Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
61ca98e5 by security tracker role at 2020-03-13T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2020-10558
+ RESERVED
+CVE-2020-10557
+ RESERVED
+CVE-2020-10556
+ RESERVED
+CVE-2020-10555
+ RESERVED
+CVE-2020-10554
+ RESERVED
+CVE-2020-10553
+ RESERVED
+CVE-2020-10552
+ RESERVED
+CVE-2020-10551
+ RESERVED
+CVE-2020-10550
+ RESERVED
+CVE-2020-10549
+ RESERVED
+CVE-2020-10548
+ RESERVED
+CVE-2020-10547
+ RESERVED
+CVE-2020-10546
+ RESERVED
+CVE-2020-10545
+ RESERVED
+CVE-2020-10544 (An XSS issue was discovered in tooltip/tooltip.js in PrimeTek
PrimeFac ...)
+ TODO: check
+CVE-2009-5159 (Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4,
when Int ...)
+ TODO: check
CVE-2020-10543
RESERVED
CVE-2020-10542
@@ -680,8 +712,8 @@ CVE-2020-10220 (An issue was discovered in rConfig through
3.9.4. The web interf
NOT-FOR-US: rConfig
CVE-2020-10219
RESERVED
-CVE-2020-10218
- RESERVED
+CVE-2020-10218 (A Blind SQL Injection issue was discovered in Sapplica
Sentrifugo 3.2 ...)
+ TODO: check
CVE-2020-10217
RESERVED
CVE-2020-10216 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices.
They all ...)
@@ -724,10 +756,10 @@ CVE-2020-10198
RESERVED
CVE-2020-10197
RESERVED
-CVE-2020-10196
- RESERVED
-CVE-2020-10195
- RESERVED
+CVE-2020-10196 (An XSS vulnerability in the popup-builder plugin before 3.64.1
for Wor ...)
+ TODO: check
+CVE-2020-10195 (The popup-builder plugin before 3.64.1 for WordPress allows
informatio ...)
+ TODO: check
CVE-2020-10194
RESERVED
CVE-2020-10193 (ESET Archive Support Module before 1294 allows virus-detection
bypass ...)
@@ -964,46 +996,46 @@ CVE-2020-10094
RESERVED
CVE-2020-10093
RESERVED
-CVE-2020-10092
- RESERVED
-CVE-2020-10091
- RESERVED
-CVE-2020-10090
- RESERVED
-CVE-2020-10089
- RESERVED
-CVE-2020-10088
- RESERVED
-CVE-2020-10087
- RESERVED
-CVE-2020-10086
- RESERVED
-CVE-2020-10085
- RESERVED
-CVE-2020-10084
- RESERVED
-CVE-2020-10083
- RESERVED
-CVE-2020-10082
- RESERVED
-CVE-2020-10081
- RESERVED
-CVE-2020-10080
- RESERVED
-CVE-2020-10079
- RESERVED
-CVE-2020-10078
- RESERVED
-CVE-2020-10077
- RESERVED
-CVE-2020-10076
- RESERVED
-CVE-2020-10075
- RESERVED
-CVE-2020-10074
- RESERVED
-CVE-2020-10073
- RESERVED
+CVE-2020-10092 (GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting
vulnerab ...)
+ TODO: check
+CVE-2020-10091 (GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting
vulnerabi ...)
+ TODO: check
+CVE-2020-10090 (GitLab 11.7 through 12.8.1 allows Information Disclosure.
Under certai ...)
+ TODO: check
+CVE-2020-10089 (GitLab 8.11 through 12.8.1 allows a Denial of Service when
using sever ...)
+ TODO: check
+CVE-2020-10088 (GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending
on part ...)
+ TODO: check
+CVE-2020-10087 (GitLab before 12.8.2 allows Information Disclosure. Badge
images were ...)
+ TODO: check
+CVE-2020-10086 (GitLab 10.4 through 12.8.1 allows Directory Traversal. A
particular en ...)
+ TODO: check
+CVE-2020-10085 (GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A
particul ...)
+ TODO: check
+CVE-2020-10084 (GitLab EE 11.6 through 12.8.1 allows Information Disclosure.
Sending a ...)
+ TODO: check
+CVE-2020-10083 (GitLab 12.7 through 12.8.1 has Insecure Permissions. Under
certain con ...)
+ TODO: check
+CVE-2020-10082 (GitLab 12.2 through 12.8.1 allows Denial of Service. A denial
of servi ...)
+ TODO: check
+CVE-2020-10081 (GitLab before 12.8.2 has Incorrect Access Control. It was
internally d ...)
+ TODO: check
+CVE-2020-10080 (GitLab 8.3 through 12.8.1 allows Information Disclosure. It
was possib ...)
+ TODO: check
+CVE-2020-10079 (GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under
certain ...)
+ TODO: check
+CVE-2020-10078 (GitLab 12.1 through 12.8.1 allows XSS. The merge request
submission fo ...)
+ TODO: check
+CVE-2020-10077 (GitLab EE 3.0 through 12.8.1 allows SSRF. An internal
investigation re ...)
+ TODO: check
+CVE-2020-10076 (GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site
scripting v ...)
+ TODO: check
+CVE-2020-10075 (GitLab 12.5 through 12.8.1 allows HTML Injection. A particular
error h ...)
+ TODO: check
+CVE-2020-10074 (GitLab 10.1 through 12.8.1 has Incorrect Access Control. A
scenario wa ...)
+ TODO: check
+CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It
was inter ...)
+ TODO: check
CVE-2020-10072
RESERVED
CVE-2020-10071
@@ -4286,6 +4318,7 @@ CVE-2020-8610
CVE-2020-8609
RESERVED
CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses
snprintf ...)
+ {DLA-2142-1}
- libslirp <unfixed>
- qemu 1:4.1-2
[buster] - qemu <postponed> (Minor issue)
@@ -4375,8 +4408,8 @@ CVE-2020-8573
RESERVED
CVE-2020-8572
RESERVED
-CVE-2020-8571
- RESERVED
+CVE-2020-8571 (StorageGRID (formerly StorageGRID Webscale) versions 10.0.0
through 11 ...)
+ TODO: check
CVE-2020-8570
RESERVED
CVE-2020-8569
@@ -16663,8 +16696,8 @@ CVE-2019-19801 (In Gallagher Command Centre Server
versions of v8.10 prior to v8
NOT-FOR-US: Gallagher Command Centre Server
CVE-2019-19800 (Zoho ManageEngine Applications Manager 14 before 14520 allows
a remote ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
-CVE-2019-19799
- RESERVED
+CVE-2019-19799 (Zoho ManageEngine Applications Manager 14590 and before allows
a remot ...)
+ TODO: check
CVE-2019-19798
RESERVED
CVE-2019-19797 (read_colordef in read.c in Xfig fig2dev 3.2.7b has an
out-of-bounds wr ...)
@@ -17804,8 +17837,8 @@ CVE-2019-19758 (A vulnerability in the web interface of
Lenovo EZ Media & Ba
NOT-FOR-US: Lenovo
CVE-2019-19757 (An internal product security audit of Lenovo XClarity
Administrator (L ...)
NOT-FOR-US: Lenovo
-CVE-2019-19756
- RESERVED
+CVE-2019-19756 (An internal product security audit of Lenovo XClarity
Administrator (L ...)
+ TODO: check
CVE-2019-19755
RESERVED
CVE-2019-19754
@@ -19497,8 +19530,8 @@ CVE-2019-19613
RESERVED
CVE-2019-19612
RESERVED
-CVE-2019-19611
- RESERVED
+CVE-2019-19611 (An issue was discovered in Halvotec RaQuest 10.23.10801.0. One
of the ...)
+ TODO: check
CVE-2019-19610
RESERVED
CVE-2019-19609 (The Strapi framework before 3.0.0-beta.17.8 is vulnerable to
Remote Co ...)
@@ -20879,8 +20912,8 @@ CVE-2020-1955
RESERVED
CVE-2020-1954
RESERVED
-CVE-2020-1953
- RESERVED
+CVE-2020-1953 (Apache Commons Configuration uses a third-party library to
parse YAML ...)
+ TODO: check
CVE-2020-1952
RESERVED
CVE-2020-1951
@@ -33817,8 +33850,8 @@ CVE-2019-16159 (BIRD Internet Routing Daemon 1.6.x
through 1.6.7 and 2.x through
NOTE:
https://gitlab.labs.nic.cz/labs/bird/commit/8388f5a7e14108a1458fea35bfbb5a453e2c563c
(2.0.x)
CVE-2019-16158
RESERVED
-CVE-2019-16157
- RESERVED
+CVE-2019-16157 (An information exposure vulnerability in Fortinet FortiWeb
6.2.0 CLI a ...)
+ TODO: check
CVE-2019-16156 (An Improper Neutralization of Input vulnerability in the
Anomaly Detec ...)
TODO: check
CVE-2019-16155 (A privilege escalation vulnerability in FortiClient for Linux
6.2.1 an ...)
@@ -40208,10 +40241,10 @@ CVE-2019-14312 (Aptana Jaxer 1.0.3.4547 is vulnerable
to a local file inclusion
NOT-FOR-US: Aptana Jaxer
CVE-2019-14311
RESERVED
-CVE-2019-14310
- RESERVED
-CVE-2019-14309
- RESERVED
+CVE-2019-14310 (Ricoh SP C250DN 1.05 devices allow denial of service (issue 2
of 3). U ...)
