Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
03443fa7 by security tracker role at 2020-01-30T20:11:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,91 @@
+CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through
3.6.10, 3.7 ...)
+ TODO: check
+CVE-2020-8491
+ RESERVED
+CVE-2020-8490
+ RESERVED
+CVE-2020-8489
+ RESERVED
+CVE-2020-8488
+ RESERVED
+CVE-2020-8487
+ RESERVED
+CVE-2020-8486
+ RESERVED
+CVE-2020-8485
+ RESERVED
+CVE-2020-8484
+ RESERVED
+CVE-2020-8483
+ RESERVED
+CVE-2020-8482
+ RESERVED
+CVE-2020-8481
+ RESERVED
+CVE-2020-8480
+ RESERVED
+CVE-2020-8479
+ RESERVED
+CVE-2020-8478
+ RESERVED
+CVE-2020-8477
+ RESERVED
+CVE-2020-8476
+ RESERVED
+CVE-2020-8475
+ RESERVED
+CVE-2020-8474
+ RESERVED
+CVE-2020-8473
+ RESERVED
+CVE-2020-8472
+ RESERVED
+CVE-2020-8471
+ RESERVED
+CVE-2020-8470
+ RESERVED
+CVE-2020-8469
+ RESERVED
+CVE-2020-8468
+ RESERVED
+CVE-2020-8467
+ RESERVED
+CVE-2020-8466
+ RESERVED
+CVE-2020-8465
+ RESERVED
+CVE-2020-8464
+ RESERVED
+CVE-2020-8463
+ RESERVED
+CVE-2020-8462
+ RESERVED
+CVE-2020-8461
+ RESERVED
+CVE-2020-8460
+ RESERVED
+CVE-2020-8459
+ RESERVED
+CVE-2020-8458
+ RESERVED
+CVE-2020-8457
+ RESERVED
+CVE-2020-8456
+ RESERVED
+CVE-2020-8455
+ RESERVED
+CVE-2020-8454
+ RESERVED
+CVE-2020-8453
+ RESERVED
+CVE-2020-8452
+ RESERVED
+CVE-2020-8451
+ RESERVED
+CVE-2020-8450
+ RESERVED
+CVE-2020-8449
+ RESERVED
CVE-2020-8448 (In OSSEC-HIDS 2.7 through 3.5.0, the server component
responsible for ...)
- ossec-hids <itp> (bug #361954)
CVE-2020-8447 (In OSSEC-HIDS 2.7 through 3.5.0, the server component
responsible for ...)
@@ -1189,26 +1277,26 @@ CVE-2020-7915 (An issue was discovered on Eaton 5P 850
devices. The Ubicacion SA
NOT-FOR-US: Eaton devices
CVE-2020-7914
RESERVED
-CVE-2020-7913
- RESERVED
-CVE-2020-7912
- RESERVED
-CVE-2020-7911
- RESERVED
-CVE-2020-7910
- RESERVED
-CVE-2020-7909
- RESERVED
-CVE-2020-7908
- RESERVED
+CVE-2020-7913 (JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to
XSS vi ...)
+ TODO: check
+CVE-2020-7912 (In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings
could ...)
+ TODO: check
+CVE-2020-7911 (In JetBrains TeamCity before 2019.2, several user-level pages
were vul ...)
+ TODO: check
+CVE-2020-7910 (JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS
attack ...)
+ TODO: check
+CVE-2020-7909 (In JetBrains TeamCity before 2019.1.5, some server-stored
passwords co ...)
+ TODO: check
+CVE-2020-7908 (In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was
possible ...)
+ TODO: check
CVE-2020-7907
RESERVED
-CVE-2020-7906
- RESERVED
-CVE-2020-7905
- RESERVED
-CVE-2020-7904
- RESERVED
+CVE-2020-7906 (In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7,
there wer ...)
+ TODO: check
+CVE-2020-7905 (Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were
expose ...)
+ TODO: check
+CVE-2020-7904 (In JetBrains IntelliJ IDEA before 2019.3, some Maven
repositories were ...)
