Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6fe3d5ec by Moritz Muehlenhoff at 2020-02-10T11:13:49+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -13,9 +13,9 @@ CVE-2020-8825 CVE-2020-8824 RESERVED CVE-2020-8823 (htmlfile in lib/transport/htmlfile.js in SockJS before 3.0 is vulnerab ...) - TODO: check + NOT-FOR-US: SockJS CVE-2020-8822 (Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices ...) - TODO: check + NOT-FOR-US: Digi TransPort CVE-2020-8821 RESERVED CVE-2020-8820 @@ -16809,7 +16809,7 @@ CVE-2020-1930 (A command execution issue was found in Apache SpamAssassin prior NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/3 NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7648 (restricted) CVE-2020-1929 (The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an ...) - TODO: check + NOT-FOR-US: Apache Beam MongoDB connector CVE-2020-1928 (An information disclosure vulnerability was found in Apache NiFi 1.10. ...) NOT-FOR-US: Apache NiFi CVE-2020-1927 @@ -18766,7 +18766,7 @@ CVE-2019-18990 CVE-2019-18989 RESERVED CVE-2019-18988 (TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login a ...) - TODO: check + NOT-FOR-US: TeamViewer CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through 1.34 for ...) NOT-FOR-US: AbuseFilter MediaWiki extension CVE-2019-18986 (Pimcore before 6.2.2 allow attackers to brute-force (guess) valid user ...) @@ -22580,7 +22580,7 @@ CVE-2019-18414 (Sourcecodester Restaurant Management System 1.0 is affected by a CVE-2019-18413 (In TypeStack class-validator 0.10.2, validate() input validation can b ...) NOT-FOR-US: TypeStack class-validator CVE-2019-18412 (JetBrains IDETalk plugin before version 193.4099.10 allows XXE ...) - TODO: check + NOT-FOR-US: JetBrains IDETalk plugin CVE-2019-18411 (Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the ...) NOT-FOR-US: Zoho ManageEngine CVE-2019-18410 @@ -26366,7 +26366,7 @@ CVE-2019-17270 (Yachtcontrol through 2019-10-06: It's possible to perform direct CVE-2019-17269 (Intellian Remote Access 3.18 allows remote attackers to execute arbitr ...) NOT-FOR-US: Intellian Remote Access CVE-2019-17268 (The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGe ...) - TODO: check + NOT-FOR-US: omniauth-weibo-oauth2 gem CVE-2019-17267 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...) {DLA-2030-1} - jackson-databind 2.10.0-1 @@ -26676,11 +26676,11 @@ CVE-2019-17129 CVE-2019-17128 (Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection ...) NOT-FOR-US: Netreo OmniCenter CVE-2019-17127 (A Stored Client Side Template Injection (CSTI) with Angular was discov ...) - TODO: check + NOT-FOR-US: SolarWinds Orion Platform CVE-2019-17126 RESERVED CVE-2019-17125 (A Reflected Client Side Template Injection (CSTI) with Angular was dis ...) - TODO: check + NOT-FOR-US: SolarWinds Orion Platform CVE-2019-17124 (Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. ...) NOT-FOR-US: Kramer VIAware CVE-2019-17123 (The eGain Web Email API 11+ allows spoofed messages because the fromNa ...) @@ -31101,15 +31101,15 @@ CVE-2019-15622 (Not strictly enough sanitization in the Nextcloud Android app 3. CVE-2019-15621 (Improper permissions preservation in Nextcloud Server 16.0.1 causes sh ...) - nextcloud-server <itp> (bug #941708) CVE-2019-15620 (Improper access control in Nextcloud Talk 6.0.3 leaks the existance an ...) - TODO: check + NOT-FOR-US: Nextcloud Talk CVE-2019-15619 (Improper neutralization of file names, conversation names and board na ...) - nextcloud-server <itp> (bug #941708) CVE-2019-15618 (Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a ...) - TODO: check + - nextcloud-server <itp> (bug #941708) CVE-2019-15617 (A missing check in Nextcloud Server 17.0.0 