Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8f205b48 by security tracker role at 2019-12-27T20:10:29Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2019-20049 (An issue was discovered on Alcatel-Lucent OmniVista 4760
devices. A re ...)
+ TODO: check
+CVE-2019-20048 (An issue was discovered on Alcatel-Lucent OmniVista 8770
devices befor ...)
+ TODO: check
+CVE-2019-20047 (An issue was discovered on Alcatel-Lucent OmniVista 4760
devices, and ...)
+ TODO: check
+CVE-2019-20046
+ RESERVED
+CVE-2019-20045
+ RESERVED
+CVE-2019-20044
+ RESERVED
CVE-2019-20040
RESERVED
CVE-2019-20039
@@ -58,7 +70,7 @@ CVE-2019-20018 (A stack-based buffer over-read was discovered
in ReadNextCell in
CVE-2019-20017 (A stack-based buffer over-read was discovered in
Mat_VarReadNextInfo5 ...)
- libmatio <unfixed>
NOTE: https://github.com/tbeu/matio/issues/127
-CVE-2019-20016 (libmysofa 0.9 does not properly restrict recursive function
calls, as ...)
+CVE-2019-20016 (libmysofa before 2019-11-24 does not properly restrict
recursive funct ...)
- libmysofa 0.9~dfsg0-1
[buster] - libmysofa <no-dsa> (Minor issue)
NOTE:
https://github.com/hoene/libmysofa/commit/2e6fac6ab6156dae8e8c6f417741388084b70d6f
@@ -1170,17 +1182,17 @@ CVE-2019-19835
RESERVED
CVE-2019-19834
RESERVED
-CVE-2019-20043
+CVE-2019-20043 (WordPress before 5.3.1 allowed an unauthenticated user to make
a post ...)
- wordpress <unfixed> (bug #946905)
NOTE: https://core.trac.wordpress.org/changeset/46893/trunk
NOTE:
https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9
NOTE:
https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
-CVE-2019-20042
+CVE-2019-20042 (WordPress before 5.3.1 allowed an attacker to create a
cross-site scri ...)
- wordpress <unfixed> (bug #946905)
NOTE: https://core.trac.wordpress.org/changeset/46894/trunk
NOTE:
https://github.com/WordPress/wordpress-develop/commit/1f7f3f1f59567e2504f0fbebd51ccf004b3ccb1d
NOTE:
https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
-CVE-2019-20041
+CVE-2019-20041 (wp_kses_bad_protocol in wp-includes/kses.php in WordPress
before 5.3.1 ...)
- wordpress <unfixed> (bug #946905)
NOTE:
https://github.com/WordPress/wordpress-develop/commit/b1975463dd995da19bb40d3fa0786498717e3c53
NOTE:
https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
@@ -1325,8 +1337,8 @@ CVE-2019-19783 (An issue was discovered in Cyrus IMAP
before 2.5.15, 3.0.x befor
NOTE:
https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html#security-fixes
CVE-2019-19782 (The FTP client in AceaXe Plus 1.0 allows a buffer overflow via
a long ...)
NOT-FOR-US: AceaXe Plus
-CVE-2019-19781
- RESERVED
+CVE-2019-19781 (An issue was discovered in Citrix Application Delivery
Controller (ADC ...)
+ TODO: check
CVE-2019-19780
RESERVED
CVE-2019-19779
@@ -15665,8 +15677,8 @@ CVE-2019-16898
REJECTED
CVE-2019-16897 (In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total
Security ...)
NOT-FOR-US: K7
-CVE-2019-16896
- RESERVED
+CVE-2019-16896 (In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll
(aka the ba ...)
+ TODO: check
CVE-2019-16895
REJECTED
CVE-2019-16894 (download.php in inoERP 4.15 allows SQL injection through
insecure dese ...)
@@ -181081,10 +181093,10 @@ CVE-2016-6251
REJECTED
CVE-2016-6248
RESERVED
-CVE-2016-1000029
- RESERVED
-CVE-2016-1000028
- RESERVED
+CVE-2016-1000029 (Tenable Nessus before 6.8 has a stored XSS issue that
requires admin-l ...)
+ TODO: check
+CVE-2016-1000028 (Tenable Nessus before 6.8 has a stored XSS issue that
requires admin-l ...)
+ TODO: check
CVE-2016-6247 (OpenBSD 5.8 and 5.9 allows certain local users to cause a
denial of se ...)
NOT-FOR-US: OpenBSD kernel
CVE-2016-6246 (OpenBSD 5.8 and 5.9 allows certain local users with
kern.usermount pri ...)
