Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
06220775 by security tracker role at 2020-01-10T08:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,49 @@
-CVE-2019-20373 [ldm privilege escalation]
+CVE-2020-6766
+ RESERVED
+CVE-2020-6765
+ RESERVED
+CVE-2020-6764
+ RESERVED
+CVE-2020-6763
+ RESERVED
+CVE-2020-6762
+ RESERVED
+CVE-2020-6761
+ RESERVED
+CVE-2020-6760
+ RESERVED
+CVE-2020-6759
+ RESERVED
+CVE-2020-6758 (A cross-site scripting (XSS) vulnerability in
Option/optionsAll.php in ...)
+ TODO: check
+CVE-2020-6757 (contentHostProperties.php in Rasilient PixelStor 5000
K:4.0.1580-20150 ...)
+ TODO: check
+CVE-2020-6756 (languageOptions.php in Rasilient PixelStor 5000
K:4.0.1580-20150629 (K ...)
+ TODO: check
+CVE-2020-6755
+ RESERVED
+CVE-2020-6754
+ RESERVED
+CVE-2020-6753
+ RESERVED
+CVE-2020-6752
+ RESERVED
+CVE-2020-6751
+ RESERVED
+CVE-2019-20376 (A cross-site scripting (XSS) vulnerability in Electronic
Logbook (ELOG ...)
+ TODO: check
+CVE-2019-20375 (A cross-site scripting (XSS) vulnerability in Electronic
Logbook (ELOG ...)
+ TODO: check
+CVE-2019-20374 (A mutation cross-site scripting (XSS) issue in Typora through
0.9.9.31 ...)
+ TODO: check
+CVE-2019-20372 (NGINX before 1.17.7, with certain error_page configurations,
allows HT ...)
+ TODO: check
+CVE-2019-20373 (LTSP LDM through 2.18.06 allows fat-client root access because
the LDM ...)
+ {DSA-4601-1}
- ldm <unfixed> (bug #948538)
NOTE:
https://git.launchpad.net/~ltsp-upstream/ltsp/+git/ldm/commit/?id=c351ac69ef63ed6c84221cef73e409059661b8ba
NOTE: https://bugs.launchpad.net/ubuntu/+source/ldm/+bug/1839431
-CVE-2020-6750 [Socks5 Proxy: Proxy on a SocketClient set via
set_proxy_resolver ignored]
+CVE-2020-6750 (GSocketClient in GNOME GLib through 2.62.4 may occasionally
connect di ...)
- glib2.0 <unfixed> (bug #948554)
[buster] - glib2.0 <not-affected> (Vulnerable code introduced later,
regreession from 2.60.0)
[stretch] - glib2.0 <not-affected> (Vulnerable code introduced later,
regreession from 2.60.0)
@@ -1201,12 +1242,12 @@ CVE-2020-6170 (An authentication bypass vulnerability
on Genexis Platinum-4410 v
NOT-FOR-US: Genexis
CVE-2020-6169
RESERVED
-CVE-2020-6168
- RESERVED
+CVE-2020-6168 (A flaw in the WordPress plugin, Minimal Coming Soon &
Maintenance ...)
+ TODO: check
CVE-2020-6167 (A flaw in the WordPress plugin, Minimal Coming Soon &
Maintenance ...)
NOT-FOR-US: WordPress plugin
-CVE-2020-6166
- RESERVED
+CVE-2020-6166 (A flaw in the WordPress plugin, Minimal Coming Soon &
Maintenance ...)
+ TODO: check
CVE-2020-6165
RESERVED
CVE-2020-6164
@@ -2587,8 +2628,7 @@ CVE-2020-5506
RESERVED
CVE-2020-5505
RESERVED
-CVE-2020-5504
- RESERVED
+CVE-2020-5504 (In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection
exists ...)
