Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ed3f050a by security tracker role at 2020-02-10T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2020-8838
+ RESERVED
+CVE-2020-8837
+ RESERVED
+CVE-2020-8836
+ RESERVED
+CVE-2020-8835
+ RESERVED
+CVE-2020-8834
+ RESERVED
+CVE-2020-8833
+ RESERVED
+CVE-2020-8832
+ RESERVED
+CVE-2020-8831
+ RESERVED
+CVE-2019-20451 (The HTTP API in Prismview System 9 11.10.17.00 and Prismview
Player 11 ...)
+ TODO: check
+CVE-2017-18642
+ RESERVED
CVE-2020-8830
RESERVED
CVE-2020-8829
@@ -8,8 +28,8 @@ CVE-2020-8827
RESERVED
CVE-2020-8826
RESERVED
-CVE-2020-8825
- RESERVED
+CVE-2020-8825 (index.php?p=/dashboard/settings/branding in Vanilla 2.6.3
allows store ...)
+ TODO: check
CVE-2020-8824
RESERVED
CVE-2020-8823 (htmlfile in lib/transport/htmlfile.js in SockJS before 3.0 is
vulnerab ...)
@@ -664,7 +684,7 @@ CVE-2020-8517 (An issue was discovered in Squid before
4.10. Due to incorrect in
NOTE: Squid 3.5:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-c62d2b43ad4962ea44aa0c5edb4cc99cb83a413d.patch
NOTE: Squid 4:
http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch
NOTE: Debian binary packages are not build with
--enable-external-acl-helpers="[...]LM_group[...".
-CVE-2020-8516 (The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6
does not ...)
+CVE-2020-8516 (** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x
through 0 ...)
- tor <unfixed> (unimportant)
NOTE: Not considered a bug / explicit design choice by upstream
NOTE:
https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html
@@ -674,7 +694,7 @@ CVE-2019-20446 (In xml.rs in GNOME librsvg before 2.46.2, a
crafted SVG file wit
- librsvg 2.46.4-1
NOTE: https://gitlab.gnome.org/GNOME/librsvg/issues/515
NOTE:
https://gitlab.gnome.org/GNOME/librsvg/commit/572f95f739529b865e2717664d6fefcef9493135
-CVE-2020-8515 (DrayTek Vigor2960 1.3.1_Beta; Vigor3900 1.4.4_Beta; and
Vigor300B 1.3. ...)
+CVE-2020-8515 (DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and
Vigor300B 1.3. ...)
NOT-FOR-US: DrayTek devices
CVE-2020-8514 (An issue was discovered in Rumpus 8.2.10 on macOS. By crafting
a direc ...)
NOT-FOR-US: Rumpus on macOS
@@ -1575,8 +1595,8 @@ CVE-2020-8091 (svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and
7.0.0 to 7.1.0 could al
NOT-FOR-US: TYPO3
CVE-2020-8090 (The Username field in the Storage Service settings of A1 WLAN
Box ADB ...)
NOT-FOR-US: A1 WLAN Box ADB VV2220v2 devices
-CVE-2020-8089
- RESERVED
+CVE-2020-8089 (Piwigo 2.10.1 is affected by stored XSS via the Group Name
Field to th ...)
+ TODO: check
CVE-2020-8088 (panel_login.php in UseBB 1.0.12 allows type juggling for login
bypass ...)
NOT-FOR-US: UseBB
CVE-2020-8087 (SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow
remote comma ...)
@@ -3887,16 +3907,14 @@ CVE-2020-7062
RESERVED
CVE-2020-7061
RESERVED
-CVE-2020-7060 [Global buffer-overflow in mbfl_filt_conv_big5_wchar function]
- RESERVED
+CVE-2020-7060 (When using certain mbstring functions to convert multibyte
encodings, ...)
- php7.4 7.4.2-7
- php7.3 <unfixed>
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27
NOTE: PHP Bug: http://bugs.php.net/79037
-CVE-2020-7059 [Out of bounds read in php_strip_tags_ex]
- RESERVED
+CVE-2020-7059 (When using fgetss() function to read data with stripping tags,
in PHP ...)
- php7.4 7.4.2-7
- php7.3 <unfixed>
- php7.0 <removed>
@@ -11170,14 +11188,14 @@ CVE-2019-20063 (hdf/dataobject.c in libmysofa before
0.8 has an uninitialized us
[buster] - libmysofa 0.6~dfsg0-3+deb10u1
NOTE: https://github.com/hoene/libmysofa/issues/67
NOTE:
https://github.com/hoene/libmysofa/commit/ecb7b743b6f6d47b93a7bc680a60071a0f9524c6
-CVE-2019-20062
- RESERVED
-CVE-2019-20061
- RESERVED
-CVE-2019-20060
- RESERVED
-CVE-2019-20059
- RESERVED
+CVE-2019-20062 (MFScripts YetiShare v3.5.2 through v4.5.4 might allow an
attacker to r ...)
