Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
11718e6a by security tracker role at 2020-01-14T08:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-6958 (An XXE vulnerability in JnlpSupport in Yet Another Java Service
Wrappe ...)
+ TODO: check
+CVE-2020-6957
+ RESERVED
+CVE-2020-6956
+ RESERVED
+CVE-2020-6955 (An issue was discovered on Cayin SMP-PRO4 devices. They allow
image_pr ...)
+ TODO: check
+CVE-2020-6954 (An issue was discovered on Cayin SMP-PRO4 devices. A user can
discover ...)
+ TODO: check
+CVE-2020-6953
+ RESERVED
+CVE-2020-6952
+ RESERVED
+CVE-2020-6951
+ RESERVED
+CVE-2020-6950
+ RESERVED
CVE-2020-6949 (A privilege escalation issue was discovered in the postUser
function i ...)
NOT-FOR-US: HashBrown CMS
CVE-2020-6948 (A remote code execution issue was discovered in HashBrown CMS
through ...)
@@ -246,8 +264,7 @@ CVE-2020-6834
RESERVED
CVE-2020-6833
RESERVED
-CVE-2020-6832
- RESERVED
+CVE-2020-6832 (An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0
throug ...)
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released/
CVE-2019-20379 (ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows
XSS via th ...)
@@ -3924,8 +3941,7 @@ CVE-2020-5199
RESERVED
CVE-2020-5198
RESERVED
-CVE-2020-5197
- RESERVED
+CVE-2020-5197 (An issue was discovered in GitLab Community Edition (CE) and
Enterpris ...)
[experimental] - gitlab 12.6.2-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
@@ -6655,37 +6671,30 @@ CVE-2019-20149 (ctorName in index.js in kind-of v6.0.2
allows external user inpu
[stretch] - node-kind-of <no-dsa> (Minor issue; can be fixed via point
release)
NOTE: https://github.com/jonschlinkert/kind-of/issues/30
NOTE: https://github.com/jonschlinkert/kind-of/pull/31
-CVE-2019-20148
- RESERVED
+CVE-2019-20148 (An issue was discovered in GitLab Community Edition (CE) and
Enterpris ...)
[experimental] - gitlab 12.6.2-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
-CVE-2019-20147
- RESERVED
+CVE-2019-20147 (An issue was discovered in GitLab Community Edition (CE) and
Enterpris ...)
[experimental] - gitlab 12.6.2-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
-CVE-2019-20146
- RESERVED
+CVE-2019-20146 (An issue was discovered in GitLab Community Edition (CE) and
Enterpris ...)
[experimental] - gitlab 12.6.2-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
-CVE-2019-20145
- RESERVED
+CVE-2019-20145 (An issue was discovered in GitLab Community Edition (CE) and
Enterpris ...)
[experimental] - gitlab 12.6.2-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
-CVE-2019-20144
- RESERVED
+CVE-2019-20144 (An issue was discovered in GitLab Community Edition (CE) and
Enterpris ...)
[experimental] - gitlab 12.6.2-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
-CVE-2019-20143
- RESERVED
+CVE-2019-20143 (An issue was discovered in GitLab Community Edition (CE) and
Enterpris ...)
- gitlab <not-affected> (Only affects Gitlab CE 12.6)
NOTE:
https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
-CVE-2019-20142
- RESERVED
+CVE-2019-20142 (An issue was discovered in GitLab Community Edition (CE) and
Enterpris ...)
- gitlab <not-affected> (Only affects Gitlab CE 12.3 and later)
NOTE:
https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2019-20141 (An XSS issue was discovered in the Laborator Neon theme 2.0
for WordPr ...)
@@ -10811,8 +10820,8 @@ CVE-2019-19682 (nopCommerce through 4.20 allows XSS in
the SaveStoreMappings of
NOT-FOR-US: nopCommerce
CVE-2019-19681 (Pandora FMS 7.x suffers from remote code execution
vulnerability. With ...)
NOT-FOR-US: Pandora FMS
-CVE-2019-19680
- RESERVED
+CVE-2019-19680 (A file-extension filtering vulnerability in ProofPoint
Protection Serv ...)
+ TODO: check
CVE-2019-19679 (In "Xray Test Management for Jira" prior to version 3.5.5,
remote auth ...)
NOT-FOR-US: Xray Test Management for Jira
CVE-2019-19678 (In "Xray Test Management for Jira" prior to version 3.5.5,
remote auth ...)
