 has CSRF. ...)
+	TODO: check
+CVE-2020-6584 (Nagios Log Server 2.1.3 has Incorrect Access Control. ...)
+	TODO: check
 CVE-2019-20371
 	RESERVED
 CVE-2019-20370
@@ -9132,10 +9237,10 @@ CVE-2019-20368
 	RESERVED
 CVE-2020-6583 (BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be  ...)
 	NOT-FOR-US: BigProf Online Invoicing System (OIS)
-CVE-2020-6582
-	RESERVED
-CVE-2020-6581
-	RESERVED
+CVE-2020-6582 (Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by ...)
+	TODO: check
+CVE-2020-6581 (Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nas ...)
+	TODO: check
 CVE-2020-6580
 	RESERVED
 CVE-2020-6579
@@ -10720,18 +10825,18 @@ CVE-2020-5851 (On impacted versions and platforms the Trusted Platform Module (T
 	NOT-FOR-US: F5 BIG-IP
 CVE-2020-5850
 	RESERVED
-CVE-2020-5849
-	RESERVED
+CVE-2020-5849 (Unraid 6.8.0 allows authentication bypass. ...)
+	TODO: check
 CVE-2020-5848
 	RESERVED
-CVE-2020-5847
-	RESERVED
+CVE-2020-5847 (Unraid through 6.8.0 allows Remote Code Execution. ...)
+	TODO: check
 CVE-2020-5846 (An insecure file upload and code execution issue was discovered in Ahs ...)
 	NOT-FOR-US: Ahsay Cloud Backup Suite
 CVE-2020-5845
 	RESERVED
-CVE-2020-5844
-	RESERVED
+CVE-2020-5844 (index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pan ...)
+	TODO: check
 CVE-2020-5843 (Codoforum 4.8.3 allows XSS in the admin dashboard via a category to th ...)
 	NOT-FOR-US: Codoforum
 CVE-2020-5842 (Codoforum 4.8.3 allows XSS in the user registration page: via the user ...)
@@ -15152,10 +15257,10 @@ CVE-2020-3950
 	RESERVED
 CVE-2020-3949
 	RESERVED
-CVE-2020-3948
-	RESERVED
-CVE-2020-3947
-	RESERVED
+CVE-2020-3948 (Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and ...)
+	TODO: check
+CVE-2020-3947 (VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2 ...)
+	TODO: check
 CVE-2020-3946
 	RESERVED
 CVE-2020-3945 (vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6. ...)
@@ -15730,20 +15835,20 @@ CVE-2019-19947 (In the Linux kernel through 5.4.6, there are information leaks o
 	[buster] - linux 4.19.98-1
 	[stretch] - linux 4.9.210-1
 	NOTE: https://git.kernel.org/linus/da2311a6385c3b499da2ed5d9be59ce331fa93e9
-CVE-2019-19946
-	RESERVED
-CVE-2019-19945
-	RESERVED
+CVE-2019-19946 (The API in Dradis Pro 3.4.1 allows any user to extract the content of  ...)
+	TODO: check
+CVE-2019-19945 (uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an  ...)
+	TODO: check
 CVE-2019-19944 (In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c ...)
 	NOT-FOR-US: libIEC61850
 CVE-2019-19943 (The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3 ...)
 	NOT-FOR-US: Pablo Quick 'n Easy Web Server
-CVE-2019-19942
-	RESERVED
-CVE-2019-19941
-	RESERVED
-CVE-2019-19940
-	RESERVED
+CVE-2019-19942 (Missing output sanitation in Swisscom Centro Grande Centro Grande befo ...)
+	TODO: check
+CVE-2019-19941 (Missing hostname validation in Swisscom Centro Grande before 6.16.12 a ...)
+	TODO: check
+CVE-2019-19940 (Incorrect input sanitation in text-oriented user interfaces (telnet, s ...)
+	TODO: check
 CVE-2019-19939
 	RESERVED
 CVE-2019-19938
@@ -16679,8 +16784,8 @@ CVE-2019-19853
 	RESERVED
 CVE-2019-19852
 	RESERVED
-CVE-2019-19851
-	RESERVED
+CVE-2019-19851 (An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13 ...)