+ TODO: check
+CVE-2019-20061 (The user-introduction email in MFScripts YetiShare v3.5.2
through v4.5 ...)
+ TODO: check
+CVE-2019-20060 (MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive
information ...)
+ TODO: check
+CVE-2019-20059 (payment_manage.ajax.php and various *_manage.ajax.php in
MFScripts Yet ...)
+ TODO: check
CVE-2019-20058 (** DISPUTED ** Bolt 3.7.0, if Symfony Web Profiler is used,
allows XSS ...)
NOT-FOR-US: Bolt CMS
CVE-2019-20057 (com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in
Proxyman ...)
@@ -15224,30 +15242,30 @@ CVE-2019-19672
RESERVED
CVE-2019-19671
RESERVED
-CVE-2019-19670
- RESERVED
-CVE-2019-19669
- RESERVED
-CVE-2019-19668
- RESERVED
-CVE-2019-19667
- RESERVED
-CVE-2019-19666
- RESERVED
-CVE-2019-19665
- RESERVED
-CVE-2019-19664
- RESERVED
-CVE-2019-19663
- RESERVED
-CVE-2019-19662
- RESERVED
-CVE-2019-19661
- RESERVED
-CVE-2019-19660
- RESERVED
-CVE-2019-19659
- RESERVED
+CVE-2019-19670 (A HTTP Response Splitting vulnerability was identified in the
Web Sett ...)
+ TODO: check
+CVE-2019-19669 (A CSRF vulnerability exists in the Upload Center Forms
Component of We ...)
+ TODO: check
+CVE-2019-19668 (A CSRF vulnerability exists in the File Types component of Web
File Ma ...)
+ TODO: check
+CVE-2019-19667 (A CSRF vulnerability exists in the Block Clients component of
Web File ...)
+ TODO: check
+CVE-2019-19666 (A CSRF vulnerability exists in the Event Notices Settings of
Web File ...)
+ TODO: check
+CVE-2019-19665 (A CSRF vulnerability exists in the FTP Settings of Web File
Manager in ...)
+ TODO: check
+CVE-2019-19664 (A CSRF vulnerability exists in the Web Settings of Web File
Manager in ...)
+ TODO: check
+CVE-2019-19663 (A CSRF vulnerability exists in the Folder Sets Settings of Web
File Ma ...)
+ TODO: check
+CVE-2019-19662 (A CSRF vulnerability exists in the Web File Manager's
Create/Delete Ac ...)
+ TODO: check
+CVE-2019-19661 (A Cookie based reflected XSS exists in the Web File Manager of
Rumpus ...)
+ TODO: check
+CVE-2019-19660 (A CSRF vulnerability exists in the Web File Manager's Network
Setting ...)
+ TODO: check
+CVE-2019-19659 (A CSRF vulnerability exists in the Web File Manager's Edit
Accounts fu ...)
+ TODO: check
CVE-2019-19658
RESERVED
CVE-2019-19657
@@ -17682,8 +17700,7 @@ CVE-2020-1699 [improper URL checking leads to
information disclosure]
NOTE:
https://github.com/ceph/ceph/commit/0443e40c11280ba3b7efcba61522afa70c4f8158
CVE-2020-1698
RESERVED
-CVE-2020-1697
- RESERVED
+CVE-2020-1697 (It was found in all keycloak versions before 9.0.0 that links
to exter ...)
NOT-FOR-US: Keycloak
CVE-2020-1696
RESERVED
@@ -50828,6 +50845,7 @@ CVE-2019-9660 (Stored XSS exists in YzmCMS 5.2 via the
admin/category/edit.html
CVE-2019-9659 (The Chuango 433 MHz burglar-alarm product line uses static
codes in th ...)
NOT-FOR-US: Chuango
CVE-2019-10782 (All versions of com.puppycrawl.tools:checkstyle before 8.29
are vulner ...)
+ {DLA-2099-1}
- checkstyle 8.29-1
[buster] - checkstyle <not-affected> (Incomplete fix for CVE-2019-9658
not applied)
[stretch] - checkstyle <not-affected> (Incomplete fix for CVE-2019-9658
not applied)
@@ -51926,7 +51944,7 @@ CVE-2019-9280 (In keyguard, there is a possible
escalation of privilege due to i
CVE-2019-9279 (In the wifi hotspot service, there is a possible denial of
service due ...)
