Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f47f622e by security tracker role at 2020-02-13T08:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2020-8964 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007,
SR7110 1.0.0 ...)
+ TODO: check
+CVE-2020-8963 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007,
SR7110 1.0.0 ...)
+ TODO: check
+CVE-2020-8962 (A stack-based buffer overflow was found on the D-Link DIR-842
REVC wit ...)
+ TODO: check
+CVE-2020-8961
+ RESERVED
+CVE-2020-8960
+ RESERVED
+CVE-2020-8959
+ RESERVED
+CVE-2020-8958
+ RESERVED
+CVE-2020-8957
+ RESERVED
+CVE-2020-8956
+ RESERVED
+CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat
through 2 ...)
+ TODO: check
+CVE-2020-8954
+ RESERVED
+CVE-2020-8953 (OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP
authentication by ...)
+ TODO: check
+CVE-2020-8952
+ RESERVED
+CVE-2020-8951
+ RESERVED
+CVE-2020-8950 (The AUEPLauncher service in Radeon AMD User Experience Program
Launche ...)
+ TODO: check
CVE-2020-8949 (Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815,
S2A 4.3. ...)
NOT-FOR-US: Gocloud devices
CVE-2020-8948
@@ -3848,10 +3878,10 @@ CVE-2020-7211 (tftp.c in libslirp 4.1.0, as used in
QEMU 4.2.0, does not prevent
NOTE:
https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4
CVE-2020-7210 (Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user
account ...)
NOT-FOR-US: Umbraco CMS
-CVE-2020-7209
- RESERVED
-CVE-2020-7208
- RESERVED
+CVE-2020-7209 (LinuxKI v6.0-1 and earlier is vulnerable to an remote code
execution w ...)
+ TODO: check
+CVE-2020-7208 (LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is
resolved i ...)
+ TODO: check
CVE-2020-7207
RESERVED
CVE-2020-7206
@@ -4374,12 +4404,12 @@ CVE-2020-6977
RESERVED
CVE-2020-6976
RESERVED
-CVE-2020-6975
- RESERVED
+CVE-2020-6975 (Digi International ConnectPort LTS 32 MEI, Firmware Version
1.4.3 (820 ...)
+ TODO: check
CVE-2020-6974
RESERVED
-CVE-2020-6973
- RESERVED
+CVE-2020-6973 (Digi International ConnectPort LTS 32 MEI, Firmware Version
1.4.3 (820 ...)
+ TODO: check
CVE-2020-6972
RESERVED
CVE-2020-6971
@@ -4759,6 +4789,7 @@ CVE-2020-6801
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6801
CVE-2020-6800
RESERVED
+ {DSA-4620-1}
- firefox 73.0-1
- firefox-esr 68.5.0esr-1
- thunderbird <unfixed>
@@ -4773,6 +4804,7 @@ CVE-2020-6799
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6799
CVE-2020-6798
RESERVED
+ {DSA-4620-1}
- firefox 73.0-1
- firefox-esr 68.5.0esr-1
- thunderbird <unfixed>
@@ -4789,6 +4821,7 @@ CVE-2020-6797
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6797
CVE-2020-6796
RESERVED
+ {DSA-4620-1}
- firefox 73.0-1
- firefox-esr 68.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6796
@@ -6107,40 +6140,40 @@ CVE-2020-6195
RESERVED
CVE-2020-6194
RESERVED
-CVE-2020-6193
- RESERVED
-CVE-2020-6192
- RESERVED
-CVE-2020-6191
- RESERVED
-CVE-2020-6190
- RESERVED
-CVE-2020-6189
- RESERVED
-CVE-2020-6188
- RESERVED
-CVE-2020-6187
- RESERVED
-CVE-2020-6186
- RESERVED
-CVE-2020-6185
- RESERVED
-CVE-2020-6184
- RESERVED
-CVE-2020-6183
- RESERVED
+CVE-2020-6193 (SAP NetWeaver (Knowledge Management ICE Service), versions
7.30, 7.31, ...)
+ TODO: check
+CVE-2020-6192 (SAP Landscape Management, version 3.0, allows an attacker with
admin p ...)
+ TODO: check
+CVE-2020-6191 (SAP Landscape Management, version 3.0, allows an attacker with
admin p ...)
+ TODO: check
+CVE-2020-6190 (Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap
Dump Appli ...)
+ TODO: check
+CVE-2020-6189 (Certain settings page(s) in SAP Business Objects Business
Intelligence ...)
+ TODO: check
+CVE-2020-6188 (VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602,
603, 604, ...)
+ TODO: check
+CVE-2020-6187 (SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20,
7.30, 7. ...)
+ TODO: check
+CVE-2020-6186 (SAP Host Agent, version 7.21, allows an attacker to cause a
slowdown i ...)
