[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 17 08:10:24 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
57f151bd by security tracker role at 2020-03-17T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2020-10649
+ RESERVED
+CVE-2020-10648
+ RESERVED
+CVE-2020-10647
+ RESERVED
CVE-2020-10646
RESERVED
CVE-2020-10645
@@ -1300,8 +1306,8 @@ CVE-2019-20493
RESERVED
CVE-2019-20492
RESERVED
-CVE-2019-20491
- RESERVED
+CVE-2019-20491 (cPanel before 82.0.18 allows attackers to leverage virtual mail accoun ...)
+ TODO: check
CVE-2019-20490
RESERVED
CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broke ...)
@@ -2522,10 +2528,10 @@ CVE-2020-9474
RESERVED
CVE-2020-9473
RESERVED
-CVE-2020-9472
- RESERVED
-CVE-2020-9471
- RESERVED
+CVE-2020-9472 (Umbraco CMS 8.5.3 allows an authenticated file upload (and consequentl ...)
+ TODO: check
+CVE-2020-9471 (Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequen ...)
+ TODO: check
CVE-2020-9470 (An issue was discovered in Wing FTP Server 6.2.5 before February 2020. ...)
NOT-FOR-US: Wing FTP Server
CVE-2020-9469
@@ -2846,10 +2852,10 @@ CVE-2020-9349
RESERVED
CVE-2020-9348
RESERVED
-CVE-2020-9347
- RESERVED
-CVE-2020-9346
- RESERVED
+CVE-2020-9347 (Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Ma ...)
+ TODO: check
+CVE-2020-9346 (Zoho ManageEngine Password Manager Pro 10.4 and prior has no protectio ...)
+ TODO: check
CVE-2020-9345
RESERVED
CVE-2020-9344
@@ -4151,16 +4157,16 @@ CVE-2020-8789
RESERVED
CVE-2020-8788 (Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HT ...)
NOT-FOR-US: Synaptive Medical ClearCanvas ImageServer
-CVE-2020-8787
- RESERVED
-CVE-2020-8786
- RESERVED
-CVE-2020-8785
- RESERVED
-CVE-2020-8784
- RESERVED
-CVE-2020-8783
- RESERVED
+CVE-2020-8787 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
+ TODO: check
+CVE-2020-8786 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
+ TODO: check
+CVE-2020-8785 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
+ TODO: check
+CVE-2020-8784 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
+ TODO: check
+CVE-2020-8783 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
+ TODO: check
CVE-2019-20450
RESERVED
CVE-2019-20449
@@ -5955,8 +5961,8 @@ CVE-2019-20421 (In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an
[jessie] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8
NOTE: https://github.com/Exiv2/exiv2/issues/1011
-CVE-2020-7982
- RESERVED
+CVE-2020-7982 (An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and ...)
+ TODO: check
CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection whe ...)
- ruby-geocoder 1.5.1-3 (bug #949870)
NOTE: https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613
@@ -6133,8 +6139,8 @@ CVE-2019-20409
RESERVED
CVE-2019-20408
RESERVED
-CVE-2019-20407
- RESERVED
+CVE-2019-20407 (The ConfigureBambooRelease resource in Jira Software and Jira Software ...)
+ TODO: check
CVE-2019-20406 (The usage of Tomcat in Confluence on the Microsoft Windows operating s ...)
NOT-FOR-US: Atlassian
CVE-2019-20405 (The JMX monitoring flag in Atlassian Jira Server and Data Center befor ...)
@@ -6151,8 +6157,7 @@ CVE-2019-20400 (The usage of Tomcat in Jira before version 8.5.2 allows local at
NOT-FOR-US: Atlassian
CVE-2020-7920 (pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2 ...)
NOT-FOR-US: Percona Monitoring and Management (PMM)
-CVE-2020-7919
- RESERVED
+CVE-2020-7919 (Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte ...)
