[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Mar 21 08:10:24 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ca019f28 by security tracker role at 2020-03-21T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,235 @@
+CVE-2020-10799 (The svglib package through 0.9.3 for Python allows XXE attacks via an ...)
+ TODO: check
+CVE-2020-10798
+ RESERVED
+CVE-2020-10797
+ RESERVED
+CVE-2020-10796
+ RESERVED
+CVE-2020-10795
+ RESERVED
+CVE-2020-10794
+ RESERVED
+CVE-2020-10793
+ RESERVED
+CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to configure the s ...)
+ TODO: check
+CVE-2020-10791
+ RESERVED
+CVE-2020-10790
+ RESERVED
+CVE-2020-10789
+ RESERVED
+CVE-2020-10788
+ RESERVED
+CVE-2020-10787
+ RESERVED
+CVE-2020-10786
+ RESERVED
+CVE-2020-10785
+ RESERVED
+CVE-2020-10784
+ RESERVED
+CVE-2020-10783
+ RESERVED
+CVE-2020-10782
+ RESERVED
+CVE-2020-10781
+ RESERVED
+CVE-2020-10780
+ RESERVED
+CVE-2020-10779
+ RESERVED
+CVE-2020-10778
+ RESERVED
+CVE-2020-10777
+ RESERVED
+CVE-2020-10776
+ RESERVED
+CVE-2020-10775
+ RESERVED
+CVE-2020-10774
+ RESERVED
+CVE-2020-10773
+ RESERVED
+CVE-2020-10772
+ RESERVED
+CVE-2020-10771
+ RESERVED
+CVE-2020-10770
+ RESERVED
+CVE-2020-10769
+ RESERVED
+CVE-2020-10768
+ RESERVED
+CVE-2020-10767
+ RESERVED
+CVE-2020-10766
+ RESERVED
+CVE-2020-10765
+ RESERVED
+CVE-2020-10764
+ RESERVED
+CVE-2020-10763
+ RESERVED
+CVE-2020-10762
+ RESERVED
+CVE-2020-10761
+ RESERVED
+CVE-2020-10760
+ RESERVED
+CVE-2020-10759
+ RESERVED
+CVE-2020-10758
+ RESERVED
+CVE-2020-10757
+ RESERVED
+CVE-2020-10756
+ RESERVED
+CVE-2020-10755
+ RESERVED
+CVE-2020-10754
+ RESERVED
+CVE-2020-10753
+ RESERVED
+CVE-2020-10752
+ RESERVED
+CVE-2020-10751
+ RESERVED
+CVE-2020-10750
+ RESERVED
+CVE-2020-10749
+ RESERVED
+CVE-2020-10748
+ RESERVED
+CVE-2020-10747
+ RESERVED
+CVE-2020-10746
+ RESERVED
+CVE-2020-10745
+ RESERVED
+CVE-2020-10744
+ RESERVED
+CVE-2020-10743
+ RESERVED
+CVE-2020-10742
+ RESERVED
+CVE-2020-10741
+ RESERVED
+CVE-2020-10740
+ RESERVED
+CVE-2020-10739
+ RESERVED
+CVE-2020-10738
+ RESERVED
+CVE-2020-10737
+ RESERVED
+CVE-2020-10736
+ RESERVED
+CVE-2020-10735
+ RESERVED
+CVE-2020-10734
+ RESERVED
+CVE-2020-10733
+ RESERVED
+CVE-2020-10732
+ RESERVED
+CVE-2020-10731
+ RESERVED
+CVE-2020-10730
+ RESERVED
+CVE-2020-10729
+ RESERVED
+CVE-2020-10728
+ RESERVED
+CVE-2020-10727
+ RESERVED
+CVE-2020-10726
+ RESERVED
+CVE-2020-10725
+ RESERVED
+CVE-2020-10724
+ RESERVED
+CVE-2020-10723
+ RESERVED
+CVE-2020-10722
+ RESERVED
+CVE-2020-10721
+ RESERVED
+CVE-2020-10720
+ RESERVED
+CVE-2020-10719
+ RESERVED
+CVE-2020-10718
+ RESERVED
+CVE-2020-10717
+ RESERVED