{DLA-2060-1}
- phpmyadmin <unfixed>
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/c86acbf3ed49f69cf38b31879886dd5eb86b6983
@@ -3695,20 +3735,20 @@ CVE-2019-20186
RESERVED
CVE-2019-20185
RESERVED
-CVE-2019-20184
- RESERVED
-CVE-2019-20183
- RESERVED
-CVE-2019-20182
- RESERVED
-CVE-2019-20181
- RESERVED
-CVE-2019-20180
- RESERVED
-CVE-2019-20179
- RESERVED
-CVE-2019-20178
- RESERVED
+CVE-2019-20184 (KeePass 2.4.1 allows CSV injection in the title field of a CSV
export. ...)
+ TODO: check
+CVE-2019-20183 (uploadimage.php in Employee Records System 1.0 allows upload
and execu ...)
+ TODO: check
+CVE-2019-20182 (The FooGallery plugin 1.8.12 for WordPress allow XSS via the
post_titl ...)
+ TODO: check
+CVE-2019-20181 (The awesome-support plugin 5.8.0 for WordPress allows XSS via
the post ...)
+ TODO: check
+CVE-2019-20180 (The TablePress plugin 1.9.2 for WordPress allows
tablepress[data] CSV ...)
+ TODO: check
+CVE-2019-20179 (SOPlanning 1.45 has SQL injection via the user_list.php "by"
parameter ...)
+ TODO: check
+CVE-2019-20178 (Advisto PEEL Shopping 9.2.1 has CSRF via
administrer/utilisateurs.php ...)
+ TODO: check
CVE-2019-20177
RESERVED
CVE-2019-20176 (In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered
in the li ...)
@@ -13760,25 +13800,25 @@ CVE-2019-18972
CVE-2019-18971
RESERVED
CVE-2019-18970
- RESERVED
+ REJECTED
CVE-2019-18969
- RESERVED
+ REJECTED
CVE-2019-18968
- RESERVED
+ REJECTED
CVE-2019-18967
- RESERVED
+ REJECTED
CVE-2019-18966
- RESERVED
+ REJECTED
CVE-2019-18965
- RESERVED
+ REJECTED
CVE-2019-18964
- RESERVED
+ REJECTED
CVE-2019-18963
- RESERVED
+ REJECTED
CVE-2019-18962
- RESERVED
+ REJECTED
CVE-2019-18961
- RESERVED
+ REJECTED
CVE-2019-18960 (Firecracker vsock implementation buffer overflow in versions
0.18.0 an ...)
NOT-FOR-US: AWS Firecracker
CVE-2019-18959
@@ -14022,8 +14062,8 @@ CVE-2019-18861
RESERVED
CVE-2019-18860
RESERVED
-CVE-2019-18859
- RESERVED
+CVE-2019-18859 (Digi AnywhereUSB 14 allows XSS via a link for the Digi Page.
...)
+ TODO: check
CVE-2019-18858 (CODESYS 3 web server before 3.5.15.20, as distributed with
CODESYS Con ...)
NOT-FOR-US: CODESYS 3 web server
CVE-2019-18857 (darylldoyle svg-sanitizer before 0.12.0 mishandles script and
data val ...)
@@ -56925,15 +56965,15 @@ CVE-2019-5211 (The Huawei Share function of P20
phones with versions earlier tha
CVE-2019-5210 (Nova 5i pro and Nova 5 smartphones with versions earlier than
9.1.1.19 ...)
NOT-FOR-US: Huawei
CVE-2019-5209
- RESERVED
+ REJECTED
CVE-2019-5208
- RESERVED
+ REJECTED
CVE-2019-5207
- RESERVED
+ REJECTED
CVE-2019-5206
- RESERVED
+ REJECTED
CVE-2019-5205
- RESERVED
+ REJECTED
CVE-2019-5204
RESERVED
CVE-2019-5203
@@ -190716,8 +190756,8 @@ CVE-2016-5313 (Symantec Web Gateway (SWG) before
5.2.5 allows remote authenticat
NOT-FOR-US: Symantec
CVE-2016-5312 (Directory traversal vulnerability in the charting component in
Symante ...)
NOT-FOR-US: Symantec
-CVE-2016-5311
- RESERVED
+CVE-2016-5311 (A Privilege Escalation vulnerability exists in Symantec Norton
Antivir ...)
