Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dccd72c7 by security tracker role at 2020-03-18T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2020-10665 (Docker Desktop allows local privilege escalation to NT
AUTHORITY\SYSTE ...)
+ TODO: check
+CVE-2020-10664
+ RESERVED
+CVE-2020-10663
+ RESERVED
+CVE-2020-10662
+ RESERVED
+CVE-2020-10661
+ RESERVED
+CVE-2020-10660
+ RESERVED
+CVE-2019-20529 (In core/doctype/prepared_report/prepared_report.py in Frappe
11 and 12 ...)
+ TODO: check
+CVE-2019-20528 (Ignite Realtime Openfire 4.4.1 allows XSS via the
setup/setup-datasour ...)
+ TODO: check
+CVE-2019-20527
+ RESERVED
+CVE-2019-20526
+ RESERVED
+CVE-2019-20525
+ RESERVED
+CVE-2019-20524
+ RESERVED
+CVE-2019-20523
+ RESERVED
+CVE-2019-20522
+ RESERVED
+CVE-2019-20521
+ RESERVED
+CVE-2019-20520
+ RESERVED
+CVE-2019-20519
+ RESERVED
+CVE-2019-20518
+ RESERVED
+CVE-2019-20517
+ RESERVED
+CVE-2019-20516
+ RESERVED
+CVE-2019-20515
+ RESERVED
+CVE-2019-20514
+ RESERVED
+CVE-2019-20513
+ RESERVED
+CVE-2019-20512 (Open edX Ironwood.1 allows support/certificates?course_id=
reflected X ...)
+ TODO: check
+CVE-2019-20511 (ERPNext 11.1.47 allows blog?blog_category= Frame Injection.
...)
+ TODO: check
CVE-2020-10659 (Entrust Entelligence Security Provider (ESP) before 10.0.60 on
Windows ...)
TODO: check
CVE-2020-10658
@@ -1175,11 +1225,11 @@ CVE-2020-10114 (cPanel before 84.0.20 allows stored
self-XSS via the HTML file e
NOT-FOR-US: cPanel
CVE-2020-10113 (cPanel before 84.0.20 allows self XSS via a temporary
character-set sp ...)
NOT-FOR-US: cPanel
-CVE-2020-10112 (Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning.
...)
+CVE-2020-10112 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows
Cache Poison ...)
NOT-FOR-US: Citrix
-CVE-2020-10111 (Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent
Interpretation ...)
+CVE-2020-10111 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 has an
Inconsistent ...)
NOT-FOR-US: Citrix
-CVE-2020-10110 (Citrix Gateway 11.1, 12.0, and 12.1 allows Information
Exposure Throug ...)
+CVE-2020-10110 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows
Information ...)
NOT-FOR-US: Citrix
CVE-2020-10109 (In Twisted Web through 19.10.0, there was an HTTP request
splitting vu ...)
{DLA-2145-1}
@@ -2621,8 +2671,8 @@ CVE-2020-9445
RESERVED
CVE-2020-9444
RESERVED
-CVE-2020-9443
- RESERVED
+CVE-2020-9443 (Zulip Desktop before 4.0.3 loaded untrusted content in an
Electron web ...)
+ TODO: check
CVE-2020-9442 (OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions
for %PRO ...)
NOT-FOR-US: OpenVPN Connect on Windows
CVE-2020-9441
@@ -2937,14 +2987,14 @@ CVE-2020-9327 (In SQLite 3.31.1,
isAuxiliaryVtabOperator allows attackers to tri
NOTE: https://www.sqlite.org/cgi/src/info/4374860b29383380
NOTE: https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e
NOTE: https://www.sqlite.org/cgi/src/info/abc473fb8fb99900
-CVE-2020-9326
- RESERVED
-CVE-2020-9325
- RESERVED
-CVE-2020-9324
- RESERVED
-CVE-2020-9323
- RESERVED
+CVE-2020-9326 (BeyondTrust Privilege Management for Windows and Mac (aka PMWM;
former ...)