+CVE-2020-10716
+ RESERVED
+CVE-2020-10715
+ RESERVED
+CVE-2020-10714
+ RESERVED
+CVE-2020-10713
+ RESERVED
+CVE-2020-10712
+ RESERVED
+CVE-2020-10711
+ RESERVED
+CVE-2020-10710
+ RESERVED
+CVE-2020-10709
+ RESERVED
+CVE-2020-10708
+ RESERVED
+CVE-2020-10707
+ RESERVED
+CVE-2020-10706
+ RESERVED
+CVE-2020-10705
+ RESERVED
+CVE-2020-10704
+ RESERVED
+CVE-2020-10703
+ RESERVED
+CVE-2020-10702
+ RESERVED
+CVE-2020-10701
+ RESERVED
+CVE-2020-10700
+ RESERVED
+CVE-2020-10699
+ RESERVED
+CVE-2020-10698
+ RESERVED
+CVE-2020-10697
+ RESERVED
+CVE-2020-10696
+ RESERVED
+CVE-2020-10695
+ RESERVED
+CVE-2020-10694
+ RESERVED
+CVE-2020-10693
+ RESERVED
+CVE-2020-10692
+ RESERVED
+CVE-2020-10691
+ RESERVED
+CVE-2020-10690
+ RESERVED
+CVE-2020-10689
+ RESERVED
+CVE-2020-10688
+ RESERVED
+CVE-2020-10687
+ RESERVED
+CVE-2020-10686
+ RESERVED
+CVE-2020-10685
+ RESERVED
+CVE-2020-10684
+ RESERVED
CVE-2020-10683
RESERVED
CVE-2020-10682 (The Filemanager in CMS Made Simple 2.2.13 allows remote code execution ...)
@@ -240,6 +472,7 @@ CVE-2020-10593
NOTE: https://bugs.torproject.org/33619
CVE-2020-10592
RESERVED
+ {DSA-4644-1}
- tor 0.4.2.7-1
[stretch] - tor <end-of-life> (See DSA 4644)
NOTE: https://blog.torproject.org/new-releases-03510-0419-0427
@@ -317,8 +550,8 @@ CVE-2020-10560
RESERVED
CVE-2020-10559
RESERVED
-CVE-2020-10558
- RESERVED
+CVE-2020-10558 (The driving interface of Tesla Model 3 vehicles in any release before ...)
+ TODO: check
CVE-2020-10557 (An issue was discovered in AContent through 1.4. It allows the user to ...)
NOT-FOR-US: AContent
CVE-2020-10556
@@ -1083,8 +1316,8 @@ CVE-2020-10196 (An XSS vulnerability in the popup-builder plugin before 3.64.1 f
NOT-FOR-US: popup-builder plugin for WordPress
CVE-2020-10195 (The popup-builder plugin before 3.64.1 for WordPress allows informatio ...)
NOT-FOR-US: popup-builder plugin for WordPress
-CVE-2020-10194
- RESERVED
+CVE-2020-10194 (cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8. ...)
+ TODO: check
CVE-2020-10193 (ESET Archive Support Module before 1294 allows virus-detection bypass ...)
NOT-FOR-US: ESET Archive Support Module
CVE-2020-10192 (An issue was discovered in Munkireport before 5.3.0.3923. An unauthent ...)
@@ -2651,8 +2884,8 @@ CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holdin
[stretch] - libvirt <no-dsa> (Minor issue)
[jessie] - libvirt <not-affected> (Vulnerable code not present)
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=a663a860819287e041c3de672aad1d8543098ecc (v6.0.0-rc1)
-CVE-2013-7487
- RESERVED
+CVE-2013-7487 (On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr ap ...)
