[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
000e91d2 by security tracker role at 2020-01-11T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2020-6847 (OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that 
is exec ...)
+       TODO: check
+CVE-2020-6846
+       RESERVED
+CVE-2020-6845
+       RESERVED
+CVE-2020-6844
+       RESERVED
+CVE-2020-6843
+       RESERVED
+CVE-2020-6842
+       RESERVED
+CVE-2020-6841
+       RESERVED
+CVE-2020-6840 (In mruby 2.1.0, there is a use-after-free in hash_slice in 
mrbgems/mru ...)
+       TODO: check
+CVE-2020-6839 (In mruby 2.1.0, there is a stack-based buffer overflow in 
mrb_str_len_ ...)
+       TODO: check
+CVE-2020-6838 (In mruby 2.1.0, there is a use-after-free in hash_values_at in 
mrbgems ...)
+       TODO: check
+CVE-2020-6837
+       RESERVED
+CVE-2020-6836 (grammar-parser.jison in the hot-formula-parser package before 
3.0.1 fo ...)
+       TODO: check
+CVE-2020-6835 (An issue was discovered in Bftpd before 5.4. There is a 
heap-based off ...)
+       TODO: check
+CVE-2020-6834
+       RESERVED
+CVE-2020-6833
+       RESERVED
+CVE-2020-6832
+       RESERVED
+CVE-2019-20379 (ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows 
XSS via th ...)
+       TODO: check
+CVE-2019-20378 (ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows 
XSS via th ...)
+       TODO: check
+CVE-2019-20377 (TopList before 2019-09-03 allows XSS via a title. ...)
+       TODO: check
 CVE-2020-6831
        RESERVED
 CVE-2020-6830
@@ -967,8 +1005,7 @@ CVE-2020-6379
        RESERVED
 CVE-2020-6378
        RESERVED
-CVE-2020-6377
-       RESERVED
+CVE-2020-6377 (Use after free in audio in Google Chrome prior to 79.0.3945.117 
allowe ...)
        - chromium <unfixed>
 CVE-2020-6376
        RESERVED
@@ -7865,13 +7902,13 @@ CVE-2019-19835
        RESERVED
 CVE-2019-19834
        RESERVED
-CVE-2019-20043 (WordPress before 5.3.1 allowed an unauthenticated user to make 
a post  ...)
+CVE-2019-20043 (In in 
wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.ph ...)
        {DSA-4599-1}
        - wordpress 5.3.2+dfsg1-1 (bug #946905)
        NOTE: https://core.trac.wordpress.org/changeset/46893/trunk
        NOTE: 
https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9
        NOTE: 
https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
-CVE-2019-20042 (WordPress before 5.3.1 allowed an attacker to create a 
cross-site scri ...)
+CVE-2019-20042 (In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the 
function  ...)
        {DSA-4599-1}
        - wordpress 5.3.2+dfsg1-1 (bug #946905)
        NOTE: https://core.trac.wordpress.org/changeset/46894/trunk
@@ -12281,8 +12318,8 @@ CVE-2019-19477
        RESERVED
 CVE-2019-19476
        RESERVED
-CVE-2019-19475
-       RESERVED
+CVE-2019-19475 (An issue was discovered in ManageEngine Applications Manager 
14 with B ...)
+       TODO: check
 CVE-2019-19474
        RESERVED
 CVE-2019-19473
@@ -22760,7 +22797,8 @@ CVE-2019-16789 (In Waitress through version 1.4.0, if a 
proxy server is used in
        [stretch] - waitress <no-dsa> (Minor issue)
        NOTE: 
https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4
        NOTE: 
https://github.com/Pylons/waitress/commit/11d9e138125ad46e951027184b13242a3c1de017
-CVE-2019-16788 (In WordPress versions from 3.7 to 5.3.0, authenticated users 
who do no ...)
+CVE-2019-16788
+       REJECTED
        TODO: check, is a duplicate of CVE-2019-20043, contacted MITRE
 CVE-2019-16786 (Waitress through version 1.3.1 would parse the 
Transfer-Encoding heade ...)
