[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 17 20:10:31 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
deb7ee94 by security tracker role at 2020-03-17T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -104,10 +104,10 @@ CVE-2020-10598
RESERVED
CVE-2020-10597
RESERVED
-CVE-2020-10596
- RESERVED
-CVE-2018-21037
- RESERVED
+CVE-2020-10596 (OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS atta ...)
+ TODO: check
+CVE-2018-21037 (Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change ...)
+ TODO: check
CVE-2020-10595
RESERVED
CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows att ...)
@@ -554,8 +554,8 @@ CVE-2020-10382
RESERVED
CVE-2020-10381
RESERVED
-CVE-2020-10380
- RESERVED
+CVE-2020-10380 (RMySQL through 0.10.19 allows SQL Injection. ...)
+ TODO: check
CVE-2020-10379
RESERVED
CVE-2020-10378
@@ -1129,26 +1129,26 @@ CVE-2019-20500 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated O
NOT-FOR-US: D-Link
CVE-2019-20499 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...)
NOT-FOR-US: D-Link
-CVE-2020-10122
- RESERVED
-CVE-2020-10121
- RESERVED
-CVE-2020-10120
- RESERVED
-CVE-2020-10119
- RESERVED
-CVE-2020-10118
- RESERVED
-CVE-2020-10117
- RESERVED
-CVE-2020-10116
- RESERVED
-CVE-2020-10115
- RESERVED
-CVE-2020-10114
- RESERVED
-CVE-2020-10113
- RESERVED
+CVE-2020-10122 (cPanel before 84.0.20 allows a webmail or demo account to delete arbit ...)
+ TODO: check
+CVE-2020-10121 (cPanel before 84.0.20 allows a demo account to achieve code execution ...)
+ TODO: check
+CVE-2020-10120 (cPanel before 84.0.20 allows resellers to achieve remote code executio ...)
+ TODO: check
+CVE-2020-10119 (cPanel before 84.0.20 allows a demo account to achieve remote code exe ...)
+ TODO: check
+CVE-2020-10118 (cPanel before 84.0.20 allows a demo account to modify files via Brandi ...)
+ TODO: check
+CVE-2020-10117 (cPanel before 84.0.20 mishandles enforcement of demo checks in the Mar ...)
+ TODO: check
+CVE-2020-10116 (cPanel before 84.0.20 allows attackers to bypass intended restrictions ...)
+ TODO: check
+CVE-2020-10115 (cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code ex ...)
+ TODO: check
+CVE-2020-10114 (cPanel before 84.0.20 allows stored self-XSS via the HTML file editor ...)
+ TODO: check
+CVE-2020-10113 (cPanel before 84.0.20 allows self XSS via a temporary character-set sp ...)
+ TODO: check
CVE-2020-10112 (Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. ...)
NOT-FOR-US: Citrix
CVE-2020-10111 (Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation ...)
@@ -1156,10 +1156,12 @@ CVE-2020-10111 (Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpre
CVE-2020-10110 (Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Throug ...)
NOT-FOR-US: Citrix
CVE-2020-10109 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...)
+ {DLA-2145-1}
- twisted <unfixed> (bug #953950)
NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
CVE-2020-10108 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...)
+ {DLA-2145-1}
- twisted <unfixed> (bug #953950)
NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
@@ -1292,24 +1294,24 @@ CVE-2020-10059
RESERVED
CVE-2020-10058
RESERVED
-CVE-2019-20498
- RESERVED
-CVE-2019-20497
- RESERVED
-CVE-2019-20496
- RESERVED
-CVE-2019-20495
- RESERVED
-CVE-2019-20494
- RESERVED
-CVE-2019-20493
- RESERVED
-CVE-2019-20492
- RESERVED
+CVE-2019-20498 (cPanel before 82.0.18 allows WebDAV authentication bypass because the ...)
+ TODO: check
+CVE-2019-20497 (cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SE ...)
+ TODO: check
+CVE-2019-20496 (cPanel before 82.0.18 allows attackers to conduct arbitrary chown oper ...)
+ TODO: check
+CVE-2019-20495 (cPanel before 82.0.18 allows attackers to read an arbitrary database v ...)
+ TODO: check
+CVE-2019-20494 (In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable ...)
+ TODO: check
+CVE-2019-20493 (cPanel before 82.0.18 allows self-XSS because JSON string escaping is ...)