+ TODO: check
CVE-2020-9478
RESERVED
CVE-2020-9477 (An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vu ...)
@@ -2758,8 +2991,8 @@ CVE-2020-9427
RESERVED
CVE-2020-9426
RESERVED
-CVE-2020-9425
- RESERVED
+CVE-2020-9425 (An issue was discovered in includes/head.inc.php in rConfig before 3.9 ...)
+ TODO: check
CVE-2020-9424
RESERVED
CVE-2020-9423 (LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary fi ...)
@@ -4067,20 +4300,20 @@ CVE-2012-6720 (Multiple cross-site scripting (XSS) vulnerabilities in SocialEngi
NOT-FOR-US: SocialEngine
CVE-2020-8884
RESERVED
-CVE-2020-8883
- RESERVED
-CVE-2020-8882
- RESERVED
-CVE-2020-8881
- RESERVED
-CVE-2020-8880
- RESERVED
-CVE-2020-8879
- RESERVED
-CVE-2020-8878
- RESERVED
-CVE-2020-8877
- RESERVED
+CVE-2020-8883 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2020-8882 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-8881 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-8880 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-8879 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2020-8878 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-8877 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
CVE-2020-8876
RESERVED
CVE-2020-8875
@@ -5706,20 +5939,20 @@ CVE-2020-8142
CVE-2020-8141 (The dot package v1.1.2 uses Function() to compile templates. This can ...)
- node-dot 1.1.3+ds-1
NOTE: https://hackerone.com/reports/390929
-CVE-2020-8140
- RESERVED
-CVE-2020-8139
- RESERVED
-CVE-2020-8138
- RESERVED
-CVE-2020-8137
- RESERVED
-CVE-2020-8136
- RESERVED
-CVE-2020-8135
- RESERVED
-CVE-2020-8134
- RESERVED
+CVE-2020-8140 (A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed t ...)
+ TODO: check
+CVE-2020-8139 (A missing access control check in Nextcloud Server < 18.0.1, < 1 ...)
+ TODO: check
+CVE-2020-8138 (A missing check for IPv4 nested inside IPv6 in Nextcloud server < 1 ...)
+ TODO: check
+CVE-2020-8137 (Code injection vulnerability in blamer 1.0.0 and earlier may result in ...)
+ TODO: check
+CVE-2020-8136 (Prototype pollution vulnerability in fastify-multipart < 1.0.5 allo ...)
+ TODO: check
+CVE-2020-8135 (The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request ...)
+ TODO: check
+CVE-2020-8134 (Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.1 ...)
+ TODO: check
CVE-2020-8133
RESERVED
CVE-2020-8132 (Lack of input validation in pdf-image npm package version <= 2.0.0 ...)
@@ -6173,8 +6406,8 @@ CVE-2015-9541 (Qt through 5.14 allows an exponential XML entity expansion attack
NOTE: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=fd4be84d23a0db4186cb42e736a9de3af722c7f7
CVE-2020-7962
RESERVED
-CVE-2020-7961
- RESERVED
+CVE-2020-7961 (Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE ...)
+ TODO: check
CVE-2020-7960
RESERVED
CVE-2020-7959 (LabVantage LIMS 8.3 does not properly maintain the confidentiality of ...)
@@ -22466,8 +22699,8 @@ CVE-2019-19326
RESERVED
CVE-2019-19325 (SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows ...)
NOT-FOR-US: SilverStripe
-CVE-2019-19324
- RESERVED
+CVE-2019-19324 (Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms ...)
+ TODO: check
CVE-2019-19323
RESERVED
CVE-2019-19322
@@ -22949,8 +23182,8 @@ CVE-2019-19150 (On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.
NOT-FOR-US: F5 BIG-IP
CVE-2019-19149
RESERVED
-CVE-2019-19148
- RESERVED
+CVE-2019-19148 (Tellabs Optical Line Terminal (OLT) 1150 devices allow Remote Command ...)
