Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0b585a96 by security tracker role at 2020-02-06T08:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,58 @@
-CVE-2020-8649 [vgacon_invert_region use-after-free]
+CVE-2020-8667
+ RESERVED
+CVE-2020-8666
+ RESERVED
+CVE-2020-8665
+ RESERVED
+CVE-2020-8664
+ RESERVED
+CVE-2020-8663
+ RESERVED
+CVE-2020-8662
+ RESERVED
+CVE-2020-8661
+ RESERVED
+CVE-2020-8660
+ RESERVED
+CVE-2020-8659
+ RESERVED
+CVE-2020-8658 (The BestWebSoft Htaccess plugin through 1.8.1 for WordPress
allows wp- ...)
+ TODO: check
+CVE-2020-8657
+ RESERVED
+CVE-2020-8656
+ RESERVED
+CVE-2020-8655
+ RESERVED
+CVE-2020-8654
+ RESERVED
+CVE-2020-8653
+ RESERVED
+CVE-2020-8652
+ RESERVED
+CVE-2020-8651
+ RESERVED
+CVE-2020-8650
+ RESERVED
+CVE-2020-8646
+ RESERVED
+CVE-2020-8645
+ RESERVED
+CVE-2020-8644 (PlaySMS before 1.4.3 does not sanitize inputs from a malicious
string. ...)
+ TODO: check
+CVE-2020-8643
+ RESERVED
+CVE-2020-8642
+ RESERVED
+CVE-2020-8641 (Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion
of .php ...)
+ TODO: check
+CVE-2019-20447 (Jobberbase 2.0 has SQL injection via the PATH_INFO to the
jobs-in endp ...)
+ TODO: check
+CVE-2020-8649 (There is a use-after-free vulnerability in the Linux kernel
through 5. ...)
- linux <unfixed>
-CVE-2020-8648 [n_tty_receive_buf_common use-after-free]
+CVE-2020-8648 (There is a use-after-free vulnerability in the Linux kernel
through 5. ...)
- linux <unfixed>
-CVE-2020-8647 [vc_do_resize use-after-free]
+CVE-2020-8647 (There is a use-after-free vulnerability in the Linux kernel
through 5. ...)
- linux <unfixed>
CVE-2020-8640
RESERVED
@@ -1615,20 +1665,20 @@ CVE-2019-20408
RESERVED
CVE-2019-20407
RESERVED
-CVE-2019-20406
- RESERVED
-CVE-2019-20405
- RESERVED
-CVE-2019-20404
- RESERVED
-CVE-2019-20403
- RESERVED
-CVE-2019-20402
- RESERVED
-CVE-2019-20401
- RESERVED
-CVE-2019-20400
- RESERVED
+CVE-2019-20406 (The usage of Tomcat in Confluence on the Microsoft Windows
operating s ...)
+ TODO: check
+CVE-2019-20405 (The JMX monitoring flag in Atlassian Jira Server and Data
Center befor ...)
+ TODO: check
+CVE-2019-20404 (The API in Atlassian Jira Server and Data Center before
version 8.6.0 ...)
+ TODO: check
+CVE-2019-20403 (The API in Atlassian Jira Server and Data Center before
version 8.6.0 ...)
+ TODO: check
+CVE-2019-20402 (Support zip files in Atlassian Jira Server and Data Center
before vers ...)
+ TODO: check
+CVE-2019-20401 (Various installation setup resources in Jira before version
8.5.2 allo ...)
+ TODO: check
+CVE-2019-20400 (The usage of Tomcat in Jira before version 8.5.2 allows local
attacker ...)
+ TODO: check
CVE-2020-7920
RESERVED
CVE-2020-7919
@@ -3936,8 +3986,8 @@ CVE-2020-6856
RESERVED
CVE-2020-6855
RESERVED
-CVE-2020-6854
- RESERVED
+CVE-2020-6854 (A cross-site scripting (XSS) vulnerability in the JOC Cockpit
componen ...)
