Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: ee03af7d by security tracker role at 2020-01-31T20:10:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,5 @@ +CVE-2020-8501 + RESERVED CVE-2020-8500 RESERVED CVE-2020-8499 @@ -125,8 +127,8 @@ CVE-2020-8442 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible - ossec-hids <itp> (bug #361954) CVE-2020-8441 RESERVED -CVE-2020-8440 - RESERVED +CVE-2020-8440 (controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is ...) + TODO: check CVE-2020-8439 RESERVED CVE-2020-8438 (Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated att ...) @@ -169,8 +171,8 @@ CVE-2020-8424 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF th NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2020-8423 RESERVED -CVE-2020-8422 - RESERVED +CVE-2020-8422 (An authorization issue was discovered in the Credential Manager featur ...) + TODO: check CVE-2020-8421 (An issue was discovered in Joomla! before 3.9.15. Inadequate escaping ...) NOT-FOR-US: Joomla! CVE-2020-8420 (An issue was discovered in Joomla! before 3.9.15. A missing CSRF token ...) @@ -1175,10 +1177,10 @@ CVE-2020-7958 RESERVED CVE-2020-7957 RESERVED -CVE-2020-7956 - RESERVED -CVE-2020-7955 - RESERVED +CVE-2020-7956 (HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validate ...) + TODO: check +CVE-2020-7955 (HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uni ...) + TODO: check CVE-2020-7954 RESERVED CVE-2020-7953 @@ -1299,8 +1301,8 @@ CVE-2020-7916 RESERVED CVE-2020-7915 (An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI fie ...) NOT-FOR-US: Eaton devices -CVE-2020-7914 - RESERVED +CVE-2020-7914 (In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfigur ...) + TODO: check CVE-2020-7913 (JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS vi ...) NOT-FOR-US: JetBrains CVE-2020-7912 (In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could ...) @@ -2782,10 +2784,10 @@ CVE-2020-7221 RESERVED CVE-2020-7220 (HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circ ...) NOT-FOR-US: HashiCorp Vault -CVE-2020-7219 - RESERVED -CVE-2020-7218 - RESERVED +CVE-2020-7219 (HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services a ...) + TODO: check +CVE-2020-7218 (HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded res ...) + TODO: check CVE-2020-7217 RESERVED CVE-2020-7216 @@ -7011,8 +7013,8 @@ CVE-2020-5236 RESERVED CVE-2020-5235 RESERVED -CVE-2020-5234 - RESERVED +CVE-2020-5234 (MessagePack for C# and Unity before version 1.9.3 and 2.1.80 has a vul ...) + TODO: check CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...) NOT-FOR-US: OAuth2 Proxy CVE-2020-5232 (A user who owns an ENS domain can set a trapdoor, allowing them to tra ...) @@ -15712,8 +15714,8 @@ CVE-2020-1966 RESERVED CVE-2020-1965 RESERVED -CVE-2019-19550 - RESERVED +CVE-2019-19550 (Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 ...) + TODO: check CVE-2019-19549 RESERVED CVE-2019-19548 (Norton Power Eraser, prior to 5.3.0.67, may be susceptible to a privil ...) @@ -21577,8 +21579,8 @@ CVE-2019-18414 (Sourcecodester Restaurant Management System 1.0 is affected by a NOT-FOR-US: Sourcecodester Restaurant Management System CVE-2019-18413 (In TypeStack class-validator 0.10.2, validate() input validation can b ...) NOT-FOR-US: TypeStack class-validator -CVE-2019-18412 - REJECTED +CVE-2019-18412 (JetBrains IDETalk plugin before version 193.4099.10 allows XXE ...) + TODO: check CVE-2019-18411 (Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the ...) NOT-FOR-US: Zoho ManageEngine CVE-2019-18410 @@ -62331,8 +62333,8 @@ CVE-2019-4722 RESERVED CVE-2019-4721 RESERVED -CVE-2019-4720 - RESERVED +CVE-2019-4720 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) + TODO: check CVE-2019-4719 RESERVED CVE-2019-4718 @@ -249847,12 +249849,10 @@ CVE-2014-4862 (The Netmaster CBW700N cable modem with software 81.447.392110.729 NOT-FOR-US: Netmaster CBW700N cable modem CVE-2014-4861 (The Remote Desktop Launcher in Thycotic Secret Server before 8.6.00001 ...) NOT-FOR-US: Remote Desktop Launcher in Thycotic Secret Server -CVE-2014-4860 - RESERVED +CVE-2014-4860 (Multiple integer overflows in the Pre-EFI Initialization (PEI) boot ph ...) - edk2 <not-affected> (No support for updates of hypervisor-supplied firmware from guests) NOTE: https://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation-presentation.pdf -CVE-2014-4859 - RESERVED +CVE-2014-4859 (Integer overflow in the Drive Execution Environment (DXE) phase in the ...) - edk2 <not-affected> (No support for updates of hypervisor-supplied firmware from guests) NOTE: https://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation-presentation.pdf CVE-2014-4858 (Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCe ...) @@ -255277,8 +255277,8 @@ CVE-2014-2845 (Cyberduck before 4.4.4 on Windows does not properly validate X.50 NOT-FOR-US: Cyberduck on Windows CVE-2014-2844 (Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure ...) NOT-FOR-US: F-Secure Messaging Secure Gateway -CVE-2014-2843 - RESERVED +CVE-2014-2843 (Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1 ...) + TODO: check CVE-2014-2842 (Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a de ...) NOT-FOR-US: Juniper ScreenOS CVE-2014-2841 @@ -268362,16 +268362,16 @@ CVE-2013-5118 (Cross-site scripting (XSS) vulnerability in the Good for Enterpri NOT-FOR-US: Good for Enterprise app for iOS CVE-2013-5117 (SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in th ...) NOT-FOR-US: DotNetNuke -CVE-2013-5116 - RESERVED +CVE-2013-5116 (Evernote prior to 5.5.1 has insecure password change ...) + TODO: check CVE-2013-5115 RESERVED -CVE-2013-5114 - RESERVED -CVE-2013-5113 - RESERVED -CVE-2013-5112 - RESERVED +CVE-2013-5114 (LastPass prior to 2.5.1 allows secure wipe bypass. ...) + TODO: check +CVE-2013-5113 (LastPass prior to 2.5.1 has an insecure PIN implementation. ...) + TODO: check +CVE-2013-5112 (Evernote before 5.5.1 has insecure PIN storage ...) + TODO: check CVE-2013-5111 RESERVED CVE-2013-5110 @@ -272803,10 +272803,10 @@ CVE-2013-3491 (Multiple cross-site request forgery (CSRF) vulnerabilities in the NOT-FOR-US: WordPress plugin sharebar CVE-2013-3490 RESERVED -CVE-2013-3489 - RESERVED -CVE-2013-3488 - RESERVED +CVE-2013-3489 (Buffer overflow in Media Player Classic - Home Cinema (MPC-HC) before ...) + TODO: check +CVE-2013-3488 (Stack-based buffer overflow in Media Player Classic - Home Cinema (MPC ...) + TODO: check CVE-2013-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the security lo ...) NOT-FOR-US: BulletProof Security plugin for WordPress CVE-2013-3486 (IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerabilit ...) @@ -273151,8 +273151,8 @@ CVE-2013-3324 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.20 NOT-FOR-US: Adobe Flash Player CVE-2013-3323 RESERVED -CVE-2013-3322 - RESERVED +CVE-2013-3322 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...) + TODO: check CVE-2013-3321 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...) NOT-FOR-US: NetApp CVE-2013-3320 (Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Ma ...) @@ -302017,16 +302017,13 @@ CVE-2011-4120 (Yubico PAM Module before 2.10 performed user authentication when - yubico-pam 2.10-1 CVE-2011-4119 RESERVED -CVE-2011-4117 - RESERVED +CVE-2011-4117 (The Batch::BatchRun module 1.03 for Perl does not properly handle temp ...) NOT-FOR-US: perl Batch::BatchRun CPAN module -CVE-2011-4116 [unsafe traversal of symlinks] - RESERVED +CVE-2011-4116 (_is_safe in the File::Temp module for Perl does not properly handle sy ...) - perl <unfixed> (unimportant; bug #776268) NOTE: http://thread.gmane.org/gmane.comp.security.oss.general/6174/focus=6177 NOTE: https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14 -CVE-2011-4115 - RESERVED +CVE-2011-4115 (Parallel::ForkManager module before 1.0.0 for Perl does not properly h ...) - libparallel-forkmanager-perl <not-affected> (issue introduced in 0.7.6 upstream, never in Debian) NOTE: affected code was never in Debian. Upstream fixed in 1.0.0 NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=68298 @@ -302125,8 +302122,7 @@ CVE-2011-4089 (The bzexe command in bzip2 1.0.5 and earlier generates compressed - bzip2 1.0.6-1 (low; bug #632862) [squeeze] - bzip2 1.0.5-6+squeeze1 [lenny] - bzip2 <no-dsa> (Minor issue) -CVE-2011-4088 - RESERVED +CVE-2011-4088 (ABRT might allow attackers to obtain sensitive information from crash ...) NOT-FOR-US: abrt/libreport CVE-2011-4087 (The br_parse_ip_options function in net/bridge/br_netfilter.c in the L ...) - linux-2.6 3.0.0-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ee03af7d955a877a9cf229167805b4d2fe1a7885 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ee03af7d955a877a9cf229167805b4d2fe1a7885 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits