Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4ee7200e by security tracker role at 2020-01-29T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in
the cmd ...)
+ TODO: check
+CVE-2020-8431
+ RESERVED
+CVE-2020-8430
+ RESERVED
+CVE-2020-8429
+ RESERVED
CVE-2020-8427
RESERVED
CVE-2020-8426 (The Elementor plugin before 2.8.5 for WordPress suffers from a
reflect ...)
@@ -20,8 +28,8 @@ CVE-2020-8418
RESERVED
CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows
CSRF becau ...)
NOT-FOR-US: Code Snippets plugin for WordPress
-CVE-2020-8416
- RESERVED
+CVE-2020-8416 (BearFTP before 0.2.0 allows remote attackers to achieve denial
of serv ...)
+ TODO: check
CVE-2020-8415
RESERVED
CVE-2020-8414
@@ -672,10 +680,10 @@ CVE-2020-8095
RESERVED
CVE-2020-8094
RESERVED
-CVE-2020-8093
- RESERVED
-CVE-2020-8092
- RESERVED
+CVE-2020-8093 (A vulnerability in the AntivirusforMac binary as used in
Bitdefender A ...)
+ TODO: check
+CVE-2020-8092 (A privilege escalation vulnerability in BDLDaemon as used in
Bitdefend ...)
+ TODO: check
CVE-2020-8091 (svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could
allow a ...)
NOT-FOR-US: TYPO3
CVE-2020-8090 (The Username field in the Storage Service settings of A1 WLAN
Box ADB ...)
@@ -986,8 +994,8 @@ CVE-2020-7967
RESERVED
CVE-2020-7966
RESERVED
-CVE-2020-7965
- RESERVED
+CVE-2020-7965 (flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that
the Con ...)
+ TODO: check
CVE-2020-7964 (An issue was discovered in Mirumee Saleor 2.x before 2.9.1.
Incorrect ...)
NOT-FOR-US: Mirumee Saleor
CVE-2020-7963
@@ -2520,8 +2528,8 @@ CVE-2020-7249 (SMC D3G0804W 3.5.2.5-LAT_GA devices allow
XSS via the SSID field
NOT-FOR-US: SMC D3G0804W devices
CVE-2020-7248
RESERVED
-CVE-2020-7247 [LPE and RCE in OpenSMTPD]
- RESERVED
+CVE-2020-7247 (smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in
OpenBSD 6 ...)
+ {DSA-4611-1}
- opensmtpd 6.6.2p1-1
NOTE: https://www.openwall.com/lists/oss-security/2020/01/28/3
NOTE: Fixed by:
https://github.com/OpenSMTPD/OpenSMTPD/commit/2afab2297347342f81fa31a75bbbf7dbee614fda
@@ -2839,6 +2847,7 @@ CVE-2020-7106 (Cacti 1.2.8 has stored XSS in
data_sources.php, color_templates_i
NOTE:
https://github.com/Cacti/cacti/commit/47a000b5aba4af16967e249b25f25397506e3464
NOTE:
https://github.com/Cacti/cacti/commit/b1c70e19466a6e69284e24cde437b55ccc454bee
CVE-2020-7105 (async.c and dict.c in libhiredis.a in hiredis through 0.14.0
allow a N ...)
+ {DLA-2083-1}
- hiredis 0.14.0-5 (bug #949995)
NOTE: https://github.com/redis/hiredis/pull/754
NOTE: https://github.com/redis/hiredis/pull/756
@@ -11018,8 +11027,8 @@ CVE-2020-3760
RESERVED
CVE-2020-3759
RESERVED
-CVE-2020-3758
- RESERVED
+CVE-2020-3758 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier,
1.14.4.3 and e ...)
+ TODO: check
CVE-2020-3757
RESERVED
CVE-2020-3756
@@ -11096,26 +11105,26 @@ CVE-2020-3721
RESERVED
CVE-2020-3720
RESERVED
-CVE-2020-3719
- RESERVED
-CVE-2020-3718
- RESERVED
-CVE-2020-3717
- RESERVED
-CVE-2020-3716
- RESERVED
-CVE-2020-3715
- RESERVED
-CVE-2020-3714
- RESERVED
-CVE-2020-3713
- RESERVED
-CVE-2020-3712
- RESERVED
-CVE-2020-3711
- RESERVED
-CVE-2020-3710
- RESERVED
+CVE-2020-3719 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier,
1.14.4.3 and e ...)
+ TODO: check
+CVE-2020-3718 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier,
1.14.4.3 and e ...)
+ TODO: check
+CVE-2020-3717 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier,
1.14.4.3 and e ...)
+ TODO: check
+CVE-2020-3716 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier,
1.14.4.3 and e ...)
+ TODO: check
+CVE-2020-3715 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier,
1.14.4.3 and e ...)
+ TODO: check
+CVE-2020-3714 (Adobe Illustrator CC versions 24.0 and earlier have a memory
corruptio ...)
+ TODO: check
+CVE-2020-3713 (Adobe Illustrator CC versions 24.0 and earlier have a memory
corruptio ...)
