Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
57cf92de by security tracker role at 2020-01-02T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2020-5200
+ RESERVED
+CVE-2020-5199
+ RESERVED
+CVE-2020-5198
+ RESERVED
+CVE-2020-5197
+ RESERVED
+CVE-2020-5196
+ RESERVED
+CVE-2020-5195
+ RESERVED
+CVE-2020-5194
+ RESERVED
+CVE-2019-20225 (MyBB before 1.8.22 allows an open redirect on login. ...)
+ TODO: check
+CVE-2013-7486 (Cross-site scripting (XSS) vulnerability in the backend in
Open-Xchang ...)
+ TODO: check
+CVE-2013-7485 (Cross-site scripting (XSS) vulnerability in the backend in
Open-Xchang ...)
+ TODO: check
CVE-2020-5193
RESERVED
CVE-2020-5192
@@ -36,8 +56,8 @@ CVE-2019-20221 (In Support Incident Tracker (SiT!) 3.67, Load
Plugins input in t
NOT-FOR-US: Support Incident Tracker
CVE-2019-20220 (In Support Incident Tracker (SiT!) 3.67, the search_id
parameter in th ...)
NOT-FOR-US: Support Incident Tracker
-CVE-2019-20219
- RESERVED
+CVE-2019-20219 (ngiflib 0.4 has a heap-based buffer over-read in
GifIndexToTrueColor i ...)
+ TODO: check
CVE-2019-20218 (selectExpander in select.c in SQLite 3.30.1 proceeds with WITH
stack u ...)
- sqlite3 3.30.1+fossil191229-1
NOTE: Fixed by:
https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387
@@ -24793,22 +24813,19 @@ CVE-2019-14865 (A flaw was found in the
grub2-set-bootflag utility of grub2. A l
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1764925
NOTE: https://seclists.org/oss-sec/2019/q4/101
NOTE: Red Hat-specific patch, get added as
0131-Add-grub-set-bootflag-utility.patch in their SRPM
-CVE-2019-14864
- RESERVED
+CVE-2019-14864 (Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and
Ansible v ...)
- ansible 2.9.2+dfsg-1 (low; bug #943768)
[buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <no-dsa> (Minor issue)
NOTE: https://github.com/ansible/ansible/issues/63522
NOTE: https://github.com/ansible/ansible/pull/63527
-CVE-2019-14863
- RESERVED
+CVE-2019-14863 (There is a vulnerability in all angular versions before
1.5.0-beta.0, ...)
{DLA-1995-1}
- angular.js 1.5.3-2 (bug #942833)
NOTE: https://snyk.io/vuln/npm:angular:20150807
NOTE:
https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a
NOTE: https://github.com/angular/angular.js/pull/12524
-CVE-2019-14862
- RESERVED
+CVE-2019-14862 (There is a vulnerability in knockout before version
3.5.0-beta, where ...)
- node-knockout <unfixed> (unimportant; bug #943560)
NOTE: https://github.com/knockout/knockout/issues/1244
NOTE: https://github.com/knockout/knockout/pull/2345
@@ -24822,8 +24839,7 @@ CVE-2019-14861 (All Samba versions 4.x.x before 4.9.17,
4.10.x before 4.10.11 an
NOTE: https://www.samba.org/samba/security/CVE-2019-14861.html
CVE-2019-14860 (It was found that the Syndesis configuration for Cross-Origin
Resource ...)
NOT-FOR-US: Syndesis
-CVE-2019-14859 [DER encoding is not being verified in signatures]
- RESERVED
+CVE-2019-14859 (A flaw was found in all python-ecdsa versions before 0.13.3,
where it ...)
{DSA-4588-1 DLA-1978-1}
- python-ecdsa 0.13.3-1
NOTE: https://github.com/warner/python-ecdsa/issues/114
@@ -37702,8 +37718,8 @@ CVE-2019-10777
RESERVED
CVE-2019-10776
RESERVED
-CVE-2019-10775
- RESERVED
+CVE-2019-10775 (ecstatic have a denial of service vulnerability. Successful
exploitati ...)
+ TODO: check
CVE-2019-10774 (php-shellcommand versions before 1.6.1 have a command
injection vulner ...)
TODO: check
CVE-2019-10773 (In Yarn before 1.21.1, the package install functionality can
be abused ...)
@@ -39158,8 +39174,7 @@ CVE-2019-10206 (ansible-playbook -k and ansible cli
tools, all versions 2.8.x be
NOTE: When fixing this issue is needed to make the fix complete with
NOTE: https://github.com/ansible/ansible/pull/63351 to not open
NOTE: CVE-2019-14856.
-CVE-2019-10205
- RESERVED
+CVE-2019-10205 (A flaw was found in the way Red Hat Quay stores robot account
tokens i ...)