+	TODO: check
 CVE-2019-19850 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and ...)
 	NOT-FOR-US: TYPO3
 CVE-2019-19849 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and ...)
@@ -16784,8 +16889,8 @@ CVE-2019-19823 (A certain router administration interface (that includes Realtek
 	NOT-FOR-US: Realtek
 CVE-2019-19822 (A certain router administration interface (that includes Realtek APMIB ...)
 	NOT-FOR-US: Realtek
-CVE-2019-19821
-	RESERVED
+CVE-2019-19821 (A post-authentication privilege escalation in the web application of C ...)
+	TODO: check
 CVE-2019-19820 (An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys dr ...)
 	NOT-FOR-US: Kyrol Internet Security
 CVE-2019-19819 (The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.1 ...)
@@ -21849,8 +21954,7 @@ CVE-2020-1755
 	RESERVED
 CVE-2020-1754
 	RESERVED
-CVE-2020-1753 [kubectl connection plugin leaks sensitive information]
-	RESERVED
+CVE-2020-1753 (A security flaw was found in Ansible Engine, all Ansible 2.7.x version ...)
 	- ansible <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1811008
 CVE-2020-1752 [use-after-free in glob() function when expanding ~user]
@@ -21903,8 +22007,7 @@ CVE-2020-1742
 	NOT-FOR-US: OpenShift jenkins-slave-base-rhel7-container
 CVE-2020-1741
 	RESERVED
-CVE-2020-1740 [secrets readable after ansible-vault edit]
-	RESERVED
+CVE-2020-1740 (A flaw was found in Ansible Engine when using Ansible Vault for editin ...)
 	- ansible <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802193
 	NOTE: https://github.com/ansible/ansible/issues/67798
@@ -21912,8 +22015,7 @@ CVE-2020-1739 (A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, an
 	- ansible <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802178
 	NOTE: https://github.com/ansible/ansible/issues/67797
-CVE-2020-1738 [module package can be selected by the ansible facts]
-	RESERVED
+CVE-2020-1738 (A flaw was found in Ansible Engine when the module package or service  ...)
 	- ansible <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802164
 	NOTE: https://github.com/ansible/ansible/issues/67796
@@ -21921,13 +22023,11 @@ CVE-2020-1737 (A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, an
 	- ansible <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802154
 	NOTE: https://github.com/ansible/ansible/issues/67795
-CVE-2020-1736 [atomic_move primitive sets permissive permissions]
-	RESERVED
+CVE-2020-1736 (A flaw was found in Ansible Engine when a file is moved using atomic_m ...)
 	- ansible <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802124
 	NOTE: https://github.com/ansible/ansible/issues/67794
-CVE-2020-1735 [path injection on dest parameter in fetch module]
-	RESERVED
+CVE-2020-1735 (A flaw was found in the Ansible Engine when the fetch module is used.  ...)
 	- ansible <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802085
 	NOTE: https://github.com/ansible/ansible/issues/67793
@@ -22008,6 +22108,7 @@ CVE-2020-1712 [heap use-after-free vulnerability]
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1794578
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1971
 CVE-2020-1711 (An out-of-bounds heap buffer access flaw was found in the way the iSCS ...)
+	{DLA-2144-1}
 	- qemu 1:4.2-2 (bug #949731)
 	[buster] - qemu 1:3.1+dfsg-8+deb10u4
 	[stretch] - qemu <postponed> (Intrusive to backport, revisit later)
@@ -22528,14 +22629,14 @@ CVE-2019-19213
 	RESERVED
 CVE-2019-19212
 	RESERVED
-CVE-2019-19211
-	RESERVED
-CVE-2019-19210
-	RESERVED
-CVE-2019-19209
-	RESERVED
-CVE-2019-19208
-	RESERVED
+CVE-2019-19211 (Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue tha ...)
+	TODO: check
+CVE-2019-19210 (Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML docume ...)
+	TODO: check
+CVE-2019-19209 (Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. ...)
+	TODO: check
+CVE-2019-19208 (Codiad Web IDE through 2.8.4 allows PHP Code injection. ...)
