Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5aab1a45 by security tracker role at 2020-02-07T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2020-8794
+ RESERVED
+CVE-2020-8793
+ RESERVED
+CVE-2020-8792
+ RESERVED
+CVE-2020-8791
+ RESERVED
+CVE-2020-8790
+ RESERVED
+CVE-2020-8789
+ RESERVED
+CVE-2020-8788 (Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS
(and HT ...)
+ TODO: check
+CVE-2020-8787
+ RESERVED
+CVE-2020-8786
+ RESERVED
+CVE-2020-8785
+ RESERVED
+CVE-2020-8784
+ RESERVED
+CVE-2020-8783
+ RESERVED
+CVE-2019-20450
+ RESERVED
+CVE-2019-20449
+ RESERVED
+CVE-2019-20448
+ RESERVED
CVE-2020-8782
RESERVED
CVE-2020-8781
@@ -1377,8 +1407,8 @@ CVE-2020-8128
RESERVED
CVE-2020-8127
RESERVED
-CVE-2020-8126
- RESERVED
+CVE-2020-8126 (A privilege escalation in the EdgeSwitch prior to version
1.7.1, an CG ...)
+ TODO: check
CVE-2020-8125 (Flaw in input validation in npm package klona version 1.1.0 and
earlie ...)
NOT-FOR-US: klona node module
CVE-2020-8124 (Insufficient validation and sanitization of user input exists
in url-p ...)
@@ -17258,8 +17288,8 @@ CVE-2020-1770
RESERVED
CVE-2020-1769
RESERVED
-CVE-2020-1768
- RESERVED
+CVE-2020-1768 (The external frontend system uses numerous background calls to
the bac ...)
+ TODO: check
CVE-2020-1767 (Agent A is able to save a draft (i.e. for customer reply). Then
Agent ...)
{DLA-2079-1}
- otrs2 6.0.25-1
@@ -18572,8 +18602,8 @@ CVE-2019-18990
RESERVED
CVE-2019-18989
RESERVED
-CVE-2019-18988
- RESERVED
+CVE-2019-18988 (TeamViewer Desktop through 14.7.1965 allows a bypass of
remote-login a ...)
+ TODO: check
CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through
1.34 for ...)
NOT-FOR-US: AbuseFilter MediaWiki extension
CVE-2019-18986 (Pimcore before 6.2.2 allow attackers to brute-force (guess)
valid user ...)
@@ -26156,8 +26186,8 @@ CVE-2019-17270 (Yachtcontrol through 2019-10-06: It's
possible to perform direct
NOT-FOR-US: Yachtcontrol
CVE-2019-17269 (Intellian Remote Access 3.18 allows remote attackers to
execute arbitr ...)
NOT-FOR-US: Intellian Remote Access
-CVE-2019-17268
- RESERVED
+CVE-2019-17268 (The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed
on RubyGe ...)
+ TODO: check
CVE-2019-17267 (A Polymorphic Typing issue was discovered in FasterXML
jackson-databin ...)
{DLA-2030-1}
- jackson-databind 2.10.0-1
@@ -29333,8 +29363,8 @@ CVE-2019-16157
RESERVED
CVE-2019-16156
RESERVED
-CVE-2019-16155
- RESERVED
+CVE-2019-16155 (A privilege escalation vulnerability in FortiClient for Linux
6.2.1 an ...)
+ TODO: check
CVE-2019-16154 (An improper neutralization of input during web page generation
in Fort ...)
NOT-FOR-US: FortiAuthenticator WEB UI
CVE-2019-16153 (A hard-coded password vulnerability in the Fortinet FortiSIEM
database ...)
@@ -30901,12 +30931,12 @@ CVE-2019-15608
RESERVED
CVE-2019-15607 (A stored XSS vulnerability is present within node-red
(version: <= ...)
TODO: check
-CVE-2019-15606
- RESERVED
-CVE-2019-15605
- RESERVED
-CVE-2019-15604
- RESERVED
+CVE-2019-15606 (Including trailing white space in HTTP header values in Nodejs
10, 12, ...)
+ TODO: check
+CVE-2019-15605 (HTTP request smuggling in Node.js 10, 12, and 13 causes
malicious payl ...)
+ TODO: check
+CVE-2019-15604 (Improper Certificate Validation in Node.js 10, 12, and 13
causes the p ...)
+ TODO: check
CVE-2019-15603 (The seefl package v0.1.1 is vulnerable to a stored Cross-Site
Scriptin ...)