+ TODO: check
+CVE-2020-9325 (Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary
File Downl ...)
+ TODO: check
+CVE-2020-9324 (Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash
Capture via ...)
+ TODO: check
+CVE-2020-9323 (Aquaforest TIFF Server 4.0 allows Unauthenticated File and
Directory E ...)
+ TODO: check
CVE-2020-9322
RESERVED
CVE-2020-9321 (configurationwatcher.go in Traefik 2.x before 2.1.4 and
TraefikEE 2.0. ...)
@@ -8255,8 +8305,8 @@ CVE-2020-7004
RESERVED
CVE-2020-7003
RESERVED
-CVE-2020-7002
- RESERVED
+CVE-2020-7002 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and
prior. ...)
+ TODO: check
CVE-2020-7001
RESERVED
CVE-2020-7000
@@ -8307,8 +8357,8 @@ CVE-2020-6978
RESERVED
CVE-2020-6977 (A restricted desktop environment escape vulnerability exists in
the Ki ...)
NOT-FOR-US: GE
-CVE-2020-6976
- RESERVED
+CVE-2020-6976 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and
prior. ...)
+ TODO: check
CVE-2020-6975 (Digi International ConnectPort LTS 32 MEI, Firmware Version
1.4.3 (820 ...)
NOT-FOR-US: Digi International ConnectPort LTS 32 MEI
CVE-2020-6974
@@ -14799,8 +14849,8 @@ CVE-2020-4201
RESERVED
CVE-2020-4200 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 10.5 ...)
NOT-FOR-US: IBM
-CVE-2020-4199
- RESERVED
+CVE-2020-4199 (IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site
request f ...)
+ TODO: check
CVE-2020-4198 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to
cross-site scrip ...)
NOT-FOR-US: IBM
CVE-2020-4197 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be
stored loc ...)
@@ -22253,8 +22303,7 @@ CVE-2019-19357
RESERVED
CVE-2019-19356 (Netis WF2419 is vulnerable to authenticated Remote Code
Execution (RCE ...)
NOT-FOR-US: Netis WF2419
-CVE-2019-19355
- RESERVED
+CVE-2019-19355 (An insecure modification vulnerability in the /etc/passwd file
was fou ...)
NOT-FOR-US: openshift
CVE-2019-19354
RESERVED
@@ -22265,8 +22314,7 @@ CVE-2019-19353
CVE-2019-19352
RESERVED
NOT-FOR-US: openshift
-CVE-2019-19351
- RESERVED
+CVE-2019-19351 (An insecure modification vulnerability in the /etc/passwd file
was fou ...)
NOT-FOR-US: openshift
CVE-2019-19350
RESERVED
@@ -22317,8 +22365,7 @@ CVE-2019-19337 (A flaw was found in Red Hat Ceph
Storage version 3 in the way th
CVE-2019-19336
RESERVED
NOT-FOR-US: ovirt-engine
-CVE-2019-19335
- RESERVED
+CVE-2019-19335 (During installation of an OpenShift 4 cluster, the
`openshift-install` ...)
NOT-FOR-US: OpenShift
CVE-2019-19334 (In all versions of libyang before 1.0-r5, a stack-based buffer
overflo ...)
- libyang 0.16.105-2 (bug #946217)
@@ -23071,7 +23118,7 @@ CVE-2019-19066 (A memory leak in the
bfad_im_get_stats() function in drivers/scs
- linux 5.4.13-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
-CVE-2019-19065 (A memory leak in the sdma_init() function in
drivers/infiniband/hw/hfi ...)
+CVE-2019-19065 (** DISPUTED ** A memory leak in the sdma_init() function in
drivers/in ...)
- linux 5.3.9-1
[buster] - linux 4.19.87-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
@@ -26516,10 +26563,10 @@ CVE-2019-18584
REJECTED
CVE-2019-18583
REJECTED
-CVE-2019-18582
- RESERVED
-CVE-2019-18581
- RESERVED
+CVE-2019-18582 (Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2
versions ...)