@@ -239620,8 +239632,8 @@ CVE-2014-4594 (Cross-site scripting (XSS)
vulnerability in index.php in the Word
NOT-FOR-US: WordPress plugin Responsive Preview
CVE-2014-4593 (Cross-site scripting (XSS) vulnerability in
wp-plugins-net/index.php i ...)
NOT-FOR-US: WordPress plugin WP Plugin Manager
-CVE-2014-4592
- RESERVED
+CVE-2014-4592 (Cross-site scripting (XSS) vulnerability in
rss.class/scripts/magpie_d ...)
+ TODO: check
CVE-2014-4591 (Cross-site scripting (XSS) vulnerability in picasa_upload.php
in the W ...)
NOT-FOR-US: WordPress plugin WP-Picasa-Image
CVE-2014-4590 (Cross-site scripting (XSS) vulnerability in get.php in the WP
Microblo ...)
@@ -239670,8 +239682,8 @@ CVE-2014-4569 (Cross-site scripting (XSS)
vulnerability in ls/vv_login.php in th
NOT-FOR-US: WordPress plugin VideoWhisper Live Streaming Integration
CVE-2014-4568 (Cross-site scripting (XSS) vulnerability in
posts/videowhisper/r_logou ...)
NOT-FOR-US: WordPress plugin
-CVE-2014-4567
- RESERVED
+CVE-2014-4567 (Cross-site scripting (XSS) vulnerability in
comments/videowhisper2/r_l ...)
+ TODO: check
CVE-2014-4566 (Cross-site scripting (XSS) vulnerability in
res/fake_twitter/frame.php ...)
NOT-FOR-US: WordPress plugin
CVE-2014-4565 (Multiple cross-site scripting (XSS) vulnerabilities in
vcc.js.php in t ...)
@@ -239686,10 +239698,10 @@ CVE-2014-4561
RESERVED
CVE-2014-4560 (Cross-site scripting (XSS) vulnerability in
includes/getTipo.php in th ...)
NOT-FOR-US: WordPress plugin ToolPage
-CVE-2014-4559
- RESERVED
-CVE-2014-4558
- RESERVED
+CVE-2014-4559 (Multiple cross-site scripting (XSS) vulnerabilities in
test-plugin.php ...)
+ TODO: check
+CVE-2014-4558 (Cross-site scripting (XSS) vulnerability in test-plugin.php in
the Swi ...)
+ TODO: check
CVE-2014-4557 (Cross-site scripting (XSS) vulnerability in test-plugin.php in
the Swi ...)
NOT-FOR-US: WordPress plugin Swipe Checkout for Jigoshop
CVE-2014-4556 (Cross-site scripting (XSS) vulnerability in test-plugin.php in
the Swi ...)
@@ -239708,16 +239720,16 @@ CVE-2014-4550
RESERVED
CVE-2014-4549 (Multiple cross-site scripting (XSS) vulnerabilities in
pages/3DComplet ...)
NOT-FOR-US: WordPress plugin WooCommerce SagePay Direct Payment Gateway
-CVE-2014-4548
- RESERVED
+CVE-2014-4548 (Cross-site scripting (XSS) vulnerability in tinymce/popup.php
in the R ...)
+ TODO: check
CVE-2014-4547 (Multiple cross-site scripting (XSS) vulnerabilities in
templates/defau ...)
NOT-FOR-US: WordPress plugin Rezgo Online Booking
CVE-2014-4546 (Cross-site scripting (XSS) vulnerability in book_ajax.php in
the Rezgo ...)
NOT-FOR-US: WordPress plugin Rezgo
CVE-2014-4545 (Multiple cross-site scripting (XSS) vulnerabilities in
pq_dialog.php i ...)
NOT-FOR-US: WordPress plugin Pro Quoter
-CVE-2014-4544
- RESERVED
+CVE-2014-4544 (Cross-site scripting (XSS) vulnerability in the Podcast
Channels plugi ...)
+ TODO: check
CVE-2014-4543 (Multiple cross-site scripting (XSS) vulnerabilities in
payper/payper.p ...)
NOT-FOR-US: WordPress plugin Pay Per Media Player
CVE-2014-4542 (Cross-site scripting (XSS) vulnerability in redirect.php in the
Ooorl ...)
@@ -239726,14 +239738,14 @@ CVE-2014-4541 (Cross-site scripting (XSS)
vulnerability in shortcode-generator/p
NOT-FOR-US: WordPress plugin OMFG Mobile Pro
CVE-2014-4540 (Cross-site scripting (XSS) vulnerability in
oleggo-twitter/twitter_log ...)
