Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0c77d29f by security tracker role at 2020-02-17T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows
disclosure of t ...)
+ TODO: check
+CVE-2020-9042
+ RESERVED
+CVE-2020-9041
+ RESERVED
+CVE-2020-9040
+ RESERVED
+CVE-2020-9039
+ RESERVED
+CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...)
+ TODO: check
+CVE-2020-9037
+ RESERVED
+CVE-2020-9036
+ RESERVED
+CVE-2020-9035
+ RESERVED
+CVE-2019-20474 (An issue was discovered in Zoho ManageEngine Remote Access
Plus 10.0.4 ...)
+ TODO: check
+CVE-2016-11019
+ RESERVED
CVE-2020-XXXX [privilege escalation vulnerablility]
- network-manager-ssh 1.2.11-1
NOTE: https://github.com/danfruehauf/NetworkManager-ssh/pull/98
@@ -93,10 +115,10 @@ CVE-2019-20457
RESERVED
CVE-2020-9007 (Codoforum 4.8.8 allows self-XSS via the title of a new topic.
...)
NOT-FOR-US: Codoforum
-CVE-2020-9006
- RESERVED
-CVE-2020-9005
- RESERVED
+CVE-2020-9006 (The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is
vulner ...)
+ TODO: check
+CVE-2020-9005 (meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote
attack ...)
+ TODO: check
CVE-2020-9004
RESERVED
CVE-2020-9003
@@ -564,8 +586,7 @@ CVE-2020-8797
RESERVED
CVE-2020-8796 (Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx
before ...)
NOT-FOR-US: Biscom Secure File Transfer (SFT)
-CVE-2020-8795
- RESERVED
+CVE-2020-8795 (In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5,
sharing a gro ...)
- gitlab <not-affected> (Only affects EE version)
NOTE:
https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/
CVE-2020-8794
@@ -1154,8 +1175,8 @@ CVE-2020-8520
RESERVED
CVE-2020-8519
RESERVED
-CVE-2020-8518
- RESERVED
+CVE-2020-8518 (Horde Groupware Webmail Edition 5.2.22 allows injection of
arbitrary P ...)
+ TODO: check
CVE-2020-8517 (An issue was discovered in Squid before 4.10. Due to incorrect
input v ...)
- squid 4.10-1 (unimportant)
- squid3 <removed> (unimportant)
@@ -1387,8 +1408,8 @@ CVE-2020-8430
RESERVED
CVE-2020-8429 (The Admin web application in Kinetica 7.0.9.2.20191118151947
does not ...)
TODO: check
-CVE-2020-8427
- RESERVED
+CVE-2020-8427 (Kaseya Traverse before 9.5.20 allows OS command injection
attacks agai ...)
+ TODO: check
CVE-2020-8426 (The Elementor plugin before 2.8.5 for WordPress suffers from a
reflect ...)
NOT-FOR-US: Elementor plugin for WordPress
CVE-2020-8425 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF
that le ...)
@@ -3244,8 +3265,8 @@ CVE-2020-7599
RESERVED
CVE-2020-7598
RESERVED
-CVE-2020-7597
- RESERVED
+CVE-2020-7597 (codecov-node npm module before 3.6.5 allows remote attackers to
execut ...)
+ TODO: check
CVE-2020-7596 (Codecov npm module before 3.6.2 allows remote attackers to
execute arb ...)
NOT-FOR-US: Codecov npm module
CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an
infini ...)
@@ -4870,8 +4891,8 @@ CVE-2020-6851 (OpenJPEG through 2.3.1 has a heap-based
buffer overflow in opj_t1
[stretch] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1228
NOTE:
https://github.com/uclouvain/openjpeg/commit/024b8407392cb0b82b04b58ed256094ed5799e04
-CVE-2020-6850
- RESERVED
+CVE-2020-6850 (Utilities.php in the miniorange-saml-20-single-sign-on plugin
before 4 ...)
