Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cf64c775 by security tracker role at 2020-03-20T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2020-10683
+ RESERVED
+CVE-2020-10682 (The Filemanager in CMS Made Simple 2.2.13 allows remote code
execution ...)
+ TODO: check
+CVE-2020-10681 (The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a
.pxd fi ...)
+ TODO: check
+CVE-2020-10680
+ RESERVED
CVE-2020-10679
RESERVED
CVE-2020-10678 (In Octopus Deploy before 2020.1.5, for customers running
on-premises A ...)
@@ -16,8 +24,8 @@ CVE-2020-10671 (The Canon Oce Colorwave 500 4.0.0.0 printer's
web application is
NOT-FOR-US: Canon
CVE-2020-10670 (The web application exposed by the Canon Oce Colorwave 500
4.0.0.0 pri ...)
NOT-FOR-US: Canon
-CVE-2020-10669
- RESERVED
+CVE-2020-10669 (The web application exposed by the Canon Oce Colorwave 500
4.0.0.0 pri ...)
+ TODO: check
CVE-2020-10668 (The web application exposed by the Canon Oce Colorwave 500
4.0.0.0 pri ...)
NOT-FOR-US: Canon
CVE-2020-10667 (The web application exposed by the Canon Oce Colorwave 500
4.0.0.0 pri ...)
@@ -1082,7 +1090,7 @@ CVE-2020-10188 (utility.c in telnetd in netkit telnet
through 0.17 allows remote
NOTE:
https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html
TODO: check further details
CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in
sctp_load_address ...)
- {DSA-4639-1 DLA-2140-1}
+ {DSA-4642-1 DSA-4639-1 DLA-2140-1}
- libusrsctp 0.9.3.0+20200312-1 (bug #953270)
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
@@ -2970,16 +2978,16 @@ CVE-2020-9349
RESERVED
CVE-2020-9348
RESERVED
-CVE-2020-9347 (Zoho ManageEngine Password Manager Pro through 10.x has a CSV
Excel Ma ...)
+CVE-2020-9347 (** DISPUTED ** Zoho ManageEngine Password Manager Pro through
10.x has ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2020-9346 (Zoho ManageEngine Password Manager Pro 10.4 and prior has no
protectio ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2020-9345
- RESERVED
-CVE-2020-9344
- RESERVED
-CVE-2020-9343
- RESERVED
+CVE-2020-9345 (An issue was discovered in signotec signoPAD-API/Web (formerly
Websock ...)
+ TODO: check
+CVE-2020-9344 (Subversion ALM for the enterprise before 8.8.2 allows reflected
XSS at ...)
+ TODO: check
+CVE-2020-9343 (An issue was discovered in signotec signoPAD-API/Web (formerly
Websock ...)
+ TODO: check
CVE-2020-9342 (The F-Secure AV parsing engine before 2020-02-05 allows
virus-detectio ...)
NOT-FOR-US: F-Secure AV parsing engine
CVE-2020-9341 (CandidATS 2.1.0 is vulnerable to CSRF that allows for an
administrator ...)
@@ -8344,8 +8352,8 @@ CVE-2020-7008
RESERVED
CVE-2020-7007
RESERVED
-CVE-2020-7006
- RESERVED
+CVE-2020-7006 (Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port,
RJ45), ...)
+ TODO: check
CVE-2020-7005
RESERVED
CVE-2020-7004
@@ -8763,7 +8771,7 @@ CVE-2020-6815
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815
CVE-2020-6814
RESERVED
- {DSA-4639-1 DLA-2140-1}
+ {DSA-4642-1 DSA-4639-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
- thunderbird 1:68.6.0-1
@@ -8776,7 +8784,7 @@ CVE-2020-6813
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6813
CVE-2020-6812
RESERVED
- {DSA-4639-1 DLA-2140-1}
+ {DSA-4642-1 DSA-4639-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
- thunderbird 1:68.6.0-1
@@ -8785,7 +8793,7 @@ CVE-2020-6812
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812
CVE-2020-6811
RESERVED
- {DSA-4639-1 DLA-2140-1}
+ {DSA-4642-1 DSA-4639-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
- thunderbird 1:68.6.0-1
@@ -8806,7 +8814,7 @@ CVE-2020-6808
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6808
CVE-2020-6807
RESERVED
- {DSA-4639-1 DLA-2140-1}
+ {DSA-4642-1 DSA-4639-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
- thunderbird 1:68.6.0-1
@@ -8815,7 +8823,7 @@ CVE-2020-6807
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807
CVE-2020-6806
RESERVED
- {DSA-4639-1 DLA-2140-1}
+ {DSA-4642-1 DSA-4639-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
- thunderbird 1:68.6.0-1
@@ -8824,7 +8832,7 @@ CVE-2020-6806
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806
CVE-2020-6805
RESERVED
- {DSA-4639-1 DLA-2140-1}
+ {DSA-4642-1 DSA-4639-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
- thunderbird 1:68.6.0-1
@@ -12249,6 +12257,7 @@ CVE-2020-5269
CVE-2020-5268
RESERVED
CVE-2020-5267 (In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a
possible ...)
