[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Mar 17 20:10:31 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
deb7ee94 by security tracker role at 2020-03-17T20:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -104,10 +104,10 @@ CVE-2020-10598
 	RESERVED
 CVE-2020-10597
 	RESERVED
-CVE-2020-10596
-	RESERVED
-CVE-2018-21037
-	RESERVED
+CVE-2020-10596 (OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS atta ...)
+	TODO: check
+CVE-2018-21037 (Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change ...)
+	TODO: check
 CVE-2020-10595
 	RESERVED
 CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows att ...)
@@ -554,8 +554,8 @@ CVE-2020-10382
 	RESERVED
 CVE-2020-10381
 	RESERVED
-CVE-2020-10380
-	RESERVED
+CVE-2020-10380 (RMySQL through 0.10.19 allows SQL Injection. ...)
+	TODO: check
 CVE-2020-10379
 	RESERVED
 CVE-2020-10378
@@ -1129,26 +1129,26 @@ CVE-2019-20500 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated O
 	NOT-FOR-US: D-Link
 CVE-2019-20499 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...)
 	NOT-FOR-US: D-Link
-CVE-2020-10122
-	RESERVED
-CVE-2020-10121
-	RESERVED
-CVE-2020-10120
-	RESERVED
-CVE-2020-10119
-	RESERVED
-CVE-2020-10118
-	RESERVED
-CVE-2020-10117
-	RESERVED
-CVE-2020-10116
-	RESERVED
-CVE-2020-10115
-	RESERVED
-CVE-2020-10114
-	RESERVED
-CVE-2020-10113
-	RESERVED
+CVE-2020-10122 (cPanel before 84.0.20 allows a webmail or demo account to delete arbit ...)
+	TODO: check
+CVE-2020-10121 (cPanel before 84.0.20 allows a demo account to achieve code execution  ...)
+	TODO: check
+CVE-2020-10120 (cPanel before 84.0.20 allows resellers to achieve remote code executio ...)
+	TODO: check
+CVE-2020-10119 (cPanel before 84.0.20 allows a demo account to achieve remote code exe ...)
+	TODO: check
+CVE-2020-10118 (cPanel before 84.0.20 allows a demo account to modify files via Brandi ...)
+	TODO: check
+CVE-2020-10117 (cPanel before 84.0.20 mishandles enforcement of demo checks in the Mar ...)
+	TODO: check
+CVE-2020-10116 (cPanel before 84.0.20 allows attackers to bypass intended restrictions ...)
+	TODO: check
+CVE-2020-10115 (cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code ex ...)
+	TODO: check
+CVE-2020-10114 (cPanel before 84.0.20 allows stored self-XSS via the HTML file editor  ...)
+	TODO: check
+CVE-2020-10113 (cPanel before 84.0.20 allows self XSS via a temporary character-set sp ...)
+	TODO: check
 CVE-2020-10112 (Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. ...)
 	NOT-FOR-US: Citrix
 CVE-2020-10111 (Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation ...)
@@ -1156,10 +1156,12 @@ CVE-2020-10111 (Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpre
 CVE-2020-10110 (Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Throug ...)
 	NOT-FOR-US: Citrix
 CVE-2020-10109 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...)
+	{DLA-2145-1}
 	- twisted <unfixed> (bug #953950)
 	NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
 	NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
 CVE-2020-10108 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...)
+	{DLA-2145-1}
 	- twisted <unfixed> (bug #953950)
 	NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
 	NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
@@ -1292,24 +1294,24 @@ CVE-2020-10059
 	RESERVED
 CVE-2020-10058
 	RESERVED
-CVE-2019-20498
-	RESERVED
-CVE-2019-20497
-	RESERVED
-CVE-2019-20496
-	RESERVED
-CVE-2019-20495
-	RESERVED
-CVE-2019-20494
-	RESERVED
-CVE-2019-20493
-	RESERVED
-CVE-2019-20492
-	RESERVED
+CVE-2019-20498 (cPanel before 82.0.18 allows WebDAV authentication bypass because the  ...)
+	TODO: check
+CVE-2019-20497 (cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SE ...)
+	TODO: check
+CVE-2019-20496 (cPanel before 82.0.18 allows attackers to conduct arbitrary chown oper ...)
+	TODO: check
+CVE-2019-20495 (cPanel before 82.0.18 allows attackers to read an arbitrary database v ...)
+	TODO: check
+CVE-2019-20494 (In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable  ...)
+	TODO: check
+CVE-2019-20493 (cPanel before 82.0.18 allows self-XSS because JSON string escaping is  ...)