+ TODO: check
+CVE-2020-3712 (Adobe Illustrator CC versions 24.0 and earlier have a memory
corruptio ...)
+ TODO: check
+CVE-2020-3711 (Adobe Illustrator CC versions 24.0 and earlier have a memory
corruptio ...)
+ TODO: check
+CVE-2020-3710 (Adobe Illustrator CC versions 24.0 and earlier have a memory
corruptio ...)
+ TODO: check
CVE-2020-3709
RESERVED
CVE-2020-3708
@@ -15111,35 +15120,25 @@ CVE-2020-2110
RESERVED
CVE-2020-2109
RESERVED
-CVE-2020-2108
- RESERVED
+CVE-2020-2108 (Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not
configure ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2107
- RESERVED
+CVE-2020-2107 (Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server
passwor ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2106
- RESERVED
+CVE-2020-2106 (Jenkins Code Coverage API Plugin 1.1.2 and earlier does not
escape the ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2105
- RESERVED
+CVE-2020-2105 (REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1
and earli ...)
NOT-FOR-US: Jenkins
-CVE-2020-2104
- RESERVED
+CVE-2020-2104 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed
users with ...)
NOT-FOR-US: Jenkins
-CVE-2020-2103
- RESERVED
+CVE-2020-2103 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed
session ide ...)
NOT-FOR-US: Jenkins
-CVE-2020-2102
- RESERVED
+CVE-2020-2102 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a
non-constant ...)
NOT-FOR-US: Jenkins
-CVE-2020-2101
- RESERVED
+CVE-2020-2101 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use
a const ...)
NOT-FOR-US: Jenkins
-CVE-2020-2100
- RESERVED
+CVE-2020-2100 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was
vulnerable to a ...)
NOT-FOR-US: Jenkins
-CVE-2020-2099
- RESERVED
+CVE-2020-2099 (Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly
reuses e ...)
NOT-FOR-US: Jenkins
CVE-2020-2098 (A cross-site request forgery vulnerability in Jenkins Sounds
Plugin 0. ...)
NOT-FOR-US: Jenkins plugin
@@ -20644,8 +20643,8 @@ CVE-2019-18636 (A cross-site scripting (XSS)
vulnerability in Jitbit .NET Forum
NOT-FOR-US: Jitbit .NET Forum
CVE-2019-18635 (An issue was discovered in Mooltipass Moolticute through
v0.42.1 and v ...)
NOT-FOR-US: Mooltipass Moolticute
-CVE-2019-18634
- RESERVED
+CVE-2019-18634 (In Sudo through 1.8.29, if pwfeedback is enabled in
/etc/sudoers, user ...)
+ TODO: check
CVE-2019-18633 (European Commission eIDAS-Node Integration Package before
2.3.1 has Mi ...)
NOT-FOR-US: European Commission eIDAS-Node Integration Package
CVE-2019-18632 (European Commission eIDAS-Node Integration Package before
2.3.1 allows ...)
@@ -51740,6 +51739,7 @@ CVE-2019-8847
RESERVED
CVE-2019-8846
RESERVED
+ {DSA-4610-1}
- webkit2gtk 2.26.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
@@ -51748,6 +51748,7 @@ CVE-2019-8845
RESERVED
CVE-2019-8844
RESERVED
+ {DSA-4610-1}
- webkit2gtk 2.26.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
@@ -51770,6 +51771,7 @@ CVE-2019-8836
RESERVED
CVE-2019-8835
RESERVED
+ {DSA-4610-1}
- webkit2gtk 2.26.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
@@ -54658,12 +54660,12 @@ CVE-2019-7658
RESERVED
CVE-2019-7657
RESERVED
-CVE-2019-7656
- RESERVED
-CVE-2019-7655
- RESERVED
-CVE-2019-7654
- RESERVED
+CVE-2019-7656 (A privilege escalation vulnerability in Wowza Streaming Engine
4.7.7 a ...)
+ TODO: check
+CVE-2019-7655 (Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple
authentic ...)
+ TODO: check
+CVE-2019-7654 (Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple
CSRF vuln ...)
+ TODO: check
CVE-2019-7652 (TheHive Project UnshortenLink analyzer before 1.1, included in
Cortex- ...)
NOT-FOR-US: TheHive Project UnshortenLink analyzer
CVE-2019-7651 (EPP.sys in Emsisoft Anti-Malware prior to version 2018.12
allows an at ...)
@@ -107161,13 +107163,13 @@ CVE-2018-7716 (PrivateVPN 2.0.31 for macOS suffers
from a root privilege escalat
NOT-FOR-US: PrivateVPN for macOS
CVE-2018-7715 (PrivateVPN 2.0.31 for macOS suffers from a root privilege
escalation v ...)
NOT-FOR-US: PrivateVPN for macOS
-CVE-2018-7714 (The validateInputImageSize function in
modules/imgcodecs/src/loadsave. ...)
+CVE-2018-7714 (** DISPUTED ** The validateInputImageSize function in
modules/imgcodec ...)
NOTE: Non-issue, needs to be handled within applications using opencv
NOTE: https://github.com/opencv/opencv/issues/10998
-CVE-2018-7713 (The validateInputImageSize function in
modules/imgcodecs/src/loadsave. ...)
