Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ed37d14d by security tracker role at 2020-02-04T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2020-8615 (A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for
WordPres ...)
+ TODO: check
+CVE-2020-8614
+ RESERVED
+CVE-2020-8613
+ RESERVED
+CVE-2020-8612
+ RESERVED
+CVE-2020-8611
+ RESERVED
+CVE-2020-8610
+ RESERVED
+CVE-2020-8609
+ RESERVED
+CVE-2020-8608
+ RESERVED
+CVE-2020-8607
+ RESERVED
+CVE-2020-8606
+ RESERVED
+CVE-2020-8605
+ RESERVED
+CVE-2020-8604
+ RESERVED
+CVE-2020-8603
+ RESERVED
+CVE-2020-8602
+ RESERVED
+CVE-2020-8601
+ RESERVED
+CVE-2020-8600
+ RESERVED
+CVE-2020-8599
+ RESERVED
+CVE-2020-8598
+ RESERVED
CVE-2020-8597 (eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname
buffer overf ...)
- ppp <unfixed> (bug #950618)
NOTE:
https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
@@ -3023,8 +3059,8 @@ CVE-2020-7223
RESERVED
CVE-2020-7222 (An issue was discovered in Amcrest Web Server 2.520.AC00.18.R
2017-06- ...)
NOT-FOR-US: Amcrest Web Server
-CVE-2020-7221
- RESERVED
+CVE-2020-7221 (mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows
privilege es ...)
+ TODO: check
CVE-2020-7220 (HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in
certain circ ...)
NOT-FOR-US: HashiCorp Vault
CVE-2020-7219 (HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC
services a ...)
@@ -9896,8 +9932,8 @@ CVE-2020-4165
RESERVED
CVE-2020-4164
RESERVED
-CVE-2020-4163
- RESERVED
+CVE-2020-4163 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under
special ...)
+ TODO: check
CVE-2020-4162
RESERVED
CVE-2020-4161
@@ -10791,8 +10827,8 @@ CVE-2019-19970
RESERVED
CVE-2019-19969
RESERVED
-CVE-2019-19968
- RESERVED
+CVE-2019-19968 (PandoraFMS 742 suffers from multiple XSS vulnerabilities,
affecting th ...)
+ TODO: check
CVE-2019-19967 (The Administration page on Connect Box EuroDOCSIS 3.0 Voice
Gateway CH ...)
NOT-FOR-US: Connect Box EuroDOCSIS 3.0 Voice Gateway devices
CVE-2019-19977 (libESMTP through 1.0.6 mishandles domain copying into a
fixed-size buf ...)
@@ -17271,8 +17307,8 @@ CVE-2019-19274 (typed_ast 1.3.0 and 1.3.1 has a
handle_keywordonly_args out-of-b
NOTE: https://bugs.python.org/issue36495
NOTE: Introduced by:
https://github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce
(1.3.0)
NOTE: Fixed by:
https://github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b
(1.3.2)
-CVE-2019-19273
- RESERVED
+CVE-2019-19273 (On Samsung mobile devices with O(8.0) and P(9.0) software and
an Exyno ...)
+ TODO: check
CVE-2015-9539 (The Fast Secure Contact Form plugin before 4.0.38 for WordPress
allows ...)
NOT-FOR-US: Fast Secure Contact Form plugin for WordPress
CVE-2015-9538 (The NextGEN Gallery plugin before 2.1.15 for WordPress allows
../ Dire ...)
@@ -45848,8 +45884,8 @@ CVE-2019-10786
RESERVED
CVE-2019-10785
RESERVED
-CVE-2019-10784
- RESERVED
+CVE-2019-10784 (phppgadmin through 7.12.1 allows sensitive actions to be
performed wit ...)
+ TODO: check
CVE-2019-10783 (All versions including 0.0.4 of lsof npm module are vulnerable
to Comm ...)
TODO: check
CVE-2019-10781 (In schema-inspector before 1.6.9, a maliciously crafted
JavaScript obj ...)
@@ -49893,8 +49929,8 @@ CVE-2019-9675 (** DISPUTED ** An issue was discovered
in PHP 7.x before 7.1.27 a
- php5 <removed> (unimportant)
NOTE: Fixed in 7.1.27, 7.3.3
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77586
-CVE-2019-9674
- RESERVED
+CVE-2019-9674 (Lib/zipfile.py in Python through 3.7.2 allows remote attackers
to caus ...)
+ TODO: check
CVE-2019-9673 (Freenet 1483 has a MIME type bypass that allows arbitrary
JavaScript e ...)
NOT-FOR-US: Freenet
CVE-2019-9672
@@ -62764,10 +62800,10 @@ CVE-2019-4677
RESERVED
CVE-2019-4676
RESERVED
-CVE-2019-4675
- RESERVED
-CVE-2019-4674
- RESERVED
+CVE-2019-4675 (IBM Security Identity Manager 7.0.1 contains hard-coded
credentials, s ...)