NOT-FOR-US: WordPress plugin Oleggo LiveStream
-CVE-2014-4539
- RESERVED
+CVE-2014-4539 (Cross-site scripting (XSS) vulnerability in the Movies plugin
0.6 and ...)
+ TODO: check
CVE-2014-4538 (Cross-site scripting (XSS) vulnerability in process.php in the
Malware ...)
NOT-FOR-US: WordPress plugin Malware Finder
CVE-2014-4537 (Cross-site scripting (XSS) vulnerability in inpage.tpl.php in
the Keyw ...)
NOT-FOR-US: WordPress plugin Keyword Strategy Internal Links
-CVE-2014-4536
- RESERVED
+CVE-2014-4536 (Multiple cross-site scripting (XSS) vulnerabilities in
tests/notAuto_t ...)
+ TODO: check
CVE-2014-4535
RESERVED
CVE-2014-4534 (Multiple cross-site scripting (XSS) vulnerabilities in
videoplayer/aut ...)
@@ -239754,20 +239766,20 @@ CVE-2014-4527 (Multiple cross-site scripting (XSS)
vulnerabilities in paginas/vi
NOT-FOR-US: WordPress plugin
envialosimple-email-marketing-y-newsletters-gratis
CVE-2014-4526 (Multiple cross-site scripting (XSS) vulnerabilities in
callback.php in ...)
NOT-FOR-US: WordPress plugin efence
-CVE-2014-4525
- RESERVED
+CVE-2014-4525 (Cross-site scripting (XSS) vulnerability in
magpie/scripts/magpie_slas ...)
+ TODO: check
CVE-2014-4524 (Cross-site scripting (XSS) vulnerability in
classes/custom-image/media ...)
NOT-FOR-US: WordPress plugin WP Easy Post Types
-CVE-2014-4523
- RESERVED
+CVE-2014-4523 (Cross-site scripting (XSS) vulnerability in the Easy Career
Openings p ...)
+ TODO: check
CVE-2014-4522 (Cross-site scripting (XSS) vulnerability in client-assist.php
in the d ...)
NOT-FOR-US: WordPress plugin dsSearchAgent: WordPress Edition
CVE-2014-4521 (Cross-site scripting (XSS) vulnerability in client-assist.php
in the d ...)
NOT-FOR-US: WordPress plugin dsIDXpress IDX
CVE-2014-4520 (Cross-site scripting (XSS) vulnerability in phprack.php in the
DMCA Wa ...)
NOT-FOR-US: WordPress plugin DMCA WaterMarker
-CVE-2014-4519
- RESERVED
+CVE-2014-4519 (Cross-site scripting (XSS) vulnerability in the Conversador
plugin 2.6 ...)
+ TODO: check
CVE-2014-4518 (Cross-site scripting (XSS) vulnerability in xd_resize.php in
the Conta ...)
NOT-FOR-US: WordPress plugin Contact Form by ContactMe.com
CVE-2014-4517 (Cross-site scripting (XSS) vulnerability in getNetworkSites.php
in the ...)
@@ -257675,8 +257687,8 @@ CVE-2013-5029 (phpMyAdmin 3.5.x and 4.0.x before
4.0.5 allows remote attackers t
[wheezy] - phpmyadmin <no-dsa> (Backport not feasible and
X-Frame-Options protection enough on any modern browser)
CVE-2013-5028 (SQL injection vulnerability in IT/hardware-list.dll in Kwoksys
Kwok In ...)
NOT-FOR-US: Kwok Information Server
-CVE-2013-5027
- RESERVED
+CVE-2013-5027 (Collabtive 1.0 has incorrect access control ...)
+ TODO: check
CVE-2013-5026 (An ActiveX control in lookout650.ocx, lookout660.ocx, and
lookout670.o ...)
NOT-FOR-US: National Instruments Lookout
CVE-2013-5025 (An ActiveX control in exlauncher.dll in the Help subsystem in
National ...)
@@ -257743,15 +257755,13 @@ CVE-2013-4987 (PineApp Mail-SeCure before 3.70
allows remote authenticated users
NOT-FOR-US: PinApp
CVE-2013-4986 (Stack-based buffer overflow in PDFAX0722_IconCool.dll
7.22.1125.2121 i ...)
NOT-FOR-US: PDFCool
-CVE-2013-4985
- RESERVED
+CVE-2013-4985 (Multiple Vivotek IP Cameras remote authentication bypass that
could al ...)