NOT-FOR-US: Android
CVE-2019-9278 (In libexif, there is a possible out of bounds write due to an
integer ...)
- {DSA-4618-1}
+ {DSA-4618-1 DLA-2100-1}
- libexif 0.6.21-6 (bug #945948)
NOTE:
https://android.googlesource.com/platform/external/libexif/+/a5e8e5812a11ec9686294de8a5d68aaf2ab72475%5E%21/#F0
NOTE: https://github.com/libexif/libexif/issues/26
@@ -83652,9 +83670,11 @@ CVE-2018-17095 (An issue has been discovered in
mpruett Audio File Library (aka
[jessie] - audiofile <postponed> (Can be fixed along in future DLA)
NOTE: https://github.com/mpruett/audiofile/issues/50
NOTE: https://github.com/mpruett/audiofile/issues/51
-CVE-2018-17094 (An issue has been discovered in mackyle xar 1.6.1. There is a
NULL poi ...)
+CVE-2018-17094
+ REJECTED
- xar <removed>
-CVE-2018-17093 (An issue has been discovered in mackyle xar 1.6.1. There is a
NULL poi ...)
+CVE-2018-17093
+ REJECTED
- xar <removed>
CVE-2018-17092 (An issue was discovered in DonLinkage 6.6.8. SQL injection in
/pages/p ...)
NOT-FOR-US: DonLinkage
@@ -239779,8 +239799,8 @@ CVE-2012-6668 (Multiple cross-site scripting (XSS)
vulnerabilities in the Shout
NOT-FOR-US: DragonByte Technologies vBShout module for vBulletin
CVE-2012-6667 (Cross-site scripting (XSS) vulnerability in vbshout.php in
DragonByte ...)
NOT-FOR-US: DragonByte Technologies vBShout module for vBulletin
-CVE-2012-6666
- RESERVED
+CVE-2012-6666 (vBSeo before 3.6.0PL2 allows XSS via the member.php u
parameter. ...)
+ TODO: check
CVE-2010-5313 (Race condition in arch/x86/kvm/x86.c in the Linux kernel before
2.6.38 ...)
- linux 2.6.38-1
- linux-2.6 2.6.38-1
@@ -250433,14 +250453,14 @@ CVE-2014-5088 (Cross-site scripting (XSS)
vulnerability in Status2k allows remot
NOT-FOR-US: Status2k
CVE-2014-5087 (A vulnerability exists in Sphider Search Engine prior to 1.3.6
due to ...)
TODO: check
-CVE-2014-5086
- RESERVED
-CVE-2014-5085
- RESERVED
-CVE-2014-5084
- RESERVED
-CVE-2014-5083
- RESERVED
+CVE-2014-5086 (A Command Execution vulnerability exists in Sphider Pro, and
Sphider P ...)
+ TODO: check
+CVE-2014-5085 (A Command Execution vulnerability exists in Sphider Plus 3.2
due to in ...)
+ TODO: check
+CVE-2014-5084 (A Command Execution vulnerability exists in Sphider Pro 3.2 due
to ins ...)
+ TODO: check
+CVE-2014-5083 (A Command Execution vulnerability exists in Sphider before
1.3.6 due t ...)
+ TODO: check
CVE-2014-5082 (Multiple SQL injection vulnerabilities in admin/admin.php in
Sphider 1 ...)
NOT-FOR-US: Sphider
CVE-2014-5081 (sphider prior to 1.3.6, sphider-pro prior to 3.2, and
sphider-plus pri ...)
@@ -265041,8 +265061,8 @@ CVE-2013-6871
RESERVED
CVE-2013-6870 (Cross-site scripting (XSS) vulnerability in Splunk Web in
Splunk befor ...)
NOT-FOR-US: Splunk Web
-CVE-2012-6611
- RESERVED
+CVE-2012-6611 (Polycom HDX Video End Points before 3.0 allows attackers to
read arbit ...)
+ TODO: check
CVE-2012-6610 (Polycom HDX Video End Points before 3.0.4 and UC APL before
2.7.1.J al ...)
NOT-FOR-US: Polycom HDX Video End Points
CVE-2012-6609 (Directory traversal vulnerability in a_getlog.cgi in Polycom
HDX Video ...)
