Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6a254684 by security tracker role at 2020-01-10T20:10:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,133 @@
+CVE-2020-6831
+ RESERVED
+CVE-2020-6830
+ RESERVED
+CVE-2020-6829
+ RESERVED
+CVE-2020-6828
+ RESERVED
+CVE-2020-6827
+ RESERVED
+CVE-2020-6826
+ RESERVED
+CVE-2020-6825
+ RESERVED
+CVE-2020-6824
+ RESERVED
+CVE-2020-6823
+ RESERVED
+CVE-2020-6822
+ RESERVED
+CVE-2020-6821
+ RESERVED
+CVE-2020-6820
+ RESERVED
+CVE-2020-6819
+ RESERVED
+CVE-2020-6818
+ RESERVED
+CVE-2020-6817
+ RESERVED
+CVE-2020-6816
+ RESERVED
+CVE-2020-6815
+ RESERVED
+CVE-2020-6814
+ RESERVED
+CVE-2020-6813
+ RESERVED
+CVE-2020-6812
+ RESERVED
+CVE-2020-6811
+ RESERVED
+CVE-2020-6810
+ RESERVED
+CVE-2020-6809
+ RESERVED
+CVE-2020-6808
+ RESERVED
+CVE-2020-6807
+ RESERVED
+CVE-2020-6806
+ RESERVED
+CVE-2020-6805
+ RESERVED
+CVE-2020-6804
+ RESERVED
+CVE-2020-6803
+ RESERVED
+CVE-2020-6802
+ RESERVED
+CVE-2020-6801
+ RESERVED
+CVE-2020-6800
+ RESERVED
+CVE-2020-6799
+ RESERVED
+CVE-2020-6798
+ RESERVED
+CVE-2020-6797
+ RESERVED
+CVE-2020-6796
+ RESERVED
+CVE-2020-6795
+ RESERVED
+CVE-2020-6794
+ RESERVED
+CVE-2020-6793
+ RESERVED
+CVE-2020-6792
+ RESERVED
+CVE-2020-6791
+ RESERVED
+CVE-2020-6790
+ RESERVED
+CVE-2020-6789
+ RESERVED
+CVE-2020-6788
+ RESERVED
+CVE-2020-6787
+ RESERVED
+CVE-2020-6786
+ RESERVED
+CVE-2020-6785
+ RESERVED
+CVE-2020-6784
+ RESERVED
+CVE-2020-6783
+ RESERVED
+CVE-2020-6782
+ RESERVED
+CVE-2020-6781
+ RESERVED
+CVE-2020-6780
+ RESERVED
+CVE-2020-6779
+ RESERVED
+CVE-2020-6778
+ RESERVED
+CVE-2020-6777
+ RESERVED
+CVE-2020-6776
+ RESERVED
+CVE-2020-6775
+ RESERVED
+CVE-2020-6774
+ RESERVED
+CVE-2020-6773
+ RESERVED
+CVE-2020-6772
+ RESERVED
+CVE-2020-6771
+ RESERVED
+CVE-2020-6770
+ RESERVED
+CVE-2020-6769
+ RESERVED
+CVE-2020-6768
+ RESERVED
+CVE-2020-6767
+ RESERVED
CVE-2020-6766
RESERVED
CVE-2020-6765
@@ -44,7 +174,7 @@ CVE-2019-20372 (NGINX before 1.17.7, with certain error_page
configurations, all
NOTE:
https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf
NOTE:
https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e
CVE-2019-20373 (LTSP LDM through 2.18.06 allows fat-client root access because
the LDM ...)
- {DSA-4601-1}
+ {DSA-4601-1 DLA-2064-1}
- ldm <unfixed> (bug #948538)
NOTE:
https://git.launchpad.net/~ltsp-upstream/ltsp/+git/ldm/commit/?id=c351ac69ef63ed6c84221cef73e409059661b8ba
NOTE: https://bugs.launchpad.net/ubuntu/+source/ldm/+bug/1839431
@@ -1282,8 +1412,8 @@ CVE-2020-6164
RESERVED
CVE-2020-6163 (The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS
because ...)
NOT-FOR-US: WikibaseMediaInfo MediaWiki extension
-CVE-2020-6162
- RESERVED
+CVE-2020-6162 (An issue was discovered in Bftpd 5.3. Under certain
circumstances, an ...)
+ TODO: check
CVE-2019-20361 (There was a flaw in the WordPress plugin, Email Subscribers
& News ...)
NOT-FOR-US: Wordpress plugin
CVE-2019-20360 (A flaw in Give before 2.5.5, a WordPress plugin, allowed
unauthenticat ...)