- golang-1.14 1.14~rc1-1
- golang-1.13 1.13.7-1
- golang-1.11 <removed>
@@ -6831,8 +6836,8 @@ CVE-2020-7610
RESERVED
CVE-2020-7609
RESERVED
-CVE-2020-7608
- RESERVED
+CVE-2020-7608 (yargs-parser could be tricked into adding or modifying properties of O ...)
+ TODO: check
CVE-2020-7607 (gulp-styledocco through 0.0.3 allows execution of arbitrary commands. ...)
TODO: check
CVE-2020-7606 (docker-compose-remote-api through 0.1.4 allows execution of arbitrary ...)
@@ -7583,8 +7588,8 @@ CVE-2020-7250
RESERVED
CVE-2020-7249 (SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on th ...)
NOT-FOR-US: SMC D3G0804W devices
-CVE-2020-7248
- RESERVED
+CVE-2020-7248 (libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged ...)
+ TODO: check
CVE-2020-XXXX [opensmtpd DoS via opportunistic TLS downgrade]
- opensmtpd 6.6.2p1-1 (bug #950121)
[stretch] - opensmtpd 6.0.2p1-2+deb9u2
@@ -10153,8 +10158,8 @@ CVE-2019-20362 (In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 1
NOT-FOR-US: Teradici
CVE-2020-6176
RESERVED
-CVE-2020-6175
- RESERVED
+CVE-2020-6175 (Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missin ...)
+ TODO: check
CVE-2020-6174 (TUF (aka The Update Framework) through 0.12.1 has Improper Verificatio ...)
- python-tuf <itp> (bug #934151)
CVE-2020-6173 (TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolle ...)
@@ -12515,8 +12520,7 @@ CVE-2019-20227
REJECTED
CVE-2019-20226
REJECTED
-CVE-2019-20326 [buffer overflow]
- RESERVED
+CVE-2019-20326 (A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg( ...)
{DLA-2066-1}
- gthumb <unfixed> (bug #948197)
[buster] - gthumb <no-dsa> (Minor issue)
@@ -12755,8 +12759,8 @@ CVE-2019-20193
RESERVED
CVE-2019-20192
RESERVED
-CVE-2019-20191
- RESERVED
+CVE-2019-20191 (Oxygen XML Editor 21.1.1 allows XXE to read any file. ...)
+ TODO: check
CVE-2019-20190
RESERVED
CVE-2019-20189
@@ -15384,8 +15388,8 @@ CVE-2019-20107 (Multiple SQL injection vulnerabilities in TestLink through 1.9.1
NOT-FOR-US: TestLink
CVE-2019-20106 (Comment properties in Atlassian Jira Server and Data Center before ver ...)
NOT-FOR-US: Atlassian
-CVE-2019-20105
- RESERVED
+CVE-2019-20105 (The EditApplinkServlet resource in the Atlassian Application Links plu ...)
+ TODO: check
CVE-2019-20104 (The OpenID client application in Atlassian Crowd before version 3.6.2, ...)
NOT-FOR-US: Atlassian
CVE-2019-20103
@@ -15853,8 +15857,8 @@ CVE-2019-19939
RESERVED
CVE-2019-19938
RESERVED
-CVE-2019-19937
- RESERVED
+CVE-2019-19937 (In JFrog Artifactory before 6.18, it is not possible to restrict eithe ...)
+ TODO: check
CVE-2019-19936
RESERVED
CVE-2019-19935
@@ -16782,8 +16786,8 @@ CVE-2019-19854 (An issue was discovered in Serpico (aka SimplE RePort wrIting an
NOT-FOR-US: Serpico
CVE-2019-19853
RESERVED
-CVE-2019-19852
- RESERVED
+CVE-2019-19852 (An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13 ...)
+ TODO: check
CVE-2019-19851 (An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13 ...)
TODO: check
CVE-2019-19850 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and ...)
@@ -19763,18 +19767,18 @@ CVE-2019-19617 (phpMyAdmin before 4.9.2 does not escape certain Git information,
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9
CVE-2019-19616 (An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia ...)