+ TODO: check
CVE-2020-6853
RESERVED
CVE-2020-6852
@@ -8059,8 +8109,8 @@ CVE-2019-20175 (** DISPUTED ** An issue was discovered in
ide_dma_cb() in hw/ide
NOTE: is disputed by QEMU security team.
CVE-2019-20174 (Auth0 Lock before 11.21.0 allows XSS when
additionalSignUpFields is us ...)
TODO: check
-CVE-2019-20173
- RESERVED
+CVE-2019-20173 (The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress
allows XS ...)
+ TODO: check
CVE-2019-20172 (Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30
does not r ...)
NOT-FOR-US: SerenityOS
CVE-2019-20171 (An issue was discovered in GPAC version 0.8.0 and
0.9.0-development-20 ...)
@@ -10635,12 +10685,12 @@ CVE-2019-20108
RESERVED
CVE-2019-20107
RESERVED
-CVE-2019-20106
- RESERVED
+CVE-2019-20106 (Comment properties in Atlassian Jira Server and Data Center
before ver ...)
+ TODO: check
CVE-2019-20105
RESERVED
-CVE-2019-20104
- RESERVED
+CVE-2019-20104 (The OpenID client application in Atlassian Crowd before
version 3.6.2, ...)
+ TODO: check
CVE-2019-20103
RESERVED
CVE-2019-20102
@@ -18288,6 +18338,7 @@ CVE-2019-18980 (On Signify Philips Taolight Smart Wi-Fi
Wiz Connected LED Bulb 9
CVE-2019-18979
RESERVED
CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS
Middleware) ge ...)
+ {DLA-2096-1}
- ruby-rack-cors <unfixed> (bug #944849)
NOTE:
https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d
NOTE: https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4
@@ -248838,8 +248889,7 @@ CVE-2014-5460 (Unrestricted file upload vulnerability
in the Tribulant Slideshow
NOT-FOR-US: Tribulant Slideshow Gallery plugin for WordPress
CVE-2013-7399
RESERVED
-CVE-2010-5304
- RESERVED
+CVE-2010-5304 (A NULL pointer dereference flaw was found in the way
LibVNCServer befo ...)
NOT-FOR-US: RealVNC
CVE-2014-6269 (Multiple integer overflows in the http_request_forward_body
function i ...)
- haproxy 1.5.4-1
@@ -275324,12 +275374,12 @@ CVE-2013-2684
RESERVED
CVE-2013-2683
RESERVED
-CVE-2013-2682
- RESERVED
-CVE-2013-2681
- RESERVED
-CVE-2013-2680
- RESERVED
+CVE-2013-2682 (Cisco Linksys E4200 1.0.05 Build 7 devices contain a
Clickjacking Vuln ...)
+ TODO: check
+CVE-2013-2681 (Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security
Bypass V ...)
+ TODO: check
+CVE-2013-2680 (Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in
cleartex ...)
+ TODO: check
CVE-2013-2679
RESERVED
CVE-2013-2678 (Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File
Includ ...)
@@ -310106,8 +310156,7 @@ CVE-2011-1599 (manager.c in the Manager Interface in
Asterisk Open Source 1.4.x
CVE-2011-1598 (The bcm_release function in net/can/bcm.c in the Linux kernel
before 2 ...)
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-5
-CVE-2011-1597
- RESERVED
+CVE-2011-1597 (OpenVAS Manager v2.0.3 allows plugin remote code execution. ...)
NOT-FOR-US: OpenVAS Manager
CVE-2011-1596
RESERVED
@@ -310388,8 +310437,8 @@ CVE-2011-XXXX [htmlpurifier various]
NOTE:
http://web.archive.org/web/20120515064303/http://htmlpurifier.org/news/2011/0327-4.3.0-released
NOTE: htmlpurifier only provides library functions, it's not vulnerable
by itself
NOTE: If apps are vulnerable, this must be addressed there (as done for
Mahara)
-CVE-2011-1517
- RESERVED
+CVE-2011-1517 (SAP NetWeaver 7.0 allows Remote Code Execution and Denial of
Service c ...)
+ TODO: check
CVE-2011-1516 (The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox
profiles in ...)
NOT-FOR-US: Apple Mac OS X
CVE-2011-1515 (The inet service in HP OpenView Storage Data Protector 6.00
through 6. ...)
@@ -311499,11 +311548,9 @@ CVE-2011-1153 (Multiple format string
vulnerabilities in phar_object.c in the ph
NOTE: only exploitable by malicious scripts
CVE-2011-1152
REJECTED
-CVE-2011-1151
- RESERVED
+CVE-2011-1151 (Joomla! 1.6.0 is vulnerable to SQL Injection via the
filter_order and ...)
NOT-FOR-US: Joomla!
-CVE-2011-1150
- RESERVED
+CVE-2011-1150 (bbPress through 1.0.2 has XSS in /bb-login.php url via the re
paramete ...)
NOT-FOR-US: bbPress
CVE-2011-1149 (Android before 2.3 does not properly restrict access to the
system pro ...)
NOT-FOR-US: Android
@@ -311797,8 +311844,7 @@ CVE-2011-1070 (v86d before 0.1.10 do not verify if
received netlink messages are
- v86d 0.1.10-1 (low; bug #619404)
[squeeze] - v86d 0.1.9-1+squeeze1
[lenny] - v86d 0.1.5.2-1+lenny1
-CVE-2011-1069
- RESERVED
+CVE-2011-1069 (PHPShop through 0.8.1 has XSS. ...)
NOT-FOR-US: PHPShop
CVE-2011-1068 (Microsoft Windows Azure Software Development Kit (SDK) 1.3.x
before 1. ...)
NOT-FOR-US: Microsoft Windows Azure SDK
@@ -311995,8 +312041,7 @@ CVE-2011-1010 (Buffer overflow in the mac_partition
function in fs/partitions/ma
- linux-2.6 2.6.37-2
[wheezy] - linux-2.6 2.6.32-31
[squeeze] - linux-2.6 2.6.32-31
-CVE-2011-1009
- RESERVED
+CVE-2011-1009 (Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in
/vanilla/index.php ...)
NOT-FOR-US: Vanilla Forums
CVE-2011-1008 (Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9
does not ...)
- request-tracker3.8 3.8.10-1 (bug #614576)
@@ -313351,8 +313396,7 @@ CVE-2011-0527 (VMware vFabric tc Server (aka
SpringSource tc Server) 2.0.x befor
NOT-FOR-US: VMware vFabric tc Server
CVE-2011-0526 (Cross-site scripting (XSS) vulnerability in index.php in
Vanilla Forum ...)
NOT-FOR-US: Vanilla Forums
-CVE-2011-0525
- RESERVED
+CVE-2011-0525 (Batavi before 1.0 has CSRF. ...)
NOT-FOR-US: Batavi
CVE-2011-0524 (Multiple buffer overflows in the NMEA parser (nmea-gen.c) in
gypsy 0.8 ...)
- gypsy <itp> (bug #491723)
@@ -314383,8 +314427,8 @@ CVE-2011-0222 (WebKit, as used in Apple Safari before
5.0.6, allows remote attac
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
CVE-2011-0221 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
-CVE-2011-0220
- RESERVED
+CVE-2011-0220 (Apple Bonjour before 2011 allows a crash via a crafted
multicast DNS p ...)
+ TODO: check
CVE-2011-0219 (Apple Safari before 5.0.6 allows remote attackers to bypass the
Same O ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
CVE-2011-0218 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b585a960ab36b903af0fce01b4aca2da35cda6c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b585a960ab36b903af0fce01b4aca2da35cda6c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