        - waitress 1.4.1-1 (bug #947306)
@@ -22819,7 +22857,8 @@ CVE-2019-16774 (In phpfastcache before 5.1.3, there is 
a possible object injecti
        NOTE: 
https://github.com/PHPSocialNetwork/phpfastcache/commit/c4527205cb7a402b595790c74310791f5b04a1a4
 (5.0.13)
        NOTE: 
https://github.com/PHPSocialNetwork/phpfastcache/commit/82a84adff6e8fc9b564c616d0fdc9238ae2e86c3
 (4.3.18)
        NOTE: Affected phpfastcache code is not used in 
kopano-webapp-plugin-files.
-CVE-2019-16773 (In WordPress versions from 3.7 to 5.3.0, the function 
wp_targeted_link ...)
+CVE-2019-16773
+       REJECTED
        TODO: check, is a duplicate of CVE-2019-20042, MITRE contacted for 
handling
 CVE-2019-16772 (The serialize-to-js NPM package before version 3.0.1 is 
vulnerable to  ...)
        NOT-FOR-US: serialize-to-js Node package
@@ -32129,8 +32168,7 @@ CVE-2019-13769
        RESERVED
 CVE-2019-13768
        RESERVED
-CVE-2019-13767
-       RESERVED
+CVE-2019-13767 (Use after free in media picker in Google Chrome prior to 
79.0.3945.88  ...)
        - chromium <unfixed>
 CVE-2019-13766 (Use-after-free in accessibility in Google Chrome prior to 
77.0.3865.75 ...)
        {DSA-4562-1}
@@ -283688,8 +283726,8 @@ CVE-2012-4605 (The default configuration of the SMTP 
component in Websense Email
        NOT-FOR-US: Websense Email Security
 CVE-2012-4604 (The TRITON management console in Websense Web Security before 
7.6 Hotf ...)
        NOT-FOR-US: Websense Web Security
-CVE-2012-4603
-       RESERVED
+CVE-2012-4603 (Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and 
Citrix  ...)
+       TODO: check
 CVE-2012-4602 (Multiple cross-site scripting (XSS) vulnerabilities in 
admin/code/tce_ ...)
        NOT-FOR-US: Nicola Asuni TCExam
 CVE-2012-4601 (Multiple SQL injection vulnerabilities in Nicola Asuni TCExam 
before 1 ...)
@@ -284607,8 +284645,8 @@ CVE-2012-4286 (The pcapng_read_packet_block function 
in wiretap/pcapng.c in the
 CVE-2012-4285 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c 
in the D ...)
        - wireshark 1.8.2-1 (unimportant)
        NOTE: not suitable for code injection
-CVE-2012-4284
-       RESERVED
+CVE-2012-4284 (A Privilege Escalation vulnerability exists in Viscosity 1.4.1 
on Mac  ...)
+       TODO: check
 CVE-2011-5099 (SQL injection vulnerability in helper/popup.php in the 
ccNewsletter (m ...)
        NOT-FOR-US: Joomla addon
 CVE-2012-4283 (Cross-site scripting (XSS) vulnerability in the Login With Ajax 
plugin ...)
@@ -285853,8 +285891,8 @@ CVE-2012-3823 (Arial Campaign Enterprise before 
11.0.551 stores passwords in cle
        NOT-FOR-US: Arial Campaign Enterprise
 CVE-2012-3822 (Arial Campaign Enterprise before 11.0.551 has unauthorized 
access to t ...)
        NOT-FOR-US: Arial Campaign Enterprise
-CVE-2012-3821
-       RESERVED
+CVE-2012-3821 (A Security Bypass vulnerability exists in the activate.asp page 
in Ari ...)
+       TODO: check
 CVE-2012-3820 (Multiple SQL injection vulnerabilities in Campaign11.exe in 
Arial Soft ...)
        NOT-FOR-US: Arial Software Campaign Enterprise
 CVE-2012-3819 (Stack consumption vulnerability in dartwebserver.dll 1.9 and 
earlier,  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/000e91d2e2135e6c95229bbed448642f0df41230

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/000e91d2e2135e6c95229bbed448642f0df41230
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits