[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 18 20:10:35 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dccd72c7 by security tracker role at 2020-03-18T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2020-10665 (Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTE ...)
+ TODO: check
+CVE-2020-10664
+ RESERVED
+CVE-2020-10663
+ RESERVED
+CVE-2020-10662
+ RESERVED
+CVE-2020-10661
+ RESERVED
+CVE-2020-10660
+ RESERVED
+CVE-2019-20529 (In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12 ...)
+ TODO: check
+CVE-2019-20528 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...)
+ TODO: check
+CVE-2019-20527
+ RESERVED
+CVE-2019-20526
+ RESERVED
+CVE-2019-20525
+ RESERVED
+CVE-2019-20524
+ RESERVED
+CVE-2019-20523
+ RESERVED
+CVE-2019-20522
+ RESERVED
+CVE-2019-20521
+ RESERVED
+CVE-2019-20520
+ RESERVED
+CVE-2019-20519
+ RESERVED
+CVE-2019-20518
+ RESERVED
+CVE-2019-20517
+ RESERVED
+CVE-2019-20516
+ RESERVED
+CVE-2019-20515
+ RESERVED
+CVE-2019-20514
+ RESERVED
+CVE-2019-20513
+ RESERVED
+CVE-2019-20512 (Open edX Ironwood.1 allows support/certificates?course_id= reflected X ...)
+ TODO: check
+CVE-2019-20511 (ERPNext 11.1.47 allows blog?blog_category= Frame Injection. ...)
+ TODO: check
CVE-2020-10659 (Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows ...)
TODO: check
CVE-2020-10658
@@ -1175,11 +1225,11 @@ CVE-2020-10114 (cPanel before 84.0.20 allows stored self-XSS via the HTML file e
NOT-FOR-US: cPanel
CVE-2020-10113 (cPanel before 84.0.20 allows self XSS via a temporary character-set sp ...)
NOT-FOR-US: cPanel
-CVE-2020-10112 (Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. ...)
+CVE-2020-10112 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poison ...)
NOT-FOR-US: Citrix
-CVE-2020-10111 (Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation ...)
+CVE-2020-10111 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent ...)
NOT-FOR-US: Citrix
-CVE-2020-10110 (Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Throug ...)
+CVE-2020-10110 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Information ...)
NOT-FOR-US: Citrix
CVE-2020-10109 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...)
{DLA-2145-1}
@@ -2621,8 +2671,8 @@ CVE-2020-9445
RESERVED
CVE-2020-9444
RESERVED
-CVE-2020-9443
- RESERVED
+CVE-2020-9443 (Zulip Desktop before 4.0.3 loaded untrusted content in an Electron web ...)
+ TODO: check
CVE-2020-9442 (OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PRO ...)
NOT-FOR-US: OpenVPN Connect on Windows
CVE-2020-9441
@@ -2937,14 +2987,14 @@ CVE-2020-9327 (In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to tri
NOTE: https://www.sqlite.org/cgi/src/info/4374860b29383380
NOTE: https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e
NOTE: https://www.sqlite.org/cgi/src/info/abc473fb8fb99900
-CVE-2020-9326
- RESERVED
-CVE-2020-9325
- RESERVED
-CVE-2020-9324
- RESERVED
-CVE-2020-9323
- RESERVED
+CVE-2020-9326 (BeyondTrust Privilege Management for Windows and Mac (aka PMWM; former ...)
+ TODO: check
+CVE-2020-9325 (Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Downl ...)
+ TODO: check
+CVE-2020-9324 (Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via ...)
+ TODO: check
+CVE-2020-9323 (Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory E ...)
+ TODO: check
CVE-2020-9322
RESERVED
CVE-2020-9321 (configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0. ...)
@@ -8255,8 +8305,8 @@ CVE-2020-7004
RESERVED
CVE-2020-7003
RESERVED
-CVE-2020-7002
- RESERVED
+CVE-2020-7002 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. ...)
+ TODO: check
CVE-2020-7001
RESERVED
CVE-2020-7000
@@ -8307,8 +8357,8 @@ CVE-2020-6978
RESERVED
CVE-2020-6977 (A restricted desktop environment escape vulnerability exists in the Ki ...)