+ TODO: check
+CVE-2019-4674 (IBM Security Identity Manager 7.0.1 could allow a remote
attacker to t ...)
+ TODO: check
CVE-2019-4673
RESERVED
CVE-2019-4672
@@ -62990,8 +63026,8 @@ CVE-2019-4564 (IBM Security Key Lifecycle Manager 2.6,
2.7, 3.0, and 3.0.1 is vu
NOT-FOR-US: IBM
CVE-2019-4563
RESERVED
-CVE-2019-4562
- RESERVED
+CVE-2019-4562 (IBM Security Directory Server 6.4.0 stores sensitive
information in UR ...)
+ TODO: check
CVE-2019-4561 (IBM Security Identity Manager 6.0.0 could allow a remote
attacker to e ...)
NOT-FOR-US: IBM
CVE-2019-4560 (IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0
is vulne ...)
@@ -63012,14 +63048,14 @@ CVE-2019-4553
RESERVED
CVE-2019-4552
RESERVED
-CVE-2019-4551
- RESERVED
-CVE-2019-4550
- RESERVED
+CVE-2019-4551 (IBM Security Directory Server 6.4.0 does not perform an
authentication ...)
+ TODO: check
+CVE-2019-4550 (IBM Security Directory Server 6.4.0 is deployed with active
debugging ...)
+ TODO: check
CVE-2019-4549 (IBM Security Directory Server 6.4.0 discloses sensitive
information to ...)
NOT-FOR-US: IBM
-CVE-2019-4548
- RESERVED
+CVE-2019-4548 (IBM Security Directory Server 6.4.0 could allow a remote
attacker to h ...)
+ TODO: check
CVE-2019-4547
RESERVED
CVE-2019-4546 (After installing the IBM Maximo Health- Safety and Environment
Manager ...)
@@ -63032,10 +63068,10 @@ CVE-2019-4543
RESERVED
CVE-2019-4542 (IBM Security Directory Server 6.4.0 is vulnerable to cross-site
script ...)
NOT-FOR-US: IBM
-CVE-2019-4541
- RESERVED
-CVE-2019-4540
- RESERVED
+CVE-2019-4541 (IBM Security Directory Server 6.4.0 uses incomplete
blacklisting for i ...)
+ TODO: check
+CVE-2019-4540 (IBM Security Directory Server 6.4.0 uses weaker than expected
cryptogr ...)
+ TODO: check
CVE-2019-4539 (IBM Security Directory Server 6.4.0 does not properly
neutralize speci ...)
NOT-FOR-US: IBM
CVE-2019-4538 (IBM Security Directory Server 6.4.0 could allow a remote
attacker to c ...)
@@ -63212,8 +63248,8 @@ CVE-2019-4453
RESERVED
CVE-2019-4452
RESERVED
-CVE-2019-4451
- RESERVED
+CVE-2019-4451 (IBM Security Identity Manager 6.0.0 is vulnerable to cross-site
script ...)
+ TODO: check
CVE-2019-4450 (IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site
scripting. T ...)
NOT-FOR-US: IBM
CVE-2019-4449
@@ -192444,8 +192480,8 @@ CVE-2016-1000106
REJECTED
CVE-2016-1000105
REJECTED
-CVE-2016-1000103 (A Security Bypass vulnerability exists in Nginx 2016-07-07
in the HTTP ...)
- TODO: check
+CVE-2016-1000103
+ REJECTED
CVE-2016-1000102
REJECTED
CVE-2016-1000027 (Pivotal Spring Framework 4.1.4 suffers from a potential
remote code ex ...)
@@ -262437,20 +262473,15 @@ CVE-2013-7057 (Cross-site request forgery (CSRF)
vulnerability in Axway SecureTr
NOT-FOR-US: Axway SecureTransport
CVE-2013-7056
RESERVED
-CVE-2013-7055
- RESERVED
+CVE-2013-7055 (D-Link DIR-100 4.03B07 has PPTP and poe information disclosure
...)
NOT-FOR-US: Router D-Link DIR-100
-CVE-2013-7054
- RESERVED
+CVE-2013-7054 (D-Link DIR-100 4.03B07: cli.cgi XSS ...)
NOT-FOR-US: Router D-Link DIR-100
-CVE-2013-7053
- RESERVED
+CVE-2013-7053 (D-Link DIR-100 4.03B07: cli.cgi CSRF ...)
NOT-FOR-US: Router D-Link DIR-100
-CVE-2013-7052
- RESERVED
+CVE-2013-7052 (D-Link DIR-100 4.03B07: security bypass via an error in the
cliget.cgi ...)
NOT-FOR-US: Router D-Link DIR-100
-CVE-2013-7051
- RESERVED
+CVE-2013-7051 (D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure
to chec ...)