+ TODO: check
CVE-2020-6849 (The marketo-forms-and-tracking plugin through 1.0.2 for
WordPress allo ...)
NOT-FOR-US: marketo-forms-and-tracking plugin for WordPress
CVE-2020-6848 (Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka
Device Na ...)
@@ -4997,7 +5018,7 @@ CVE-2020-6801
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6801
CVE-2020-6800
RESERVED
- {DSA-4625-1 DSA-4620-1 DLA-2102-1}
+ {DSA-4625-1 DSA-4620-1 DLA-2104-1 DLA-2102-1}
- firefox 73.0-1
- firefox-esr 68.5.0esr-1
- thunderbird 1:68.5.0-1
@@ -5012,7 +5033,7 @@ CVE-2020-6799
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6799
CVE-2020-6798
RESERVED
- {DSA-4625-1 DSA-4620-1 DLA-2102-1}
+ {DSA-4625-1 DSA-4620-1 DLA-2104-1 DLA-2102-1}
- firefox 73.0-1
- firefox-esr 68.5.0esr-1
- thunderbird 1:68.5.0-1
@@ -5036,22 +5057,22 @@ CVE-2020-6796
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6796
CVE-2020-6795
RESERVED
- {DSA-4625-1}
+ {DSA-4625-1 DLA-2104-1}
- thunderbird 1:68.5.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6795
CVE-2020-6794
RESERVED
- {DSA-4625-1}
+ {DSA-4625-1 DLA-2104-1}
- thunderbird 1:68.5.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6794
CVE-2020-6793
RESERVED
- {DSA-4625-1}
+ {DSA-4625-1 DLA-2104-1}
- thunderbird 1:68.5.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6793
CVE-2020-6792
RESERVED
- {DSA-4625-1}
+ {DSA-4625-1 DLA-2104-1}
- thunderbird 1:68.5.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6792
CVE-2020-6791
@@ -18151,7 +18172,7 @@ CVE-2020-1721
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1777579
CVE-2020-1720
RESERVED
- {DSA-4623-1 DSA-4622-1}
+ {DSA-4623-1 DSA-4622-1 DLA-2105-1}
- postgresql-12 12.2-1
- postgresql-11 <unfixed>
- postgresql-9.6 <removed>
@@ -18210,8 +18231,7 @@ CVE-2020-1706
CVE-2020-1705
RESERVED
NOT-FOR-US: openshift
-CVE-2020-1704
- RESERVED
+CVE-2020-1704 (An insecure modification vulnerability in the /etc/passwd file
was fou ...)
NOT-FOR-US: openshift
CVE-2020-1703
RESERVED
@@ -18252,8 +18272,7 @@ CVE-2020-1694
CVE-2020-1693
RESERVED
NOT-FOR-US: NOT-FOR-US: Red Hat Satellite / Spacewalk
-CVE-2020-1692
- RESERVED
+CVE-2020-1692 (Moodle before version 3.7.2 is vulnerable to information
exposure of s ...)
- moodle <removed>
CVE-2020-1691
RESERVED
@@ -19314,8 +19333,8 @@ CVE-2019-19000
RESERVED
CVE-2019-18999
RESERVED
-CVE-2019-18998
- RESERVED
+CVE-2019-18998 (Insufficient access control in the web interface of ABB Asset
Suite ve ...)
+ TODO: check
CVE-2019-18997 (The HMISimulator component of ABB PB610 Panel Builder 600 uses
the rea ...)
NOT-FOR-US: ABB PB610 Panel Builder
CVE-2019-18996 (Path settings in HMIStudio component of ABB PB610 Panel
Builder 600 ve ...)
@@ -41257,8 +41276,8 @@ CVE-2019-12956
RESERVED
CVE-2019-12955
RESERVED
-CVE-2019-12954
- RESERVED
+CVE-2019-12954 (SolarWinds Network Performance Monitor (Orion Platform 2018,
NPM 12.3, ...)
+ TODO: check
CVE-2019-12953
RESERVED
CVE-2019-12952
@@ -41589,8 +41608,8 @@ CVE-2019-12827 (Buffer overflow in res_pjsip_messaging
in Digium Asterisk versio
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28447
CVE-2019-12826 (A Cross-Site-Request-Forgery (CSRF) vulnerability in
widget_logic.php ...)
NOT-FOR-US: 2by2host Widget Logic plugin for WordPress
-CVE-2019-12825
- RESERVED
+CVE-2019-12825 (Unauthorized Access to the Container Registry of other groups
was disc ...)
+ TODO: check
CVE-2019-12824
RESERVED
CVE-2019-12823 (Craft CMS 3.1.30 has XSS. ...)
@@ -219008,8 +219027,8 @@ CVE-2015-6924
RESERVED
CVE-2015-6923 (The ndvbs module in VBox Communications Satellite Express
Protocol 2.3 ...)
NOT-FOR-US: VBox Communications Satellite Express Protocol
-CVE-2015-6922
- RESERVED
+CVE-2015-6922 (Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33,
8.x bef ...)
+ TODO: check
CVE-2015-6921 (Cross-site scripting (XSS) vulnerability in the Zendesk
Feedback Tab m ...)
NOT-FOR-US: Zendesk Feedback Tab for Drupal
CVE-2015-6920 (Cross-site scripting (XSS) vulnerability in js/window.php in
the sourc ...)
@@ -223772,11 +223791,9 @@ CVE-2015-5218 (Buffer overflow in
text-utils/colcrt.c in colcrt in util-linux be
NOTE: https://www.spinics.net/lists/util-linux-ng/msg11873.html
CVE-2015-5217 (providers/saml2/admin.py in the Identity Provider (IdP) server
in Ipsi ...)
- ipsilon <itp> (bug #826838)
-CVE-2015-5216
- RESERVED
+CVE-2015-5216 (The Identity Provider (IdP) server in Ipsilon 0.1.0 before
1.0.1 does ...)
- ipsilon <itp> (bug #826838)
-CVE-2015-5215
- RESERVED
+CVE-2015-5215 (** DISPUTED ** The default configuration of the Jinja
templating engin ...)
- ipsilon <itp> (bug #826838)
CVE-2015-5214 (LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache
OpenOffice be ...)
{DSA-3394-1}
@@ -225187,8 +225204,7 @@ CVE-2015-4716 (Directory traversal vulnerability in
the routing component in own
- owncloud 7.0.6+dfsg-1 (unimportant)
NOTE: Specific to installations on Windows
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-006
-CVE-2015-4715 [Mounted Dropbox storage allows "Dropbox.com" to access any file]
- RESERVED
+CVE-2015-4715 (The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in
ownClo ...)
- php-dropbox 1.0.0-4 (unimportant)
[jessie] - php-dropbox 1.0.0-3+deb8u1
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-005
@@ -235216,7 +235232,7 @@ CVE-2015-1389 (Cross-site scripting (XSS)
vulnerability in Aruba Networks ClearP
CVE-2015-1388 (The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x
before 6 ...)
NOT-FOR-US: ArubaOS
CVE-2015-1387
- RESERVED
+ REJECTED
CVE-2015-1385 (Cross-site scripting (XSS) vulnerability in the Blubrry
PowerPress Pod ...)
NOT-FOR-US: WordPress plugin powerpress
CVE-2015-1384 (Cross-site scripting (XSS) vulnerability in the Banner Effect
Header p ...)
@@ -239290,7 +239306,7 @@ CVE-2014-9406 (ARRIS Touchstone TG862G/CT Telephony
Gateway with firmware 7.6.59
CVE-2014-9405 (A Cross-Site Scripting (XSS) vulnerability exists in the
description f ...)
