Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
800f593e by security tracker role at 2020-01-07T08:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2020-5956
+ RESERVED
+CVE-2020-5955
+ RESERVED
+CVE-2020-5954
+ RESERVED
+CVE-2020-5953
+ RESERVED
+CVE-2020-5952
+ RESERVED
+CVE-2020-5951
+ RESERVED
CVE-2020-5950
RESERVED
CVE-2020-5949
@@ -206,8 +218,8 @@ CVE-2020-5848
RESERVED
CVE-2020-5847
RESERVED
-CVE-2020-5846
- RESERVED
+CVE-2020-5846 (An insecure file upload and code execution issue was discovered
in Ahs ...)
+ TODO: check
CVE-2020-5845
RESERVED
CVE-2020-5844
@@ -878,8 +890,8 @@ CVE-2020-5514 (Gila CMS 1.11.8 allows Unrestricted Upload
of a File with a Dange
NOT-FOR-US: Gila CMS
CVE-2020-5513 (Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal.
...)
NOT-FOR-US: Gila CMS
-CVE-2020-5512
- RESERVED
+CVE-2020-5512 (Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.
...)
+ TODO: check
CVE-2020-5511
RESERVED
CVE-2020-5510
@@ -904,8 +916,8 @@ CVE-2019-20350
RESERVED
CVE-2019-20349
RESERVED
-CVE-2019-20348
- RESERVED
+CVE-2019-20348 (OKER G232V1 v1.03.02.20161129 devices provide a root terminal
on a UAR ...)
+ TODO: check
CVE-2019-20347
RESERVED
CVE-2019-20346
@@ -1569,8 +1581,8 @@ CVE-2020-5206
RESERVED
CVE-2020-5205
RESERVED
-CVE-2020-5204
- RESERVED
+CVE-2020-5204 (In uftpd before 2.11, there is a buffer overflow vulnerability
in hand ...)
+ TODO: check
CVE-2020-5203
RESERVED
CVE-2020-5202
@@ -9929,8 +9941,8 @@ CVE-2019-19587 (In WSO2 Enterprise Integrator 6.5.0,
reflected XSS occurs when u
NOT-FOR-US: WSO2 Enterprise Integrator
CVE-2019-19586
RESERVED
-CVE-2019-19585
- RESERVED
+CVE-2019-19585 (An issue was discovered in rConfig 3.9.3. The install script
updates t ...)
+ TODO: check
CVE-2019-19584
RESERVED
CVE-2019-19583 (An issue was discovered in Xen through 4.12.x allowing x86
HVM/PVH gue ...)
@@ -10309,8 +10321,8 @@ CVE-2019-19511
RESERVED
CVE-2019-19510
RESERVED
-CVE-2019-19509
- RESERVED
+CVE-2019-19509 (An issue was discovered in rConfig 3.9.3. A remote
authenticated user ...)
+ TODO: check
CVE-2019-19508
RESERVED
CVE-2019-19507 (In jpv (aka Json Pattern Validator) before 2.1.1,
compareCommon() can ...)
@@ -12384,8 +12396,8 @@ CVE-2019-18844 (The Device Model in ACRN before
2019w25.5-140000p relies on asse
NOT-FOR-US: ACRN
CVE-2019-18843
RESERVED
-CVE-2019-18842
- RESERVED
+CVE-2019-18842 (A cross-site scripting (XSS) vulnerability in the
configuration web in ...)
+ TODO: check
CVE-2019-18841 (Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem
before ...)
- chartkick.js <not-affected> (Vulnerability introduced with 3.1.0)
NOTE:
https://github.com/ankane/chartkick/commit/b810936bbf687bc74c5b6dba72d2397a399885fa
@@ -15092,8 +15104,8 @@ CVE-2018-21029 (** DISPUTED ** systemd 239 through 244
accepts any certificate s
[stretch] - systemd <not-affected> (Vulnerable code introduced later)
[jessie] - systemd <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/systemd/systemd/issues/9397
-CVE-2019-18625
- RESERVED
+CVE-2019-18625 (An issue was discovered in Suricata 5.0.0. It was possible to
bypass/e ...)
+ TODO: check
CVE-2019-18624 (Opera Mini for Android allows attackers to bypass intended
restriction ...)
NOT-FOR-US: Opera Mini for Android
CVE-2019-18623 (Escalation of privileges in EnergyCAP 7 through 7.5.6 allows
an attack ...)
@@ -17332,8 +17344,7 @@ CVE-2019-18180 (Improper Check for filenames with
overly long extensions in Post
[stretch] - otrs2 <no-dsa> (Non-free not supported)
[jessie] - otrs2 <not-affected> (vulnerable code not present)
NOTE:
https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/
-CVE-2019-18179
- RESERVED
+CVE-2019-18179 (An issue was discovered in Open Ticket Request System (OTRS)
7.0.x thr ...)