+ {DLA-2149-1}
- rails <unfixed> (bug #954304)
NOTE: https://www.openwall.com/lists/oss-security/2020/03/19/1
CVE-2020-5266
@@ -21549,14 +21558,14 @@ CVE-2019-19489 (SMPlayer 19.5.0 has a buffer overflow
via a long .m3u file. ...)
NOTE: Bogus report, smplayer correctly bails out
CVE-2019-19488
RESERVED
-CVE-2019-19487
- RESERVED
-CVE-2019-19486
- RESERVED
+CVE-2019-19487 (Command Injection in minPlayCommand.php in Centreon (19.04.4
and below ...)
+ TODO: check
+CVE-2019-19486 (Local File Inclusion in minPlayCommand.php in Centreon
(19.04.4 and be ...)
+ TODO: check
CVE-2019-19485
RESERVED
-CVE-2019-19484
- RESERVED
+CVE-2019-19484 (Open redirect via parameter ‘p’ in login.php in
Centreon ( ...)
+ TODO: check
CVE-2019-19483
RESERVED
CVE-2019-19482
@@ -23325,20 +23334,20 @@ CVE-2019-19031 (Easy XML Editor through v1.7.8 is
affected by: XML External Enti
NOT-FOR-US: Easy XML Editor
CVE-2019-19030
RESERVED
-CVE-2019-19029
- RESERVED
+CVE-2019-19029 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and
1.9.3 allo ...)
+ TODO: check
CVE-2019-19028
RESERVED
CVE-2019-19027
RESERVED
-CVE-2019-19026
- RESERVED
-CVE-2019-19025
- RESERVED
+CVE-2019-19026 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and
1.9.3 allo ...)
+ TODO: check
+CVE-2019-19025 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and
1.9.3 allo ...)
+ TODO: check
CVE-2019-19024
RESERVED
-CVE-2019-19023
- RESERVED
+CVE-2019-19023 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and
1.9.3 has ...)
+ TODO: check
CVE-2019-19022 (iTerm2 through 3.3.6 has potentially insufficient
documentation about ...)
NOT-FOR-US: iTerm2
CVE-2019-19021 (An issue was discovered in TitanHQ WebTitan before 5.18. It
has a hidd ...)
@@ -23960,14 +23969,14 @@ CVE-2019-18788
RESERVED
CVE-2019-18787
RESERVED
-CVE-2019-18785
- RESERVED
+CVE-2019-18785 (SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9
mishandles ...)
+ TODO: check
CVE-2019-18784 (SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions
prior to ...)
NOT-FOR-US: SuiteCRM
CVE-2019-18783
RESERVED
-CVE-2019-18782
- RESERVED
+CVE-2019-18782 (SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9
does not c ...)
+ TODO: check
CVE-2019-18781 (An open redirect vulnerability was discovered in Zoho
ManageEngine ADS ...)
NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2019-18786 (In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is
uninitial ...)
@@ -33118,8 +33127,7 @@ CVE-2019-16531 (LayerBB before 1.1.4 has multiple CSRF
issues, as demonstrated b
NOT-FOR-US: LayerBB
CVE-2019-16530 (Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x
before 3. ...)
NOT-FOR-US: Sonatype
-CVE-2019-16529
- RESERVED
+CVE-2019-16529 (An issue was discovered in the CheckUser extension through
1.35.0 for ...)
NOT-FOR-US: CheckUser extension for MediawWiki
CVE-2019-16528
RESERVED
@@ -34369,8 +34377,8 @@ CVE-2019-16110 (The network protocol of Blade Shadow
though 2.13.3 allows remote
NOT-FOR-US: Blade Shadow
CVE-2019-16109 (An issue was discovered in Plataformatec Devise before 4.7.1.