NOT-FOR-US: Freebox OS
CVE-2014-9404
- RESERVED
+ REJECTED
CVE-2014-9401 (Cross-site request forgery (CSRF) vulnerability in the WP Limit
Posts ...)
NOT-FOR-US: WP Limit Posts Automatically plugin for WordPress
CVE-2014-9400 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the Wp U ...)
@@ -240783,8 +240799,8 @@ CVE-2015-0260 (RhodeCode before 2.2.7 and Kallithea
0.1 allows remote authentica
CVE-2015-0259 (OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before
2014.2.3, an ...)
- nova 2014.1.3-11 (bug #780250)
[wheezy] - nova <not-affected> (Vulnerable code not present)
-CVE-2015-0258
- RESERVED
+CVE-2015-0258 (Multiple incomplete blacklist vulnerabilities in the avatar
upload fun ...)
+ TODO: check
CVE-2015-0257 (Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1
uses wea ...)
NOT-FOR-US: ovirt / RHEV
CVE-2015-0256
@@ -259402,8 +259418,8 @@ CVE-2013-7327 (The gdImageCrop function in
ext/gd/gd.c in PHP 5.5.x before 5.5.9
[squeeze] - php5 <not-affected> (Vulnerable code was introduced in
5.5.0)
CVE-2013-7326 (Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0
allows re ...)
NOT-FOR-US: vTiger CRM
-CVE-2013-7324
- RESERVED
+CVE-2013-7324 (Webkit-GTK 2.x (any version with HTML5 audio/video support
based on GS ...)
+ TODO: check
CVE-2012-6638 (The tcp_rcv_state_process function in net/ipv4/tcp_input.c in
the Linu ...)
- linux 3.2.29-1
- linux-2.6 <removed>
@@ -271871,7 +271887,8 @@ CVE-2013-4449 (The rwm overlay in OpenLDAP 2.4.23,
2.4.36, and earlier does not
[squeeze] - openldap <no-dsa> (Minor issue)
NOTE: http://www.openldap.org/its/index.cgi/Incoming?id=7723
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1019490
-CVE-2013-4448 (echoping through 6.0.2 has buffer overflow vulnerabilities ...)
+CVE-2013-4448
+ REJECTED
TODO: contacted MITRE, should be rejected, cf.
https://www.openwall.com/lists/oss-security/2013/10/21/9
CVE-2013-4447 (Cross-site scripting (XSS) vulnerability in the API in the
Simplenews ...)
NOT-FOR-US: Simplenews Drupal contributed module
@@ -273916,8 +273933,8 @@ CVE-2013-3740
RESERVED
CVE-2013-3739 (Directory traversal vulnerability in editor.php in Network
Weathermap ...)
NOT-FOR-US: Network Weathermap
-CVE-2013-3738
- RESERVED
+CVE-2013-3738 (A File Inclusion vulnerability exists in Zabbix 2.0.6 due to
inadequat ...)
+ TODO: check
CVE-2013-3843 (Stack-based buffer overflow in the mk_request_header_process
function ...)
- monkey <removed>
[squeeze] - monkey <no-dsa> (Minor issue)
@@ -273960,8 +273977,8 @@ CVE-2013-3724 (The mk_request_header_process function
in mk_request.c in Monkey
[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2013-3723
RESERVED
-CVE-2013-3722
- RESERVED
+CVE-2013-3722 (A Denial of Service (infinite loop) exists in OpenSIPS before
1.10 in ...)
+ TODO: check
CVE-2013-3721 (SQL injection vulnerability in awards.php in PsychoStats 3.2.2b
allows ...)
NOT-FOR-US: PsychoStats
CVE-2013-3720 (Cross-site scripting (XSS) vulnerability in widget_remove.php
in the F ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c77d29fead65ce71335d5734369dfea0b924a0a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c77d29fead65ce71335d5734369dfea0b924a0a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