+ TODO: check
+CVE-2019-18581 (Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2
versions ...)
+ TODO: check
CVE-2019-18580 (Dell EMC Storage Monitoring and Reporting version 4.3.1
contains a Jav ...)
NOT-FOR-US: EMC
CVE-2019-18579 (Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior
to 1.1. ...)
@@ -38168,15 +38215,13 @@ CVE-2019-14886 (A vulnerability was found in
business-central, as shipped in rhd
NOT-FOR-US: Business central
CVE-2019-14885 (A flaw was found in the JBoss EAP Vault system in all versions
before ...)
NOT-FOR-US: JBoss EAP
-CVE-2019-14884
- RESERVED
+CVE-2019-14884 (A vulnerability was found in Moodle 3.7 before 3.73, 3.6
before 3.6.7 ...)
- moodle <removed>
-CVE-2019-14883
- RESERVED
-CVE-2019-14882
- RESERVED
-CVE-2019-14881
- RESERVED
+CVE-2019-14883 (A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7
before 3. ...)
+ TODO: check
+CVE-2019-14882 (A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to
3.6.7, 3.5 to ...)
+ TODO: check
+CVE-2019-14881 (A vulnerability was found in moodle 3.7 to 3.7.2 and before
3.7.3, whe ...)
- moodle <removed>
CVE-2019-14880
RESERVED
@@ -38239,8 +38284,7 @@ CVE-2019-14872
[jessie] - newlib <ignored> (Minor issue)
NOTE:
https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
TODO: picolibc might be affected, not yet in the archive
-CVE-2019-14871
- RESERVED
+CVE-2019-14871 (The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as
used by ...)
- newlib 3.3.0-1
[buster] - newlib <no-dsa> (Minor issue)
[stretch] - newlib <no-dsa> (Minor issue)
@@ -45422,8 +45466,8 @@ CVE-2019-12922 (A CSRF issue in phpMyAdmin 4.9.0.1
allows deletion of any server
[jessie] - phpmyadmin <postponed> (Minor issue, target only accessible
is setup is enabled and htpasswd.setup populated)
NOTE: https://seclists.org/fulldisclosure/2019/Sep/23
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161
(4.9.1)
-CVE-2019-12921
- RESERVED
+CVE-2019-12921 (In GraphicsMagick before 1.3.32, the text filename component
allows re ...)
+ TODO: check
CVE-2019-12920 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4
devices ...)
NOT-FOR-US: Shenzhen Cylan Clever Dog Smart Cameraa DOG-2W and
DOG-2W-V4 devices
CVE-2019-12919 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4
devices ...)
@@ -45851,8 +45895,8 @@ CVE-2019-12771 (Command injection is possible in
ThinStation through 6.1.1 via s
NOT-FOR-US: ThinStation
CVE-2019-12770
RESERVED
-CVE-2019-12769
- RESERVED
+CVE-2019-12769 (SolarWinds Serv-U Managed File Transfer (MFT) Web client
before 15.1.6 ...)
+ TODO: check
CVE-2019-12768
RESERVED
CVE-2019-12767
@@ -46894,18 +46938,18 @@ CVE-2019-12372 (Petraware pTransformer ADC before
2.1.7.22827 allows SQL Injecti
NOT-FOR-US: Petraware pTransformer ADC
CVE-2019-12371
RESERVED
-CVE-2019-12370
- RESERVED
-CVE-2019-12369
- RESERVED
-CVE-2019-12368
- RESERVED
-CVE-2019-12367
- RESERVED
-CVE-2019-12366
- RESERVED
-CVE-2019-12365
- RESERVED
+CVE-2019-12370 (The Spark application through 2.0.2 for Android allows XSS via
an even ...)
+ TODO: check
+CVE-2019-12369 (The TypeApp application through 1.9.5.35 for Android allows
XSS via an ...)