NOT-FOR-US: seefl
CVE-2019-15602 (The fileview package v0.1.6 has inadequate output encoding and
escapin ...)
@@ -58954,7 +58984,7 @@ CVE-2019-6467 (A programming error in the
nxdomain-redirect feature can cause an
- bind9 <not-affected> (Vulnerable code only present in 9.12 onwards)
NOTE: https://kb.isc.org/docs/cve-2019-6467
CVE-2019-6466
- RESERVED
+ REJECTED
CVE-2019-6465 (Controls for zone transfers may not be properly applied to
Dynamically ...)
{DSA-4440-1 DLA-1697-1}
- bind9 1:9.11.5.P4+dfsg-1 (low; bug #922955)
@@ -61177,35 +61207,35 @@ CVE-2019-5666 (NVIDIA Windows GPU Display Driver
contains a vulnerability in the
CVE-2019-5665 (NVIDIA Windows GPU Display driver contains a vulnerability in
the 3D v ...)
NOT-FOR-US: Nvidia drivers on Windows
CVE-2019-5664
- RESERVED
+ REJECTED
CVE-2019-5663
- RESERVED
+ REJECTED
CVE-2019-5662
- RESERVED
+ REJECTED
CVE-2019-5661
- RESERVED
+ REJECTED
CVE-2019-5660
- RESERVED
+ REJECTED
CVE-2019-5659
- RESERVED
+ REJECTED
CVE-2019-5658
- RESERVED
+ REJECTED
CVE-2019-5657
- RESERVED
+ REJECTED
CVE-2019-5656
- RESERVED
+ REJECTED
CVE-2019-5655
- RESERVED
+ REJECTED
CVE-2019-5654
- RESERVED
+ REJECTED
CVE-2019-5653
- RESERVED
+ REJECTED
CVE-2019-5652
- RESERVED
+ REJECTED
CVE-2019-5651
- RESERVED
+ REJECTED
CVE-2019-5650
- RESERVED
+ REJECTED
CVE-2019-5649
RESERVED
CVE-2019-5648
@@ -114924,7 +114954,7 @@ CVE-2018-5747 (In Long Range Zip (aka lrzip) 0.631,
there is a use-after-free in
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/90
CVE-2018-5746
- RESERVED
+ REJECTED
CVE-2018-5745 ("managed-keys" is a feature which allows a BIND resolver to
automatica ...)
{DSA-4440-1 DLA-1697-1}
- bind9 1:9.11.5.P4+dfsg-1 (low; bug #922954)
@@ -174632,13 +174662,13 @@ CVE-2016-9909 (The serializer in html5lib before
0.99999999 might allow remote a
NOTE:
https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/5
CVE-2017-3149
- RESERVED
+ REJECTED
CVE-2017-3148
- RESERVED
+ REJECTED
CVE-2017-3147
- RESERVED
+ REJECTED
CVE-2017-3146
- RESERVED
+ REJECTED
CVE-2017-3145 (BIND was improperly sequencing cleanup operations on upstream
recursio ...)
{DSA-4089-1 DLA-1255-1}
- bind9 1:9.11.2.P1-1
@@ -237362,8 +237392,8 @@ CVE-2014-9532
RESERVED
CVE-2014-9531
RESERVED
-CVE-2014-9530
- RESERVED
+CVE-2014-9530 (A vulnerability exists in nw.js before 0.11.3 when calling nw
methods ...)
+ TODO: check
CVE-2014-9528 (SQL injection vulnerability in the actionIndex function in
protected/m ...)
NOT-FOR-US: HumHub
CVE-2014-9527 (HSLFSlideShow in Apache POI before 3.11 allows remote attackers
to cau ...)
@@ -245132,8 +245162,7 @@ CVE-2014-7226 (The file comment feature in Rejetto
HTTP File Server (hfs) 2.3c a
NOT-FOR-US: Rejetto HTTP File Server
CVE-2014-7225
RESERVED
-CVE-2014-7224
- RESERVED
+CVE-2014-7224 (A Code Execution vulnerability exists in Android prior to 4.4.0
relate ...)
NOT-FOR-US: Android addJavascriptInterface
CVE-2014-7223
RESERVED
@@ -247049,8 +247078,8 @@ CVE-2014-6419
RESERVED
CVE-2014-6415
RESERVED
-CVE-2014-6413
- RESERVED
+CVE-2014-6413 (A Cross-site Scripting (XSS) vulnerability exists in WatchGuard
XTM 11 ...)