@@ -12102,24 +12111,31 @@ CVE-2019-19585 (An issue was discovered in rConfig
3.9.3. The install script upd
CVE-2019-19584
RESERVED
CVE-2019-19583 (An issue was discovered in Xen through 4.12.x allowing x86
HVM/PVH gue ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-308.html
CVE-2019-19582 (An issue was discovered in Xen through 4.12.x allowing x86
guest OS us ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-307.html
CVE-2019-19581 (An issue was discovered in Xen through 4.12.x allowing 32-bit
Arm gues ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-307.html
CVE-2019-19580 (An issue was discovered in Xen through 4.12.x allowing x86 PV
guest OS ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-310.html
CVE-2019-19578 (An issue was discovered in Xen through 4.12.x allowing x86 PV
guest OS ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-309.html
CVE-2019-19577 (An issue was discovered in Xen through 4.12.x allowing x86 AMD
HVM gue ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-311.html
CVE-2019-19579 (An issue was discovered in Xen through 4.12.x allowing
attackers to ga ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-306.html
CVE-2019-19576 (class.upload.php in verot.net class.upload before 1.0.3 and
2.x before ...)
@@ -12576,7 +12592,7 @@ CVE-2019-19472
RESERVED
CVE-2019-19471
RESERVED
-CVE-2019-19470 (An attacker who has already compromised the local system could
use Tin ...)
+CVE-2019-19470 (Unsafe usage of .NET deserialization in Named Pipe message
processing ...)
NOT-FOR-US: TinyWall Controller
CVE-2019-19469 (In Zmanda Management Console 3.3.9,
ZMC_Admin_Advanced?form=adminTasks ...)
NOT-FOR-US: Zmanda Management Console
@@ -17948,21 +17964,27 @@ CVE-2019-18427
CVE-2019-18426
RESERVED
CVE-2019-18425 (An issue was discovered in Xen through 4.12.x allowing 32-bit
PV guest ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-298.html
CVE-2019-18424 (An issue was discovered in Xen through 4.12.x allowing
attackers to ga ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-302.html
CVE-2019-18423 (An issue was discovered in Xen through 4.12.x allowing ARM
guest OS us ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-301.html
CVE-2019-18422 (An issue was discovered in Xen through 4.12.x allowing ARM
guest OS us ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-303.html
CVE-2019-18421 (An issue was discovered in Xen through 4.12.x allowing x86 PV
guest OS ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-299.html
CVE-2019-18420 (An issue was discovered in Xen through 4.12.x allowing x86 PV
guest OS ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
NOTE: https://xenbits.xen.org/xsa/advisory-296.html
CVE-2019-18419 (A cross-site scripting (XSS) vulnerability in index.php in
ClonOS WEB ...)
@@ -46137,9 +46159,11 @@ CVE-2019-9578 (In devs.c in Yubico libu2f-host before
1.1.8, the response to ini
CVE-2019-9577
RESERVED
CVE-2019-17350 (An issue was discovered in Xen through 4.12.x allowing Arm
domU attack ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1
NOTE: https://xenbits.xen.org/xsa/advisory-295.html
CVE-2019-17349 (An issue was discovered in Xen through 4.12.x allowing Arm
domU attack ...)
+ {DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1
NOTE: https://xenbits.xen.org/xsa/advisory-295.html
CVE-2019-17348 (An issue was discovered in Xen through 4.11.x allowing x86 PV
guest OS ...)
@@ -283324,10 +283348,10 @@ CVE-2012-4763
RESERVED
CVE-2012-4762
RESERVED
-CVE-2012-4761
- RESERVED
-CVE-2012-4760
- RESERVED
+CVE-2012-4761 (A Privilege Escalation vulnerability exists in the unquoted
Service Bi ...)
+ TODO: check
+CVE-2012-4760 (A Privilege Escalation vulnerability exists in the SDBagent
service in ...)
+ TODO: check
CVE-2011-5158 (Multiple untrusted search path vulnerabilities in the
DMTGUI2.EXE and ...)
NOT-FOR-US: DATEV Grundpaket Basis
CVE-2010-5274 (Untrusted search path vulnerability in PKZIP before 12.50.0014
allows ...)
@@ -283529,8 +283553,8 @@ CVE-2012-4751 (Cross-site scripting (XSS)
vulnerability in Open Ticket Request S
- otrs2 3.1.7+dfsg1-6
[squeeze] - otrs2 2.4.9+dfsg1-3+squeeze4
NOTE: DSA-2733-1
-CVE-2012-4750
- RESERVED
+CVE-2012-4750 (A Code Execution vulnerability exists in the memcpy function
when proc ...)
+ TODO: check
CVE-2012-4749
RESERVED
CVE-2012-4748
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/11718e6a35007c05d66935b8b6c482a4516814d3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/11718e6a35007c05d66935b8b6c482a4516814d3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