+ TODO: check
+CVE-2020-6185 (Under certain conditions ABAP Online Community in SAP NetWeaver
(SAP_B ...)
+ TODO: check
+CVE-2020-6184 (Under certain conditions, ABAP Online Community in SAP
NetWeaver (SAP_ ...)
+ TODO: check
+CVE-2020-6183 (SAP Host Agent, version 7.21, allows an unprivileged user to
read the ...)
+ TODO: check
CVE-2020-6182
RESERVED
-CVE-2020-6181
- RESERVED
+CVE-2020-6181 (Under some circumstances the SAML SSO implementation in the SAP
NetWea ...)
+ TODO: check
CVE-2020-6180
RESERVED
CVE-2020-6179
RESERVED
CVE-2020-6178
RESERVED
-CVE-2020-6177
- RESERVED
+CVE-2020-6177 (SAP Mobile Platform, version 3.0, does not sufficiently
validate an XM ...)
+ TODO: check
CVE-2019-20367 (nlist.c in libbsd before 0.10.0 has an out-of-bounds read
during a com ...)
- libbsd 0.10.0-1
[buster] - libbsd <no-dsa> (Minor issue)
@@ -7779,8 +7812,8 @@ CVE-2020-5401
RESERVED
CVE-2020-5400
RESERVED
-CVE-2020-5399
- RESERVED
+CVE-2020-5399 (Cloud Foundry CredHub, versions prior to 2.5.10, connects to a
MySQL d ...)
+ TODO: check
CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions
5.1.x pri ...)
- libspring-java <unfixed>
NOTE: https://pivotal.io/security/cve-2020-5398
@@ -8125,12 +8158,12 @@ CVE-2020-5243
RESERVED
CVE-2020-5242
RESERVED
-CVE-2020-5241
- RESERVED
+CVE-2020-5241 (matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to
XSS/Script i ...)
+ TODO: check
CVE-2020-5240
RESERVED
-CVE-2020-5239
- RESERVED
+CVE-2020-5239 (In Mailu before version 1.7, an authenticated user can exploit
a vulne ...)
+ TODO: check
CVE-2020-5238
RESERVED
CVE-2020-5237 (oneup/uploader-bundle before 1.9.3 and 2.1.5, can be exploited
to uplo ...)
@@ -14997,6 +15030,7 @@ CVE-2020-2660 (Vulnerability in the MySQL Server
product of Oracle MySQL (compon
- mysql-5.7 <unfixed> (bug #949994)
NOTE:
https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2659 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
+ {DSA-4621-1}
- openjdk-8 8u242-b08-1
- openjdk-7 <removed>
CVE-2020-2658 (Vulnerability in the Oracle iSupport product of Oracle
E-Business Suit ...)
@@ -15010,7 +15044,7 @@ CVE-2020-2655 (Vulnerability in the Java SE product of
Oracle Java SE (component
- openjdk-13 13.0.2+8-1
- openjdk-11 11.0.6+10-1
CVE-2020-2654 (Vulnerability in the Java SE product of Oracle Java SE
(component: Lib ...)
- {DSA-4605-1}
+ {DSA-4621-1 DSA-4605-1}
- openjdk-13 13.0.2+8-1
- openjdk-11 11.0.6+10-1
- openjdk-8 8u242-b08-1
@@ -15115,7 +15149,7 @@ CVE-2020-2606 (Vulnerability in the PeopleSoft
Enterprise PeopleTools product of
CVE-2020-2605 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
NOT-FOR-US: Oracle
CVE-2020-2604 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- {DSA-4605-1}
+ {DSA-4621-1 DSA-4605-1}
- openjdk-13 13.0.2+8-1
- openjdk-11 11.0.6+10-1
- openjdk-8 8u242-b08-1
@@ -15125,7 +15159,7 @@ CVE-2020-2603 (Vulnerability in the Oracle Field
Service product of Oracle E-Bus
CVE-2020-2602 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
NOT-FOR-US: Oracle
CVE-2020-2601 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- {DSA-4605-1}
+ {DSA-4621-1 DSA-4605-1}
- openjdk-13 13.0.2+8-1
- openjdk-11 11.0.6+10-1
- openjdk-8 8u242-b08-1
@@ -15145,7 +15179,7 @@ CVE-2020-2595 (Vulnerability in the Oracle GraalVM
Enterprise Edition product of
CVE-2020-2594
RESERVED
CVE-2020-2593 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- {DSA-4605-1}
+ {DSA-4621-1 DSA-4605-1}
- openjdk-13 13.0.2+8-1
- openjdk-11 11.0.6+10-1
- openjdk-8 8u242-b08-1
@@ -15155,7 +15189,7 @@ CVE-2020-2592 (Vulnerability in the Oracle AutoVue
product of Oracle Supply Chai
CVE-2020-2591 (Vulnerability in the Oracle Web Applications Desktop Integrator
produc ...)