@@ -7814,7 +7944,7 @@ CVE-2019-19810
CVE-2019-19809
RESERVED
CVE-2019-3467 (Debian-edu-config all versions < 2.11.10, a set of
configuration fi ...)
- {DSA-4595-1 DSA-4589-1 DLA-2041-1}
+ {DSA-4595-1 DSA-4589-1 DLA-2063-1 DLA-2041-1}
- debian-edu-config 2.11.10 (bug #946797)
- debian-lan-config 0.26 (bug #947459)
NOTE: debian-lan-config is effectively the same issue as in
debian-edu-config and a somewhat
@@ -12560,12 +12690,12 @@ CVE-2020-1769
RESERVED
CVE-2020-1768
RESERVED
-CVE-2020-1767
- RESERVED
-CVE-2020-1766
- RESERVED
-CVE-2020-1765
- RESERVED
+CVE-2020-1767 (Agent A is able to save a draft (i.e. for customer reply). Then
Agent ...)
+ TODO: check
+CVE-2020-1766 (Due to improper handling of uploaded images it is possible in
very unl ...)
+ TODO: check
+CVE-2020-1765 (An improper control of parameters allows the spoofing of the
from fiel ...)
+ TODO: check
CVE-2019-19394
RESERVED
CVE-2019-19393
@@ -16933,8 +17063,8 @@ CVE-2019-18590
RESERVED
CVE-2019-18589
RESERVED
-CVE-2019-18588
- RESERVED
+CVE-2019-18588 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9,
Dell EMC Un ...)
+ TODO: check
CVE-2019-18587
RESERVED
CVE-2019-18586
@@ -18053,8 +18183,8 @@ CVE-2019-18198 (In the Linux kernel before 5.3.4, a
reference count usage error
NOTE: https://launchpad.net/bugs/1847478
CVE-2019-18195 (An issue was discovered on TerraMaster FS-210 4.0.19 devices.
Normal u ...)
NOT-FOR-US: TerraMaster FS-210 devices
-CVE-2019-18194
- RESERVED
+CVE-2019-18194 (TotalAV 2020 4.14.31 has a quarantine flaw that allows
privilege escal ...)
+ TODO: check
CVE-2019-18193
RESERVED
CVE-2020-0500
@@ -30658,18 +30788,18 @@ CVE-2019-14308 (Several Ricoh printers have multiple
buffer overflows parsing LP
NOT-FOR-US: Ricoh
CVE-2019-14307 (Several Ricoh printers have multiple buffer overflows parsing
HTTP par ...)
NOT-FOR-US: Ricoh
-CVE-2019-14306
- RESERVED
+CVE-2019-14306 (Ricoh SP C250DN 1.06 devices have Incorrect Access Control
(issue 2 of ...)
+ TODO: check
CVE-2019-14305 (Several Ricoh printers have multiple buffer overflows parsing
HTTP par ...)
NOT-FOR-US: Ricoh
-CVE-2019-14304
- RESERVED
+CVE-2019-14304 (Ricoh SP C250DN 1.06 devices allow CSRF. ...)
+ TODO: check
CVE-2019-14303
RESERVED
-CVE-2019-14302
- RESERVED
-CVE-2019-14301
- RESERVED
+CVE-2019-14302 (On Ricoh SP C250DN 1.06 devices, a debug port can be used. ...)
+ TODO: check
+CVE-2019-14301 (Ricoh SP C250DN 1.06 devices have Incorrect Access Control
(issue 1 of ...)
+ TODO: check
CVE-2019-14300 (Several Ricoh printers have multiple buffer overflows parsing
HTTP coo ...)
NOT-FOR-US: Ricoh
CVE-2019-14299
@@ -58446,8 +58576,8 @@ CVE-2019-4561 (IBM Security Identity Manager 6.0.0
could allow a remote attacker
NOT-FOR-US: IBM
CVE-2019-4560 (IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0
is vulne ...)
NOT-FOR-US: IBM
-CVE-2019-4559
- RESERVED
+CVE-2019-4559 (IBM QRadar SIEM 7.3.0 through 7.3.3 discloses sensitive
information to ...)
+ TODO: check
CVE-2019-4558 (A security vulnerability has been identified in all levels of
IBM Spec ...)
NOT-FOR-US: IBM
CVE-2019-4557
@@ -58548,8 +58678,8 @@ CVE-2019-4510
RESERVED
CVE-2019-4509 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect
authoriza ...)
NOT-FOR-US: IBM
-CVE-2019-4508
- RESERVED
+CVE-2019-4508 (IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential
storage in so ...)