allowed an attacker to set ...) - nextcloud-server <itp> (bug #941708) CVE-2019-15616 (Dangling remote share attempts in Nextcloud 16 allow a DNS pollution w ...) - TODO: check + - nextcloud-server <itp> (bug #941708) CVE-2019-15615 (A wrong check for the system time in the Android App 3.9.0 causes a by ...) NOT-FOR-US: Nextcloud Android app CVE-2019-15614 (Missing sanitization in the iOS App 2.24.4 causes an XSS when opening ...) @@ -31121,13 +31121,13 @@ CVE-2019-15612 (A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to no CVE-2019-15611 (Violation of Secure Design Principles in the iOS App 2.23.0 causes the ...) NOT-FOR-US: Nextcloud iOS App CVE-2019-15610 (Improper authorization in the Circles app 0.17.7 causes retaining acce ...) - TODO: check + NOT-FOR-US: Circles app CVE-2019-15609 RESERVED CVE-2019-15608 RESERVED CVE-2019-15607 (A stored XSS vulnerability is present within node-red (version: <= ...) - TODO: check + NOT-FOR-US: node-red CVE-2019-15606 (Including trailing white space in HTTP header values in Nodejs 10, 12, ...) - nodejs <unfixed> NOTE: https://hackerone.com/reports/730779 @@ -32607,7 +32607,7 @@ CVE-2019-15128 (iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to CVE-2019-15127 (REDCap before 9.3.0 allows XSS attacks against non-administrator accou ...) NOT-FOR-US: REDCap CVE-2019-15126 (An issue was discovered on Broadcom Wi-Fi client devices. Specifically ...) - TODO: check + NOT-FOR-US: Broadcom CVE-2019-15125 RESERVED CVE-2018-20975 (Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/t ...) @@ -34502,7 +34502,7 @@ CVE-2019-14598 CVE-2019-14597 RESERVED CVE-2019-14596 (Improper access control in the installer for Intel(R) Chipset Device S ...) - TODO: check + NOT-FOR-US: Intel CVE-2019-14595 RESERVED CVE-2019-14594 @@ -40516,11 +40516,11 @@ CVE-2019-13001 [Ability to Write a Note to a Private Snippet] - gitlab <not-affected> (Only affects 11.9 and later) NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ CVE-2019-13000 (Eclair through 0.3 allows attackers to trigger loss of funds because o ...) - TODO: check + NOT-FOR-US: Eclair CVE-2019-12999 (Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger ...) - TODO: check + - lnd <itp> (bug #886577) CVE-2019-12998 (c-lightning before 0.7.1 allows attackers to trigger loss of funds bec ...) - TODO: check + NOT-FOR-US: c-lightning CVE-2019-12997 (In Loopchain through 2.2.1.3, an attacker can escalate privileges from ...) NOT-FOR-US: Loopchain CVE-2019-12996 (In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTY ...) @@ -44686,7 +44686,7 @@ CVE-2019-11518 (An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows CVE-2019-11517 (WampServer before 3.1.9 has CSRF in add_vhost.php because the synchron ...) NOT-FOR-US: WampServer CVE-2019-11516 (An issue was discovered in the Bluetooth component of the Cypress (for ...) - TODO: check + NOT-FOR-US: Cypress CVE-2018-20823 (The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a deni ...) NOT-FOR-US: Xiaomi Mi 5s devices CVE-2019-11515 (core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?d ...) @@ -46712,7 +46712,7 @@ CVE-2019-10791 CVE-2019-10790 RESERVED CVE-2019-10789 (All versions of curling.js are vulnerable to Command Injection via the ...) - TODO: check + NOT-FOR-US: curling.js CVE-2019-10788 (im-metadata through 3.0.1 allows remote attackers to execute arbitrary ...) TODO: check CVE-2019-10787 (im-resize through 2.3.2 allows remote attackers to execute arbitrary c ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fe3d5ec62403815898844dd365c9c3c324f0a22 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fe3d5ec62403815898844dd365c9c3c324f0a22 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits