Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0a11362c by security tracker role at 2020-02-05T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -195,8 +195,7 @@ CVE-2020-8519
RESERVED
CVE-2020-8518
RESERVED
-CVE-2020-8517
- RESERVED
+CVE-2020-8517 (An issue was discovered in Squid before 4.10. Due to incorrect
input v ...)
- squid <unfixed>
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_3.txt
@@ -345,16 +344,14 @@ CVE-2020-8452
RESERVED
CVE-2020-8451
RESERVED
-CVE-2020-8450
- RESERVED
+CVE-2020-8450 (An issue was discovered in Squid before 4.10. Due to incorrect
buffer ...)
- squid <unfixed>
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
NOTE:
http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch (Squid
3.5)
NOTE:
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch (Squid 4.8
and older)
NOTE:
http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch
(Squid 4.9)
-CVE-2020-8449
- RESERVED
+CVE-2020-8449 (An issue was discovered in Squid before 4.10. Due to incorrect
input v ...)
- squid <unfixed>
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
@@ -1022,28 +1019,28 @@ CVE-2020-8127
RESERVED
CVE-2020-8126
RESERVED
-CVE-2020-8125
- RESERVED
-CVE-2020-8124
- RESERVED
-CVE-2020-8123
- RESERVED
-CVE-2020-8122
- RESERVED
-CVE-2020-8121
- RESERVED
-CVE-2020-8120
- RESERVED
-CVE-2020-8119
- RESERVED
-CVE-2020-8118
- RESERVED
-CVE-2020-8117
- RESERVED
-CVE-2020-8116
- RESERVED
-CVE-2020-8115
- RESERVED
+CVE-2020-8125 (Flaw in input validation in npm package klona version 1.1.0 and
earlie ...)
+ TODO: check
+CVE-2020-8124 (Insufficient validation and sanitization of user input exists
in url-p ...)
+ TODO: check
+CVE-2020-8123 (A denial of service exists in strapi v3.0.0-beta.18.3 and
earlier that ...)
+ TODO: check
+CVE-2020-8122 (A missing check in Nextcloud Server 14.0.3 could give recipient
the po ...)
+ TODO: check
+CVE-2020-8121 (A bug in Nextcloud Server 14.0.4 could expose more data in
reshared li ...)
+ TODO: check
+CVE-2020-8120 (A reflected Cross-Site Scripting vulnerability in Nextcloud
Server 16. ...)
+ TODO: check
+CVE-2020-8119 (Improper authorization in Nextcloud server 17.0.0 causes
leaking of pr ...)
+ TODO: check
+CVE-2020-8118 (An authenticated server-side request forgery in Nextcloud
server 16.0. ...)
+ TODO: check
+CVE-2020-8117 (Improper preservation of permissions in Nextcloud Server 14.0.3
causes ...)
+ TODO: check
+CVE-2020-8116 (Prototype pollution vulnerability in dot-prop npm package
version 5.1. ...)
+ TODO: check
+CVE-2020-8115 (A reflected XSS vulnerability has been discovered in the
publicly acce ...)
+ TODO: check
CVE-2020-8114 [User Permissions Not Validated in ProjectExportWorker]
RESERVED
- gitlab <unfixed>
@@ -5583,12 +5580,12 @@ CVE-2020-6062
RESERVED
CVE-2020-6061
RESERVED
-CVE-2020-6060
- RESERVED
-CVE-2020-6059
- RESERVED
-CVE-2020-6058
- RESERVED
+CVE-2020-6060 (A stack buffer overflow vulnerability exists in the way
MiniSNMPD vers ...)
+ TODO: check
+CVE-2020-6059 (An exploitable out of bounds read vulnerability exists in the
way Mini ...)
+ TODO: check
+CVE-2020-6058 (An exploitable out-of-bounds read vulnerability exists in the
way Mini ...)
+ TODO: check
CVE-2020-6057
RESERVED
CVE-2020-6056
@@ -27092,7 +27089,7 @@ CVE-2019-16772 (The serialize-to-js NPM package before
version 3.0.1 is vulnerab
NOT-FOR-US: serialize-to-js Node package
CVE-2019-16771 (Versions of Armeria 0.85.0 through and including 0.96.0 are
vulnerable ...)
NOT-FOR-US: Armeria
-CVE-2019-16770 (In Puma before version 4.3.2, a poorly-behaved client could
use keepal ...)
+CVE-2019-16770 (In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved
client coul ...)
- puma <unfixed> (bug #946312)
[buster] - puma <no-dsa> (Minor issue)
[stretch] - puma <no-dsa> (Minor issue)
@@ -30400,36 +30397,36 @@ CVE-2019-15626 (The Deep Security Manager application
(Versions 10.0, 11.0 and 1
NOT-FOR-US: Deep Security Manager application (Trend Micro)
CVE-2019-15625 (A memory usage vulnerability exists in Trend Micro Password
Manager 3. ...)
NOT-FOR-US: Trend Micro
-CVE-2019-15624
- RESERVED
-CVE-2019-15623
- RESERVED
-CVE-2019-15622
- RESERVED
-CVE-2019-15621
- RESERVED
-CVE-2019-15620
- RESERVED
-CVE-2019-15619
- RESERVED
-CVE-2019-15618
- RESERVED
-CVE-2019-15617
- RESERVED
-CVE-2019-15616
- RESERVED
-CVE-2019-15615
- RESERVED
-CVE-2019-15614
- RESERVED
-CVE-2019-15613
- RESERVED
-CVE-2019-15612
- RESERVED
-CVE-2019-15611
- RESERVED
-CVE-2019-15610
- RESERVED
+CVE-2019-15624 (Improper Input Validation in Nextcloud Server 15.0.7 allows
group admi ...)
+ TODO: check
+CVE-2019-15623 (Exposure of Private Information in Nextcloud Server 16.0.1
causes the ...)
+ TODO: check
+CVE-2019-15622 (Not strictly enough sanitization in the Nextcloud Android app
3.6.0 al ...)
+ TODO: check
+CVE-2019-15621 (Improper permissions preservation in Nextcloud Server 16.0.1
causes sh ...)
+ TODO: check
+CVE-2019-15620 (Improper access control in Nextcloud Talk 6.0.3 leaks the
existance an ...)
+ TODO: check
+CVE-2019-15619 (Improper neutralization of file names, conversation names and
board na ...)
+ TODO: check
+CVE-2019-15618 (Missing escaping of HTML in the Updater of Nextcloud 15.0.5
allowed a ...)
+ TODO: check
+CVE-2019-15617 (A missing check in Nextcloud Server 17.0.0 allowed an attacker
to set ...)
+ TODO: check
+CVE-2019-15616 (Dangling remote share attempts in Nextcloud 16 allow a DNS
pollution w ...)
+ TODO: check
+CVE-2019-15615 (A wrong check for the system time in the Android App 3.9.0
causes a by ...)
+ TODO: check
+CVE-2019-15614 (Missing sanitization in the iOS App 2.24.4 causes an XSS when
opening ...)
+ TODO: check
+CVE-2019-15613 (A bug in Nextcloud Server 17.0.1 causes the workflow rules to
depend t ...)
+ TODO: check
+CVE-2019-15612 (A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to
not be c ...)
+ TODO: check
+CVE-2019-15611 (Violation of Secure Design Principles in the iOS App 2.23.0
causes the ...)
+ TODO: check
+CVE-2019-15610 (Improper authorization in the Circles app 0.17.7 causes
retaining acce ...)
+ TODO: check
CVE-2019-15609
RESERVED
CVE-2019-15608
@@ -40894,8 +40891,7 @@ CVE-2019-12529 (An issue was discovered in Squid 2.x
through 2.7.STABLE9, 3.x th
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_2.txt
NOTE: Squid 4:
http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch
-CVE-2019-12528
- RESERVED
+CVE-2019-12528 (An issue was discovered in Squid before 4.10. It allows a
crafted FTP ...)
- squid <unfixed>
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_2.txt
@@ -45899,12 +45895,12 @@ CVE-2019-10790
RESERVED
CVE-2019-10789
RESERVED
-CVE-2019-10788
- RESERVED
-CVE-2019-10787
- RESERVED
-CVE-2019-10786
- RESERVED
+CVE-2019-10788 (im-metadata through 3.0.1 allows remote attackers to execute
arbitrary ...)
+ TODO: check
+CVE-2019-10787 (im-resize through 2.3.2 allows remote attackers to execute
arbitrary c ...)
+ TODO: check
+CVE-2019-10786 (network-manager through 1.0.2 allows remote attackers to
execute arbit ...)
+ TODO: check
CVE-2019-10785
RESERVED
CVE-2019-10784 (phppgadmin through 7.12.1 allows sensitive actions to be
performed wit ...)
@@ -226863,12 +226859,12 @@ CVE-2015-3615 (Cross-site scripting (XSS)
vulnerability in Fortinet FortiManager
NOT-FOR-US: Fortinet
CVE-2015-3614 (Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2
allows r ...)
NOT-FOR-US: Fortinet
-CVE-2015-3613
- RESERVED
-CVE-2015-3612
- RESERVED
-CVE-2015-3611
- RESERVED
+CVE-2015-3613 (A vulnerability exists in in FortiManager 5.2.1 and earlier and
5.0.10 ...)
+ TODO: check
+CVE-2015-3612 (A Cross-site Scripting (XSS) vulnerability exists in
FortiManager 5.2. ...)
+ TODO: check
+CVE-2015-3611 (A Command Injection vulnerability exists in FortiManager 5.2.1
and ear ...)
+ TODO: check
CVE-2015-3610 (The Siemens HomeControl for Room Automation application before
2.0.1 f ...)
NOT-FOR-US: Siemens HomeControl for Room Automation application for
Android
CVE-2015-3609
@@ -229290,8 +229286,8 @@ CVE-2015-2804 (The management web interface in
Alcatel-Lucent OmniSwitch 6450, 6
NOT-FOR-US: Alcatel-Lucent OmniSwitch
CVE-2015-2803 (SQL injection vulnerability in mod1/index.php in the
Akronymmanager (s ...)
NOT-FOR-US: TYPO3 extension sb_akronymmanager
-CVE-2015-2802
- RESERVED
+CVE-2015-2802 (An Information Disclosure vulnerability exists in HP SiteScope
11.2 an ...)
+ TODO: check
CVE-2015-2801
RESERVED
CVE-2015-2800 (The user authentication module in Huawei Campus switches S5700,
S5300, ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0a11362cbd9a0ef9472443db2c8a1968cdb29cb1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0a11362cbd9a0ef9472443db2c8a1968cdb29cb1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