NOT-FOR-US: GE
-CVE-2020-6976
- RESERVED
+CVE-2020-6976 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. ...)
+ TODO: check
CVE-2020-6975 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...)
NOT-FOR-US: Digi International ConnectPort LTS 32 MEI
CVE-2020-6974
@@ -14799,8 +14849,8 @@ CVE-2020-4201
RESERVED
CVE-2020-4200 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...)
NOT-FOR-US: IBM
-CVE-2020-4199
- RESERVED
+CVE-2020-4199 (IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request f ...)
+ TODO: check
CVE-2020-4198 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...)
NOT-FOR-US: IBM
CVE-2020-4197 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored loc ...)
@@ -22253,8 +22303,7 @@ CVE-2019-19357
RESERVED
CVE-2019-19356 (Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE ...)
NOT-FOR-US: Netis WF2419
-CVE-2019-19355
- RESERVED
+CVE-2019-19355 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
CVE-2019-19354
RESERVED
@@ -22265,8 +22314,7 @@ CVE-2019-19353
CVE-2019-19352
RESERVED
NOT-FOR-US: openshift
-CVE-2019-19351
- RESERVED
+CVE-2019-19351 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
CVE-2019-19350
RESERVED
@@ -22317,8 +22365,7 @@ CVE-2019-19337 (A flaw was found in Red Hat Ceph Storage version 3 in the way th
CVE-2019-19336
RESERVED
NOT-FOR-US: ovirt-engine
-CVE-2019-19335
- RESERVED
+CVE-2019-19335 (During installation of an OpenShift 4 cluster, the `openshift-install` ...)
NOT-FOR-US: OpenShift
CVE-2019-19334 (In all versions of libyang before 1.0-r5, a stack-based buffer overflo ...)
- libyang 0.16.105-2 (bug #946217)
@@ -23071,7 +23118,7 @@ CVE-2019-19066 (A memory leak in the bfad_im_get_stats() function in drivers/scs
- linux 5.4.13-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
-CVE-2019-19065 (A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi ...)
+CVE-2019-19065 (** DISPUTED ** A memory leak in the sdma_init() function in drivers/in ...)
- linux 5.3.9-1
[buster] - linux 4.19.87-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
@@ -26516,10 +26563,10 @@ CVE-2019-18584
REJECTED
CVE-2019-18583
REJECTED
-CVE-2019-18582
- RESERVED
-CVE-2019-18581
- RESERVED
+CVE-2019-18582 (Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions ...)
+ TODO: check
+CVE-2019-18581 (Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions ...)
+ TODO: check
CVE-2019-18580 (Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Jav ...)
NOT-FOR-US: EMC
CVE-2019-18579 (Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1. ...)
@@ -38168,15 +38215,13 @@ CVE-2019-14886 (A vulnerability was found in business-central, as shipped in rhd
NOT-FOR-US: Business central
CVE-2019-14885 (A flaw was found in the JBoss EAP Vault system in all versions before ...)
NOT-FOR-US: JBoss EAP
-CVE-2019-14884
- RESERVED
+CVE-2019-14884 (A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 ...)
- moodle <removed>
-CVE-2019-14883
- RESERVED
-CVE-2019-14882
- RESERVED
-CVE-2019-14881
- RESERVED
+CVE-2019-14883 (A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3. ...)
+ TODO: check
+CVE-2019-14882 (A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to ...)
+ TODO: check
+CVE-2019-14881 (A vulnerability was found in moodle 3.7 to 3.7.2 and before 3.7.3, whe ...)
- moodle <removed>
CVE-2019-14880
RESERVED
@@ -38239,8 +38284,7 @@ CVE-2019-14872
[jessie] - newlib <ignored> (Minor issue)
NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
TODO: picolibc might be affected, not yet in the archive
-CVE-2019-14871
- RESERVED
+CVE-2019-14871 (The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by ...)
- newlib 3.3.0-1
[buster] - newlib <no-dsa> (Minor issue)
[stretch] - newlib <no-dsa> (Minor issue)
@@ -45422,8 +45466,8 @@ CVE-2019-12922 (A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server
[jessie] - phpmyadmin <postponed> (Minor issue, target only accessible is setup is enabled and htpasswd.setup populated)
NOTE: https://seclists.org/fulldisclosure/2019/Sep/23
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161 (4.9.1)
-CVE-2019-12921
- RESERVED
+CVE-2019-12921 (In GraphicsMagick before 1.3.32, the text filename component allows re ...)