+ TODO: check
+CVE-2019-14309 (Ricoh SP C250DN 1.05 devices have a fixed password. FTP
service creden ...)
+ TODO: check
CVE-2019-14308 (Several Ricoh printers have multiple buffer overflows parsing
LPD pack ...)
NOT-FOR-US: Ricoh
CVE-2019-14307 (Several Ricoh printers have multiple buffer overflows parsing
HTTP par ...)
@@ -40222,16 +40255,16 @@ CVE-2019-14305 (Several Ricoh printers have multiple
buffer overflows parsing HT
NOT-FOR-US: Ricoh
CVE-2019-14304 (Ricoh SP C250DN 1.06 devices allow CSRF. ...)
NOT-FOR-US: Ricoh SP C250DN 1.06 devices
-CVE-2019-14303
- RESERVED
+CVE-2019-14303 (Ricoh SP C250DN 1.05 devices allow denial of service (issue 1
of 3). S ...)
+ TODO: check
CVE-2019-14302 (On Ricoh SP C250DN 1.06 devices, a debug port can be used. ...)
NOT-FOR-US: Ricoh SP C250DN 1.06 devices
CVE-2019-14301 (Ricoh SP C250DN 1.06 devices have Incorrect Access Control
(issue 1 of ...)
NOT-FOR-US: Ricoh SP C250DN 1.06 devices
CVE-2019-14300 (Several Ricoh printers have multiple buffer overflows parsing
HTTP coo ...)
NOT-FOR-US: Ricoh
-CVE-2019-14299
- RESERVED
+CVE-2019-14299 (Ricoh SP C250DN 1.05 devices have an Authentication Method
Vulnerable ...)
+ TODO: check
CVE-2019-14298 (Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted
Description(con ...)
NOT-FOR-US: Veeam ONE Reporter
CVE-2019-14297 (Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit
Widget with ...)
@@ -43686,12 +43719,12 @@ CVE-2019-13397 (Unauthenticated Stored XSS in
osTicket 1.10.1 allows a remote at
NOT-FOR-US: osTicket
CVE-2019-13396 (FlightPath 4.x and 5.0-x allows directory traversal and Local
File Inc ...)
NOT-FOR-US: FlightPath
-CVE-2019-13395
- RESERVED
-CVE-2019-13394
- RESERVED
-CVE-2019-13393
- RESERVED
+CVE-2019-13395 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03
allows CSRF a ...)
+ TODO: check
+CVE-2019-13394 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses
HTTP Bas ...)
+ TODO: check
+CVE-2019-13393 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses
the same ...)
+ TODO: check
CVE-2019-13392 (A reflected Cross-Site Scripting (XSS) vulnerability in
MindPalette Na ...)
NOT-FOR-US: MindPalette NateMail
CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in
MagickCore/fourier.c has ...)
@@ -44237,36 +44270,36 @@ CVE-2019-13207 (nsd-checkzone in NLnet Labs NSD 4.2.0
has a Stack-based Buffer O
- nsd3 <removed>
NOTE: https://github.com/NLnetLabs/nsd/issues/20
NOTE:
https://github.com/NLnetLabs/nsd/commit/91102da24d5949ccfec8fdab5bae2d01c4cabab5
-CVE-2019-13206
- RESERVED
-CVE-2019-13205
- RESERVED
-CVE-2019-13204
- RESERVED
-CVE-2019-13203
- RESERVED
-CVE-2019-13202
- RESERVED
-CVE-2019-13201
- RESERVED
-CVE-2019-13200
- RESERVED
-CVE-2019-13199
- RESERVED
-CVE-2019-13198
- RESERVED
-CVE-2019-13197
- RESERVED
-CVE-2019-13196
- RESERVED
-CVE-2019-13195
- RESERVED
-CVE-2019-13194
- RESERVED
-CVE-2019-13193
- RESERVED
-CVE-2019-13192
- RESERVED
+CVE-2019-13206 (Some Kyocera printers (such as the ECOSYS M5526cdw
2R7_2000.001.701) w ...)
+ TODO: check
+CVE-2019-13205 (All configuration parameters of certain Kyocera printers (such
as the ...)
+ TODO: check
+CVE-2019-13204 (Some Kyocera printers (such as the ECOSYS M5526cdw
2R7_2000.001.701) w ...)
+ TODO: check
+CVE-2019-13203 (Some Kyocera printers (such as the ECOSYS M5526cdw
2R7_2000.001.701) w ...)
+ TODO: check
+CVE-2019-13202 (Some Kyocera printers (such as the ECOSYS M5526cdw
2R7_2000.001.701) w ...)
+ TODO: check
+CVE-2019-13201 (Some Kyocera printers (such as the ECOSYS M5526cdw
2R7_2000.001.701) w ...)