NOT-FOR-US: Red Hat Quay
CVE-2019-10204
RESERVED
@@ -39353,8 +39368,7 @@ CVE-2019-10160 (A security regression of CVE-2019-9636
was discovered in python
NOTE:
https://github.com/python/cpython/commit/2b578479b96aa3deeeb8bac313a02b5cf3cb1aff
CVE-2019-10159 (cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are
vulnera ...)
NOT-FOR-US: Red Hat CloudForms Management Engine
-CVE-2019-10158
- RESERVED
+CVE-2019-10158 (A flaw was found in Infinispan through version 9.4.14.Final.
An improp ...)
NOT-FOR-US: infinispan
CVE-2019-10157 (It was found that Keycloak's Node.js adapter before version
4.8.3 did ...)
NOT-FOR-US: Keycloak
@@ -242781,8 +242795,8 @@ CVE-2014-4555 (Cross-site scripting (XSS)
vulnerability in fonts/font-form.php i
NOT-FOR-US: WordPress plugin Style It
CVE-2014-4554 (Cross-site scripting (XSS) vulnerability in
templates/download.php in ...)
NOT-FOR-US: WordPress plugin SS Downloads
-CVE-2014-4553
- RESERVED
+CVE-2014-4553 (Cross-site Scripting (XSS) in the
spreadshirt-rss-3d-cube-flash-galler ...)
+ TODO: check
CVE-2014-4552 (Cross-site scripting (XSS) vulnerability in
library/includes/payment/p ...)
NOT-FOR-US: WordPress plugin Spotlight
CVE-2014-4551 (Cross-site scripting (XSS) vulnerability in
diagnostics/test.php in th ...)
@@ -254469,8 +254483,7 @@ CVE-2013-7071 (Cross-site scripting (XSS)
vulnerability in the handle_request fu
NOT-FOR-US: Monitorix
CVE-2013-7070 (The handle_request function in lib/HTTPServer.pm in Monitorix
before 3 ...)
NOT-FOR-US: Monitorix
-CVE-2013-7062 [XSS]
- RESERVED
+CVE-2013-7062 (Multiple cross-site scripting (XSS) vulnerabilities in Zope, as
used i ...)
- zope2.12 <removed> (low)
[wheezy] - zope2.12 <no-dsa> (Minor issue)
- zope2.13 <not-affected> (Vulnerable code not present)
@@ -255388,8 +255401,7 @@ CVE-2014-0163 (Openshift has shell command injection
flaws due to unsanitized da
CVE-2014-0162 (The Sheepdog backend in OpenStack Image Registry and Delivery
Service ...)
- glance 2014.1-1
[wheezy] - glance <not-affected> (Only affects 2013.2 to 2013.2.3)
-CVE-2014-0161
- RESERVED
+CVE-2014-0161 (ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not
verify tha ...)
NOT-FOR-US: ovirt-engine-sdk-python
CVE-2014-0160 (The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1
before 1.0.1 ...)
{DSA-2896-1}
@@ -255606,8 +255618,7 @@ CVE-2014-0105 (The auth_token middleware in the
OpenStack Python client library
- keystone 2013.1.1-2
[wheezy] - keystone <no-dsa> (Minor issue)
NOTE: From 2013.1.1-2 the auth_token.py is in python-keystoneclient
-CVE-2014-0104
- RESERVED
+CVE-2014-0104 (In fence-agents before 4.0.17 does not verify remote SSL
certificates ...)
- fence-agents 4.0.17-1 (low; bug #764801)
[jessie] - fence-agents <no-dsa> (Minor issue)
[wheezy] - fence-agents <no-dsa> (Minor issue)
@@ -255835,8 +255846,7 @@ CVE-2014-0049 (Buffer overflow in the
complete_emulated_mmio function in arch/x8
[wheezy] - linux <not-affected> (Introduced in 3.5)
- linux-2.6 <not-affected> (Introduced in 3.5)
NOTE: fix:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a08d3b3b99efd509133946056531cdf8f3a0c09b
-CVE-2014-0048 [multiple files downloaded over HTTP and executed or used
unsafely]
- RESERVED
+CVE-2014-0048 (An issue was found in Docker before 1.6.0. Some programs and
scripts i ...)
- docker.io 1.6.0+dfsg1-1
NOTE: According to Red Hat bug no longer present in 1.5
CVE-2014-0047 (Docker before 1.5 allows local users to have unspecified impact
via ve ...)
@@ -257864,8 +257874,7 @@ CVE-2013-6285 (The search component in the Treasurer
application in Tyler Techno
CVE-2013-6275 (Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2
and earl ...)
- php-horde-ingo 3.1.3-1 (bug #727669)
- ingo1 <not-affected> (Affected code not present)
-CVE-2013-6242
- RESERVED
+CVE-2013-6242 (Cross-site scripting (XSS) vulnerability in the frontend in
Open-Xchan ...)