+ TODO: check
+CVE-2019-12368 (The Edison Mail application through 1.7.1 for Android allows
XSS via a ...)
+ TODO: check
+CVE-2019-12367 (The BlueMail application through 1.9.5.36 for Android allows
XSS via a ...)
+ TODO: check
+CVE-2019-12366 (The Nine application through 4.5.3a for Android allows XSS via
an even ...)
+ TODO: check
+CVE-2019-12365 (The Newton application through 10.0.23 for Android allows XSS
via an e ...)
+ TODO: check
CVE-2019-12364
RESERVED
CVE-2019-12363 (An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin
through 2 ...)
@@ -47552,10 +47596,10 @@ CVE-2019-12134 (CSV Injection (aka Excel Macro
Injection or Formula Injection) e
NOT-FOR-US: Workday
CVE-2019-12133 (Multiple Zoho ManageEngine products suffer from local
privilege escala ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2019-12132
- RESERVED
-CVE-2019-12131
- RESERVED
+CVE-2019-12132 (An issue was discovered in ONAP SDNC before Dublin. By
executing sla/d ...)
+ TODO: check
+CVE-2019-12131 (An issue was detected in ONAP APPC through Dublin and SDC
through Dubl ...)
+ TODO: check
CVE-2019-12130
RESERVED
CVE-2019-12129
@@ -47568,32 +47612,32 @@ CVE-2019-12126
RESERVED
CVE-2019-12125
RESERVED
-CVE-2019-12124
- RESERVED
-CVE-2019-12123
- RESERVED
-CVE-2019-12122
- RESERVED
-CVE-2019-12121
- RESERVED
-CVE-2019-12120
- RESERVED
-CVE-2019-12119
- RESERVED
-CVE-2019-12118
- RESERVED
-CVE-2019-12117
- RESERVED
-CVE-2019-12116
- RESERVED
-CVE-2019-12115
- RESERVED
-CVE-2019-12114
- RESERVED
-CVE-2019-12113
- RESERVED
-CVE-2019-12112
- RESERVED
+CVE-2019-12124 (An issue was discovered in ONAP APPC before Dublin. By using
an expose ...)
+ TODO: check
+CVE-2019-12123 (An issue was discovered in ONAP SDNC before Dublin. By
executing sla/p ...)
+ TODO: check
+CVE-2019-12122 (An issue was discovered in ONAP Portal through Dublin. By
executing a ...)
+ TODO: check
+CVE-2019-12121 (An issue was detected in ONAP Portal through Dublin. By
executing a pa ...)
+ TODO: check
+CVE-2019-12120 (An issue was discovered in ONAP VNFSDK through Dublin. By
accessing po ...)
+ TODO: check
+CVE-2019-12119 (An issue was discovered in ONAP SDC through Dublin. By
accessing port ...)
+ TODO: check
+CVE-2019-12118 (An issue was discovered in ONAP SDC through Dublin. By
accessing port ...)
+ TODO: check
+CVE-2019-12117 (An issue was discovered in ONAP SDC through Dublin. By
accessing port ...)
+ TODO: check
+CVE-2019-12116 (An issue was discovered in ONAP SDC through Dublin. By
accessing port ...)
+ TODO: check
+CVE-2019-12115 (An issue was discovered in ONAP SDC through Dublin. By
accessing port ...)
+ TODO: check
+CVE-2019-12114 (An issue was discovered in ONAP HOLMES before Dublin. By
accessing por ...)
+ TODO: check
+CVE-2019-12113 (An issue was discovered in ONAP SDNC before Dublin. By
executing sla/p ...)
+ TODO: check
+CVE-2019-12112 (An issue was discovered in ONAP SDNC before Dublin. By
executing sla/u ...)
+ TODO: check
CVE-2019-12111 (A Denial Of Service vulnerability in MiniUPnP MiniUPnPd
through 2.1 ex ...)