NOT-FOR-US: Microsoft Dynamics NAV
-CVE-2019-19615
- RESERVED
+CVE-2019-19615 (Multiple XSS vulnerabilities exist in the Backup & Restore module ...)
+ TODO: check
CVE-2019-19614 (An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login p ...)
NOT-FOR-US: Halvotec RAQuest
-CVE-2019-19613
- RESERVED
-CVE-2019-19612
- RESERVED
+CVE-2019-19613 (** DISPUTED ** An issue was discovered in Halvotec RaQuest 10.23.10801 ...)
+ TODO: check
+CVE-2019-19612 (** DISPUTED ** An issue was discovered in Halvotec RaQuest 10.23.10801 ...)
+ TODO: check
CVE-2019-19611 (An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the ...)
NOT-FOR-US: Halvotec RaQuest
-CVE-2019-19610
- RESERVED
+CVE-2019-19610 (** DISPUTED ** An issue was discovered in Halvotec RaQuest 10.23.10801 ...)
+ TODO: check
CVE-2019-19609 (The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Co ...)
NOT-FOR-US: Strapi
CVE-2019-19608 (A SQL injection vulnerability in in the web conferencing component of ...)
@@ -21026,8 +21030,8 @@ CVE-2019-19543 (In the Linux kernel before 5.1.6, there is a use-after-free in s
NOTE: https://git.kernel.org/linus/56cd26b618855c9af48c8301aa6754ced8dd0beb
CVE-2019-19539 (An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01AB ...)
NOT-FOR-US: Idelji Web ViewPoint
-CVE-2019-19538
- RESERVED
+CVE-2019-19538 (In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0. ...)
+ TODO: check
CVE-2019-19537 (In the Linux kernel before 5.2.10, there is a race condition bug that ...)
{DLA-2114-1 DLA-2068-1}
- linux 5.2.17-1
@@ -21661,8 +21665,8 @@ CVE-2019-19463 (The Anhui Huami Mi Fit application before 4.0.11 for Android has
CVE-2019-19462 (relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows ...)
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerability introduced later)
-CVE-2019-19461
- RESERVED
+CVE-2019-19461 (Post-authentication Stored XSS in Team Password Manager through 7.93.2 ...)
+ TODO: check
CVE-2019-19460 (An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product' ...)
NOT-FOR-US: SALTO ProAccess SPACE
CVE-2019-19459 (An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker ...)
@@ -22629,8 +22633,8 @@ CVE-2019-19214
RESERVED
CVE-2019-19213
RESERVED
-CVE-2019-19212
- RESERVED
+CVE-2019-19212 (Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter t ...)
+ TODO: check
CVE-2019-19211 (Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue tha ...)
- dolibarr <removed>
CVE-2019-19210 (Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML docume ...)
@@ -23420,8 +23424,8 @@ CVE-2019-18919
RESERVED
CVE-2019-18918
RESERVED
-CVE-2019-18917
- RESERVED
+CVE-2019-18917 (A potential security vulnerability has been identified for certain HP ...)
+ TODO: check
CVE-2019-18916
RESERVED
CVE-2019-18915 (A potential security vulnerability has been identified with certain ve ...)
@@ -149681,8 +149685,8 @@ CVE-2017-12843 (Cyrus IMAP before 3.0.3 allows remote authenticated users to wri
- cyrus-imapd <not-affected> (Vulnerable code introduced later)
- cyrus-imapd-2.4 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/d734a23122155f3522a8cb6aef118223aa73cde0
-CVE-2017-12842
- RESERVED
+CVE-2017-12842 (Bitcoin Core before 0.14 allows an attacker to create an ostensibly va ...)
+ TODO: check
CVE-2017-12841
RESERVED
CVE-2017-12840 (A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57f151bd74850277b77743139c5cf65766197d91
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57f151bd74850277b77743139c5cf65766197d91
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200317/fe259e89/attachment.html>
More information about the debian-security-tracker-commits
mailing list