+ TODO: check
CVE-2019-19147
RESERVED
CVE-2019-19146
@@ -23544,8 +23777,8 @@ CVE-2019-18938 (eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail Add
NOT-FOR-US: eQ-3 Homematic
CVE-2019-18937 (eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser Ad ...)
NOT-FOR-US: eQ-3 Homematic
-CVE-2019-18936
- RESERVED
+CVE-2019-18936 (UniValue::read() in UniValue before 1.0.5 allow attackers to cause a d ...)
+ TODO: check
CVE-2019-18935 (Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .N ...)
NOT-FOR-US: Progress Telerik UI for ASP.NET AJAX
CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec modul ...)
@@ -23747,8 +23980,8 @@ CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and allow
NOTE: /usr/sbin/maidat not installed suid root on Debian
CVE-2019-18861
RESERVED
-CVE-2019-18860
- RESERVED
+CVE-2019-18860 (Squid before 4.9, when certain web browsers are used, mishandles HTML ...)
+ TODO: check
CVE-2019-18859 (Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. ...)
NOT-FOR-US: Digi AnywhereUSB
CVE-2019-18858 (CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Con ...)
@@ -26478,8 +26711,8 @@ CVE-2019-18643
RESERVED
CVE-2019-18642
RESERVED
-CVE-2019-18641
- RESERVED
+CVE-2019-18641 (Rock RMS before 1.8.6 mishandles vCard access control within the Peopl ...)
+ TODO: check
CVE-2019-18640
RESERVED
CVE-2019-18639
@@ -31271,8 +31504,8 @@ CVE-2019-17187 (/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.
NOT-FOR-US: FiberHome HG2201T devices
CVE-2019-17186 (/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_JS_201 ...)
NOT-FOR-US: FiberHome HG2201T devices
-CVE-2019-17185
- RESERVED
+CVE-2019-17185 (In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global Op ...)
+ TODO: check
CVE-2019-17184 (Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C ...)
NOT-FOR-US: Xerox printers
CVE-2019-17183 (Foxit Reader before 9.7 allows an Access Violation and crash if insuff ...)
@@ -33135,8 +33368,7 @@ CVE-2019-16530 (Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x bef
NOT-FOR-US: Sonatype
CVE-2019-16529 (An issue was discovered in the CheckUser extension through 1.35.0 for ...)
NOT-FOR-US: CheckUser extension for MediawWiki
-CVE-2019-16528
- RESERVED
+CVE-2019-16528 (An issue was discovered in the AbuseFilter extension for MediaWiki. in ...)
NOT-FOR-US: AbuseFilter extension for MediawWiki
CVE-2019-16527
RESERVED
@@ -33846,8 +34078,8 @@ CVE-2019-16260
RESERVED
CVE-2019-16259
RESERVED
-CVE-2019-16258
- RESERVED
+CVE-2019-16258 (The bootloader of the homee Brain Cube V2 through 2.23.0 allows attack ...)
+ TODO: check
CVE-2019-16257 (Some Motorola devices include the SIMalliance Toolbox Browser (aka S at T ...)
NOT-FOR-US: SIMalliance Toolbox Browser
CVE-2019-16256 (Some Samsung devices include the SIMalliance Toolbox Browser (aka S at T ...)
@@ -35690,16 +35922,16 @@ CVE-2019-15666 (An issue was discovered in the Linux kernel before 5.0.19. There
[stretch] - linux 4.9.184-1
[jessie] - linux 3.16.72-1
NOTE: https://git.kernel.org/linus/b805d78d300bcf2c83d6df7da0c818b0fee41427
-CVE-2019-15665
- RESERVED
-CVE-2019-15664
- RESERVED
-CVE-2019-15663
- RESERVED
-CVE-2019-15662
- RESERVED
-CVE-2019-15661
- RESERVED
+CVE-2019-15665 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...)
+ TODO: check
+CVE-2019-15664 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...)
+ TODO: check
+CVE-2019-15663 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...)
+ TODO: check
+CVE-2019-15662 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...)