+ TODO: check
CVE-2019-12920 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices ...)
NOT-FOR-US: Shenzhen Cylan Clever Dog Smart Cameraa DOG-2W and DOG-2W-V4 devices
CVE-2019-12919 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices ...)
@@ -45851,8 +45895,8 @@ CVE-2019-12771 (Command injection is possible in ThinStation through 6.1.1 via s
NOT-FOR-US: ThinStation
CVE-2019-12770
RESERVED
-CVE-2019-12769
- RESERVED
+CVE-2019-12769 (SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 ...)
+ TODO: check
CVE-2019-12768
RESERVED
CVE-2019-12767
@@ -46894,18 +46938,18 @@ CVE-2019-12372 (Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injecti
NOT-FOR-US: Petraware pTransformer ADC
CVE-2019-12371
RESERVED
-CVE-2019-12370
- RESERVED
-CVE-2019-12369
- RESERVED
-CVE-2019-12368
- RESERVED
-CVE-2019-12367
- RESERVED
-CVE-2019-12366
- RESERVED
-CVE-2019-12365
- RESERVED
+CVE-2019-12370 (The Spark application through 2.0.2 for Android allows XSS via an even ...)
+ TODO: check
+CVE-2019-12369 (The TypeApp application through 1.9.5.35 for Android allows XSS via an ...)
+ TODO: check
+CVE-2019-12368 (The Edison Mail application through 1.7.1 for Android allows XSS via a ...)
+ TODO: check
+CVE-2019-12367 (The BlueMail application through 1.9.5.36 for Android allows XSS via a ...)
+ TODO: check
+CVE-2019-12366 (The Nine application through 4.5.3a for Android allows XSS via an even ...)
+ TODO: check
+CVE-2019-12365 (The Newton application through 10.0.23 for Android allows XSS via an e ...)
+ TODO: check
CVE-2019-12364
RESERVED
CVE-2019-12363 (An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2 ...)
@@ -47552,10 +47596,10 @@ CVE-2019-12134 (CSV Injection (aka Excel Macro Injection or Formula Injection) e
NOT-FOR-US: Workday
CVE-2019-12133 (Multiple Zoho ManageEngine products suffer from local privilege escala ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2019-12132
- RESERVED
-CVE-2019-12131
- RESERVED
+CVE-2019-12132 (An issue was discovered in ONAP SDNC before Dublin. By executing sla/d ...)
+ TODO: check
+CVE-2019-12131 (An issue was detected in ONAP APPC through Dublin and SDC through Dubl ...)
+ TODO: check
CVE-2019-12130
RESERVED
CVE-2019-12129
@@ -47568,32 +47612,32 @@ CVE-2019-12126
RESERVED
CVE-2019-12125
RESERVED
-CVE-2019-12124
- RESERVED
-CVE-2019-12123
- RESERVED
-CVE-2019-12122
- RESERVED
-CVE-2019-12121
- RESERVED
-CVE-2019-12120
- RESERVED
-CVE-2019-12119
- RESERVED
-CVE-2019-12118
- RESERVED
-CVE-2019-12117
- RESERVED
-CVE-2019-12116
- RESERVED
-CVE-2019-12115
- RESERVED
-CVE-2019-12114
- RESERVED
-CVE-2019-12113
- RESERVED
-CVE-2019-12112
- RESERVED
+CVE-2019-12124 (An issue was discovered in ONAP APPC before Dublin. By using an expose ...)
+ TODO: check
+CVE-2019-12123 (An issue was discovered in ONAP SDNC before Dublin. By executing sla/p ...)
+ TODO: check
+CVE-2019-12122 (An issue was discovered in ONAP Portal through Dublin. By executing a ...)
+ TODO: check
+CVE-2019-12121 (An issue was detected in ONAP Portal through Dublin. By executing a pa ...)
+ TODO: check
+CVE-2019-12120 (An issue was discovered in ONAP VNFSDK through Dublin. By accessing po ...)