+	TODO: check
 CVE-2019-19207 (rConfig 3.9.2 allows devices.php?searchColumn= SQL injection. ...)
 	NOT-FOR-US: rConfig
 CVE-2019-19206 (Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to J ...)
@@ -22697,8 +22798,8 @@ CVE-2019-19137
 	RESERVED
 CVE-2019-19136
 	RESERVED
-CVE-2019-19135
-	RESERVED
+CVE-2019-19135 (In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do ...)
+	TODO: check
 CVE-2019-19134 (The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to ...)
 	NOT-FOR-US: Hero Maps Premium plugin for WordPress
 CVE-2019-19133 (The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected  ...)
@@ -38002,8 +38103,7 @@ CVE-2019-14889 (A flaw was found with the libssh API function ssh_scp_new() in v
 CVE-2019-14888 (A vulnerability was found in the Undertow HTTP server in versions befo ...)
 	- undertow <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1772464
-CVE-2019-14887
-	RESERVED
+CVE-2019-14887 (A flaw was found when an OpenSSL security provider is used with Wildfl ...)
 	- wildfly <itp> (bug #752018)
 CVE-2019-14886 (A vulnerability was found in business-central, as shipped in rhdm-7.5. ...)
 	NOT-FOR-US: Business central
@@ -39229,8 +39329,8 @@ CVE-2019-14513 (Improper bounds checking in Dnsmasq before 2.76 allows an attack
 	[stretch] - dnsmasq <no-dsa> (Minor issue)
 	NOTE: https://github.com/Slovejoy/dnsmasq-pre2.76
 	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=d3a8b39c7df2f0debf3b5f274a1c37a9e261f94e
-CVE-2019-14512
-	RESERVED
+CVE-2019-14512 (LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/P ...)
+	TODO: check
 CVE-2019-14511 (Sphinx Technologies Sphinx 3.1.1 by default has no authentication and  ...)
 	- sphinxsearch <unfixed> (unimportant; bug #939762)
 	NOTE: Issue is just with the default configuration, but can be easily reconfigured
@@ -45476,7 +45576,7 @@ CVE-2019-12839 (In OrangeHRM 4.3.1 and before, there is an input validation erro
 CVE-2013-7472 (The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via t ...)
 	NOT-FOR-US: "Count per Day" plugin for WordPress
 CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL ...)
-	{DSA-4572-1}
+	{DSA-4572-1 DLA-2143-1}
 	- slurm-llnl 19.05.3.2-1 (bug #931880)
 	[stretch] - slurm-llnl <no-dsa> (Too intrusive to backport)
 	NOTE: https://github.com/SchedMD/slurm/commit/afa7d743f407c60a7c8a4bd98a10be32c82988b5
@@ -50369,8 +50469,8 @@ CVE-2019-11075
 	RESERVED
 CVE-2019-11074
 	RESERVED
-CVE-2019-11073
-	RESERVED
+CVE-2019-11073 (A Remote Code Execution vulnerability exists in PRTG Network Monitor b ...)
+	TODO: check
 CVE-2019-11072 (** DISPUTED ** lighttpd before 1.4.54 has a signed integer overflow, w ...)
 	- lighttpd 1.4.53-4 (bug #926885)
 	[stretch] - lighttpd <not-affected> (Vulnerable code introduced later)
@@ -53184,8 +53284,7 @@ CVE-2019-10092 (In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripti
 	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=63688#c5
 	NOTE: https://svn.apache.org/r1864191
 	NOTE: Regression: https://bugs.debian.org/941202
-CVE-2019-10091
-	RESERVED
+CVE-2019-10091 (When TLS is enabled with ssl-endpoint-identification-enabled set to tr ...)
 	NOT-FOR-US: Apache Geode
 CVE-2019-10090 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...)
 	- jspwiki <removed>
@@ -63885,6 +63984,7 @@ CVE-2019-6439 (examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL thr
 	NOTE: https://github.com/wolfSSL/wolfssl/issues/2032
 	NOTE: Issue only in example code
 CVE-2019-6438 (SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bi ...)