+ TODO: check
CVE-2019-4507
RESERVED
CVE-2019-4506
@@ -245121,10 +245251,10 @@ CVE-2014-5095
RESERVED
CVE-2014-5094 (Status2k allows remote attackers to obtain configuration
information v ...)
NOT-FOR-US: Status2k
-CVE-2014-5093
- RESERVED
-CVE-2014-5092
- RESERVED
+CVE-2014-5093 (Status2k does not remove the install directory allowing
credential res ...)
+ TODO: check
+CVE-2014-5092 (Status2k allows Remote Command Execution in
admin/options/editpl.php. ...)
+ TODO: check
CVE-2014-5091
RESERVED
CVE-2014-5090 (admin/options/logs.php in Status2k allows remote authenticated
adminis ...)
@@ -245145,8 +245275,8 @@ CVE-2014-5083
RESERVED
CVE-2014-5082 (Multiple SQL injection vulnerabilities in admin/admin.php in
Sphider 1 ...)
NOT-FOR-US: Sphider
-CVE-2014-5081
- RESERVED
+CVE-2014-5081 (sphider prior to 1.3.6, sphider-pro prior to 3.2, and
sphider-plus pri ...)
+ TODO: check
CVE-2014-5080
RESERVED
CVE-2014-5079
@@ -245215,7 +245345,7 @@ CVE-2014-5047
RESERVED
CVE-2014-5046
RESERVED
-CVE-2014-5118 (A Security Bypass Vulnerability exists in TBOOT before 1.8.2 in
the bo ...)
+CVE-2014-5118 (Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security
Bypass Vul ...)
NOT-FOR-US: tboot
CVE-2014-5117 (Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a
circuit ...)
{DSA-2993-1 DLA-17-1}
@@ -245407,12 +245537,12 @@ CVE-2014-4986 (Multiple cross-site scripting (XSS)
vulnerabilities in js/functio
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php
CVE-2014-4985
RESERVED
-CVE-2014-4984
- RESERVED
+CVE-2014-4984 (Déjà Vu Crescendo Sales CRM has remote SQL Injection
...)
+ TODO: check
CVE-2014-4983
RESERVED
-CVE-2014-4982
- RESERVED
+CVE-2014-4982 (LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command
injection ...)
+ TODO: check
CVE-2014-4981
RESERVED
CVE-2014-4980 (The /server/properties resource in Tenable Web UI before 2.3.5
for Nes ...)
@@ -246450,8 +246580,8 @@ CVE-2014-4563 (Cross-site scripting (XSS)
vulnerability in go.php in the URL Clo
NOT-FOR-US: WordPress plugin
CVE-2014-4562
RESERVED
-CVE-2014-4561
- RESERVED
+CVE-2014-4561 (The ultimate-weather plugin 1.0 for WordPress has XSS ...)
+ TODO: check
CVE-2014-4560 (Cross-site scripting (XSS) vulnerability in
includes/getTipo.php in th ...)
NOT-FOR-US: WordPress plugin ToolPage
CVE-2014-4559 (Multiple cross-site scripting (XSS) vulnerabilities in
test-plugin.php ...)
@@ -246512,8 +246642,8 @@ CVE-2014-4532 (Cross-site scripting (XSS)
vulnerability in templates/printAdminU
NOT-FOR-US: WordPress plugin GarageSale
CVE-2014-4531 (Cross-site scripting (XSS) vulnerability in main_page.php in
the Game ...)
NOT-FOR-US: WordPress plugin Game tabs
-CVE-2014-4530
- RESERVED
+CVE-2014-4530 (flog plugin 0.1 for WordPress has XSS ...)
+ TODO: check
CVE-2014-4529 (Cross-site scripting (XSS) vulnerability in fpg_preview.php in
the Fla ...)
NOT-FOR-US: WordPress plugin Flash Photo Gallery
CVE-2014-4528 (Multiple cross-site scripting (XSS) vulnerabilities in
admin/swarm-set ...)
@@ -249452,8 +249582,8 @@ CVE-2013-7382 (VICIDIAL dialer (aka Asterisk GUI
client) 2.8-403a, 2.7, 2.7RC1,
NOT-FOR-US: VICIDIAL
CVE-2013-7381
RESERVED
-CVE-2013-7380
- RESERVED
+CVE-2013-7380 (The Etherpad Lite ep_imageconvert Plugin has a Remote Command
Injectio ...)
+ TODO: check
CVE-2013-7379 (The admin API in the tomato module before 0.0.6 for Node.js
does not p ...)
NOT-FOR-US: tomato module for Node.js
CVE-2013-7378
@@ -260985,8 +261115,7 @@ CVE-2013-6431 (The fib6_add function in
net/ipv6/ip6_fib.c in the Linux kernel b
- linux 3.11.5-1 (low)
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: fixed by
https://git.kernel.org/linus/ae7b4e1f213aa659aedf9c6ecad0bf5f0476e1e2
-CVE-2013-6430
- RESERVED
+CVE-2013-6430 (The JavaScriptUtils.javaScriptEscape method in
web/util/JavaScriptUtil ...)
{DSA-2857-1}
- libspring-java 3.0.6.RELEASE-11 (bug #735420)
CVE-2013-6429 (The SourceHttpMessageConverter in Spring MVC in Spring
Framework befor ...)
@@ -261556,8 +261685,7 @@ CVE-2013-6233 (Cross-site scripting (XSS)
vulnerability in SpagoBI before 4.1 al
NOT-FOR-US: SpagoBI
CVE-2013-6232 (Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1
allows ...)
NOT-FOR-US: SpagoBI
-CVE-2013-6231
- RESERVED
+CVE-2013-6231 (SpagoBI before 4.1 has Privilege Escalation via an error in the
Adapte ...)
NOT-FOR-US: SpagoBI
CVE-2013-6230 (The Winsock WSAIoctl API in Microsoft Windows Server 2008, as
used in ...)
- bind9 <not-affected> (Affects only Windows systems)
@@ -285140,8 +285268,8 @@ CVE-2012-4032 (Open redirect vulnerability in the
login page in WebsitePanel bef
NOT-FOR-US: WebsitePanel not in Debian
CVE-2012-4031 (Multiple directory traversal vulnerabilities in
src/acloglogin.php in ...)
NOT-FOR-US: Wangkongbao not in Debian
-CVE-2012-4030
- RESERVED
+CVE-2012-4030 (Chamilo before 1.8.8.6 does not adequately handle user supplied
input ...)
+ TODO: check
CVE-2012-4029
RESERVED
CVE-2012-4028 (Tridium Niagara AX Framework does not properly store credential
data, ...)
@@ -285702,12 +285830,12 @@ CVE-2012-3825 (Multiple integer overflows in
Wireshark 1.4.x before 1.4.13 and 1
NOTE: not suitable for code injection
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7125
NOTE: leftover of CVE-2012-2392
-CVE-2012-3824
- RESERVED
-CVE-2012-3823
- RESERVED
-CVE-2012-3822
- RESERVED
+CVE-2012-3824 (In Arial Campaign Enterprise before 11.0.551, multiple pages
are acces ...)
+ TODO: check
+CVE-2012-3823 (Arial Campaign Enterprise before 11.0.551 stores passwords in
clear te ...)
+ TODO: check
+CVE-2012-3822 (Arial Campaign Enterprise before 11.0.551 has unauthorized
access to t ...)
+ TODO: check
CVE-2012-3821
RESERVED
CVE-2012-3820 (Multiple SQL injection vulnerabilities in Campaign11.exe in
Arial Soft ...)
@@ -294830,8 +294958,8 @@ CVE-2011-5022 (SQL injection vulnerability in
search.php in Pligg CMS 1.1.2 allo
NOT-FOR-US: Pligg CMS
CVE-2011-5021 (PHPIDS before 0.7 does not properly implement Regular
Expression Denia ...)
- php-ids <itp> (bug #488848)
-CVE-2011-5020
- RESERVED
+CVE-2011-5020 (An SQL Injection vulnerability exists in the ID parameter in
Online TV ...)
+ TODO: check
CVE-2011-5019 (Cross-site scripting (XSS) vulnerability in setup/index.php in
Textpat ...)
- textpattern <unfixed> (low)
[squeeze] - textpattern <no-dsa> (Vulnerability is in setup.php, which
becomes inaccessible after installation)
@@ -296572,8 +296700,7 @@ CVE-2011-4597 (The SIP over UDP implementation in
Asterisk Open Source 1.4.x bef
- asterisk 1:1.8.8.0~dfsg-1 (bug #651552)
CVE-2011-4596 (Multiple directory traversal vulnerabilities in OpenStack Nova
before ...)
- nova 2012.1~e1-4
-CVE-2011-4595
- RESERVED
+CVE-2011-4595 (Pretty-Link WordPress plugin 1.5.2 has XSS ...)
NOT-FOR-US: WordPress pretty-link plugin
CVE-2011-4594 (The __sys_sendmsg function in net/socket.c in the Linux kernel
before ...)
- linux-2.6 3.1-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a2546845509b2a441e3b7f3baa564267453bf3f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a2546845509b2a441e3b7f3baa564267453bf3f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
