Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9d53b18a by security tracker role at 2020-02-25T20:10:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,22 @@
-CVE-2020-9391 [mm: Avoid creating virtual address aliases in
brk()/mmap()/mremap()]
+CVE-2020-9395
+ RESERVED
+CVE-2020-9394 (An issue was discovered in the pricing-table-by-supsystic
plugin befor ...)
+ TODO: check
+CVE-2020-9393 (An issue was discovered in the pricing-table-by-supsystic
plugin befor ...)
+ TODO: check
+CVE-2020-9392
+ RESERVED
+CVE-2020-9390
+ RESERVED
+CVE-2020-9389
+ RESERVED
+CVE-2020-9388
+ RESERVED
+CVE-2020-9387
+ RESERVED
+CVE-2020-9386
+ RESERVED
+CVE-2020-9391 (An issue was discovered in the Linux kernel 5.4 and 5.5 through
5.5.6 ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -8,8 +26,7 @@ CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in
Zint 2.7.1 becaus
- zint <itp> (bug #732141)
CVE-2020-9384
RESERVED
-CVE-2020-9383 [floppy: check FDC index for errors before assigning it]
- RESERVED
+CVE-2020-9383 (An issue was discovered in the Linux kernel through 5.5.6.
set_fdc in ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/2e90ca68b0d2f5548804f22f0dd61145516171e3
CVE-2020-9382 (An issue was discovered in the Widgets extension through 1.4.0
for Med ...)
@@ -18,8 +35,8 @@ CVE-2020-9381 (controllers/admin.js in Total.js CMS 13 allows
remote attackers t
NOT-FOR-US: Total.js CMS
CVE-2020-9380
RESERVED
-CVE-2020-9379
- RESERVED
+CVE-2020-9379 (The Software Development Kit of the MiContact Center Business
with Sit ...)
+ TODO: check
CVE-2020-9378
RESERVED
CVE-2020-9377
@@ -128,16 +145,17 @@ CVE-2020-9337
CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard ->
Settings ...)
NOT-FOR-US: fauzantrif eLection
CVE-2020-6802 [mutation XSS vulnerability]
+ RESERVED
- python-bleach 3.1.1-1 (bug #951907)
[stretch] - python-bleach <not-affected> (Vulnerable code introduced
later)
[jessie] - python-bleach <not-affected> (Vulnerable code introduced
later)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 (not public)
NOTE:
https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r
NOTE:
https://github.com/mozilla/bleach/commit/f77e0f6392177a06e46a49abd61a4d9f035e57fd
-CVE-2020-9335
- RESERVED
-CVE-2020-9334
- RESERVED
+CVE-2020-9335 (Multiple stored XSS vulnerabilities exist in the 10Web Photo
Gallery p ...)
+ TODO: check
+CVE-2020-9334 (A stored XSS vulnerability exists in the Envira Photo Gallery
plugin t ...)
+ TODO: check
CVE-2020-9333
RESERVED
CVE-2020-9332
@@ -821,12 +839,12 @@ CVE-2020-9021 (Post Oak AWAM Bluetooth Field Device
7400v2.08.21.2018, 7800SD.20
NOT-FOR-US: Post Oak AWAM Bluetooth Field Device
CVE-2020-9020 (Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0
devices allow ...)
NOT-FOR-US: Iteris Vantage Velocity Field Unit devices
-CVE-2020-9019
- RESERVED
-CVE-2020-9018
- RESERVED
-CVE-2020-9017
- RESERVED
+CVE-2020-9019 (The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS
via th ...)
+ TODO: check
+CVE-2020-9018 (LiteCart through 2.2.1 allows
admin/?app=users&doc=edit_user CSRF ...)
+ TODO: check
+CVE-2020-9017 (LiteCart through 2.2.1 allows CSV injection via a customer's
profile. ...)
+ TODO: check
CVE-2020-9016 (Dolibarr 11.0 allows XSS via the joinfiles, topic, or code
parameter, ...)
- dolibarr <removed>
CVE-2020-9015 (Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M,
and DCS-7 ...)
@@ -843,8 +861,8 @@ CVE-2020-9010
RESERVED
CVE-2020-9009
RESERVED
-CVE-2020-9008
- RESERVED
+CVE-2020-9008 (Stored Cross-site scripting (XSS) vulnerability in Blackboard
Learn/Pe ...)