NOT-FOR-US: Vivotek IP Cameras
CVE-2013-4984 (The close_connections function in /opt/cma/bin/clear_keys.pl in
Sophos ...)
NOT-FOR-US: Sophos Web Protection Appliance
CVE-2013-4983 (The get_referers function in /opt/ws/bin/sblistpack in Sophos
Web Appl ...)
NOT-FOR-US: Sophos Web Protection Appliance
-CVE-2013-4982
- RESERVED
+CVE-2013-4982 (AVTECH AVN801 DVR has a security bypass via the administration
login c ...)
NOT-FOR-US: AVTECH DVR
CVE-2013-4981 (Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR
with f ...)
NOT-FOR-US: AVTECH DVR
@@ -257763,10 +257773,10 @@ CVE-2013-4978 (Stack-based buffer overflow in
AloahaPDFViewer 5.0.0.7 and earlie
NOT-FOR-US: Aloaha PDF Suite
CVE-2013-4977 (Buffer overflow in the RTSP Packet Handler in Hikvision
DS-2CD7153-E I ...)
NOT-FOR-US: Hikvision IP camera
-CVE-2013-4976
- RESERVED
-CVE-2013-4975
- RESERVED
+CVE-2013-4976 (Hikvision DS-2CD7153-E IP Camera has security bypass via
hardcoded cre ...)
+ TODO: check
+CVE-2013-4975 (Hikvision DS-2CD7153-E IP Camera has Privilege Escalation ...)
+ TODO: check
CVE-2013-4974 (RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0
throug ...)
NOT-FOR-US: RealPlayer
CVE-2013-4973 (Stack-based buffer overflow in RealNetworks RealPlayer before
16.0.3.5 ...)
@@ -258056,10 +258066,10 @@ CVE-2013-4870 (SQL injection vulnerability in the
News Search (news_search) exte
NOT-FOR-US: TYPO3 extension news_search
CVE-2013-4869 (Cisco Unified Communications Manager (CUCM) 7.1(x) through
9.1(2) and ...)
NOT-FOR-US: Cisco
-CVE-2013-4868
- RESERVED
-CVE-2013-4867
- RESERVED
+CVE-2013-4868 (Karotz API 12.07.19.00: Session Token Information Disclosure
...)
+ TODO: check
+CVE-2013-4867 (Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python
module h ...)
+ TODO: check
CVE-2013-4866 (The LIXIL Corporation My SATIS Genius Toilet application for
Android h ...)
NOT-FOR-US: LIXIL Corporation My SATIS Genius Toilet application for
Android
CVE-2013-4865
@@ -258074,8 +258084,8 @@ CVE-2013-4861
RESERVED
CVE-2013-4860 (Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier
does n ...)
NOT-FOR-US: Radio Thermostat
-CVE-2013-4859
- RESERVED
+CVE-2013-4859 (INSTEON Hub 2242-222 lacks Web and API authentication ...)
+ TODO: check
CVE-2013-4858 (Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3
allows remo ...)
NOT-FOR-US: Microsoft Windows Movie Maker
CVE-2013-4857 (D-Link DIR-865L has PHP File Inclusion in the router xml file.
...)
@@ -258212,8 +258222,8 @@ CVE-2013-4798 (Unspecified vulnerability in HP
LoadRunner before 11.52 allows re
NOT-FOR-US: HP LoadRunner
CVE-2013-4797 (Unspecified vulnerability in HP LoadRunner before 11.52 allows
remote ...)
NOT-FOR-US: HP LoadRunner
-CVE-2013-4796
- RESERVED
+CVE-2013-4796 (ReviewBoard 1.6.17 allows code execution by attaching PHP
scripts to r ...)
+ TODO: check
CVE-2013-4795 (Cross-site scripting (XSS) vulnerability in the Submitters list
in Rev ...)
- reviewboard <itp> (bug #653113)
CVE-2013-4794
@@ -258282,10 +258292,10 @@ CVE-2013-4766 (The gather log service in Eucalyptus
before 3.3.1 allows remote a
- eucalyptus <removed>
CVE-2013-4765
RESERVED
-CVE-2013-4764
- RESERVED
-CVE-2013-4763
- RESERVED
+CVE-2013-4764 (Samsung Galaxy S3/S4 exposes an unprotected component allowing
an unpr ...)
+ TODO: check
+CVE-2013-4763 (Samsung Galaxy S3/S4 exposes an unprotected component allowing
arbitra ...)
