[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 17 Mar 2020 13:10:49 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
deb7ee94 by security tracker role at 2020-03-17T20:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -104,10 +104,10 @@ CVE-2020-10598
        RESERVED
 CVE-2020-10597
        RESERVED
-CVE-2020-10596
-       RESERVED
-CVE-2018-21037
-       RESERVED
+CVE-2020-10596 (OpenCart 3.0.3.2 allows remote authenticated users to conduct 
XSS atta ...)
+       TODO: check
+CVE-2018-21037 (Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF 
to change ...)
+       TODO: check
 CVE-2020-10595
        RESERVED
 CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It 
allows att ...)
@@ -554,8 +554,8 @@ CVE-2020-10382
        RESERVED
 CVE-2020-10381
        RESERVED
-CVE-2020-10380
-       RESERVED
+CVE-2020-10380 (RMySQL through 0.10.19 allows SQL Injection. ...)
+       TODO: check
 CVE-2020-10379
        RESERVED
 CVE-2020-10378
@@ -1129,26 +1129,26 @@ CVE-2019-20500 (D-Link DWL-2600AP 4.2.0.15 Rev A 
devices have an authenticated O
        NOT-FOR-US: D-Link
 CVE-2019-20499 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated 
OS comm ...)
        NOT-FOR-US: D-Link
-CVE-2020-10122
-       RESERVED
-CVE-2020-10121
-       RESERVED
-CVE-2020-10120
-       RESERVED
-CVE-2020-10119
-       RESERVED
-CVE-2020-10118
-       RESERVED
-CVE-2020-10117
-       RESERVED
-CVE-2020-10116
-       RESERVED
-CVE-2020-10115
-       RESERVED
-CVE-2020-10114
-       RESERVED
-CVE-2020-10113
-       RESERVED
+CVE-2020-10122 (cPanel before 84.0.20 allows a webmail or demo account to 
delete arbit ...)
+       TODO: check
+CVE-2020-10121 (cPanel before 84.0.20 allows a demo account to achieve code 
execution  ...)
+       TODO: check
+CVE-2020-10120 (cPanel before 84.0.20 allows resellers to achieve remote code 
executio ...)
+       TODO: check
+CVE-2020-10119 (cPanel before 84.0.20 allows a demo account to achieve remote 
code exe ...)
+       TODO: check
+CVE-2020-10118 (cPanel before 84.0.20 allows a demo account to modify files 
via Brandi ...)
+       TODO: check
+CVE-2020-10117 (cPanel before 84.0.20 mishandles enforcement of demo checks in 
the Mar ...)
+       TODO: check
+CVE-2020-10116 (cPanel before 84.0.20 allows attackers to bypass intended 
restrictions ...)
+       TODO: check
+CVE-2020-10115 (cPanel before 84.0.20, when PowerDNS is used, allows arbitrary 
code ex ...)
+       TODO: check
+CVE-2020-10114 (cPanel before 84.0.20 allows stored self-XSS via the HTML file 
editor  ...)
+       TODO: check
+CVE-2020-10113 (cPanel before 84.0.20 allows self XSS via a temporary 
character-set sp ...)
+       TODO: check
 CVE-2020-10112 (Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. 
...)
        NOT-FOR-US: Citrix
 CVE-2020-10111 (Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent 
Interpretation ...)
@@ -1156,10 +1156,12 @@ CVE-2020-10111 (Citrix Gateway 11.1, 12.0, and 12.1 has 
an Inconsistent Interpre
 CVE-2020-10110 (Citrix Gateway 11.1, 12.0, and 12.1 allows Information 
Exposure Throug ...)
        NOT-FOR-US: Citrix
 CVE-2020-10109 (In Twisted Web through 19.10.0, there was an HTTP request 
splitting vu ...)
+       {DLA-2145-1}
        - twisted <unfixed> (bug #953950)
        NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
        NOTE: 
https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
 CVE-2020-10108 (In Twisted Web through 19.10.0, there was an HTTP request 
splitting vu ...)
+       {DLA-2145-1}
        - twisted <unfixed> (bug #953950)
        NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
        NOTE: 
https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
@@ -1292,24 +1294,24 @@ CVE-2020-10059
        RESERVED
 CVE-2020-10058
        RESERVED
-CVE-2019-20498
-       RESERVED
-CVE-2019-20497
-       RESERVED
-CVE-2019-20496
-       RESERVED
-CVE-2019-20495
-       RESERVED
-CVE-2019-20494
-       RESERVED
-CVE-2019-20493
-       RESERVED
-CVE-2019-20492
-       RESERVED
+CVE-2019-20498 (cPanel before 82.0.18 allows WebDAV authentication bypass 
because the  ...)
+       TODO: check
+CVE-2019-20497 (cPanel before 82.0.18 allows stored XSS via WHM Backup 
Restoration (SE ...)
+       TODO: check
+CVE-2019-20496 (cPanel before 82.0.18 allows attackers to conduct arbitrary 
chown oper ...)
+       TODO: check
+CVE-2019-20495 (cPanel before 82.0.18 allows attackers to read an arbitrary 
database v ...)
+       TODO: check
+CVE-2019-20494 (In cPanel before 82.0.18, Cpanel::Rand::Get can produce a 
predictable  ...)
+       TODO: check
+CVE-2019-20493 (cPanel before 82.0.18 allows self-XSS because JSON string 
escaping is  ...)