+ TODO: check
CVE-2019-20473
RESERVED
CVE-2019-20472
@@ -1333,10 +1351,10 @@ CVE-2020-8812 (** DISPUTED ** Bludit 3.10.0 allows
Editor or Author roles to ins
NOT-FOR-US: Bludit
CVE-2020-8811 (ajax/profile-picture-upload.php in Bludit 3.10.0 allows
authenticated ...)
NOT-FOR-US: Bludit
-CVE-2020-8810
- RESERVED
-CVE-2020-8809
- RESERVED
+CVE-2020-8810 (An issue was discovered in Gurux GXDLMS Director through
8.5.1905.1301 ...)
+ TODO: check
+CVE-2020-8809 (Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates
to add- ...)
+ TODO: check
CVE-2020-8808 (The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in
CORSAIR ...)
NOT-FOR-US: CORSAIR iCUE
CVE-2020-8807
@@ -1366,12 +1384,10 @@ CVE-2020-8796 (Biscom Secure File Transfer (SFT) before
5.1.1071 and 6.0.1xxx be
CVE-2020-8795 (In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5,
sharing a gro ...)
- gitlab <not-affected> (Only affects EE version)
NOTE:
https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/
-CVE-2020-8794
- RESERVED
+CVE-2020-8794 (OpenSMTPD before 6.6.4 allows remote code execution because of
an out- ...)
- opensmtpd 6.6.4p1-1 (bug #952453)
NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/5
-CVE-2020-8793
- RESERVED
+CVE-2020-8793 (OpenSMTPD before 6.6.4 allows local users to read arbitrary
files (e.g ...)
- opensmtpd 6.6.4p1-1 (bug #952453)
NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/4
NOTE:
https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/021_smtpd_envelope.patch.sig
@@ -26916,7 +26932,7 @@ CVE-2019-17592 (The csv-parse module before 4.4.6 for
Node.js is vulnerable to R
NOT-FOR-US: csv-parse Node module
CVE-2019-17591
RESERVED
-CVE-2019-17590 (The csrf_callback function in the CSRF Magic library through
2016-03-2 ...)
+CVE-2019-17590 (** DISPUTED ** The csrf_callback function in the CSRF Magic
library th ...)
NOT-FOR-US: CSRF Magic library
CVE-2019-17589
REJECTED
@@ -42458,8 +42474,8 @@ CVE-2012-6711 (A heap-based buffer overflow exists in
GNU Bash before 4.3 when w
NOTE:
https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=863d31ae775d56b785dc5b0105b6d251515d81d5
(bash-4.3-alpha)
CVE-2019-12864
RESERVED
-CVE-2019-12863
- RESERVED
+CVE-2019-12863 (SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4)
allows ...)
+ TODO: check
CVE-2019-12862
RESERVED
CVE-2019-12861
@@ -64101,8 +64117,8 @@ CVE-2019-5167
RESERVED
CVE-2019-5166
RESERVED
-CVE-2019-5165
- RESERVED
+CVE-2019-5165 (An exploitable authentication bypass vulnerability exists in
the hostn ...)
+ TODO: check
CVE-2019-5164 (An exploitable code execution vulnerability exists in the
ss-manager b ...)
- shadowsocks-libev 3.3.3+ds-2
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958
@@ -64113,8 +64129,8 @@ CVE-2019-5163 (An exploitable denial-of-service
vulnerability exists in the UDPR
- shadowsocks-libev 3.3.3+ds-2
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0956
NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/2536
-CVE-2019-5162
- RESERVED
+CVE-2019-5162 (An exploitable improper access control vulnerability exists in
the iw_ ...)
+ TODO: check
CVE-2019-5161
RESERVED
CVE-2019-5160
@@ -64131,8 +64147,8 @@ CVE-2019-5155
RESERVED
CVE-2019-5154 (An exploitable heap overflow vulnerability exists in the
JPEG2000 pars ...)
NOT-FOR-US: LEADTOOLS
-CVE-2019-5153
- RESERVED
+CVE-2019-5153 (An exploitable remote code execution vulnerability exists in
the iw_we ...)
+ TODO: check
CVE-2019-5152 (An exploitable information disclosure vulnerability exists in
the netw ...)