+ TODO: check
+CVE-2019-13200 (The web application of several Kyocera printers (such as the
ECOSYS M5 ...)
+ TODO: check
+CVE-2019-13199 (Some Kyocera printers (such as the ECOSYS M5526cdw
2R7_2000.001.701) d ...)
+ TODO: check
+CVE-2019-13198 (The web application of several Kyocera printers (such as the
ECOSYS M5 ...)
+ TODO: check
+CVE-2019-13197 (Some Kyocera printers (such as the ECOSYS M5526cdw
2R7_2000.001.701) w ...)
+ TODO: check
+CVE-2019-13196 (Some Kyocera printers (such as the ECOSYS M5526cdw
2R7_2000.001.701) w ...)
+ TODO: check
+CVE-2019-13195 (The web application of some Kyocera printers (such as the
ECOSYS M5526 ...)
+ TODO: check
+CVE-2019-13194 (Some Brother printers (such as the HL-L8360CDW v1.20) were
affected by ...)
+ TODO: check
+CVE-2019-13193 (Some Brother printers (such as the HL-L8360CDW v1.20) were
affected by ...)
+ TODO: check
+CVE-2019-13192 (Some Brother printers (such as the HL-L8360CDW v1.20) were
affected by ...)
+ TODO: check
CVE-2019-13191 (A SQL injection vulnerability in IntraMaps MapControl 8 allows
attacke ...)
NOT-FOR-US: IntraMaps MapControl
CVE-2019-13190 (In Knowage through 6.1.1, the sign up page does not invalidate
a valid ...)
@@ -44323,22 +44356,22 @@ CVE-2019-13173 (fstream before 1.0.12 is vulnerable
to Arbitrary File Overwrite.
[jessie] - node-fstream <end-of-life> (Nodejs in jessie not covered by
security support)
NOTE: https://www.npmjs.com/advisories/886
NOTE:
https://github.com/npm/fstream/commit/6a77d2fa6e1462693cf8e46f930da96ec1b0bb22
-CVE-2019-13172
- RESERVED
-CVE-2019-13171
- RESERVED
-CVE-2019-13170
- RESERVED
-CVE-2019-13169
- RESERVED
-CVE-2019-13168
- RESERVED
-CVE-2019-13167
- RESERVED
-CVE-2019-13166
- RESERVED
-CVE-2019-13165
- RESERVED
+CVE-2019-13172 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000)
were affe ...)
+ TODO: check
+CVE-2019-13171 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000)
were affe ...)
+ TODO: check
+CVE-2019-13170 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000)
did not i ...)
+ TODO: check
+CVE-2019-13169 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000)
were affe ...)
+ TODO: check
+CVE-2019-13168 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000)
were affe ...)
+ TODO: check
+CVE-2019-13167 (Multiple Stored XSS vulnerabilities were found in the Xerox
Web Applic ...)
+ TODO: check
+CVE-2019-13166 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000)
did not i ...)
+ TODO: check
+CVE-2019-13165 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000)
were affe ...)
+ TODO: check
CVE-2019-13164 (qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a
network inte ...)
{DSA-4512-1 DSA-4506-1 DLA-1927-1}
- qemu 1:4.1-1 (bug #931351)
@@ -47078,8 +47111,8 @@ CVE-2019-12184 (There is XSS in
browser/components/MarkdownPreview.js in BoostIO
NOT-FOR-US: Boostnote
CVE-2019-12183 (Incorrect Access Control in Safescan Timemoto TM-616 and
TA-8000 serie ...)
NOT-FOR-US: Safescan Timemoto
-CVE-2019-12182
- RESERVED
+CVE-2019-12182 (Directory Traversal in Safescan Timemoto and TA-8000 series
version 1. ...)
+ TODO: check
CVE-2019-12181 (A privilege escalation vulnerability exists in SolarWinds
Serv-U befor ...)
NOT-FOR-US: SolarWinds
CVE-2019-12180 (An issue was discovered in SmartBear ReadyAPI through 2.8.2
and 3.0.0 ...)
@@ -62967,8 +63000,8 @@ CVE-2019-6701
RESERVED
CVE-2019-6700 (An information exposure vulnerability in the external
authentication p ...)
NOT-FOR-US: FortiSIEM (Fortiguard)
-CVE-2019-6699
- RESERVED
+CVE-2019-6699 (An improper neutralization of input vulnerability in Fortinet
FortiADC ...)
+ TODO: check
CVE-2019-6698 (Use of Hard-coded Credentials vulnerability in FortiRecorder
all versi ...)
NOT-FOR-US: Fortinet
CVE-2019-6697
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61ca98e5c50e5e0baf199a929c24325ca22cd72a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61ca98e5c50e5e0baf199a929c24325ca22cd72a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