+	{DLA-2143-1}
 	- slurm-llnl 18.08.5.2-1 (low; bug #920997)
 	[stretch] - slurm-llnl 16.05.9-1+deb9u3
 	NOTE: https://www.schedmd.com/news.php?id=213
@@ -66225,8 +66325,8 @@ CVE-2019-5544 (OpenSLP as used in ESXi and the Horizon DaaS appliances has a hea
 	{DLA-2025-1}
 	- openslp-dfsg <removed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/12/06/1
-CVE-2019-5543
-	RESERVED
+CVE-2019-5543 (For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VM ...)
+	TODO: check
 CVE-2019-5542 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1 ...)
 	NOT-FOR-US: VMware
 CVE-2019-5541 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1 ...)
@@ -68118,8 +68218,8 @@ CVE-2019-4721
 	RESERVED
 CVE-2019-4720 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable  ...)
 	NOT-FOR-US: IBM
-CVE-2019-4719
-	RESERVED
+CVE-2019-4719 (IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C ...)
+	TODO: check
 CVE-2019-4718
 	RESERVED
 CVE-2019-4717
@@ -68244,8 +68344,8 @@ CVE-2019-4658
 	RESERVED
 CVE-2019-4657
 	RESERVED
-CVE-2019-4656
-	RESERVED
+CVE-2019-4656 (IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C ...)
+	TODO: check
 CVE-2019-4655 (IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is  ...)
 	NOT-FOR-US: IBM
 CVE-2019-4654
@@ -68318,12 +68418,12 @@ CVE-2019-4621 (IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 thro
 	NOT-FOR-US: IBM
 CVE-2019-4620 (IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypas ...)
 	NOT-FOR-US: IBM
-CVE-2019-4619
-	RESERVED
+CVE-2019-4619 (IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C ...)
+	TODO: check
 CVE-2019-4618
 	RESERVED
-CVE-2019-4617
-	RESERVED
+CVE-2019-4617 (IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable ...)
+	TODO: check
 CVE-2019-4616 (IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute ...)
 	NOT-FOR-US: IBM
 CVE-2019-4615
@@ -81947,8 +82047,8 @@ CVE-2018-19327 (An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php
 	NOT-FOR-US: JTBC(PHP)
 CVE-2018-19326 (Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory T ...)
 	NOT-FOR-US: Zyxel
-CVE-2018-19325
-	RESERVED
+CVE-2018-19325 (tcpdump 4.9.2 (and probably lower versions) is prone to a heap-based b ...)
+	TODO: check
 CVE-2018-19324 (kimsQ Rb 2.3.0 allows XSS via the second input field to the /?r=home&a ...)
 	NOT-FOR-US: kimsQ Rb
 CVE-2018-19323 (The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, ...)
@@ -98588,14 +98688,14 @@ CVE-2018-13065 (** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribut
 	NOT-FOR-US: Bogus claim for ModSecurity, to be revoked
 CVE-2018-13064
 	RESERVED
-CVE-2018-13063
-	RESERVED
+CVE-2018-13063 (Easy!Appointments 1.3.0 has a Missing Authorization issue allowing ret ...)
+	TODO: check
 CVE-2018-13062
 	RESERVED
 CVE-2018-13061
 	RESERVED
-CVE-2018-13060
-	RESERVED
+CVE-2018-13060 (Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue. ...)
+	TODO: check
 CVE-2018-13059
 	RESERVED
 CVE-2018-13058
@@ -107021,8 +107121,8 @@ CVE-2018-10126 (LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16
 	- tiff <unfixed> (unimportant)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2786
 	NOTE: Crash in CLI tool, no security impact
-CVE-2018-10125
-	RESERVED
+CVE-2018-10125 (Contao before 4.5.7 has XSS in the system log. ...)
+	TODO: check
 CVE-2018-10123 (p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to r ...)
 	NOT-FOR-US: p910nd on Inteno IOPSYS
 CVE-2018-10122 (QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55e575211258758b2948be2fa5e70d081d9d956d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55e575211258758b2948be2fa5e70d081d9d956d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200316/01e69350/attachment.html>


More information about the debian-security-tracker-commits mailing list