[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Mar 23 20:10:26 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d0d5acc3 by security tracker role at 2020-03-23T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2020-10870 (Zim through 0.72.1 creates temporary directories with predictable name ...)
+ TODO: check
+CVE-2020-10869
+ RESERVED
+CVE-2020-10868
+ RESERVED
+CVE-2020-10867
+ RESERVED
+CVE-2020-10866
+ RESERVED
+CVE-2020-10865
+ RESERVED
+CVE-2020-10864
+ RESERVED
+CVE-2020-10863
+ RESERVED
+CVE-2020-10862
+ RESERVED
+CVE-2020-10861
+ RESERVED
+CVE-2020-10860
+ RESERVED
+CVE-2020-10859
+ RESERVED
+CVE-2020-10858
+ RESERVED
+CVE-2020-10857
+ RESERVED
+CVE-2020-10856
+ RESERVED
+CVE-2019-20627 (AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. ...)
+ TODO: check
+CVE-2019-20626 (The remote keyless system on Honda HR-V 2017 vehicles sends the same R ...)
+ TODO: check
CVE-2020-XXXX [memcached extlen buffer overflow]
- memcached <unfixed> (bug #954808)
[buster] - memcached <not-affected> (Introduced in 1.6)
@@ -311,8 +345,8 @@ CVE-2020-10806 (eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x
NOT-FOR-US: eZ Publish Kernel
CVE-2020-10805
RESERVED
-CVE-2016-11022
- RESERVED
+CVE-2016-11022 (NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 ...)
+ TODO: check
CVE-2020-10804 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...)
- phpmyadmin <unfixed> (bug #954667)
[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
@@ -348,8 +382,8 @@ CVE-2020-10795
RESERVED
CVE-2020-10794
RESERVED
-CVE-2020-10793
- RESERVED
+CVE-2020-10793 (CodeIgniter through 4.0.0 allows remote attackers to gain privileges v ...)
+ TODO: check
CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to configure the s ...)
NOT-FOR-US: openITCOCKPIT
CVE-2020-10791
@@ -622,10 +656,10 @@ CVE-2020-10663
RESERVED
CVE-2020-10662
RESERVED
-CVE-2020-10661
- RESERVED
-CVE-2020-10660
- RESERVED
+CVE-2020-10661 (HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may ...)
+ TODO: check
+CVE-2020-10660 (HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, ...)
+ TODO: check
CVE-2019-20529 (In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12 ...)
NOT-FOR-US: Frappe Framework
CVE-2019-20528 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...)
@@ -802,16 +836,14 @@ CVE-2020-10595
RESERVED
CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows att ...)
NOT-FOR-US: drf-jwt
-CVE-2020-10593
- RESERVED
+CVE-2020-10593 (Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 ...)
- tor 0.4.2.7-1
[buster] - tor <not-affected> (Only affects tor 0.4.0.1-alpha onwards)
[stretch] - tor <not-affected> (Only affects tor 0.4.0.1-alpha onwards)
[jessie] - tor <not-affected> (Only affects tor 0.4.0.1-alpha onwards)
NOTE: https://blog.torproject.org/new-releases-03510-0419-0427
NOTE: https://bugs.torproject.org/33619
-CVE-2020-10592
- RESERVED
+CVE-2020-10592 (Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 ...)
{DSA-4644-1}
- tor 0.4.2.7-1
[stretch] - tor <end-of-life> (See DSA 4644)
@@ -1290,8 +1322,8 @@ CVE-2020-10366
RESERVED
CVE-2020-10365 (LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the ...)
NOT-FOR-US: LogicalDoc
-CVE-2020-10364
- RESERVED
+CVE-2020-10364 (The SSH daemon on MikroTik routers through v6.44.3 could allow remote ...)
+ TODO: check
CVE-2020-10363
RESERVED
CVE-2020-10362
@@ -2626,12 +2658,10 @@ CVE-2020-9762
RESERVED
CVE-2020-9761 (An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The ...)
NOT-FOR-US: UNCTAD ASYCUDA World
-CVE-2020-9760
- RESERVED
+CVE-2020-9760 (An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affe ...)
- weechat 2.7.1-1
NOTE: https://github.com/weechat/weechat/commit/694b5c9f874d7337cd2e03761e0de435275dd64d
-CVE-2020-9759
- RESERVED
+CVE-2020-9759 (An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affe ...)
- weechat 2.7.1-1
NOTE: https://github.com/weechat/weechat/commit/c827d6fa864e2c0b79cea640c45272e83703081e
CVE-2020-9758 (An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (He ...)