+ TODO: check
CVE-2014-6412 (WordPress before 4.4 makes it easier for remote attackers to
predict p ...)
- wordpress <not-affected> (Affects only Wordpress on Windows systems)
CVE-2014-6411
@@ -249135,8 +249164,8 @@ CVE-2014-5470
RESERVED
CVE-2014-5469
RESERVED
-CVE-2014-5468
- RESERVED
+CVE-2014-5468 (A File Inclusion vulnerability exists in Railo 4.2.1 and
earlier via a ...)
+ TODO: check
CVE-2014-5467
RESERVED
CVE-2014-5466 (Cross-site scripting (XSS) vulnerability in the Dashboard in
Splunk We ...)
@@ -249228,7 +249257,7 @@ CVE-2014-5441 (Multiple cross-site scripting (XSS)
vulnerabilities in app/views/
NOT-FOR-US: Fat Free CRM
CVE-2014-5440 (SQL injection vulnerability in Login.aspx in MPEX Business
Solutions M ...)
NOT-FOR-US: MX-SmartTimer
-CVE-2014-5439 (sniffit 0.3.7 and prior: A configuration file can be leveraged
to exec ...)
+CVE-2014-5439 (Multiple Stack-based Buffer Overflow vulnerabilities exists in
Sniffit ...)
{DLA-713-1}
- sniffit 0.3.7.beta-20 (bug #845122)
[jessie] - sniffit 0.3.7.beta-17+deb8u1
@@ -249620,8 +249649,8 @@ CVE-2014-5290
RESERVED
CVE-2014-5289 (Buffer overflow in Senkas Kolibri 2.0 allows remote attackers
to execu ...)
NOT-FOR-US: Senkas Kolibri
-CVE-2014-5288
- RESERVED
+CVE-2014-5288 (A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a
via uns ...)
+ TODO: check
CVE-2014-5287 (A Bash script injection vulnerability exists in Kemp Load
Master 7.1-1 ...)
NOT-FOR-US: Kemp Load Master
CVE-2014-5286 (The ActiveMatrix Policy Manager Authentication module in TIBCO
ActiveM ...)
@@ -249640,8 +249669,8 @@ CVE-2014-5280 (boot2docker 1.2 and earlier allows
attackers to conduct cross-sit
NOT-FOR-US: boot2docker
CVE-2014-5279 (The Docker daemon managed by boot2docker 1.2 and earlier
improperly en ...)
NOT-FOR-US: boot2docker
-CVE-2014-5278
- RESERVED
+CVE-2014-5278 (A vulnerability exists in Docker before 1.2 via container
names, which ...)
+ TODO: check
CVE-2014-5277 (Docker before 1.3.1 and docker-py before 0.5.3 fall back to
HTTP when ...)
- docker.io 1.3.1~dfsg1-1
NOTE:
https://groups.google.com/d/topic/docker-user/oYm0i3xShJU/discussion
@@ -250196,16 +250225,16 @@ CVE-2014-5093 (Status2k does not remove the install
directory allowing credentia
NOT-FOR-US: Status2k
CVE-2014-5092 (Status2k allows Remote Command Execution in
admin/options/editpl.php. ...)
NOT-FOR-US: Status2k
-CVE-2014-5091
- RESERVED
+CVE-2014-5091 (A vulnerability exits in Status2K 2.5 Server Monitoring
Software via t ...)
+ TODO: check
CVE-2014-5090 (admin/options/logs.php in Status2k allows remote authenticated
adminis ...)
NOT-FOR-US: Status2k
CVE-2014-5089 (SQL injection vulnerability in admin/options/logs.php in
Status2k allo ...)
NOT-FOR-US: Status2k
CVE-2014-5088 (Cross-site scripting (XSS) vulnerability in Status2k allows
remote att ...)
NOT-FOR-US: Status2k
-CVE-2014-5087
- RESERVED
+CVE-2014-5087 (A vulnerability exists in Sphider Search Engine prior to 1.3.6
due to ...)
+ TODO: check
CVE-2014-5086
RESERVED
CVE-2014-5085
@@ -271486,11 +271515,9 @@ CVE-2013-4337
REJECTED
CVE-2013-4336
REJECTED
-CVE-2013-4335
- RESERVED
+CVE-2013-4335 (opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6:
Multiple XML ...)
NOT-FOR-US: opOpenSocialPlugin
-CVE-2013-4334
- RESERVED
+CVE-2013-4334 (opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities ...)