NOT-FOR-US: Router D-Link DIR-100
CVE-2013-7047
RESERVED
@@ -275015,12 +275046,12 @@ CVE-2013-2680
RESERVED
CVE-2013-2679
RESERVED
-CVE-2013-2678
- RESERVED
+CVE-2013-2678 (Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File
Includ ...)
+ TODO: check
CVE-2013-2677
RESERVED
-CVE-2013-2676
- RESERVED
+CVE-2013-2676 (Brother MFC-9970CDW 1.10 firmware L devices contain an
information dis ...)
+ TODO: check
CVE-2013-2675
RESERVED
CVE-2013-2674 (Brother MFC-9970CDW 1.10 firmware L devices contain an
information dis ...)
@@ -279163,8 +279194,8 @@ CVE-2013-1424 [matplotlib buffer overrun]
CVE-2013-1423 ((1) contrib/gforge-3.0-cronjobs.patch, (2)
cronjobs/homedirs.php, (3) ...)
{DSA-2633-1}
- fusionforge 5.2.1+20130227-1
-CVE-2013-1422
- RESERVED
+CVE-2013-1422 (webcalendar before 1.2.7 shows the reason for a failed login
(e.g., "n ...)
+ TODO: check
CVE-2013-1421 (Cross-site scripting (XSS) vulnerability in Craig Knudsen
WebCalendar ...)
- webcalendar <removed>
CVE-2013-1420 (Multiple cross-site scripting (XSS) vulnerabilities in
GetSimple CMS b ...)
@@ -284844,8 +284875,8 @@ CVE-2012-5688 (ISC BIND 9.8.x before 9.8.4-P1 and
9.9.x before 9.9.2-P1, when DN
- isc-dhcp <not-affected> (issue only affects the named service, which
isn't used by isc-dhcp)
CVE-2012-5687 (Directory traversal vulnerability in the web-based management
feature ...)
NOT-FOR-US: TP-LINK TL-WR841N router
-CVE-2012-5686
- RESERVED
+CVE-2012-5686 (ZPanel 10.0.1 has insufficient entropy for its password reset
process. ...)
+ TODO: check
CVE-2012-5685 (SQL injection vulnerability in ZPanel 10.0.1 and earlier allows
remote ...)
NOT-FOR-US: ZPanel
CVE-2012-5684 (Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and
earlier ...)
@@ -285092,8 +285123,7 @@ CVE-2012-5620
REJECTED
CVE-2012-5619 (The Sleuth Kit (TSK) 4.0.1 does not properly handle "."
(dotfile) file ...)
- sleuthkit 4.1.2-1 (unimportant; bug #695097)
-CVE-2012-5618
- RESERVED
+CVE-2012-5618 (Ushahidi before 2.6.1 has insufficient entropy for
forgot-password tok ...)
NOT-FOR-US: Ushahidi
CVE-2012-5617 (gksu-polkit: permissive PolicyKit policy configuration file
allows pri ...)
- gksu-polkit <removed> (bug #695807)
@@ -299413,8 +299443,7 @@ CVE-2011-4939 (The pidgin_conv_chat_rename_user
function in gtkconv.c in Pidgin
CVE-2011-4938
RESERVED
NOT-FOR-US: Ariadne CMS not in Debian
-CVE-2011-4937
- RESERVED
+CVE-2011-4937 (Joomla! 1.7.1 has core information disclosure due to inadequate
error ...)
NOT-FOR-US: Joomla!
CVE-2011-4936
REJECTED
@@ -299492,8 +299521,7 @@ CVE-2011-4914 (The ROSE protocol implementation in
the Linux kernel before 2.6.3
CVE-2011-4913 (The rose_parse_ccitt function in net/rose/rose_subr.c in the
Linux ker ...)
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4
-CVE-2011-4912
- RESERVED
+CVE-2011-4912 (Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail
timeout ...)
NOT-FOR-US: Joomla!
CVE-2011-4911 (Joomla! before 1.5.12 does not perform a JEXEC check in
unspecified fi ...)
NOT-FOR-US: Joomla!
@@ -303913,8 +303941,7 @@ CVE-2011-3631 (Hardlink before 0.1.2 has multiple
integer overflows leading to h
- hardlink <not-affected> (Only the C version, ours are written in
Python)
CVE-2011-3630 (Hardlink before 0.1.2 suffer from multiple stack-based buffer
overflow ...)
- hardlink <not-affected> (Only the C version, ours are written in
Python)
-CVE-2011-3629
- RESERVED
+CVE-2011-3629 (Joomla! core 1.7.1 allows information disclosure due to weak
encryptio ...)
NOT-FOR-US: Joomla!
CVE-2011-3628 (Untrusted search path vulnerability in pam_motd (aka the MOTD
module) ...)
- pam 1.1.3-7 (low; bug #670076)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed37d14d08f8b8b3ca9cc086b014a97ad9caa3f3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed37d14d08f8b8b3ca9cc086b014a97ad9caa3f3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