+ TODO: check
+CVE-2019-12119 (An issue was discovered in ONAP SDC through Dublin. By accessing port ...)
+ TODO: check
+CVE-2019-12118 (An issue was discovered in ONAP SDC through Dublin. By accessing port ...)
+ TODO: check
+CVE-2019-12117 (An issue was discovered in ONAP SDC through Dublin. By accessing port ...)
+ TODO: check
+CVE-2019-12116 (An issue was discovered in ONAP SDC through Dublin. By accessing port ...)
+ TODO: check
+CVE-2019-12115 (An issue was discovered in ONAP SDC through Dublin. By accessing port ...)
+ TODO: check
+CVE-2019-12114 (An issue was discovered in ONAP HOLMES before Dublin. By accessing por ...)
+ TODO: check
+CVE-2019-12113 (An issue was discovered in ONAP SDNC before Dublin. By executing sla/p ...)
+ TODO: check
+CVE-2019-12112 (An issue was discovered in ONAP SDNC before Dublin. By executing sla/u ...)
+ TODO: check
CVE-2019-12111 (A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 ex ...)
{DLA-1811-1}
- miniupnpd 2.1-6 (bug #930050)
@@ -48894,10 +48938,10 @@ CVE-2019-11690 (gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <ignored> (Minor issue)
NOTE: https://patchwork.ozlabs.org/patch/1092945
-CVE-2019-11689
- RESERVED
-CVE-2019-11688
- RESERVED
+CVE-2019-11689 (An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. Whe ...)
+ TODO: check
+CVE-2019-11688 (An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. Whe ...)
+ TODO: check
CVE-2019-11687 (An issue was discovered in the DICOM Part 10 File Format in the NEMA D ...)
NOT-FOR-US: DICOM
CVE-2019-11686 (Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnera ...)
@@ -51769,8 +51813,8 @@ CVE-2019-10684 (Application/Admin/Controller/ConfigController.class.php in 74cms
NOT-FOR-US: 74cms
CVE-2019-10683
RESERVED
-CVE-2019-10682
- RESERVED
+CVE-2019-10682 (django-nopassword before 5.0.0 stores cleartext secrets in the databas ...)
+ TODO: check
CVE-2019-10681
RESERVED
CVE-2019-10680
@@ -52998,8 +53042,7 @@ CVE-2019-10179
RESERVED
- dogtag-pki <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1695901
-CVE-2019-10178
- RESERVED
+CVE-2019-10178 (It was found that the Token Processing Service (TPS) did not properly ...)
- dogtag-pki <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1719042
CVE-2019-10177 (A stored cross-site scripting (XSS) vulnerability was found in the PDF ...)
@@ -53137,8 +53180,7 @@ CVE-2019-10147 (rkt through version 1.30.0 does not isolate processes in contain
- rkt <unfixed> (bug #929781)
NOTE: https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/
NOTE: https://github.com/rkt/rkt/issues/3998
-CVE-2019-10146
- RESERVED
+CVE-2019-10146 (A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x ...)
- dogtag-pki <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1710171
CVE-2019-10145 (rkt through version 1.30.0 does not isolate processes in containers th ...)
@@ -66044,7 +66086,7 @@ CVE-2019-5703
REJECTED
CVE-2019-5702 (NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vu ...)
NOT-FOR-US: NVIDIA
-CVE-2019-5701 (NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vu ...)
+CVE-2019-5701 (NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains ...)
NOT-FOR-US: NVIDIA GeForce Experience
CVE-2019-5700 (NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software con ...)
NOT-FOR-US: NVIDIA Shield TV Experience
@@ -70491,8 +70533,8 @@ CVE-2019-3764 (Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions pri
NOT-FOR-US: EMC
CVE-2019-3763 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...)
NOT-FOR-US: RSA
-CVE-2019-3762
- RESERVED
+CVE-2019-3762 (Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 cont ...)
+ TODO: check
CVE-2019-3761 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...)
NOT-FOR-US: RSA
CVE-2019-3760 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dccd72c7a2b72e73a4bd55e4d1c992e04e1ba4be
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dccd72c7a2b72e73a4bd55e4d1c992e04e1ba4be
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200318/7372de2c/attachment.html>
More information about the debian-security-tracker-commits
mailing list