NOT-FOR-US: opWebAPIPlugin
CVE-2013-4333 (OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5
has an Ex ...)
NOT-FOR-US: OpenPNE
@@ -273383,12 +273410,12 @@ CVE-2013-3639 (Multiple cross-site scripting (XSS)
vulnerabilities in Xaraya 2.4
NOT-FOR-US: Xaraya
CVE-2013-3638 (SQL injection vulnerability in Boonex Dolphin before 7.1.3
allows remo ...)
TODO: check
-CVE-2013-3637
- RESERVED
-CVE-2013-3636
- RESERVED
-CVE-2013-3635
- RESERVED
+CVE-2013-3637 (ProjectPier 0.8.8 does not use the Secure flag for cookies ...)
+ TODO: check
+CVE-2013-3636 (ProjectPier 0.8.8 has a Remote Information Disclosure Weakness
because ...)
+ TODO: check
+CVE-2013-3635 (ProjectPier 0.8.8 has stored XSS ...)
+ TODO: check
CVE-2013-3634 (A vulnerability has been identified in SCALANCE X-200 switch
family (i ...)
NOT-FOR-US: Siemens switches
CVE-2013-3633 (A vulnerability has been identified in SCALANCE X-200 switch
family (i ...)
@@ -273401,10 +273428,10 @@ CVE-2013-3630 (Moodle through 2.5.2 allows remote
authenticated administrators t
NOTE: For Moodle: Not a securiy issue according to upstream, only
applicable to administrators, see bug #775842
NOTE: https://tracker.moodle.org/browse/MDL-41449
NOTE:
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
-CVE-2013-3629
- RESERVED
-CVE-2013-3628
- RESERVED
+CVE-2013-3629 (ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution ...)
+ TODO: check
+CVE-2013-3628 (Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability
...)
+ TODO: check
CVE-2013-3627 (FrameworkService.exe in McAfee Framework Service in McAfee
Managed Age ...)
NOT-FOR-US: McAfee
CVE-2013-3626 (Directory traversal vulnerability in the Session Server in
Attachmate ...)
@@ -273477,8 +273504,8 @@ CVE-2013-3593 (Baramundi Management Suite 7.5 through
8.9 uses cleartext for (1)
NOT-FOR-US: Baramundi Management Suite
CVE-2013-3592
RESERVED
-CVE-2013-3591
- RESERVED
+CVE-2013-3591 (vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP
Code Execu ...)
+ TODO: check
CVE-2013-3590 (Unrestricted file upload vulnerability in
admin/uploadImage.html in Se ...)
NOT-FOR-US: SearchBlox
CVE-2013-3589 (Cross-site scripting (XSS) vulnerability in the login page in
the Admi ...)
@@ -274579,8 +274606,8 @@ CVE-2013-3098 (Multiple cross-site request forgery
(CSRF) vulnerabilities in TRE
NOT-FOR-US: TRENDnet TEW-812DRU router
CVE-2013-3097 (Unspecified Cross-site scripting (XSS) vulnerability in the
Verizon FI ...)
NOT-FOR-US: Verizon
-CVE-2013-3096
- RESERVED
+CVE-2013-3096 (D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware
Linking ...)
+ TODO: check
CVE-2013-3095 (Multiple cross-site request forgery (CSRF) vulnerabilities in
D-Link D ...)
NOT-FOR-US: D-Link
CVE-2013-3094
@@ -274589,8 +274616,8 @@ CVE-2013-3093 (ASUS RT-N56U devices allow CSRF. ...)
NOT-FOR-US: ASUS RT-N56U devices
CVE-2013-3092 (The Belkin N300 (F7D7301v1) router allows remote attackers to
bypass a ...)
NOT-FOR-US: Belkin router
-CVE-2013-3091
- RESERVED
+CVE-2013-3091 (An Authentication Bypass vulnerability in Belkin N300
(F7D7301v1) rout ...)
+ TODO: check
CVE-2013-3090 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin
N300 rou ...)
NOT-FOR-US: Belkin N300 router
CVE-2013-3089 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in
Belkin ...)
@@ -274644,8 +274671,8 @@ CVE-2013-3069 (Multiple cross-site scripting (XSS)
vulnerabilities in NETGEAR WN
NOT-FOR-US: NETGEAR devices
CVE-2013-3068 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in
Linksy ...)
NOT-FOR-US: Linksys
-CVE-2013-3067
- RESERVED
+CVE-2013-3067 (Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS. ...)
+ TODO: check
CVE-2013-3066 (Linksys EA6500 with firmware 1.1.28.147876 does not properly
restrict ...)