+ TODO: check
CVE-2016-5310 (The RAR file parser component in the AntiVirus Decomposer
engine in Sy ...)
NOT-FOR-US: Symantec
CVE-2016-5309 (The RAR file parser component in the AntiVirus Decomposer
engine in Sy ...)
@@ -190960,7 +191000,7 @@ CVE-2016-5287 (A potentially exploitable
use-after-free crash during actor destr
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1309823
CVE-2016-5286
RESERVED
-CVE-2016-5285 (Null pointer dereference vulnerability exists in
K11_SignWithSymKey / ...)
+CVE-2016-5285 (A Null pointer dereference vulnerability exists in Mozilla
Network Sec ...)
- nss 2:3.25-1
NOTE: Fixed by https://hg.mozilla.org/projects/nss/rev/45c047d18ac4
NOTE: Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1306103
@@ -245171,18 +245211,15 @@ CVE-2014-5016 (Multiple cross-site scripting (XSS)
vulnerabilities in LimeSurvey
- limesurvey <itp> (bug #472802)
CVE-2014-5014 (The WordPress Flash Uploader plugin before 3.1.3 for WordPress
allows ...)
NOT-FOR-US: WordPress Flash Uploader plugin for WordPress
-CVE-2014-5013 [Remote Code Execution (complement of CVE-2014-2383)]
- RESERVED
+CVE-2014-5013 (DOMPDF before 0.6.2 allows remote code execution, a related
issue to C ...)
- php-dompdf 0.6.2+dfsg-1 (bug #813849)
[jessie] - php-dompdf 0.6.1+dfsg-2+deb8u1
NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2
-CVE-2014-5012 [Denial Of Service Vector]
- RESERVED
+CVE-2014-5012 (DOMPDF before 0.6.2 allows denial of service. ...)
- php-dompdf 0.6.2+dfsg-1 (bug #813849)
[jessie] - php-dompdf 0.6.1+dfsg-2+deb8u1
NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2
-CVE-2014-5011 [Information Disclosure]
- RESERVED
+CVE-2014-5011 (DOMPDF before 0.6.2 allows Information Disclosure. ...)
- php-dompdf 0.6.2+dfsg-1 (bug #813849)
[jessie] - php-dompdf 0.6.1+dfsg-2+deb8u1
NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2
@@ -280816,8 +280853,8 @@ CVE-2012-5560 (The default configuration in
mate-settings-daemon 1.5.3 allows lo
NOTE:
https://github.com/mate-desktop/mate-settings-daemon/commit/c7d634acd12814a1fe298118e65f1c688b3a9f74#diff-52ccb9f1be1c09e2f24b64d37b56c2f4
CVE-2012-5559 (Cross-site scripting (XSS) vulnerability in the page manager
node view ...)
NOT-FOR-US: Drupal chaos tool addon
-CVE-2012-5558
- RESERVED
+CVE-2012-5558 (Cross-site scripting (XSS) vulnerability in the Smiley module
6.x-1.x ...)
+ TODO: check
CVE-2012-5557 (The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x
before 7. ...)
NOT-FOR-US: Drupal contributed-module
CVE-2012-5556 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the REST ...)
@@ -283955,8 +283992,7 @@ CVE-2012-4435 (fwknop before 2.0.3 does not properly
validate IP addresses, whic
[wheezy] - fwknop 2.0.0rc2-2+deb7u1
NOTE: http://seclists.org/oss-sec/2012/q3/509
NOTE:
http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=f4c16bc47fc24a96b63105556b62d61c1ba7d799
-CVE-2012-4434 [fwknop 2.0.3: multiple DoS / code execution flaw]
- RESERVED
+CVE-2012-4434 (fwknop before 2.0.3 allow remote authenticated users to cause a
denial ...)
- fwknop 2.0.3-1 (bug #688151)
[squeeze] - fwknop <not-affected> (Vulnerable code not present)
[wheezy] - fwknop 2.0.0rc2-2+deb7u1
@@ -285657,16 +285693,16 @@ CVE-2012-3812 (Double free vulnerability in
apps/app_voicemail.c in Asterisk Ope
[squeeze] - asterisk <not-affected> (Vulnerable code not present)
CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in
the Wall ...)