+ TODO: check
CVE-2019-20399 (A timing vulnerability in the Scalar::check_overflow function
in Parit ...)
NOT-FOR-US: libsecp256k1-rs (Rust Implementation of secp256k1)
CVE-2019-20398 (A NULL pointer dereference is present in libyang before
v1.0-r3 in the ...)
@@ -2125,6 +2213,7 @@ CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in
libxml2 2.9.10 allows an xmlS
[jessie] - libxml2 <no-dsa> (Minor issue)
NOTE: Proposed merge request:
https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68
CVE-2019-20387 (repodata_schema2id in repodata.c in libsolv before 0.7.6 has a
heap-ba ...)
+ {DLA-2088-1}
- libsolv 0.6.36-2 (bug #949611)
[buster] - libsolv <no-dsa> (Minor issue)
[stretch] - libsolv <no-dsa> (Minor issue)
@@ -6898,8 +6987,8 @@ CVE-2020-5235
RESERVED
CVE-2020-5234
RESERVED
-CVE-2020-5233
- RESERVED
+CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability.
Authentica ...)
+ TODO: check
CVE-2020-5232
RESERVED
CVE-2020-5231
@@ -10214,8 +10303,8 @@ CVE-2019-20052 (A memory leak was discovered in
Mat_VarCalloc in mat.c in matio
CVE-2019-20051 (A floating-point exception was discovered in
PackLinuxElf::elf_hash in ...)
- upx-ucl <unfixed> (unimportant)
NOTE: https://github.com/upx/upx/issues/313
-CVE-2019-20050
- RESERVED
+CVE-2019-20050 (Pandora FMS ≤ 7.42 suffers from a remote code execution
vulnerab ...)
+ TODO: check
CVE-2019-20054 (In the Linux kernel before 5.0.6, there is a NULL pointer
dereference ...)
- linux 5.2.6-1
[buster] - linux 4.19.67-1
@@ -15769,13 +15858,11 @@ CVE-2020-1933 (A XSS vulnerability was found in
Apache NiFi 1.0.0 to 1.10.0. Mal
NOT-FOR-US: Apache NiFi
CVE-2020-1932 (An information disclosure issue was found in Apache Superset
0.34.0, 0 ...)
NOT-FOR-US: Apache Superset
-CVE-2020-1931
- RESERVED
+CVE-2020-1931 (A command execution issue was found in Apache SpamAssassin
prior to 3. ...)
- spamassassin 3.4.4~rc1-1 (bug #950258)
NOTE:
https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt
NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/2
-CVE-2020-1930
- RESERVED
+CVE-2020-1930 (A command execution issue was found in Apache SpamAssassin
prior to 3. ...)
- spamassassin 3.4.4~rc1-1 (bug #950258)
NOTE:
https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt
NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/3
@@ -17025,7 +17112,7 @@ CVE-2019-19236
RESERVED
CVE-2019-19235 (AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows
10 note ...)
NOT-FOR-US: ASUS
-CVE-2019-19234 (In Sudo through 1.8.29, the fact that a user has been blocked
(e.g., b ...)
+CVE-2019-19234 (** DISPUTED ** In Sudo through 1.8.29, the fact that a user
has been b ...)
- sudo <unfixed> (bug #947225)
[buster] - sudo <no-dsa> (Minor issue)
[stretch] - sudo <no-dsa> (Minor issue)
@@ -17033,7 +17120,7 @@ CVE-2019-19234 (In Sudo through 1.8.29, the fact that a
user has been blocked (e
NOTE: https://www.sudo.ws/devel.html#1.8.30b2
CVE-2019-19233
RESERVED
-CVE-2019-19232 (In Sudo through 1.8.29, an attacker with access to a Runas ALL
sudoer ...)
+CVE-2019-19232 (** DISPUTED ** In Sudo through 1.8.29, an attacker with access
to a Ru ...)
- sudo <unfixed> (bug #947225)
[buster] - sudo <no-dsa> (Minor issue)
[stretch] - sudo <no-dsa> (Minor issue)
@@ -18178,6 +18265,7 @@ CVE-2019-18793 (Parallels Plesk Panel 9.5 allows XSS in
target/locales/tr-TR/hel
CVE-2017-18639 (Progress Sitefinity CMS before 10.1 allows XSS via /Pages
Parameter : ...)