It confi ...)
NOT-FOR-US: Plataformatec Devise
-CVE-2019-16108
- RESERVED
+CVE-2019-16108 (phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets
(CSS) to ...)
+ TODO: check
CVE-2019-16107 (Missing form token validation in phpBB 3.2.7 allows CSRF in
deleting p ...)
NOT-FOR-US: phpBB
CVE-2018-21014 (The buddyboss-media plugin through 3.2.3 for WordPress has
stored XSS. ...)
@@ -34462,16 +34470,16 @@ CVE-2019-16074
RESERVED
CVE-2019-16073
RESERVED
-CVE-2019-16072
- RESERVED
-CVE-2019-16071
- RESERVED
+CVE-2019-16072 (An OS command injection vulnerability in the
discover_and_manage CGI s ...)
+ TODO: check
+CVE-2019-16071 (Enigma NMS 65.0.0 and prior allows administrative users to
create low- ...)
+ TODO: check
CVE-2019-16070 (A number of stored Cross-site Scripting (XSS) vulnerabilities
were ide ...)
TODO: check
-CVE-2019-16069
- RESERVED
-CVE-2019-16068
- RESERVED
+CVE-2019-16069 (A number of stored Cross-site Scripting (XSS) vulnerabilities
were ide ...)
+ TODO: check
+CVE-2019-16068 (A CSRF vulnerability exists in NETSAS ENIGMA NMS version
65.0.0 and pr ...)
+ TODO: check
CVE-2019-16067 (NETSAS Enigma NMS 65.0.0 and prior utilises basic
authentication over ...)
TODO: check
CVE-2019-16066 (An unrestricted file upload vulnerability exists in user and
system fi ...)
@@ -34480,8 +34488,8 @@ CVE-2019-16065 (A remote SQL injection web
vulnerability was discovered in the E
TODO: check
CVE-2019-16064 (NETSAS Enigma NMS 65.0.0 and prior suffers from a directory
traversal ...)
TODO: check
-CVE-2019-16063
- RESERVED
+CVE-2019-16063 (NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive
data ren ...)
+ TODO: check
CVE-2019-16062 (NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive
data sto ...)
TODO: check
CVE-2019-16061 (A number of files on the NETSAS Enigma NMS server 65.0.0 and
prior are ...)
@@ -72343,12 +72351,12 @@ CVE-2018-20337 (There is a stack-based buffer
overflow in the parse_makernote fu
NOTE: https://github.com/LibRaw/LibRaw/issues/192
CVE-2018-20336 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is
a stack ...)
NOT-FOR-US: ASUSWRT
-CVE-2018-20335
- RESERVED
-CVE-2018-20334
- RESERVED
-CVE-2018-20333
- RESERVED
+CVE-2018-20335 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An
unauthenticat ...)
+ TODO: check
+CVE-2018-20334 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When
processing ...)
+ TODO: check
+CVE-2018-20333 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An
unauthenticat ...)
+ TODO: check
CVE-2018-20332 (An issue has been discovered in the OpenWebif plugin through
1.2.4 for ...)
NOT-FOR-US: OpenWebif plugin
CVE-2018-20331 (Local attackers can trigger a Kernel Pool Buffer Overflow in
Antiy AVL ...)
@@ -171677,7 +171685,7 @@ CVE-2017-5717 (Type Confusion in Content Protection
HECI Service in Intel Graphi
CVE-2017-5716
REJECTED
CVE-2017-5715 (Systems with microprocessors utilizing speculative execution
and indir ...)
- {DSA-4213-1 DSA-4201-1 DSA-4188-1 DSA-4187-1 DLA-1497-1 DLA-1422-1
DLA-1369-1}
+ {DSA-4213-1 DSA-4201-1 DSA-4188-1 DSA-4187-1 DLA-2148-1 DLA-1497-1
DLA-1422-1 DLA-1369-1}
- linux 4.15.11-1
- intel-microcode 3.20180425.1
[stretch] - intel-microcode 3.20180425.1~deb9u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf64c77533cca6d18f8550c06e4d42b7ff4973fe
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf64c77533cca6d18f8550c06e4d42b7ff4973fe
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
