Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
584f0481 by security tracker role at 2020-03-07T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2020-10216 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices.
They all ...)
+ TODO: check
+CVE-2020-10215 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices.
They all ...)
+ TODO: check
+CVE-2020-10214 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices.
There is ...)
+ TODO: check
+CVE-2020-10213 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices.
They all ...)
+ TODO: check
+CVE-2020-10212 (upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows
SSRF via ...)
+ TODO: check
+CVE-2020-10211
+ RESERVED
+CVE-2020-10210
+ RESERVED
+CVE-2020-10209
+ RESERVED
+CVE-2020-10208
+ RESERVED
+CVE-2020-10207
+ RESERVED
+CVE-2020-10206
+ RESERVED
+CVE-2020-10205
+ RESERVED
+CVE-2020-10204
+ RESERVED
+CVE-2020-10203
+ RESERVED
+CVE-2020-10202
+ RESERVED
+CVE-2020-10201
+ RESERVED
+CVE-2020-10200
+ RESERVED
+CVE-2020-10199
+ RESERVED
+CVE-2020-10198
+ RESERVED
+CVE-2020-10197
+ RESERVED
+CVE-2020-10196
+ RESERVED
+CVE-2020-10195
+ RESERVED
+CVE-2020-10194
+ RESERVED
+CVE-2020-10193 (ESET Archive Support Module before 1294 allows virus-detection
bypass ...)
+ TODO: check
CVE-2020-10192
RESERVED
CVE-2020-10191
@@ -181,12 +229,12 @@ CVE-2020-10114
RESERVED
CVE-2020-10113
RESERVED
-CVE-2020-10112
- RESERVED
-CVE-2020-10111
- RESERVED
-CVE-2020-10110
- RESERVED
+CVE-2020-10112 (Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning.
...)
+ TODO: check
+CVE-2020-10111 (Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent
Interpretation ...)
+ TODO: check
+CVE-2020-10110 (Citrix Gateway 11.1, 12.0, and 12.1 allows Information
Exposure Throug ...)
+ TODO: check
CVE-2020-10109
RESERVED
CVE-2020-10108
@@ -856,7 +904,7 @@ CVE-2020-10022
CVE-2020-10021
RESERVED
CVE-2020-10020
- RESERVED
+ REJECTED
CVE-2020-10019
RESERVED
CVE-2020-10018 (accessibility/AXObjectCache.cpp in WebKit, as used in
WebKitGTK throug ...)
@@ -1522,8 +1570,8 @@ CVE-2020-9472
RESERVED
CVE-2020-9471
RESERVED
-CVE-2020-9470
- RESERVED
+CVE-2020-9470 (An issue was discovered in Wing FTP Server 6.2.5 before
February 2020. ...)
+ TODO: check
CVE-2020-9469
RESERVED
CVE-2020-9468
@@ -1998,8 +2046,8 @@ CVE-2020-9283 (golang.org/x/crypto before
v0.0.0-20200220183623-bac4c82f6975 for
NOTE:
https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236
CVE-2020-9282
RESERVED
-CVE-2020-9281
- RESERVED
+CVE-2020-9281 (A cross-site scripting (XSS) vulnerability in the HTML Data
Processor ...)
+ TODO: check
CVE-2020-9280
RESERVED
CVE-2020-9279
@@ -3461,10 +3509,10 @@ CVE-2020-8637
RESERVED
CVE-2020-8636 (An issue was discovered in OpServices OpMon 9.3.2 that allows
Remote C ...)
NOT-FOR-US: OpServices OpMon
-CVE-2020-8635
- RESERVED
-CVE-2020-8634
- RESERVED
+CVE-2020-8635 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets
insecure per ...)
+ TODO: check
+CVE-2020-8634 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets
insecure per ...)
+ TODO: check
CVE-2020-8633 (An issue was discovered in Zimbra Collaboration Suite (ZCS)
before 8.8 ...)
NOT-FOR-US: Zimbra Collaboration Suite (ZCS)
CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in
cloudinit/config/cc_ ...)
@@ -3919,8 +3967,8 @@ CVE-2020-8441 (JYaml through 1.3 allows remote code
execution during deserializa
NOT-FOR-US: JYaml
CVE-2020-8440 (controllers/page_apply.php in Simplejobscript.com SJS through
1.66 is ...)
NOT-FOR-US: Simplejobscript.com SJS
-CVE-2020-8439
- RESERVED
+CVE-2020-8439 (Monstra CMS through 3.0.4 allows remote authenticated users to
take ov ...)
+ TODO: check
CVE-2020-8438 (Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an
authenticated att ...)
NOT-FOR-US: Ruckus devices
CVE-2020-8437 (The bencoding parser in BitTorrent uTorrent through 3.5.5
(build 45505 ...)
@@ -6682,8 +6730,7 @@ CVE-2020-7214
RESERVED
CVE-2020-7213 (Parallels 13 uses cleartext HTTP as part of the update process,
allowi ...)
NOT-FOR-US: Parallels
-CVE-2020-7212 [denial of service (CPU consumption) because of inefficient
algorithm in _encode_invalid_chars function]
- RESERVED
+CVE-2020-7212 (The _encode_invalid_chars function in util/url.py in the
urllib3 libra ...)
- python-urllib 1.25.8-1
[buster] - python-urllib3 <not-affected> (Vulnerable code introduced
later)
[stretch] - python-urllib3 <not-affected> (Vulnerable code introduced
later)
@@ -10833,10 +10880,10 @@ CVE-2020-5330
RESERVED
CVE-2020-5329
RESERVED
-CVE-2020-5328
- RESERVED
-CVE-2020-5327
- RESERVED
+CVE-2020-5328 (Dell EMC Isilon OneFS versions prior to 8.2.0 contain an
unauthorized ...)
+ TODO: check
+CVE-2020-5327 (Dell Security Management Server versions prior to 10.2.10
contain a Ja ...)
+ TODO: check
CVE-2020-5326 (Affected Dell Client platforms contain a BIOS Setup
configuration auth ...)
NOT-FOR-US: Dell
CVE-2020-5325
@@ -15885,10 +15932,10 @@ CVE-2019-19775 (The image thumbnailing handler in
Zulip Server versions 1.9.0 to
NOT-FOR-US: Zulip
CVE-2019-19774 (An issue was discovered in Zoho ManageEngine EventLog Analyzer
10.0 SP ...)
NOT-FOR-US: Zoho ManageEngine EventLog Analyzer
-CVE-2019-19773
- RESERVED
-CVE-2019-19772
- RESERVED
+CVE-2019-19773 (Various Lexmark products have stored XSS in the embedded web
server us ...)
+ TODO: check
+CVE-2019-19772 (Various Lexmark products have reflected XSS in the embedded
web server ...)
+ TODO: check
CVE-2019-19771 (The lodahs package 0.0.1 for Node.js is a Trojan horse, and
may have b ...)
NOT-FOR-US: lodahs malicious package on npm
CVE-2019-19830 (_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote
authent ...)
@@ -38199,25 +38246,25 @@ CVE-2019-14510 (An issue was discovered in Kaseya VSA
RMM through 9.5.0.22. When
CVE-2019-14509
RESERVED
CVE-2019-14508
- RESERVED
+ REJECTED
CVE-2019-14507
- RESERVED
+ REJECTED
CVE-2019-14506
- RESERVED
+ REJECTED
CVE-2019-14505
- RESERVED
+ REJECTED
CVE-2019-14504
- RESERVED
+ REJECTED
CVE-2019-14503
- RESERVED
+ REJECTED
CVE-2019-14502
- RESERVED
+ REJECTED
CVE-2019-14501
- RESERVED
+ REJECTED
CVE-2019-14500
- RESERVED
+ REJECTED
CVE-2019-14499
- RESERVED
+ REJECTED
CVE-2019-14498 (A divide-by-zero error exists in the Control function of
demux/caf.c i ...)
{DSA-4504-1}
- vlc 3.0.8-1
@@ -45960,7 +46007,7 @@ CVE-2016-10750 (In Hazelcast before 3.11, the cluster
join procedure is vulnerab
- hazelcast <itp> (bug #745640)
CVE-2019-12274 (In Rancher 1 and 2 through 2.2.3, unprivileged users (if
allowed to de ...)
NOT-FOR-US: Rancher
-CVE-2019-12273 (OutSystems Platform 10 through 11 allows
ImageResourceDetail.aspx CSRF ...)
+CVE-2019-12273 (** DISPUTED ** OutSystems Platform 10 through 11 allows
ImageResourceD ...)
NOT-FOR-US: OutSystems Platform
CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints
admin/status/realtime/band ...)
NOT-FOR-US: OpenWrt LuCI
@@ -144239,17 +144286,17 @@ CVE-2017-14210
CVE-2017-14209
RESERVED
CVE-2017-14208
- RESERVED
+ REJECTED
CVE-2017-14207
- RESERVED
+ REJECTED
CVE-2017-14206
- RESERVED
+ REJECTED
CVE-2017-14205
- RESERVED
+ REJECTED
CVE-2017-14204
- RESERVED
+ REJECTED
CVE-2017-14203
- RESERVED
+ REJECTED
CVE-2017-14202 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
NOT-FOR-US: Zephyr
CVE-2017-14201 (Use After Free vulnerability in the Zephyr shell allows a
serial or te ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/584f048172c4d50634fec29e759f196114ce14fc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/584f048172c4d50634fec29e759f196114ce14fc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