NOT-FOR-US: Oracle
CVE-2020-2590 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- {DSA-4605-1}
+ {DSA-4621-1 DSA-4605-1}
- openjdk-13 13.0.2+8-1
- openjdk-11 11.0.6+10-1
- openjdk-8 8u242-b08-1
@@ -15177,7 +15211,7 @@ CVE-2020-2584 (Vulnerability in the MySQL Server
product of Oracle MySQL (compon
- mysql-5.7 <unfixed> (bug #949994)
NOTE:
https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2583 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- {DSA-4605-1}
+ {DSA-4621-1 DSA-4605-1}
- openjdk-13 13.0.2+8-1
- openjdk-11 11.0.6+10-1
- openjdk-8 8u242-b08-1
@@ -16727,12 +16761,12 @@ CVE-2020-1979
RESERVED
CVE-2020-1978
RESERVED
-CVE-2020-1977
- RESERVED
-CVE-2020-1976
- RESERVED
-CVE-2020-1975
- RESERVED
+CVE-2020-1977 (Insufficient Cross-Site Request Forgery (XSRF) protection on
Expeditio ...)
+ TODO: check
+CVE-2020-1976 (A denial-of-service (DoS) vulnerability in Palo Alto Networks
GlobalPr ...)
+ TODO: check
+CVE-2020-1975 (Missing XML validation vulnerability in the PAN-OS web
interface on Pa ...)
+ TODO: check
CVE-2019-19598 (D-Link DAP-1860 devices before v1.04b03 Beta allow access to
administr ...)
NOT-FOR-US: D-Link
CVE-2019-19597 (D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary
remote co ...)
@@ -19212,8 +19246,8 @@ CVE-2019-18917
RESERVED
CVE-2019-18916
RESERVED
-CVE-2019-18915
- RESERVED
+CVE-2019-18915 (A potential security vulnerability has been identified with
certain ve ...)
+ TODO: check
CVE-2019-18914
RESERVED
CVE-2019-18913 (A potential security vulnerability with pre-boot DMA may allow
unautho ...)
@@ -23335,7 +23369,7 @@ CVE-2019-18212 (XMLLanguageService.java in XML Language
Server (aka lsp4xml) bef
NOT-FOR-US: XML Language Server (aka lsp4xml)
CVE-2019-18211 (An issue was discovered in Orckestra C1 CMS through 6.6. The
EntityTok ...)
NOT-FOR-US: Orckestra C1 CMS
-CVE-2019-18210 (** DISPUTED ** Persistent XSS in /course/modedit.php of Moodle
through ...)
+CVE-2019-18210 (Persistent XSS in /course/modedit.php of Moodle through 3.7.2
allows a ...)
- moodle <removed>
CVE-2019-18209 (templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the
browser doe ...)
- etherpad-lite <itp> (bug #576998)
@@ -34663,8 +34697,8 @@ CVE-2019-XXXX [Buffer overflow during processing of
large server replies]
[jessie] - pump 0.8.24-7+deb8u1
CVE-2019-14653 (pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR
or SUP e ...)
NOT-FOR-US: pandao Editor.md
-CVE-2019-14652
- RESERVED
+CVE-2019-14652 (explorer.js in Amazon AWS JavaScript S3 Explorer (aka
aws-js-s3-explor ...)
+ TODO: check
CVE-2019-14651
RESERVED
CVE-2019-14650
@@ -62513,8 +62547,8 @@ CVE-2019-5324
RESERVED
CVE-2019-5323
RESERVED
-CVE-2019-5322
- RESERVED
+CVE-2019-5322 (A remotely exploitable information disclosure vulnerability is
present ...)
+ TODO: check
CVE-2019-5321
RESERVED
CVE-2019-5320
@@ -119983,8 +120017,8 @@ CVE-2018-3989 (An exploitable kernel memory
disclosure vulnerability exists in t
NOT-FOR-US: WibuKey
CVE-2018-3988 (Signal Messenger for Android 4.24.8 may expose private
information whe ...)
NOT-FOR-US: Signal Messenger
-CVE-2018-3987
- RESERVED
+CVE-2018-3987 (An exploitable information disclosure vulnerability exists in
the 'Sec ...)
+ TODO: check
CVE-2018-3986 (An exploitable information disclosure vulnerability exists in
the "Sec ...)
NOT-FOR-US: Telegram Android
CVE-2018-3985 (An exploitable double free vulnerability exists in the mdnscap
binary ...)