NOT-FOR-US: Progress Sitefinity CMS
CVE-2019-18792 (An issue was discovered in Suricata 5.0.0. It is possible to
bypass/ev ...)
+ {DLA-2087-1}
- suricata <unfixed>
NOTE:
https://github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4b
(master-4.1.x)
NOTE:
https://github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006
(suricata-5.0.1)
@@ -20737,6 +20825,7 @@ CVE-2018-21029 (** DISPUTED ** systemd 239 through 244
accepts any certificate s
[jessie] - systemd <not-affected> (Only affected v243)
NOTE: https://github.com/systemd/systemd/issues/9397
CVE-2019-18625 (An issue was discovered in Suricata 5.0.0. It was possible to
bypass/e ...)
+ {DLA-2087-1}
- suricata <unfixed>
NOTE:
https://github.com/OISF/suricata/commit/9f0294fadca3dcc18c919424242a41e01f3e8318
(suricata-5.0.1)
NOTE:
https://github.com/OISF/suricata/commit/ea0659de7640cf6a51de5bbd1dbbb0414e4623a0
(master-4.1.x)
@@ -25223,8 +25312,8 @@ CVE-2019-17275
RESERVED
CVE-2019-17274
RESERVED
-CVE-2019-17273
- RESERVED
+CVE-2019-17273 (E-Series SANtricity OS Controller Software version 11.60.0 is
suscepti ...)
+ TODO: check
CVE-2019-17272 (All versions of ONTAP Select Deploy administration utility are
suscept ...)
NOT-FOR-US: ONTAP
CVE-2019-17271 (vBulletin 5.5.4 allows SQL Injection via the
ajax/api/hook/getHookList ...)
@@ -252464,8 +252553,8 @@ CVE-2014-3721
RESERVED
CVE-2014-3720
RESERVED
-CVE-2014-3718
- RESERVED
+CVE-2014-3718 (Multiple cross-site scripting (XSS) vulnerabilities in
cgi-bin/tag_m.c ...)
+ TODO: check
CVE-2014-3713
RESERVED
CVE-2014-3712 (Katello allows remote attackers to cause a denial of service
(memory c ...)
@@ -253532,8 +253621,7 @@ CVE-2014-3775 (libgadu before 1.11.4 and 1.12.0
before 1.12.0-rc3, as used in Pi
[squeeze] - libgadu <not-affected> (Vulnerable code not present)
CVE-2014-3749 (SQL injection vulnerability in Construtiva CIS Manager allows
remote a ...)
NOT-FOR-US: Construtiva CIS Manager CMS
-CVE-2014-3719
- RESERVED
+CVE-2014-3719 (Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi
in Ex L ...)
NOT-FOR-US: ALEPH500 Integrated library management system
CVE-2014-3717 (Xen 4.4.x does not properly validate the load address for
64-bit ARM g ...)
- xen <not-affected> (Only ARM systems are affected from Xen 4.4
onwards)
@@ -277088,10 +277176,10 @@ CVE-2013-1868 (Multiple buffer overflows in
VideoLAN VLC media player 2.0.4 and
[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://www.videolan.org/security/sa1301.html
NOTE: The freetype issue is a harmless NULL deref and won't be fixed
-CVE-2013-1867
- RESERVED
-CVE-2013-1866
- RESERVED
+CVE-2013-1867 (Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite
Vulnerabi ...)
+ TODO: check
+CVE-2013-1866 (OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite
Vulnerab ...)
+ TODO: check
CVE-2013-1865 (OpenStack Keystone Folsom (2012.2) does not properly perform
revocatio ...)
- keystone <not-affected> (only affects folsom)
NOTE: fixed in experimental with keystone/2012.2.3-2
@@ -278074,8 +278162,8 @@ CVE-2013-1633 (easy_install in setuptools before 0.7
uses HTTP to retrieve packa
NOTE: Lack of a security feature, not a vulnerability
CVE-2013-1632
RESERVED
-CVE-2013-1631
- RESERVED
+CVE-2013-1631 (Verax NMS prior to 2.1.0 leaks connection details when any user
execut ...)