{DLA-1811-1}
- miniupnpd 2.1-6 (bug #930050)
@@ -48894,10 +48938,10 @@ CVE-2019-11690 (gen_rand_uuid in lib/uuid.c in Das
U-Boot v2014.04 through v2019
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <ignored> (Minor issue)
NOTE: https://patchwork.ozlabs.org/patch/1092945
-CVE-2019-11689
- RESERVED
-CVE-2019-11688
- RESERVED
+CVE-2019-11689 (An issue was discovered in ASUSTOR exFAT Driver through
1.0.0.r20. Whe ...)
+ TODO: check
+CVE-2019-11688 (An issue was discovered in ASUSTOR exFAT Driver through
1.0.0.r20. Whe ...)
+ TODO: check
CVE-2019-11687 (An issue was discovered in the DICOM Part 10 File Format in
the NEMA D ...)
NOT-FOR-US: DICOM
CVE-2019-11686 (Western Digital SanDisk X300, X300s, X400, and X600 devices: A
vulnera ...)
@@ -51769,8 +51813,8 @@ CVE-2019-10684
(Application/Admin/Controller/ConfigController.class.php in 74cms
NOT-FOR-US: 74cms
CVE-2019-10683
RESERVED
-CVE-2019-10682
- RESERVED
+CVE-2019-10682 (django-nopassword before 5.0.0 stores cleartext secrets in the
databas ...)
+ TODO: check
CVE-2019-10681
RESERVED
CVE-2019-10680
@@ -52998,8 +53042,7 @@ CVE-2019-10179
RESERVED
- dogtag-pki <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1695901
-CVE-2019-10178
- RESERVED
+CVE-2019-10178 (It was found that the Token Processing Service (TPS) did not
properly ...)
- dogtag-pki <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1719042
CVE-2019-10177 (A stored cross-site scripting (XSS) vulnerability was found in
the PDF ...)
@@ -53137,8 +53180,7 @@ CVE-2019-10147 (rkt through version 1.30.0 does not
isolate processes in contain
- rkt <unfixed> (bug #929781)
NOTE:
https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/
NOTE: https://github.com/rkt/rkt/issues/3998
-CVE-2019-10146
- RESERVED
+CVE-2019-10146 (A Reflected Cross Site Scripting flaw was found in all
pki-core 10.x.x ...)
- dogtag-pki <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1710171
CVE-2019-10145 (rkt through version 1.30.0 does not isolate processes in
containers th ...)
@@ -66044,7 +66086,7 @@ CVE-2019-5703
REJECTED
CVE-2019-5702 (NVIDIA GeForce Experience, all versions prior to 3.20.2,
contains a vu ...)
NOT-FOR-US: NVIDIA
-CVE-2019-5701 (NVIDIA GeForce Experience, all versions prior to 3.20.1,
contains a vu ...)
+CVE-2019-5701 (NVIDIA GeForce Experience, all versions prior to 3.20.0.118,
contains ...)
NOT-FOR-US: NVIDIA GeForce Experience
CVE-2019-5700 (NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra
software con ...)
NOT-FOR-US: NVIDIA Shield TV Experience
@@ -70491,8 +70533,8 @@ CVE-2019-3764 (Dell EMC iDRAC7 versions prior to
2.65.65.65, iDRAC8 versions pri
NOT-FOR-US: EMC
CVE-2019-3763 (The RSA Identity Governance and Lifecycle software and RSA Via
Lifecyc ...)
NOT-FOR-US: RSA
-CVE-2019-3762
- RESERVED
+CVE-2019-3762 (Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and
19.1 cont ...)
+ TODO: check
CVE-2019-3761 (The RSA Identity Governance and Lifecycle software and RSA Via
Lifecyc ...)
NOT-FOR-US: RSA
CVE-2019-3760 (The RSA Identity Governance and Lifecycle software and RSA Via
Lifecyc ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dccd72c7a2b72e73a4bd55e4d1c992e04e1ba4be
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dccd72c7a2b72e73a4bd55e4d1c992e04e1ba4be
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