+ TODO: check
+CVE-2019-15661 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...)
+ TODO: check
CVE-2019-15660 (The wp-members plugin before 3.2.8 for WordPress has CSRF. ...)
NOT-FOR-US: wp-members plugin for WordPress
CVE-2019-15659 (The pie-register plugin before 3.1.2 for WordPress has SQL injection, ...)
@@ -36144,8 +36376,8 @@ CVE-2019-15524 (CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a
NOT-FOR-US: CSZ CMS
CVE-2019-15523
RESERVED
-CVE-2019-15522
- RESERVED
+CVE-2019-15522 (An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_ses ...)
+ TODO: check
CVE-2019-15521 (Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and ...)
NOT-FOR-US: Spoon Library
CVE-2019-15520 (comelz Quark before 2019-03-26 allows directory traversal to locations ...)
@@ -37571,8 +37803,8 @@ CVE-2019-15077
RESERVED
CVE-2019-15076
RESERVED
-CVE-2019-15075
- RESERVED
+CVE-2019-15075 (An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/ ...)
+ TODO: check
CVE-2019-15074 (The Timeline feature in my_view_page.php in MantisBT through 2.21.1 ha ...)
- mantis <removed>
NOTE: https://github.com/mantisbt/mantisbt/commit/9cee1971c498bbe0a72bca1c773fae50171d8c27
@@ -43972,8 +44204,8 @@ CVE-2019-13464 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS)
[jessie] - modsecurity-crs <not-affected> (incorrect rule does not exist)
NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/commit/6090d6b0a90417f1a60aa68a01eb777cef2e1184
NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1386
-CVE-2019-13463
- RESERVED
+CVE-2019-13463 (An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Li ...)
+ TODO: check
CVE-2019-13462 (Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. ...)
NOT-FOR-US: Lansweeper
CVE-2019-13461 (In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_addre ...)
@@ -44171,8 +44403,8 @@ CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at adx_write_traile
[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
NOTE: https://trac.ffmpeg.org/ticket/7979
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=aef24efb0c1e65097ab77a4bf9264189bdf3ace3
-CVE-2019-13389
- RESERVED
+CVE-2019-13389 (RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as ...)
+ TODO: check
CVE-2019-13388
RESERVED
CVE-2019-13387 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected ...)
@@ -45968,8 +46200,8 @@ CVE-2019-12769 (SolarWinds Serv-U Managed File Transfer (MFT) Web client before
TODO: check
CVE-2019-12768
RESERVED
-CVE-2019-12767
- RESERVED
+CVE-2019-12767 (An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H ...)
+ TODO: check
CVE-2019-12766 (An issue was discovered in Joomla! before 3.9.7. The subform fieldtype ...)
NOT-FOR-US: Joomla!
CVE-2019-12765 (An issue was discovered in Joomla! before 3.9.7. The CSV export of com ...)
@@ -46575,8 +46807,8 @@ CVE-2019-12501
RESERVED
CVE-2019-12500 (The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "su ...)
NOT-FOR-US: Xiaomi M365 scooter
-CVE-2019-12498
- RESERVED
+CVE-2019-12498 (The WP Live Chat Support plugin before 8.0.33 for WordPress accepts ce ...)
+ TODO: check
CVE-2019-12497 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
{DLA-1816-1}
- otrs2 6.0.19-1
@@ -49331,8 +49563,8 @@ CVE-2019-11576 (Gitea before 1.8.0 allows 1FA for user accounts that have comple
- gitea <removed>
CVE-2019-11575
RESERVED
-CVE-2019-11574
- RESERVED
+CVE-2019-11574 (An issue was discovered in Simple Machines Forum (SMF) before release ...)
+ TODO: check
CVE-2019-11573
RESERVED
CVE-2019-11572
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca019f282dc7bc70148a07d1a570911e0977af63
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca019f282dc7bc70148a07d1a570911e0977af63
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200321/5bbb0844/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list