@@ -267548,8 +267582,8 @@ CVE-2013-6024 (The Edge Client components in F5
BIG-IP APM 10.x, 11.x, 12.x, 13.
NOT-FOR-US: F5 BIG-IP
CVE-2013-6023 (Directory traversal vulnerability in the TVT TD-2308SS-B DVR
with firm ...)
NOT-FOR-US: TVT TD-2308SS-B DVR
-CVE-2013-6022
- RESERVED
+CVE-2013-6022 (A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki
CMG Gro ...)
+ TODO: check
CVE-2013-6021 (Buffer overflow in WGagent in WatchGuard WSM and Fireware
before 11.8 ...)
NOT-FOR-US: WatchGuard WSM and Fireware
CVE-2013-6020 (passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1
sends di ...)
@@ -269793,8 +269827,8 @@ CVE-2013-5108 (Multiple cross-site scripting (XSS)
vulnerabilities in the xn fun
- rockmongo <itp> (bug #702961)
CVE-2013-5107 (Directory traversal vulnerability in RockMongo 1.1.5 and
earlier allow ...)
- rockmongo <itp> (bug #702961)
-CVE-2013-5106
- RESERVED
+CVE-2013-5106 (A Code Execution vulnerability exists in select.py when using
python-m ...)
+ TODO: check
CVE-2013-5105
RESERVED
CVE-2013-5104
@@ -270958,8 +270992,8 @@ CVE-2013-4604 (Fortinet FortiOS before 5.0.3 on
FortiGate devices does not prope
NOT-FOR-US: Fortinet FortiOS
CVE-2013-4603
RESERVED
-CVE-2013-4602
- RESERVED
+CVE-2013-4602 (A Denial of Service (infinite loop) vulnerability exists in
Avira Anti ...)
+ TODO: check
CVE-2013-4601
RESERVED
CVE-2013-4600 (Multiple cross-site scripting (XSS) vulnerabilities in Alkacon
OpenCms ...)
@@ -300592,13 +300626,11 @@ CVE-2011-4910 (Cross-site scripting (XSS)
vulnerability in Joomla! before 1.5.12
NOT-FOR-US: Joomla!
CVE-2011-4909 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla!
before ...)
NOT-FOR-US: Joomla!
-CVE-2011-4908
- RESERVED
+CVE-2011-4908 (TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary
file upl ...)
NOT-FOR-US: Joomla!
CVE-2011-4907 (Joomla! 1.5x through 1.5.12: Missing JEXEC Check ...)
NOT-FOR-US: Joomla!
-CVE-2011-4906
- RESERVED
+CVE-2011-4906 (Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13
allows fil ...)
NOT-FOR-US: Joomla!
CVE-2011-4905 (Apache ActiveMQ before 5.6.0 allows remote attackers to cause a
denial ...)
- activemq 5.5.0+dfsg-5 (bug #655495)
@@ -304244,8 +304276,8 @@ CVE-2011-3903 (Google Chrome before 16.0.912.63 does
not properly perform regex
[squeeze] - chromium-browser <not-affected>
CVE-2011-3902
RESERVED
-CVE-2011-3901
- RESERVED
+CVE-2011-3901 (Android SQLite Journal before 4.0.1 has an information
disclosure vuln ...)
+ TODO: check
CVE-2011-3900 (Google V8, as used in Google Chrome before 15.0.874.121, allows
remote ...)
- chromium-browser 15.0.874.121~r109964-1
- webkit <not-affected> (Chrome issue)
@@ -305917,8 +305949,8 @@ CVE-2011-3338
RESERVED
CVE-2011-3337 (eEye Audit ID 2499 in eEye Digital Security Audits 2406 through
2423 f ...)
NOT-FOR-US: eEye Digital Security Audits
-CVE-2011-3336
- RESERVED
+CVE-2011-3336 (regcomp in the BSD implementation of libc is vulnerable to
denial of s ...)
+ TODO: check
CVE-2011-3335
RESERVED
CVE-2011-3334
@@ -308459,8 +308491,7 @@ CVE-2011-2500 (The host_reliable_addrinfo function in
support/export/hostname.c
- nfs-utils 1:1.2.4-1 (bug #633155)
[lenny] - nfs-utils <not-affected> (Introduced in 1.2.3)
[squeeze] - nfs-utils <not-affected> (Introduced in 1.2.3)
-CVE-2011-2499
- RESERVED
+CVE-2011-2499 (Mambo CMS through 4.6.5 has multiple XSS. ...)
NOT-FOR-US: Mambo CMS
CVE-2011-2498
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f47f622e97c19aa298c23d996b0267a452b620b9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f47f622e97c19aa298c23d996b0267a452b620b9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