NOT-FOR-US: Avaya IP Office Customer Call Reporter
-CVE-2012-3810
- RESERVED
-CVE-2012-3809
- RESERVED
-CVE-2012-3808
- RESERVED
-CVE-2012-3807
- RESERVED
-CVE-2012-3806
- RESERVED
+CVE-2012-3810 (Samsung Kies before 2.5.0.12094_27_11 has registry
modification. ...)
+ TODO: check
+CVE-2012-3809 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory
modifica ...)
+ TODO: check
+CVE-2012-3808 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary file
modification. ...)
+ TODO: check
+CVE-2012-3807 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary file
execution. ...)
+ TODO: check
+CVE-2012-3806 (Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer
derefere ...)
+ TODO: check
CVE-2012-3805 (Multiple cross-site scripting (XSS) vulnerabilities in the
getAllPasse ...)
NOT-FOR-US: Kajona
CVE-2012-3804
@@ -286379,8 +286415,7 @@ CVE-2012-3492 (The filesystem authentication
(condor_io/condor_auth_fs.cpp) in C
- condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210)
CVE-2012-3491 (src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10
and 7.8. ...)
- condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210)
-CVE-2012-3490
- RESERVED
+CVE-2012-3490 (The (1) my_popenv_impl and (2) my_spawnv functions in
src/condor_utils ...)
- condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210)
CVE-2012-3489 (The xml_parse function in the libxml2 support in the core
server compo ...)
{DSA-2534-1}
@@ -287710,8 +287745,8 @@ CVE-2012-2952 (SQL injection vulnerability in
add_ons.php in Jaow 2.4.5 and earl
NOT-FOR-US: Jaow
CVE-2012-2951
REJECTED
-CVE-2012-2950
- RESERVED
+CVE-2012-2950 (Gateway Geomatics MapServer for Windows before 3.0.6 contains a
Local ...)
+ TODO: check
CVE-2012-2949 (The ZTE sync_agent program for Android 2.3.4 on the Score M
device use ...)
NOT-FOR-US: Android
CVE-2012-2948 (chan_skinny.c in the Skinny (aka SCCP) channel driver in
Certified Ast ...)
@@ -287765,8 +287800,8 @@ CVE-2012-2933
RESERVED
CVE-2012-2932 (Multiple cross-site scripting (XSS) vulnerabilities in
TinyWebGallery ...)
NOT-FOR-US: TinyWebGallery
-CVE-2012-2931
- RESERVED
+CVE-2012-2931 (PHP code injection in TinyWebGallery before 1.8.8 allows remote
authen ...)
+ TODO: check
CVE-2012-2930 (Multiple cross-site request forgery (CSRF) vulnerabilities in
TinyWebG ...)
NOT-FOR-US: TinyWebGallery
CVE-2012-2929
@@ -288369,8 +288404,7 @@ CVE-2012-2726 (Cross-site scripting (XSS)
vulnerability in the Protest module 6.
NOT-FOR-US: Drupal module
CVE-2012-2725 (classes/Filter/WhitelistedExternalFilter.php in the Authoring
HTML mod ...)
NOT-FOR-US: Drupal module
-CVE-2012-2724
- RESERVED
+CVE-2012-2724 (The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before
6.x-2.0-a ...)
NOT-FOR-US: Drupal module
CVE-2012-2723 (Cross-site scripting (XSS) vulnerability in the Maestro module
7.x-1.x ...)
NOT-FOR-US: Drupal module
@@ -288390,8 +288424,7 @@ CVE-2012-2716 (Cross-site request forgery (CSRF)
vulnerability in the Comment Mo
NOT-FOR-US: Drupal module
CVE-2012-2715 (Cross-site scripting (XSS) vulnerability in the themes_links
function ...)
NOT-FOR-US: Drupal module
-CVE-2012-2714
- RESERVED
+CVE-2012-2714 (The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3
for Drup ...)
NOT-FOR-US: Drupal module
CVE-2012-2713 (Cross-site request forgery (CSRF) vulnerability in the
BrowserID (Mozi ...)