@@ -3447,8 +3477,8 @@ CVE-2020-9394 (An issue was discovered in the pricing-table-by-supsystic plugin
NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress
CVE-2020-9393 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...)
NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress
-CVE-2020-9392
- RESERVED
+CVE-2020-9392 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...)
+ TODO: check
CVE-2020-9390
RESERVED
CVE-2020-9389
@@ -4658,18 +4688,18 @@ CVE-2020-8878 (This vulnerability allows remote attackers to execute arbitrary c
NOT-FOR-US: Foxit Studio Photo
CVE-2020-8877 (This vulnerability allows remote attackers to disclose sensitive infor ...)
NOT-FOR-US: Foxit Studio Photo
-CVE-2020-8876
- RESERVED
-CVE-2020-8875
- RESERVED
-CVE-2020-8874
- RESERVED
-CVE-2020-8873
- RESERVED
-CVE-2020-8872
- RESERVED
-CVE-2020-8871
- RESERVED
+CVE-2020-8876 (This vulnerability allows local attackers to disclose information on a ...)
+ TODO: check
+CVE-2020-8875 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
+CVE-2020-8874 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
+CVE-2020-8873 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
+CVE-2020-8872 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ TODO: check
+CVE-2020-8871 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
CVE-2020-8870
RESERVED
CVE-2020-8869
@@ -4746,8 +4776,8 @@ CVE-2015-9542 (add_password in pam_radius_auth.c in pam_radius 1.4.0 does not co
NOTE: https://github.com/FreeRADIUS/pam_radius/commit/6bae92d
NOTE: https://github.com/FreeRADIUS/pam_radius/commit/ac2c1677
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1686980
-CVE-2020-8838
- RESERVED
+CVE-2020-8838 (An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During ...)
+ TODO: check
CVE-2020-8837
RESERVED
CVE-2020-8836
@@ -5494,8 +5524,8 @@ CVE-2020-8513
RESERVED
CVE-2020-8512 (In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webma ...)
NOT-FOR-US: IceWarp Webmail Server
-CVE-2020-8511
- RESERVED
+CVE-2020-8511 (In Artica Pandora FMS through 7.42, Web Admin users can execute arbitr ...)
+ TODO: check
CVE-2020-8510 (An issue was discovered in phpABook 0.9 Intermediate. On the login pag ...)
NOT-FOR-US: phpABook
CVE-2020-8509
@@ -5522,8 +5552,8 @@ CVE-2020-8499
RESERVED
CVE-2020-8498 (XSS exists in the shortcode functionality of the GistPress plugin befo ...)
NOT-FOR-US: shortcode functionality of the GistPress plugin for WordPress
-CVE-2020-8497
- RESERVED
+CVE-2020-8497 (In Artica Pandora FMS through 7.42, an unauthenticated attacker can re ...)
+ TODO: check
CVE-2020-8496 (In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions ...)
NOT-FOR-US: Kronos Web Time and Attendance (webTA)
CVE-2020-8495 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions ...)
@@ -6810,8 +6840,8 @@ CVE-2020-7937 (An XSS issue in the title field in Plone 5.0 through 5.2.1 allows
NOT-FOR-US: Plone
CVE-2020-7936 (An open redirect on the login form (and possibly other places) in Plon ...)
NOT-FOR-US: Plone
-CVE-2020-7935
- RESERVED
+CVE-2020-7935 (Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execu ...)
+ TODO: check
CVE-2020-7934 (In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, ...)
NOT-FOR-US: LifeRay Portal
CVE-2020-7933
@@ -7834,12 +7864,12 @@ CVE-2020-7478
RESERVED
CVE-2020-7477
RESERVED
-CVE-2020-7476
- RESERVED
-CVE-2020-7475
- RESERVED
-CVE-2020-7474
- RESERVED
+CVE-2020-7476 (A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Instal ...)
+ TODO: check
+CVE-2020-7475 (A CWE-74: Improper Neutralization of Special Elements in Output Used b ...)
+ TODO: check
+CVE-2020-7474 (A CWE-427: Uncontrolled Search Path Element vulnerability exists in Pr ...)
+ TODO: check
CVE-2020-7473
RESERVED
CVE-2020-7472
@@ -9792,8 +9822,8 @@ CVE-2020-6652
RESERVED
CVE-2020-6651
RESERVED
-CVE-2020-6650
- RESERVED
+CVE-2020-6650 (UPS companion software v1.05 & Prior is affected by ‘Eval In ...)