+CVE-2018-7713 (** DISPUTED ** The validateInputImageSize function in
modules/imgcodec ...)
NOTE: Non-issue, needs to be handled within applications using opencv
NOTE: https://github.com/opencv/opencv/issues/10998
-CVE-2018-7712 (The validateInputImageSize function in
modules/imgcodecs/src/loadsave. ...)
+CVE-2018-7712 (** DISPUTED ** The validateInputImageSize function in
modules/imgcodec ...)
NOTE: Non-issue, needs to be handled within applications using opencv
NOTE: https://github.com/opencv/opencv/issues/10998
CVE-2018-7710
@@ -273220,8 +273222,8 @@ CVE-2013-3217
RESERVED
CVE-2013-3216
RESERVED
-CVE-2013-3215
- RESERVED
+CVE-2013-3215 (vtiger CRM 5.4.0 and earlier contain an Authentication Bypass
Vulnerab ...)
+ TODO: check
CVE-2013-3214 (vtiger CRM 5.4.0 and earlier contain a PHP Code Injection
Vulnerabilit ...)
TODO: check
CVE-2013-3213 (Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0
through 5.4 ...)
@@ -274756,23 +274758,22 @@ CVE-2013-2576 (Buffer overflow in Artweaver before
3.1.6 allows remote attackers
NOT-FOR-US: Artweaver
CVE-2013-2575
RESERVED
-CVE-2013-2574
- RESERVED
+CVE-2013-2574 (An Access vulnerability exists in FOSCAM IP Camera FI8620 due
to insuf ...)
NOT-FOR-US: Foscam
-CVE-2013-2573
- RESERVED
-CVE-2013-2572
- RESERVED
+CVE-2013-2573 (A Command Injection vulnerability exists in the ap parameter to
the /c ...)
+ TODO: check
+CVE-2013-2572 (A Security Bypass vulnerability exists in TP-LINK IP Cameras
TL-SC 313 ...)
+ TODO: check
CVE-2013-2571 (Iris 3.8 before build 1548, as used in Xpient point of sale
(POS) syst ...)
TODO: check
-CVE-2013-2570
- RESERVED
-CVE-2013-2569
- RESERVED
-CVE-2013-2568
- RESERVED
-CVE-2013-2567
- RESERVED
+CVE-2013-2570 (A Command Injection vulnerability exists in Zavio IP Cameras
through 1 ...)
+ TODO: check
+CVE-2013-2569 (A Security Bypass vulnerability exists in Zavio IP Cameras
through 1.6 ...)
+ TODO: check
+CVE-2013-2568 (A Command Injection vulnerability exists in Zavio IP Cameras
through 1 ...)
+ TODO: check
+CVE-2013-2567 (An Authentication Bypass vulnerability exists in the web
interface in ...)
+ TODO: check
CVE-2013-2566 (The RC4 algorithm, as used in the TLS protocol and SSL
protocol, has m ...)
NOTE: Generic protocol flaw in RC4
CVE-2012-6549 (The isofs_export_encode_fh function in fs/isofs/export.c in the
Linux ...)
@@ -282376,8 +282377,7 @@ CVE-2013-0163 (OpenShift haproxy cartridge:
predictable /tmp in set-proxy connec
CVE-2013-0162 (The diff_pp function in lib/gauntlet_rubyparser.rb in the
ruby_parser ...)
- ruby-parser 2.3.1-2 (bug #701637)
NOTE: http://www.openwall.com/lists/oss-security/2013/02/22/5
-CVE-2013-0161
- RESERVED
+CVE-2013-0161 (Havalite CMS 1.1.7 has a stored XSS vulnerability ...)
NOT-FOR-US: Havalite CMS
CVE-2013-0160 (The Linux kernel through 3.7.9 allows local users to obtain
sensitive ...)
{DSA-2669-1}
@@ -284179,8 +284179,8 @@ CVE-2012-5778
RESERVED
CVE-2012-5777 (Eval injection vulnerability in the ReplaceListVars function in
the te ...)
NOT-FOR-US: EmpireCMS
-CVE-2012-5776
- RESERVED
+CVE-2012-5776 (Dokeos 2.1.1 has multiple XSS issues involving "extra_"
parameters in ...)
+ TODO: check
CVE-2012-5775
REJECTED
CVE-2012-5774
@@ -288113,8 +288113,7 @@ CVE-2012-4385 (letodms 3.3.6 has CSRF via change
password ...)
- letodms 3.3.7+dfsg-1 (bug #689664)
CVE-2012-4384 (letodms has multiple XSS issues: Reflected XSS in Login Page,
Stored X ...)
- letodms 3.3.7+dfsg-1 (bug #689664)
-CVE-2012-4383
- RESERVED
+CVE-2012-4383 (contao prior to 2.11.4 has a sql injection vulnerability ...)
NOT-FOR-US: Contao
CVE-2012-4382 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not
properly pr ...)
- mediawiki 1:1.19.2-1 (bug #686330)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ee7200e1e815ef6f483fc75056aab7885b4bbc1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ee7200e1e815ef6f483fc75056aab7885b4bbc1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