- shadowsocks-libev <unfixed> (unimportant)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0942
@@ -64146,8 +64162,8 @@ CVE-2019-5150 (An exploitable SQL injection
vulnerability exist in YouPHPTube 7.
NOT-FOR-US: YouPHPTube
CVE-2019-5149
RESERVED
-CVE-2019-5148
- RESERVED
+CVE-2019-5148 (An exploitable denial-of-service vulnerability exists in
ServiceAgent ...)
+ TODO: check
CVE-2019-5147 (An exploitable out-of-bounds read vulnerability exists in AMD
ATIDXX64 ...)
NOT-FOR-US: AMD ATIDXX64.DLL driver
CVE-2019-5146 (An exploitable out-of-bounds read vulnerability exists in AMD
ATIDXX64 ...)
@@ -64156,22 +64172,22 @@ CVE-2019-5145 (An exploitable use-after-free
vulnerability exists in the JavaScr
NOT-FOR-US: Foxit PDF Reader
CVE-2019-5144 (An exploitable heap underflow vulnerability exists in the
derive_taps_ ...)
NOT-FOR-US: Kakadu Software SDK
-CVE-2019-5143
- RESERVED
-CVE-2019-5142
- RESERVED
-CVE-2019-5141
- RESERVED
-CVE-2019-5140
- RESERVED
-CVE-2019-5139
- RESERVED
-CVE-2019-5138
- RESERVED
-CVE-2019-5137
- RESERVED
-CVE-2019-5136
- RESERVED
+CVE-2019-5143 (An exploitable format string vulnerability exists in the
iw_console co ...)
+ TODO: check
+CVE-2019-5142 (An exploitable command injection vulnerability exists in the
hostname ...)
+ TODO: check
+CVE-2019-5141 (An exploitable command injection vulnerability exists in the
iw_webs f ...)
+ TODO: check
+CVE-2019-5140 (An exploitable command injection vulnerability exists in the
iwwebs fu ...)
+ TODO: check
+CVE-2019-5139 (An exploitable use of hard-coded credentials vulnerability
exists in m ...)
+ TODO: check
+CVE-2019-5138 (An exploitable command injection vulnerability exists in
encrypted dia ...)
+ TODO: check
+CVE-2019-5137 (The usage of hard-coded cryptographic keys within the
ServiceAgent bin ...)
+ TODO: check
+CVE-2019-5136 (An exploitable privilege escalation vulnerability exists in the
iw_con ...)
+ TODO: check
CVE-2019-5135
RESERVED
CVE-2019-5134
@@ -65227,8 +65243,8 @@ CVE-2019-4674 (IBM Security Identity Manager 7.0.1
could allow a remote attacker
NOT-FOR-US: IBM
CVE-2019-4673
RESERVED
-CVE-2019-4672
- RESERVED
+CVE-2019-4672 (IBM QRadar Advisor 1.1 through 2.5 could allow an unauthorized
attacke ...)
+ TODO: check
CVE-2019-4671
RESERVED
CVE-2019-4670 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could
allow a ...)
@@ -65457,8 +65473,8 @@ CVE-2019-4559 (IBM QRadar SIEM 7.3.0 through 7.3.3
discloses sensitive informati
NOT-FOR-US: IBM
CVE-2019-4558 (A security vulnerability has been identified in all levels of
IBM Spec ...)
NOT-FOR-US: IBM
-CVE-2019-4557
- RESERVED
+CVE-2019-4557 (IBM Qradar Advisor 1.1 through 2.5 with Watson uses weaker than
expect ...)
+ TODO: check
CVE-2019-4556 (IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete
blacklisting fo ...)
NOT-FOR-US: IBM
CVE-2019-4555 (IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site
scripti ...)
@@ -66573,8 +66589,8 @@ CVE-2019-4001
RESERVED
CVE-2019-4000
RESERVED
-CVE-2019-3999
- RESERVED
+CVE-2019-3999 (Improper neutralization of special elements used in an OS
command in D ...)
+ TODO: check
CVE-2019-3998 (Authentication bypass using an alternate path or channel in
SimpliSafe ...)
NOT-FOR-US: SimpliSafe SS3 firmware
CVE-2019-3997 (Authentication bypass using an alternate path or channel in
SimpliSafe ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d53b18aad41cb940ee7ce785218a0458aaeac87
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d53b18aad41cb940ee7ce785218a0458aaeac87
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
