[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 20 08:10:24 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cf64c775 by security tracker role at 2020-03-20T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2020-10683
+ RESERVED
+CVE-2020-10682 (The Filemanager in CMS Made Simple 2.2.13 allows remote code execution ...)
+ TODO: check
+CVE-2020-10681 (The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd fi ...)
+ TODO: check
+CVE-2020-10680
+ RESERVED
CVE-2020-10679
RESERVED
CVE-2020-10678 (In Octopus Deploy before 2020.1.5, for customers running on-premises A ...)
@@ -16,8 +24,8 @@ CVE-2020-10671 (The Canon Oce Colorwave 500 4.0.0.0 printer's web application is
NOT-FOR-US: Canon
CVE-2020-10670 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...)
NOT-FOR-US: Canon
-CVE-2020-10669
- RESERVED
+CVE-2020-10669 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...)
+ TODO: check
CVE-2020-10668 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...)
NOT-FOR-US: Canon
CVE-2020-10667 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...)
@@ -1082,7 +1090,7 @@ CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote
NOTE: https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html
TODO: check further details
CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_address ...)
- {DSA-4639-1 DLA-2140-1}
+ {DSA-4642-1 DSA-4639-1 DLA-2140-1}
- libusrsctp 0.9.3.0+20200312-1 (bug #953270)
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
@@ -2970,16 +2978,16 @@ CVE-2020-9349
RESERVED
CVE-2020-9348
RESERVED
-CVE-2020-9347 (Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Ma ...)
+CVE-2020-9347 (** DISPUTED ** Zoho ManageEngine Password Manager Pro through 10.x has ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2020-9346 (Zoho ManageEngine Password Manager Pro 10.4 and prior has no protectio ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2020-9345
- RESERVED
-CVE-2020-9344
- RESERVED
-CVE-2020-9343
- RESERVED
+CVE-2020-9345 (An issue was discovered in signotec signoPAD-API/Web (formerly Websock ...)
+ TODO: check
+CVE-2020-9344 (Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at ...)
+ TODO: check
+CVE-2020-9343 (An issue was discovered in signotec signoPAD-API/Web (formerly Websock ...)
+ TODO: check
CVE-2020-9342 (The F-Secure AV parsing engine before 2020-02-05 allows virus-detectio ...)
NOT-FOR-US: F-Secure AV parsing engine
CVE-2020-9341 (CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator ...)
@@ -8344,8 +8352,8 @@ CVE-2020-7008
RESERVED
CVE-2020-7007
RESERVED
-CVE-2020-7006
- RESERVED
+CVE-2020-7006 (Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), ...)
+ TODO: check
CVE-2020-7005
RESERVED
CVE-2020-7004
@@ -8763,7 +8771,7 @@ CVE-2020-6815
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815
CVE-2020-6814
RESERVED
- {DSA-4639-1 DLA-2140-1}
+ {DSA-4642-1 DSA-4639-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
- thunderbird 1:68.6.0-1
@@ -8776,7 +8784,7 @@ CVE-2020-6813
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6813
CVE-2020-6812
RESERVED
- {DSA-4639-1 DLA-2140-1}
+ {DSA-4642-1 DSA-4639-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
- thunderbird 1:68.6.0-1
@@ -8785,7 +8793,7 @@ CVE-2020-6812
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812
CVE-2020-6811
RESERVED
- {DSA-4639-1 DLA-2140-1}
+ {DSA-4642-1 DSA-4639-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
- thunderbird 1:68.6.0-1
@@ -8806,7 +8814,7 @@ CVE-2020-6808
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6808
CVE-2020-6807
RESERVED
- {DSA-4639-1 DLA-2140-1}
+ {DSA-4642-1 DSA-4639-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
- thunderbird 1:68.6.0-1
@@ -8815,7 +8823,7 @@ CVE-2020-6807
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807
CVE-2020-6806
RESERVED
- {DSA-4639-1 DLA-2140-1}
+ {DSA-4642-1 DSA-4639-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
- thunderbird 1:68.6.0-1
@@ -8824,7 +8832,7 @@ CVE-2020-6806
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806
CVE-2020-6805
RESERVED
- {DSA-4639-1 DLA-2140-1}
+ {DSA-4642-1 DSA-4639-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
- thunderbird 1:68.6.0-1
@@ -12249,6 +12257,7 @@ CVE-2020-5269
CVE-2020-5268
RESERVED
CVE-2020-5267 (In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible ...)
+ {DLA-2149-1}
- rails <unfixed> (bug #954304)
NOTE: https://www.openwall.com/lists/oss-security/2020/03/19/1
CVE-2020-5266
@@ -21549,14 +21558,14 @@ CVE-2019-19489 (SMPlayer 19.5.0 has a buffer overflow via a long .m3u file. ...)
NOTE: Bogus report, smplayer correctly bails out
CVE-2019-19488
RESERVED
-CVE-2019-19487
- RESERVED
-CVE-2019-19486
- RESERVED
+CVE-2019-19487 (Command Injection in minPlayCommand.php in Centreon (19.04.4 and below ...)
+ TODO: check
+CVE-2019-19486 (Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and be ...)
+ TODO: check
CVE-2019-19485
RESERVED
-CVE-2019-19484
- RESERVED
+CVE-2019-19484 (Open redirect via parameter ‘p’ in login.php in Centreon ( ...)
+ TODO: check
CVE-2019-19483
RESERVED
CVE-2019-19482
@@ -23325,20 +23334,20 @@ CVE-2019-19031 (Easy XML Editor through v1.7.8 is affected by: XML External Enti
NOT-FOR-US: Easy XML Editor
CVE-2019-19030
RESERVED
-CVE-2019-19029
- RESERVED
+CVE-2019-19029 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allo ...)