NOT-FOR-US: Linksys
CVE-2013-3065 (Cross-site scripting (XSS) vulnerability in the Parental
Controls sect ...)
@@ -277668,11 +277695,9 @@ CVE-2013-2011 (WordPress W3 Super Cache Plugin
before 1.3.2 contains a PHP code-
CVE-2013-2010
RESERVED
NOT-FOR-US: W3 Total Cache
-CVE-2013-2009
- RESERVED
+CVE-2013-2009 (WordPress WP Super Cache Plugin 1.2 has Remote PHP Code
Execution ...)
NOT-FOR-US: WP Super Cache
-CVE-2013-2008
- RESERVED
+CVE-2013-2008 (WordPress Super Cache Plugin 1.3 has XSS. ...)
NOT-FOR-US: WP Super Cache
CVE-2013-2007 (The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen,
when s ...)
- qemu <not-affected> (qemu guest agent introduced in 1.4, vulnerable
versions were only in experimental)
@@ -280310,8 +280335,8 @@ CVE-2013-1204 (Memory leak in the SNMP process in
Cisco IOS XR allows remote att
NOT-FOR-US: Cisco IOS XR
CVE-2013-1203 (Cisco ASA CX Context-Aware Security Software allows remote
attackers t ...)
NOT-FOR-US: Cisco ASA
-CVE-2013-1202
- RESERVED
+CVE-2013-1202 (Cisco ACE A2(3.6) allows log retention DoS. ...)
+ TODO: check
CVE-2013-1201
RESERVED
CVE-2013-1200 (Session fixation vulnerability in Cisco Secure Access Control
System ( ...)
@@ -283369,8 +283394,7 @@ CVE-2013-0194 (Cross-site Scripting (XSS) in Piwik
before 1.10.1 allows remote a
CVE-2013-0193 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote
attack ...)
- piwik <itp> (bug #506933)
NOTE: http://piwik.org/blog/2013/01/piwik-1-10/
-CVE-2013-0192
- RESERVED
+CVE-2013-0192 (File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3:
Forum admin ...)
NOT-FOR-US: Simple Machines Forum
CVE-2013-0188
REJECTED
@@ -296432,11 +296456,9 @@ CVE-2012-1569 (The asn1_get_length_der function in
decoding.c in GNU Libtasn1 be
- libtasn1-3 2.12-1 (high)
CVE-2012-1568 (The ExecShield feature in a certain Red Hat patch for the Linux
kernel ...)
- linux-2.6 <not-affected> (execshield issue)
-CVE-2012-1567
- RESERVED
+CVE-2012-1567 (LinuxMint as of 2012-03-19 has temporary file creation
vulnerabilities ...)
NOT-FOR-US: LinuxMint
-CVE-2012-1566
- RESERVED
+CVE-2012-1566 (LinuxMint as of 2012-03-19 has temporary file creation
vulnerabilities ...)
NOT-FOR-US: LinuxMint
CVE-2012-1565 (Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4,
4.5, and ...)
NOT-FOR-US: eZ Publish
@@ -314414,8 +314436,7 @@ CVE-2010-4660 (Unspecified vulnerability in statusnet
through 2010 due to the wa
- statusnet <itp> (bug #491723)
CVE-2010-4659 (Cross-site scripting (XSS) vulnerability in statusnet through
2010 in ...)
- statusnet <itp> (bug #491723)
-CVE-2010-4658
- RESERVED
+CVE-2010-4658 (statusnet through 2010 allows attackers to spoof syslog
messages via n ...)
- statusnet <itp> (bug #491723)
CVE-2010-4657 (PHP5 before 5.4.4 allows passing invalid utf-8 strings via the
xmlText ...)
- php5 5.4.4-1 (low)
@@ -349119,7 +349140,7 @@ CVE-2008-3796 (Swfdec 0.6 before 0.6.8 allows remote
attackers to cause a denial
CVE-2008-3795 (Buffer overflow in Ipswitch WS_FTP Home client allows remote
FTP serve ...)
NOT-FOR-US: WS_FTP Home
CVE-2008-3793
- RESERVED
+ REJECTED
NOT-FOR-US: Adobe Flash Player
CVE-2008-3792 (net/sctp/socket.c in the Stream Control Transmission Protocol
(sctp) i ...)
{DSA-1636-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5aab1a4548543066d21ac434869334bab68f9dd3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5aab1a4548543066d21ac434869334bab68f9dd3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