+       TODO: check
+CVE-2019-20492 (cPanel before 82.0.18 allows authentication bypass because of 
misparsi ...)
+       TODO: check
 CVE-2019-20491 (cPanel before 82.0.18 allows attackers to leverage virtual 
mail accoun ...)
        NOT-FOR-US: cPanel
-CVE-2019-20490
-       RESERVED
+CVE-2019-20490 (cPanel before 82.0.18 allows authentication bypass because 
webmail use ...)
+       TODO: check
 CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due 
to broke ...)
        NOT-FOR-US: GeniXCMS
 CVE-2020-10056
@@ -3911,10 +3913,10 @@ CVE-2020-8886
        RESERVED
 CVE-2020-8885
        RESERVED
-CVE-2019-20453
-       RESERVED
-CVE-2019-20452
-       RESERVED
+CVE-2019-20453 (A problem was found in Pydio Core before 8.2.4 and Pydio 
Enterprise be ...)
+       TODO: check
+CVE-2019-20452 (A problem was found in Pydio Core before 8.2.4 and Pydio 
Enterprise be ...)
+       TODO: check
 CVE-2012-6721 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
the (1)  ...)
        NOT-FOR-US: SocialEngine
 CVE-2012-6720 (Multiple cross-site scripting (XSS) vulnerabilities in 
SocialEngine be ...)
@@ -9077,8 +9079,8 @@ CVE-2020-6648
        RESERVED
 CVE-2020-6647
        RESERVED
-CVE-2020-6646
-       RESERVED
+CVE-2020-6646 (An improper neutralization of input vulnerability in FortiWeb 
allows a ...)
+       TODO: check
 CVE-2020-6645
        RESERVED
 CVE-2020-6644
@@ -15255,10 +15257,10 @@ CVE-2020-3953
        RESERVED
 CVE-2020-3952
        RESERVED
-CVE-2020-3951
-       RESERVED
-CVE-2020-3950
-       RESERVED
+CVE-2020-3951 (VMware Workstation (15.x before 15.5.2) and Horizon Client for 
Windows ...)
+       TODO: check
+CVE-2020-3950 (VMware Fusion (11.x before 11.5.2), VMware Remote Console for 
Mac (11. ...)
+       TODO: check
 CVE-2020-3949
        RESERVED
 CVE-2020-3948 (Linux Guest VMs running on VMware Workstation (15.x before 
15.5.2) and ...)
@@ -22078,8 +22080,7 @@ CVE-2020-1721
        RESERVED
        - dogtag-pki <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1777579
-CVE-2020-1720
-       RESERVED
+CVE-2020-1720 (A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON 
EXTENSION", whe ...)
        {DSA-4623-1 DSA-4622-1 DLA-2105-1}
        - postgresql-12 12.2-1
        - postgresql-11 <unfixed>
@@ -26592,7 +26593,7 @@ CVE-2020-0558
        RESERVED
 CVE-2020-0557
        RESERVED
-CVE-2020-0556 (Improper access control in subsystem for BlueZ before version 
5.53 may ...)
+CVE-2020-0556 (Improper access control in subsystem for BlueZ before version 
5.54 may ...)
        - bluez <unfixed> (bug #953770)
        NOTE: 
https://lore.kernel.org/linux-bluetooth/[email protected]/
        NOTE: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1
@@ -35425,6 +35426,7 @@ CVE-2019-15691 (TigerVNC version prior to 1.10.1 is 
vulnerable to stack use-afte
        NOTE: 
https://github.com/TigerVNC/tigervnc/commit/042de4642293df9b72a08189c249e2da79cbca91
 (v1.10.1)
 CVE-2019-15690
        RESERVED
+       {DLA-2146-1}
        - libvncserver <unfixed> (bug #954163)
        NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2
        NOTE: https://github.com/LibVNC/libvncserver/issues/381
@@ -50478,8 +50480,8 @@ CVE-2019-11076 (Cribl UI 1.5.0 allows remote attackers 
to run arbitrary commands
        NOT-FOR-US: Cribl UI
 CVE-2019-11075
        RESERVED
-CVE-2019-11074
-       RESERVED
+CVE-2019-11074 (A Write to Arbitrary Location in Disk vulnerability exists in 
PRTG Net ...)
+       TODO: check
 CVE-2019-11073 (A Remote Code Execution vulnerability exists in PRTG Network 
Monitor b ...)
        TODO: check
 CVE-2019-11072 (** DISPUTED ** lighttpd before 1.4.54 has a signed integer 
overflow, w ...)
@@ -84292,8 +84294,8 @@ CVE-2018-18578 (DedeCMS 5.7 SP2 allows XSS via the 
plus/qrcode.php type paramete
        NOT-FOR-US: DedeCMS
 CVE-2018-18577
        RESERVED
-CVE-2018-18576
-       RESERVED
+CVE-2018-18576 (The Hustle (aka wordpress-popup) plugin through 6.0.5 for 
WordPress al ...)
+       TODO: check
 CVE-2018-18585 (chmd_read_headers in mspack/chmd.c in libmspack before 
0.8alpha accept ...)
        {DLA-1555-1}
        - libmspack 0.8-1 (bug #911637)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/deb7ee944da38f6c9fc887ac05221d3988cd8757

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/deb7ee944da38f6c9fc887ac05221d3988cd8757
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to