+ TODO: check
CVE-2019-19028
RESERVED
CVE-2019-19027
RESERVED
-CVE-2019-19026
- RESERVED
-CVE-2019-19025
- RESERVED
+CVE-2019-19026 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allo ...)
+ TODO: check
+CVE-2019-19025 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allo ...)
+ TODO: check
CVE-2019-19024
RESERVED
-CVE-2019-19023
- RESERVED
+CVE-2019-19023 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has ...)
+ TODO: check
CVE-2019-19022 (iTerm2 through 3.3.6 has potentially insufficient documentation about ...)
NOT-FOR-US: iTerm2
CVE-2019-19021 (An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidd ...)
@@ -23960,14 +23969,14 @@ CVE-2019-18788
RESERVED
CVE-2019-18787
RESERVED
-CVE-2019-18785
- RESERVED
+CVE-2019-18785 (SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles ...)
+ TODO: check
CVE-2019-18784 (SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to ...)
NOT-FOR-US: SuiteCRM
CVE-2019-18783
RESERVED
-CVE-2019-18782
- RESERVED
+CVE-2019-18782 (SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not c ...)
+ TODO: check
CVE-2019-18781 (An open redirect vulnerability was discovered in Zoho ManageEngine ADS ...)
NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2019-18786 (In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitial ...)
@@ -33118,8 +33127,7 @@ CVE-2019-16531 (LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated b
NOT-FOR-US: LayerBB
CVE-2019-16530 (Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3. ...)
NOT-FOR-US: Sonatype
-CVE-2019-16529
- RESERVED
+CVE-2019-16529 (An issue was discovered in the CheckUser extension through 1.35.0 for ...)
NOT-FOR-US: CheckUser extension for MediawWiki
CVE-2019-16528
RESERVED
@@ -34369,8 +34377,8 @@ CVE-2019-16110 (The network protocol of Blade Shadow though 2.13.3 allows remote
NOT-FOR-US: Blade Shadow
CVE-2019-16109 (An issue was discovered in Plataformatec Devise before 4.7.1. It confi ...)
NOT-FOR-US: Plataformatec Devise
-CVE-2019-16108
- RESERVED
+CVE-2019-16108 (phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) to ...)
+ TODO: check
CVE-2019-16107 (Missing form token validation in phpBB 3.2.7 allows CSRF in deleting p ...)
NOT-FOR-US: phpBB
CVE-2018-21014 (The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. ...)
@@ -34462,16 +34470,16 @@ CVE-2019-16074
RESERVED
CVE-2019-16073
RESERVED
-CVE-2019-16072
- RESERVED
-CVE-2019-16071
- RESERVED
+CVE-2019-16072 (An OS command injection vulnerability in the discover_and_manage CGI s ...)
+ TODO: check
+CVE-2019-16071 (Enigma NMS 65.0.0 and prior allows administrative users to create low- ...)
+ TODO: check
CVE-2019-16070 (A number of stored Cross-site Scripting (XSS) vulnerabilities were ide ...)
TODO: check
-CVE-2019-16069
- RESERVED
-CVE-2019-16068
- RESERVED
+CVE-2019-16069 (A number of stored Cross-site Scripting (XSS) vulnerabilities were ide ...)
+ TODO: check
+CVE-2019-16068 (A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and pr ...)
+ TODO: check
CVE-2019-16067 (NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over ...)
TODO: check
CVE-2019-16066 (An unrestricted file upload vulnerability exists in user and system fi ...)
@@ -34480,8 +34488,8 @@ CVE-2019-16065 (A remote SQL injection web vulnerability was discovered in the E
TODO: check
CVE-2019-16064 (NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal ...)
TODO: check
-CVE-2019-16063
- RESERVED
+CVE-2019-16063 (NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data ren ...)
+ TODO: check
CVE-2019-16062 (NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data sto ...)
TODO: check
CVE-2019-16061 (A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are ...)
@@ -72343,12 +72351,12 @@ CVE-2018-20337 (There is a stack-based buffer overflow in the parse_makernote fu
NOTE: https://github.com/LibRaw/LibRaw/issues/192
CVE-2018-20336 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack ...)
NOT-FOR-US: ASUSWRT
-CVE-2018-20335
- RESERVED
-CVE-2018-20334
- RESERVED
-CVE-2018-20333
- RESERVED
+CVE-2018-20335 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticat ...)
+ TODO: check
+CVE-2018-20334 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing ...)
+ TODO: check
+CVE-2018-20333 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticat ...)
+ TODO: check
CVE-2018-20332 (An issue has been discovered in the OpenWebif plugin through 1.2.4 for ...)
NOT-FOR-US: OpenWebif plugin
CVE-2018-20331 (Local attackers can trigger a Kernel Pool Buffer Overflow in Antiy AVL ...)
@@ -171677,7 +171685,7 @@ CVE-2017-5717 (Type Confusion in Content Protection HECI Service in Intel Graphi
CVE-2017-5716
REJECTED
CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and indir ...)
- {DSA-4213-1 DSA-4201-1 DSA-4188-1 DSA-4187-1 DLA-1497-1 DLA-1422-1 DLA-1369-1}
+ {DSA-4213-1 DSA-4201-1 DSA-4188-1 DSA-4187-1 DLA-2148-1 DLA-1497-1 DLA-1422-1 DLA-1369-1}
- linux 4.15.11-1
- intel-microcode 3.20180425.1
[stretch] - intel-microcode 3.20180425.1~deb9u1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf64c77533cca6d18f8550c06e4d42b7ff4973fe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf64c77533cca6d18f8550c06e4d42b7ff4973fe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200320/02df6379/attachment.html>
More information about the debian-security-tracker-commits
mailing list