+ TODO: check
CVE-2013-4762 (Puppet Enterprise before 3.0.1 does not sufficiently invalidate
a sess ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4761 (Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and
3.2.x befo ...)
@@ -258331,8 +258341,8 @@ CVE-2013-4745 (SQL injection vulnerability in the My
quiz and poll (myquizpoll)
NOT-FOR-US: My quiz and poll TYPO3 extension
CVE-2013-4744 (Cross-site scripting (XSS) vulnerability in the PHPUnit
extension befo ...)
NOT-FOR-US: PHPUnit TYPO3 extension
-CVE-2013-4743
- RESERVED
+CVE-2013-4743 (Static HTTP Server 1.0 has a Local Overflow ...)
+ TODO: check
CVE-2013-4742 (Buffer overflow in NetWin SurgeFTP before 23d2 allows remote
attackers ...)
NOT-FOR-US: SurgeFTP
CVE-2013-4741
@@ -258466,16 +258476,16 @@ CVE-2013-4698 (Cybozu Mailwise 5.0.4 and 5.0.5
allows remote authenticated users
NOT-FOR-US: Cybozu Mailwise
CVE-2013-4697 (Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop
Managem ...)
NOT-FOR-US: Hitachi
-CVE-2013-4695
- RESERVED
+CVE-2013-4695 (Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary
Code Exe ...)
+ TODO: check
CVE-2013-4694 (Stack-based buffer overflow in gen_jumpex.dll in Winamp before
5.64 Bu ...)
NOT-FOR-US: Winamp
-CVE-2013-4693
- RESERVED
-CVE-2013-4692
- RESERVED
-CVE-2013-4691
- RESERVED
+CVE-2013-4693 (WordPress Xorbin Digital Flash Clock 1.0 has XSS ...)
+ TODO: check
+CVE-2013-4692 (Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS ...)
+ TODO: check
+CVE-2013-4691 (Sencha Labs Connect has XSS with connect.methodOverride() ...)
+ TODO: check
CVE-2013-4690 (Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1
before ...)
NOT-FOR-US: Juniper Junos
CVE-2013-4689 (J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7,
12.1R befor ...)
@@ -258527,10 +258537,10 @@ CVE-2013-4667
RESERVED
CVE-2013-4666
RESERVED
-CVE-2013-4665
- RESERVED
-CVE-2013-4664
- RESERVED
+CVE-2013-4665 (SPBAS Business Automation Software 2012 has CSRF. ...)
+ TODO: check
+CVE-2013-4664 (SPBAS Business Automation Software 2012 has XSS. ...)
+ TODO: check
CVE-2013-4663 (git_http_controller.rb in the redmine_git_hosting plugin for
Redmine a ...)
NOT-FOR-US: Redmine plugin redmine_git_hosting
CVE-2013-4662 (The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0
through ...)
@@ -258635,8 +258645,8 @@ CVE-2013-4623 (The x509parse_crt function in x509.h
in PolarSSL 1.1.x before 1.1
- polarssl 1.2.8-1 (low; bug #719954)
CVE-2013-4622 (The 3G Mobile Hotspot feature on the HTC Droid Incredible has a
defaul ...)
NOT-FOR-US: HTC Droid Incredible
-CVE-2013-4621
- RESERVED
+CVE-2013-4621 (Magnolia CMS before 4.5.9 has multiple access bypass
vulnerabilities ...)
+ TODO: check
CVE-2013-4620 (Cross-site scripting (XSS) vulnerability in
interface/main/onotes/offi ...)
NOT-FOR-US: OpenEMR
CVE-2013-4619 (Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow
remote a ...)
@@ -363925,8 +363935,8 @@ CVE-2007-0160 (Stack-based buffer overflow in the
LiveJournal support (hooks/ljh
CVE-2007-0159 (Directory traversal vulnerability in the
GeoIP_update_database_general ...)
- geoip 1.3.17-1.1 (bug #406628; low)
[sarge] - geoip <no-dsa> (Minor issue)
-CVE-2007-0158
- RESERVED
+CVE-2007-0158 (thttpd 2007 has buffer underflow. ...)
+ TODO: check
CVE-2007-0157 (Array index error in the uri_lookup function in the URI parser
for neo ...)
- neon26 0.26.2-3.1 (medium; bug #404723)
NOTE: neon25 doesn't have the uri_lookup macro
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f205b4813671c34b1e9a62b00c2fe80df9b7f68
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f205b4813671c34b1e9a62b00c2fe80df9b7f68
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