NOT-FOR-US: Drupal module
@@ -289706,8 +289739,8 @@ CVE-2012-2228
RESERVED
CVE-2012-2227 (Directory traversal vulnerability in update/index.php in PluXml
before ...)
NOT-FOR-US: PluXml
-CVE-2012-2226
- RESERVED
+CVE-2012-2226 (Invision Power Board before 3.3.1 fails to sanitize
user-supplied inpu ...)
+ TODO: check
CVE-2012-2225 (360zip 1.93beta allows remote attackers to execute arbitrary
code via ...)
NOT-FOR-US: 360zip
CVE-2012-2224 (Xunlei Thunder before 7.2.6 allows remote attackers to execute
arbitra ...)
@@ -289903,8 +289936,7 @@ CVE-2012-2143 (The crypt_des (aka DES-based crypt)
function in FreeBSD before 9.
- postgresql-8.4 8.4.12-1
- php5 5.3.3-1
NOTE: Uses the unaffected system libraries since 5.3.3
-CVE-2012-2142 [Insufficient sanitization of escape sequences in the error
message]
- RESERVED
+CVE-2012-2142 (The error function in Error.cc in poppler before 0.21.4 allows
remote ...)
- xpdf <not-affected> (uses poppler's Error.cc)
- poppler 0.18.4-7 (unimportant; bug #487773)
NOTE: poppler upstream patch
http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40
@@ -290558,8 +290590,8 @@ CVE-2012-1916 (@Mail WebMail Client in AtMail
Open-Source before 1.05 allows rem
- atmailopen <removed>
CVE-2007-6752 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability
in Drup ...)
- drupal7 <removed> (unimportant)
-CVE-2012-1915
- RESERVED
+CVE-2012-1915 (EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass
the xss_c ...)
+ TODO: check
CVE-2012-1914
RESERVED
CVE-2012-1913
@@ -291982,14 +292014,14 @@ CVE-2012-1263
CVE-2012-1262 (Cross-site scripting (XSS) vulnerability in
cgi-bin/mt/mt-wizard.cgi i ...)
{DSA-2423-1}
- movabletype-opensource 5.1.3+dfsg-1
-CVE-2012-1261
- RESERVED
-CVE-2012-1260
- RESERVED
-CVE-2012-1259
- RESERVED
-CVE-2012-1258
- RESERVED
+CVE-2012-1261 (Cross-site scripting (XSS) vulnerability in
cgi-bin/scrut_fa_exclusion ...)
+ TODO: check
+CVE-2012-1260 (Cross-site scripting (XSS) vulnerability in
cgi-bin/userprefs.cgi in P ...)
+ TODO: check
+CVE-2012-1259 (Multiple SQL injection vulnerabilities in Plixer International
Scrutin ...)
+ TODO: check
+CVE-2012-1258 (cgi-bin/userprefs.cgi in Plixer International Scrutinizer
NetFlow & ...)
+ TODO: check
CVE-2012-1257 (Pidgin 2.10.0 uses DBUS for certain cleartext communication,
which all ...)
- pidgin <unfixed> (unimportant)
NOTE: Negligible local information disclosure
@@ -313930,8 +313962,7 @@ CVE-2010-3284 (Unspecified vulnerability in HP System
Management Homepage (SMH)
NOT-FOR-US: HP System Management Homepage
CVE-2010-3283 (Open redirect vulnerability in HP System Management Homepage
(SMH) bef ...)
NOT-FOR-US: HP System Management Homepage
-CVE-2010-3282
- RESERVED
+CVE-2010-3282 (389 Directory Server before 1.2.7.1 (aka Red Hat Directory
Server 8.2) ...)
NOT-FOR-US: Red Hat Directory Server
CVE-2010-3281 (Stack-based buffer overflow in the HTTP proxy service in
Alcatel-Lucen ...)
NOT-FOR-US: Alcatel-Lucent OmniVista
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/06220775458c2d510aa921017aba73fd0a60eeb2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/06220775458c2d510aa921017aba73fd0a60eeb2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