+	TODO: check
+CVE-2019-20492 (cPanel before 82.0.18 allows authentication bypass because of misparsi ...)
+	TODO: check
 CVE-2019-20491 (cPanel before 82.0.18 allows attackers to leverage virtual mail accoun ...)
 	NOT-FOR-US: cPanel
-CVE-2019-20490
-	RESERVED
+CVE-2019-20490 (cPanel before 82.0.18 allows authentication bypass because webmail use ...)
+	TODO: check
 CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broke ...)
 	NOT-FOR-US: GeniXCMS
 CVE-2020-10056
@@ -3911,10 +3913,10 @@ CVE-2020-8886
 	RESERVED
 CVE-2020-8885
 	RESERVED
-CVE-2019-20453
-	RESERVED
-CVE-2019-20452
-	RESERVED
+CVE-2019-20453 (A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise be ...)
+	TODO: check
+CVE-2019-20452 (A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise be ...)
+	TODO: check
 CVE-2012-6721 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1)  ...)
 	NOT-FOR-US: SocialEngine
 CVE-2012-6720 (Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine be ...)
@@ -9077,8 +9079,8 @@ CVE-2020-6648
 	RESERVED
 CVE-2020-6647
 	RESERVED
-CVE-2020-6646
-	RESERVED
+CVE-2020-6646 (An improper neutralization of input vulnerability in FortiWeb allows a ...)
+	TODO: check
 CVE-2020-6645
 	RESERVED
 CVE-2020-6644
@@ -15255,10 +15257,10 @@ CVE-2020-3953
 	RESERVED
 CVE-2020-3952
 	RESERVED
-CVE-2020-3951
-	RESERVED
-CVE-2020-3950
-	RESERVED
+CVE-2020-3951 (VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows ...)
+	TODO: check
+CVE-2020-3950 (VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11. ...)
+	TODO: check
 CVE-2020-3949
 	RESERVED
 CVE-2020-3948 (Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and ...)
@@ -22078,8 +22080,7 @@ CVE-2020-1721
 	RESERVED
 	- dogtag-pki <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1777579
-CVE-2020-1720
-	RESERVED
+CVE-2020-1720 (A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", whe ...)
 	{DSA-4623-1 DSA-4622-1 DLA-2105-1}
 	- postgresql-12 12.2-1
 	- postgresql-11 <unfixed>
@@ -26592,7 +26593,7 @@ CVE-2020-0558
 	RESERVED
 CVE-2020-0557
 	RESERVED
-CVE-2020-0556 (Improper access control in subsystem for BlueZ before version 5.53 may ...)
+CVE-2020-0556 (Improper access control in subsystem for BlueZ before version 5.54 may ...)
 	- bluez <unfixed> (bug #953770)
 	NOTE: https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/
 	NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1
@@ -35425,6 +35426,7 @@ CVE-2019-15691 (TigerVNC version prior to 1.10.1 is vulnerable to stack use-afte
 	NOTE: https://github.com/TigerVNC/tigervnc/commit/042de4642293df9b72a08189c249e2da79cbca91 (v1.10.1)
 CVE-2019-15690
 	RESERVED
+	{DLA-2146-1}
 	- libvncserver <unfixed> (bug #954163)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2
 	NOTE: https://github.com/LibVNC/libvncserver/issues/381
@@ -50478,8 +50480,8 @@ CVE-2019-11076 (Cribl UI 1.5.0 allows remote attackers to run arbitrary commands
 	NOT-FOR-US: Cribl UI
 CVE-2019-11075
 	RESERVED
-CVE-2019-11074
-	RESERVED
+CVE-2019-11074 (A Write to Arbitrary Location in Disk vulnerability exists in PRTG Net ...)
+	TODO: check
 CVE-2019-11073 (A Remote Code Execution vulnerability exists in PRTG Network Monitor b ...)
 	TODO: check
 CVE-2019-11072 (** DISPUTED ** lighttpd before 1.4.54 has a signed integer overflow, w ...)
@@ -84292,8 +84294,8 @@ CVE-2018-18578 (DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type paramete
 	NOT-FOR-US: DedeCMS
 CVE-2018-18577
 	RESERVED
-CVE-2018-18576
-	RESERVED
+CVE-2018-18576 (The Hustle (aka wordpress-popup) plugin through 6.0.5 for WordPress al ...)
+	TODO: check
 CVE-2018-18585 (chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accept ...)
 	{DLA-1555-1}
 	- libmspack 0.8-1 (bug #911637)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/deb7ee944da38f6c9fc887ac05221d3988cd8757

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/deb7ee944da38f6c9fc887ac05221d3988cd8757
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200317/7c0bbaef/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list