NOT-FOR-US: Open-Xchange
CVE-2013-6241 (The Birthday widget in the backend in Open-Xchange (OX)
AppSuite 7.2.x ...)
NOT-FOR-US: Open-Xchange
@@ -261391,8 +261400,7 @@ CVE-2013-4754 (Multiple cross-site scripting (XSS)
vulnerabilities in Owl Intran
NOT-FOR-US: Owl Intranet Knowledgebase
CVE-2013-4753 (Multiple cross-site scripting (XSS) vulnerabilities in
Claroline 1.11. ...)
NOT-FOR-US: Claroline
-CVE-2013-4752
- RESERVED
+CVE-2013-4752 (Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before
2.2.5, ...)
NOT-FOR-US: Symfony HttpFoundation component
CVE-2013-4751 (php-symfony2-Validator has loss of information during
serialization ...)
NOT-FOR-US: Symfony Validator component
@@ -262039,8 +262047,7 @@ CVE-2013-4533 (Buffer overflow in the pxa2xx_ssp_load
function in hw/arm/pxa2xx.
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in
practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in
practice)
-CVE-2013-4532
- RESERVED
+CVE-2013-4532 (Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which
could ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
@@ -263948,12 +263955,12 @@ CVE-2013-3948 (Apple iOS 6.1.3 does not follow
redirects during determination of
NOT-FOR-US: Apple iOS
CVE-2013-3947 (Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security
8.0.7.5 ...)
NOT-FOR-US: AhnLab V3 Internet Security
-CVE-2013-3946
- RESERVED
-CVE-2013-3945
- RESERVED
-CVE-2013-3944
- RESERVED
+CVE-2013-3946 (Heap-based buffer overflow in the MrSID plugin (MrSID.dll)
before 4.37 ...)
+ TODO: check
+CVE-2013-3945 (The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows
remote a ...)
+ TODO: check
+CVE-2013-3944 (Stack-based buffer overflow in the MrSID plugin (MrSID.dll)
before 4.3 ...)
+ TODO: check
CVE-2013-3943 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN)
before 6. ...)
NOT-FOR-US: DotNetNukeDot
CVE-2013-3942
@@ -263968,10 +263975,10 @@ CVE-2013-3938 (Integer overflow in xnview.exe in
XnView 2.13 allows remote attac
NOT-FOR-US: XnView
CVE-2013-3937
RESERVED
-CVE-2013-3936
- RESERVED
-CVE-2013-3935
- RESERVED
+CVE-2013-3936 (Multiple cross-site scripting (XSS) vulnerabilities in Opsview
before ...)
+ TODO: check
+CVE-2013-3935 (Cross-site request forgery (CSRF) vulnerability in Opsview
before 4.4. ...)
+ TODO: check
CVE-2013-3934 (Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030,
as use ...)
NOT-FOR-US: Kingsoft Office 2013
CVE-2013-3933 (Cross-site scripting (XSS) vulnerability in the JoomShopping
(com_joom ...)
@@ -264724,11 +264731,11 @@ CVE-2013-3623 (Multiple stack-based buffer
overflows in cgi/close_window.cgi in
CVE-2013-3622 (Buffer overflow in logout.cgi in the Intelligent Platform
Management I ...)
NOT-FOR-US: Intelligent Platform Management Interface
CVE-2013-3621
- RESERVED
-CVE-2013-3620
- RESERVED
-CVE-2013-3619
- RESERVED
+ REJECTED
+CVE-2013-3620 (Hardcoded WSMan credentials in Intelligent Platform Management
Interfa ...)
+ TODO: check
+CVE-2013-3619 (Intelligent Platform Management Interface (IPMI) with firmware
for Sup ...)
+ TODO: check
CVE-2013-3618
RESERVED
CVE-2013-3617 (The XML API in Openbravo ERP 2.5, 3.0, and earlier allows
remote authe ...)
@@ -308963,8 +308970,8 @@ CVE-2010-3784 (The
PMPageFormatCreateWithDataRepresentation API in Printing in A
NOT-FOR-US: Apple Printing
CVE-2010-3783 (Password Server in Apple Mac OS X 10.5.8 and 10.6.x before
10.6.5 does ...)
NOT-FOR-US: Apple Password Server
-CVE-2010-3782
- RESERVED
+CVE-2010-3782 (obs-server before 1.7.7 allows logins by 'unconfirmed' accounts
due to ...)
+ TODO: check
CVE-2010-3781 (The PL/php add-on 1.4 and earlier for PostgreSQL does not
properly pro ...)
- postgresql-9.0 9.0.1-1
CVE-2010-3780 (Dovecot 1.2.x before 1.2.15 allows remote authenticated users
to cause ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/57cf92defdce2c874664650643064f4b68d30915
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/57cf92defdce2c874664650643064f4b68d30915
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