@@ -277536,11 +277556,9 @@ CVE-2013-2110 (Heap-based buffer overflow in the
php_quot_print_encode function
[squeeze] - php5 <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/php/php-src/commit/93e0d78ec655f59ebfa82b2c6f8486c43651c1d0
NOTE: vulnerability introduced with commit
http://git.php.net/?p=php-src.git;a=commitdiff;h=18bb426587d62f93c54c40bf8535eb8416603629
-CVE-2013-2109
- RESERVED
+CVE-2013-2109 (WordPress plugin wp-cleanfix has Remote Code Execution ...)
NOT-FOR-US: WordPress plugin wp-cleanfix
-CVE-2013-2108
- RESERVED
+CVE-2013-2108 (WordPress WP Cleanfix Plugin 2.4.4 has CSRF ...)
NOT-FOR-US: WordPress plugin wp-cleanfix
CVE-2013-2107 (Cross-site request forgery (CSRF) vulnerability in the Mail On
Update ...)
NOT-FOR-US: WordPress plugin mail-on-update
@@ -280216,8 +280234,8 @@ CVE-2013-1355
REJECTED
CVE-2013-1354
RESERVED
-CVE-2013-1353
- RESERVED
+CVE-2013-1353 (Orange HRM 2.7.1 allows XSS via the vacancy name. ...)
+ TODO: check
CVE-2013-1352 (Verax NMS prior to 2.1.0 uses an encryption key that is
hardcoded in a ...)
NOT-FOR-US: Verax NMS
CVE-2013-1351 (Verax NMS prior to 2.10 allows authentication via the encrypted
passwo ...)
@@ -282074,8 +282092,8 @@ CVE-2012-6451 (Lorex LNC116 and LNC104 IP Cameras
have a Remote Authentication B
NOT-FOR-US: Lorex LNC116 and LNC104 IP Cameras
CVE-2012-6450
RESERVED
-CVE-2012-6449
- RESERVED
+CVE-2012-6449 (The clientconf.html and detailbw.html pages in x3 in cPanel
& WHM ...)
+ TODO: check
CVE-2012-6448 (Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM)
11.34.0 all ...)
NOT-FOR-US: cPanel
CVE-2012-6447 (Cross-site scripting (XSS) vulnerability in Splunk Web in
Splunk 5.0.0 ...)
@@ -285381,8 +285399,8 @@ CVE-2012-5829 (Heap-based buffer overflow in the
nsWindow::OnExposeEvent functio
- iceweasel 10.0.11esr-1
- icedove 10.0.11-1
- iceape 2.7.11-1
-CVE-2012-5828
- RESERVED
+CVE-2012-5828 (BlackBerry PlayBook before 2.1 has an Information Disclosure
Vulnerabi ...)
+ TODO: check
CVE-2012-5827 (Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote
attack ...)
NOT-FOR-US: Joomla!
CVE-2012-5826
@@ -295069,8 +295087,8 @@ CVE-2012-2206 (The Web Gateway component in IBM
WebSphere MQ File Transfer Editi
NOT-FOR-US: IBM WebSphere MQ File Transfer Edition
CVE-2012-2205 (Cross-site scripting (XSS) vulnerability in IBM Rational
ClearQuest 7. ...)
NOT-FOR-US: IBM Rational ClearQuest
-CVE-2012-2204
- RESERVED
+CVE-2012-2204 (InfoSphere Guardium aix_ktap module: DoS ...)
+ TODO: check
CVE-2012-2203 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used
in IBM R ...)
NOT-FOR-US: IBM Global Security Kit
CVE-2012-2202 (Directory traversal vulnerability in javatester_init.php in IBM
Lotus ...)
@@ -295581,8 +295599,8 @@ CVE-2012-1996 (Unspecified vulnerability in HP
Systems Insight Manager (SIM) bef
NOT-FOR-US: HP Systems Insight Manager
CVE-2012-1995 (Unspecified vulnerability in HP Systems Insight Manager (SIM)
before 7 ...)
NOT-FOR-US: HP Systems Insight Manager
-CVE-2012-1994
- RESERVED
+CVE-2012-1994 (HP Systems Insight Manager before 7.0 allows a remote user on
adjacent ...)
+ TODO: check
CVE-2012-1993 (Unspecified vulnerability in HP System Management Homepage
(SMH) befor ...)
NOT-FOR-US: HP System Management Homepage
CVE-2012-1992 (Cross-site scripting (XSS) vulnerability in admin/edituser.php
in CMS ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed3f050a96b6cfea8fa36ccbb5fa9de49aee90bd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed3f050a96b6cfea8fa36ccbb5fa9de49aee90bd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