{DLA-2053-1}
- otrs2 6.0.24-1 (bug #945251)
[buster] - otrs2 <no-dsa> (Non-free not supported)
@@ -20194,6 +20205,7 @@ CVE-2019-17007 [nss: Handling of Netscape Certificate
Sequences in CERT_DecodeCe
NOTE: but then reverted until the 2:3.45-1 upload).
CVE-2019-17006 [Check length of inputs for cryptographic primitives]
RESERVED
+ {DLA-2058-1}
- nss 2:3.47-1
NOTE: Fixed upstream in NSS 3.46.
NOTE: Upstream bug (currently non-public):
https://bugzilla.mozilla.org/show_bug.cgi?id=1539788
@@ -21024,10 +21036,10 @@ CVE-2019-16719 (WTCMS 1.0 allows
index.php?g=admin&m=index&a=index CSRF
NOT-FOR-US: WTCMS
CVE-2019-16718 (In radare2 before 3.9.0, a command injection vulnerability
exists in b ...)
- radare2 <not-affected> (Incomplete fixes for CVE-2019-14745 not
applied)
-CVE-2019-16717
- RESERVED
-CVE-2019-16716
- RESERVED
+CVE-2019-16717 (OX App Suite through 7.10.2 has XSS. ...)
+ TODO: check
+CVE-2019-16716 (OX App Suite through 7.10.2 has Incorrect Access Control. ...)
+ TODO: check
CVE-2019-16715
RESERVED
CVE-2019-16713 (ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as
demonstrate ...)
@@ -22202,14 +22214,14 @@ CVE-2019-16276 (Go before 1.12.10 and 1.13.x before
1.13.1 allow HTTP Request Sm
NOTE: https://golang.org/issue/34540
NOTE:
https://github.com/golang/go/commit/5a6ab1ec3e678640befebeb3318b746a64ad986c
(golang-1.13)
NOTE:
https://github.com/golang/go/commit/6e6f4aaf70c8b1cc81e65a26332aa9409de03ad8
(golang-1.12)
-CVE-2019-16274
- RESERVED
-CVE-2019-16273
- RESERVED
-CVE-2019-16272
- RESERVED
-CVE-2019-16271
- RESERVED
+CVE-2019-16274 (DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer
data fi ...)
+ TODO: check
+CVE-2019-16273 (DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root
shell a ...)
+ TODO: check
+CVE-2019-16272 (On DTEN D5 and D7 before 1.3.4 devices, factory settings
allows for fi ...)
+ TODO: check
+CVE-2019-16271 (DTEN D5 and D7 before 1.3.2 devices allows remote attackers to
read sa ...)
+ TODO: check
CVE-2019-16270
RESERVED
CVE-2019-16269
@@ -51014,14 +51026,14 @@ CVE-2019-6859
RESERVED
CVE-2019-6858
RESERVED
-CVE-2019-6857
- RESERVED
-CVE-2019-6856
- RESERVED
-CVE-2019-6855
- RESERVED
-CVE-2019-6854
- RESERVED
+CVE-2019-6857 (A CWE-754: Improper Check for Unusual or Exceptional Conditions
vulner ...)
+ TODO: check
+CVE-2019-6856 (A CWE-754: Improper Check for Unusual or Exceptional Conditions
vulner ...)
+ TODO: check
+CVE-2019-6855 (An Improper Authorization - CWE-285 vulnerability exists in
EcoStruxur ...)
+ TODO: check
+CVE-2019-6854 (A CWE-264 Permissions, Privileges, and Access Controls
vulnerability e ...)
+ TODO: check
CVE-2019-6853 (A CWE-79: Failure to Preserve Web Page Structure vulnerability
exists ...)
NOT-FOR-US: Andover Continuum
CVE-2019-6852 (A CWE-200: Information Exposure vulnerability exists in Modicon
Contro ...)
@@ -66983,7 +66995,7 @@ CVE-2019-1389 (A remote code execution vulnerability
exists when Windows Hyper-V
CVE-2019-1388 (An elevation of privilege vulnerability exists in the Windows
Certific ...)
NOT-FOR-US: Microsoft
CVE-2019-1387 (An issue was found in Git before v2.24.1, v2.23.1, v2.22.2,
v2.21.1, v ...)
- {DSA-4581-1}
+ {DSA-4581-1 DLA-2059-1}
- git 1:2.24.0-2
NOTE:
https://git.kernel.org/pub/scm/git/git.git/commit/?id=a8dee3ca610f5a1d403634492136c887f83b59d2
NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
@@ -67059,13 +67071,13 @@ CVE-2019-1354
NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
CVE-2019-1353
RESERVED
- {DSA-4581-1}
+ {DSA-4581-1 DLA-2059-1}
- git 1:2.24.0-2
NOTE:
https://git.kernel.org/pub/scm/git/git.git/commit/?id=9102f958ee5254b10c0be72672aa3305bf4f4704
NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
CVE-2019-1352
RESERVED
- {DSA-4581-1}
+ {DSA-4581-1 DLA-2059-1}
- git 1:2.24.0-2
NOTE:
https://git.kernel.org/pub/scm/git/git.git/commit/?id=7c3745fc6185495d5765628b4dfe1bd2c25a2981
NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
@@ -67085,13 +67097,13 @@ CVE-2019-1350
NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
CVE-2019-1349
RESERVED
- {DSA-4581-1}
+ {DSA-4581-1 DLA-2059-1}
- git 1:2.24.0-2
NOTE:
https://git.kernel.org/pub/scm/git/git.git/commit/?id=0060fd1511b94c918928fa3708f69a3f33895a4a
NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
CVE-2019-1348
RESERVED
- {DSA-4581-1}
+ {DSA-4581-1 DLA-2059-1}
- git 1:2.24.0-2
NOTE:
https://git.kernel.org/pub/scm/git/git.git/commit/?id=68061e3470210703cb15594194718d35094afdc0
NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
@@ -101094,8 +101106,8 @@ CVE-2018-7796 (A Buffer Error vulnerability exists in
PowerSuite 2, all released
NOT-FOR-US: Schneider Electric
CVE-2018-7795 (A Cross Protocol Injection vulnerability exists in Schneider
Electric' ...)
NOT-FOR-US: Schneider
-CVE-2018-7794
- RESERVED
+CVE-2018-7794 (A CWE-754: Improper Check for Unusual or Exceptional Conditions
vulner ...)
+ TODO: check
CVE-2018-7793 (A Credential Management vulnerability exists in FoxView HMI
SCADA (All ...)
NOT-FOR-US: Schneider Electric
CVE-2018-7792 (A Permissions, Privileges, and Access Control vulnerability
exists in ...)
@@ -213765,8 +213777,8 @@ CVE-2015-5953 (Cross-site scripting (XSS)
vulnerability in the activity applicat
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-010
CVE-2015-5952
RESERVED
-CVE-2015-5951
- RESERVED
+CVE-2015-5951 (A file upload issue exists in the specid parameter in Thomson
Reuters ...)
+ TODO: check
CVE-2015-5950 (The NVIDIA display driver R352 before 353.82 and R340 before
341.81 on ...)
- nvidia-graphics-drivers 340.93-1 (bug #800566)
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -217823,8 +217835,8 @@ CVE-2015-4555 (Buffer overflow in the HTTP
administrative interface in TIBCO Ren
NOT-FOR-US: TIBCO
CVE-2015-4554 (Multiple unspecified vulnerabilities in TIBCO Spotfire Client
and Spot ...)
NOT-FOR-US: TIBCO
-CVE-2015-4553
- RESERVED
+CVE-2015-4553 (A file upload issue exists in DeDeCMS before 5.7-sp1, which
allows mal ...)
+ TODO: check
CVE-2015-4552 (Cross-site scripting (XSS) vulnerability in the quick edit
function in ...)
NOT-FOR-US: MyBB
CVE-2015-4551 (LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2
uses the s ...)
@@ -231566,8 +231578,8 @@ CVE-2014-9407 (Multiple cross-site request forgery
(CSRF) vulnerabilities in Rev
NOT-FOR-US: Revive Adserver
CVE-2014-9406 (ARRIS Touchstone TG862G/CT Telephony Gateway with firmware
7.6.59S.CT ...)
NOT-FOR-US: ARRIS Touchstone TG862G/CT Telephony Gateway
-CVE-2014-9405
- RESERVED
+CVE-2014-9405 (A Cross-Site Scripting (XSS) vulnerability exists in the
description f ...)
+ TODO: check
CVE-2014-9404
RESERVED
CVE-2014-9401 (Cross-site request forgery (CSRF) vulnerability in the WP Limit
Posts ...)
@@ -234329,8 +234341,8 @@ CVE-2014-8676 (Directory traversal vulnerability in
the file_get_contents functi
NOT-FOR-US: SOPlanning
CVE-2014-8675 (Soplanning 1.32 and earlier generates static links for sharing
ICAL ca ...)
NOT-FOR-US: SOPlanning
-CVE-2014-8674
- RESERVED
+CVE-2014-8674 (Multiple Cross-Site Scripting (XSS) vulnerabilities exist in
Simple On ...)
+ TODO: check
CVE-2014-8673
RESERVED
CVE-2014-8672 (Cross-site scripting (XSS) vulnerability in the
RewardingYourself appl ...)
@@ -246588,8 +246600,7 @@ CVE-2014-3745
RESERVED
CVE-2014-3744 (Directory traversal vulnerability in the st module before 0.2.5
for No ...)
NOT-FOR-US: Node st module
-CVE-2014-3743
- RESERVED
+CVE-2014-3743 (Multiple cross-site scripting (XSS) vulnerabilities in the
Marked modu ...)
- node-marked 0.3.1+dfsg-1
CVE-2014-3742 (The hapi server framework 2.0.x and 2.1.x before 2.2.0 for
Node.js all ...)
NOT-FOR-US: hapi framework for Node.js
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/800f593ed0065ba9d2038af0a81cf6186f4fdb91
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/800f593ed0065ba9d2038af0a81cf6186f4fdb91
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