+ TODO: check
CVE-2020-6649
RESERVED
CVE-2020-6648
@@ -10301,8 +10331,7 @@ CVE-2020-6426 (Inappropriate implementation in V8 in Google Chrome prior to 80.0
{DSA-4645-1}
- chromium 80.0.3987.149-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6425
- RESERVED
+CVE-2020-6425 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
{DSA-4645-1}
- chromium 80.0.3987.149-1
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -16517,8 +16546,8 @@ CVE-2019-19965 (In the Linux kernel through 5.4.6, there is a NULL pointer deref
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
NOTE: https://git.kernel.org/linus/f70267f379b5e5e11bdc5d72a56bf17e5feed01f
-CVE-2019-19964
- RESERVED
+CVE-2019-19964 (On NETGEAR GS728TPS devices through 5.3.0.35, a remote attacker having ...)
+ TODO: check
CVE-2019-19963 (An issue was discovered in wolfSSL before 4.3.0 in a non-default confi ...)
- wolfssl 4.3.0+dfsg-1
NOTE: https://github.com/wolfSSL/wolfssl/commit/7e391f0fd57f2ef375b1174d752a56ce34b2b190 (v4.3.0-stable)
@@ -21918,13 +21947,11 @@ CVE-2020-1953 (Apache Commons Configuration uses a third-party library to parse
NOTE: https://www.openwall.com/lists/oss-security/2020/03/13/1
CVE-2020-1952
RESERVED
-CVE-2020-1951 [Infinite Loop (DoS) vulnerability in Apache Tika's PSDParser]
- RESERVED
+CVE-2020-1951 (A carefully crafted or corrupt PSD file can cause an infinite loop in ...)
- tika <unfixed> (bug #954302)
[buster] - tika <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/4
-CVE-2020-1950 [Excessive memory usage (DoS) vulnerability in Apache Tika's PSDParser]
- RESERVED
+CVE-2020-1950 (A carefully crafted or corrupt PSD file can cause excessive memory usa ...)
- tika <unfixed> (bug #954303)
[buster] - tika <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/3
@@ -23917,8 +23944,8 @@ CVE-2019-19035 (jhead 3.03 is affected by: heap-based buffer over-read. The impa
- jhead 1:3.04-1 (unimportant; bug #944961)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765647
NOTE: Crash in CLI tool, no security impact
-CVE-2019-19034
- RESERVED
+CVE-2019-19034 (Zoho ManageEngine Asset Explorer 6.5 does not validate the System Cent ...)
+ TODO: check
CVE-2019-19033 (Jalios JCMS 10 allows attackers to access any part of the website and ...)
NOT-FOR-US: Jalios JCMS
CVE-2019-19032 (XMLBlueprint through 16.191112 is affected by XML External Entity Inje ...)
@@ -36764,8 +36791,8 @@ CVE-2019-15512
RESERVED
CVE-2019-15511 (An exploitable local privilege escalation vulnerability exists in the ...)
NOT-FOR-US: GOG Galaxy
-CVE-2019-15510
- RESERVED
+CVE-2019-15510 (ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 1 ...)
+ TODO: check
CVE-2019-15509
RESERVED
CVE-2019-15508 (In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy ...)
@@ -67901,12 +67928,12 @@ CVE-2019-5188 (A code execution vulnerability exists in the directory rehashing
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973
CVE-2019-5187 (An exploitable out-of-bounds write vulnerability exists in the TIFread ...)
NOT-FOR-US: Accusoft ImageGear
-CVE-2019-5186
- RESERVED
-CVE-2019-5185
- RESERVED
-CVE-2019-5184
- RESERVED
+CVE-2019-5186 (An exploitable stack buffer overflow vulnerability vulnerability exist ...)
+ TODO: check
+CVE-2019-5185 (An exploitable stack buffer overflow vulnerability vulnerability exist ...)
+ TODO: check
+CVE-2019-5184 (An exploitable double free vulnerability exists in the iocheckd servic ...)
+ TODO: check
CVE-2019-5183 (An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL ...)
NOT-FOR-US: AMD ATIDXX64.DLL driver
CVE-2019-5182 (An exploitable stack buffer overflow vulnerability vulnerability exist ...)
@@ -68985,8 +69012,8 @@ CVE-2019-4720 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulner
NOT-FOR-US: IBM
CVE-2019-4719 (IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C ...)
NOT-FOR-US: IBM
-CVE-2019-4718
- RESERVED
+CVE-2019-4718 (IBM Jazz for Service Management 3.13 is vulnerable to cross-site scrip ...)
+ TODO: check
CVE-2019-4717
RESERVED
CVE-2019-4716 (IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configur ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0d5acc39021750d2685bedd152a8e11ed83ba47
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0d5acc39021750d2685bedd152a8e11ed83ba47
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200323/d959a1f0/attachment.html>
More information about the debian-security-tracker-commits
mailing list