+ TODO: check
+CVE-2019-20492 (cPanel before 82.0.18 allows authentication bypass because of misparsi ...)
+ TODO: check
CVE-2019-20491 (cPanel before 82.0.18 allows attackers to leverage virtual mail accoun ...)
NOT-FOR-US: cPanel
-CVE-2019-20490
- RESERVED
+CVE-2019-20490 (cPanel before 82.0.18 allows authentication bypass because webmail use ...)
+ TODO: check
CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broke ...)
NOT-FOR-US: GeniXCMS
CVE-2020-10056
@@ -3911,10 +3913,10 @@ CVE-2020-8886
RESERVED
CVE-2020-8885
RESERVED
-CVE-2019-20453
- RESERVED
-CVE-2019-20452
- RESERVED
+CVE-2019-20453 (A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise be ...)
+ TODO: check
+CVE-2019-20452 (A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise be ...)
+ TODO: check
CVE-2012-6721 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...)
NOT-FOR-US: SocialEngine
CVE-2012-6720 (Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine be ...)
@@ -9077,8 +9079,8 @@ CVE-2020-6648
RESERVED
CVE-2020-6647
RESERVED
-CVE-2020-6646
- RESERVED
+CVE-2020-6646 (An improper neutralization of input vulnerability in FortiWeb allows a ...)
+ TODO: check
CVE-2020-6645
RESERVED
CVE-2020-6644
@@ -15255,10 +15257,10 @@ CVE-2020-3953
RESERVED
CVE-2020-3952
RESERVED
-CVE-2020-3951
- RESERVED
-CVE-2020-3950
- RESERVED
+CVE-2020-3951 (VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows ...)
+ TODO: check
+CVE-2020-3950 (VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11. ...)
+ TODO: check
CVE-2020-3949
RESERVED
CVE-2020-3948 (Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and ...)
@@ -22078,8 +22080,7 @@ CVE-2020-1721
RESERVED
- dogtag-pki <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1777579
-CVE-2020-1720
- RESERVED
+CVE-2020-1720 (A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", whe ...)
{DSA-4623-1 DSA-4622-1 DLA-2105-1}
- postgresql-12 12.2-1
- postgresql-11 <unfixed>
@@ -26592,7 +26593,7 @@ CVE-2020-0558
RESERVED
CVE-2020-0557
RESERVED
-CVE-2020-0556 (Improper access control in subsystem for BlueZ before version 5.53 may ...)
+CVE-2020-0556 (Improper access control in subsystem for BlueZ before version 5.54 may ...)
- bluez <unfixed> (bug #953770)
NOTE: https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/
NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1
@@ -35425,6 +35426,7 @@ CVE-2019-15691 (TigerVNC version prior to 1.10.1 is vulnerable to stack use-afte
NOTE: https://github.com/TigerVNC/tigervnc/commit/042de4642293df9b72a08189c249e2da79cbca91 (v1.10.1)
CVE-2019-15690
RESERVED
+ {DLA-2146-1}
- libvncserver <unfixed> (bug #954163)
NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2
NOTE: https://github.com/LibVNC/libvncserver/issues/381
@@ -50478,8 +50480,8 @@ CVE-2019-11076 (Cribl UI 1.5.0 allows remote attackers to run arbitrary commands
NOT-FOR-US: Cribl UI
CVE-2019-11075
RESERVED
-CVE-2019-11074
- RESERVED
+CVE-2019-11074 (A Write to Arbitrary Location in Disk vulnerability exists in PRTG Net ...)
+ TODO: check
CVE-2019-11073 (A Remote Code Execution vulnerability exists in PRTG Network Monitor b ...)
TODO: check
CVE-2019-11072 (** DISPUTED ** lighttpd before 1.4.54 has a signed integer overflow, w ...)
@@ -84292,8 +84294,8 @@ CVE-2018-18578 (DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type paramete
NOT-FOR-US: DedeCMS
CVE-2018-18577
RESERVED
-CVE-2018-18576
- RESERVED
+CVE-2018-18576 (The Hustle (aka wordpress-popup) plugin through 6.0.5 for WordPress al ...)
+ TODO: check
CVE-2018-18585 (chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accept ...)
{DLA-1555-1}
- libmspack 0.8-1 (bug #911637)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/deb7ee944da38f6c9fc887ac05221d3988cd8757
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/deb7ee944da38f6c9fc887ac05221d3988cd8757
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200317/7c0bbaef/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list