+ TODO: check
CVE-2013-1630 (pyshop before 0.7.1 uses HTTP to retrieve packages from the
PyPI repos ...)
NOT-FOR-US: pyshop
CVE-2013-1629 (pip before 1.3 uses HTTP to retrieve packages from the PyPI
repository ...)
@@ -278966,12 +279054,12 @@ CVE-2013-1354
RESERVED
CVE-2013-1353
RESERVED
-CVE-2013-1352
- RESERVED
-CVE-2013-1351
- RESERVED
-CVE-2013-1350
- RESERVED
+CVE-2013-1352 (Verax NMS prior to 2.1.0 uses an encryption key that is
hardcoded in a ...)
+ TODO: check
+CVE-2013-1351 (Verax NMS prior to 2.10 allows authentication via the encrypted
passwo ...)
+ TODO: check
+CVE-2013-1350 (Verax NMS prior to 2.1.0 has multiple security bypass
vulnerabilities ...)
+ TODO: check
CVE-2013-1349 (Eval injection vulnerability in ajax.php in openSIS 4.5 through
5.2 al ...)
NOT-FOR-US: openSIS
CVE-2013-1348 (The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote
attacke ...)
@@ -280645,10 +280733,10 @@ CVE-2013-0741 (Cross-site scripting (XSS)
vulnerability in imagegen.ashx in Perc
NOT-FOR-US: Percipient Studios ImageGen
CVE-2013-0740 (Open redirect vulnerability in Dell OpenManage Server
Administrator (O ...)
NOT-FOR-US: Dell OpenManage Server Administrator
-CVE-2013-0739
- RESERVED
-CVE-2013-0738
- RESERVED
+CVE-2013-0739 (Chamilo 1.9.4 has XSS due to improper validation of
user-supplied inpu ...)
+ TODO: check
+CVE-2013-0738 (Chamilo 1.9.4 has Multiple XSS and HTML Injection
Vulnerabilities: blo ...)
+ TODO: check
CVE-2013-0737 (Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and
earlier a ...)
NOT-FOR-US: BoltWire
CVE-2013-0736 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the Ming ...)
@@ -280673,8 +280761,8 @@ CVE-2013-0727 (Multiple untrusted search path
vulnerabilities in Global Mapper 1
NOT-FOR-US: Global Mapper
CVE-2013-0726 (Stack-based buffer overflow in the
ERM_convert_to_correct_webpath func ...)
NOT-FOR-US: ERDAS ER Viewer
-CVE-2013-0725
- RESERVED
+CVE-2013-0725 (ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries
arbitrary c ...)
+ TODO: check
CVE-2013-0724 (PHP remote file inclusion vulnerability in
includes/generate-pdf.php i ...)
NOT-FOR-US: Wordpress plugin ecommerce Shop Styling
CVE-2013-0723 (Multiple heap-based buffer overflows in etxrw.dll in Kingsoft
Spreadsh ...)
@@ -282018,8 +282106,8 @@ CVE-2013-0293 (oVirt Node: Lock screen accepts F2 to
drop to shell causing privi
CVE-2013-0292 (The dbus_g_proxy_manager_filter function in dbus-gproxy in
Dbus-glib b ...)
- dbus-glib 0.100.1-1 (bug #700638; high)
[squeeze] - dbus-glib 0.88-2.1+squeeze1
-CVE-2013-0291
- RESERVED
+CVE-2013-0291 (NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a
Path Disc ...)
+ TODO: check
CVE-2013-0290 (The __skb_recv_datagram function in net/core/datagram.c in the
Linux k ...)
- linux <not-affected> (Introduced in 3.4, fixed in 3.8)
- linux-2.6 <not-affected> (Introduced in 3.4)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/03443fa7bd1c56d39bcda21139fa8276b23848ee
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/03443fa7bd1c56d39bcda21139fa8276b23848ee
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
