Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 584f0481 by security tracker role at 2020-03-07T08:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,51 @@ +CVE-2020-10216 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) + TODO: check +CVE-2020-10215 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) + TODO: check +CVE-2020-10214 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is ...) + TODO: check +CVE-2020-10213 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) + TODO: check +CVE-2020-10212 (upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via ...) + TODO: check +CVE-2020-10211 + RESERVED +CVE-2020-10210 + RESERVED +CVE-2020-10209 + RESERVED +CVE-2020-10208 + RESERVED +CVE-2020-10207 + RESERVED +CVE-2020-10206 + RESERVED +CVE-2020-10205 + RESERVED +CVE-2020-10204 + RESERVED +CVE-2020-10203 + RESERVED +CVE-2020-10202 + RESERVED +CVE-2020-10201 + RESERVED +CVE-2020-10200 + RESERVED +CVE-2020-10199 + RESERVED +CVE-2020-10198 + RESERVED +CVE-2020-10197 + RESERVED +CVE-2020-10196 + RESERVED +CVE-2020-10195 + RESERVED +CVE-2020-10194 + RESERVED +CVE-2020-10193 (ESET Archive Support Module before 1294 allows virus-detection bypass ...) + TODO: check CVE-2020-10192 RESERVED CVE-2020-10191 @@ -181,12 +229,12 @@ CVE-2020-10114 RESERVED CVE-2020-10113 RESERVED -CVE-2020-10112 - RESERVED -CVE-2020-10111 - RESERVED -CVE-2020-10110 - RESERVED +CVE-2020-10112 (Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. ...) + TODO: check +CVE-2020-10111 (Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation ...) + TODO: check +CVE-2020-10110 (Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Throug ...) + TODO: check CVE-2020-10109 RESERVED CVE-2020-10108 @@ -856,7 +904,7 @@ CVE-2020-10022 CVE-2020-10021 RESERVED CVE-2020-10020 - RESERVED + REJECTED CVE-2020-10019 RESERVED CVE-2020-10018 (accessibility/AXObjectCache.cpp in WebKit, as used in WebKitGTK throug ...) @@ -1522,8 +1570,8 @@ CVE-2020-9472 RESERVED CVE-2020-9471 RESERVED -CVE-2020-9470 - RESERVED +CVE-2020-9470 (An issue was discovered in Wing FTP Server 6.2.5 before February 2020. ...) + TODO: check CVE-2020-9469 RESERVED CVE-2020-9468 @@ -1998,8 +2046,8 @@ CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for NOTE: https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236 CVE-2020-9282 RESERVED -CVE-2020-9281 - RESERVED +CVE-2020-9281 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor ...) + TODO: check CVE-2020-9280 RESERVED CVE-2020-9279 @@ -3461,10 +3509,10 @@ CVE-2020-8637 RESERVED CVE-2020-8636 (An issue was discovered in OpServices OpMon 9.3.2 that allows Remote C ...) NOT-FOR-US: OpServices OpMon -CVE-2020-8635 - RESERVED -CVE-2020-8634 - RESERVED +CVE-2020-8635 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...) + TODO: check +CVE-2020-8634 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...) + TODO: check CVE-2020-8633 (An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8 ...) NOT-FOR-US: Zimbra Collaboration Suite (ZCS) CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_ ...) @@ -3919,8 +3967,8 @@ CVE-2020-8441 (JYaml through 1.3 allows remote code execution during deserializa NOT-FOR-US: JYaml CVE-2020-8440 (controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is ...) NOT-FOR-US: Simplejobscript.com SJS -CVE-2020-8439 - RESERVED +CVE-2020-8439 (Monstra CMS through 3.0.4 allows remote authenticated users to take ov ...) + TODO: check CVE-2020-8438 (Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated att ...) NOT-FOR-US: Ruckus devices CVE-2020-8437 (The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505 ...) @@ -6682,8 +6730,7 @@ CVE-2020-7214 RESERVED CVE-2020-7213 (Parallels 13 uses cleartext HTTP as part of the update process, allowi ...) NOT-FOR-US: Parallels -CVE-2020-7212 [denial of service (CPU consumption) because of inefficient algorithm in _encode_invalid_chars function] - RESERVED +CVE-2020-7212 (The _encode_invalid_chars function in util/url.py in the urllib3 libra ...) - python-urllib 1.25.8-1 [buster] - python-urllib3 <not-affected> (Vulnerable code introduced later) [stretch] - python-urllib3 <not-affected> (Vulnerable code introduced later) @@ -10833,10 +10880,10 @@ CVE-2020-5330 RESERVED CVE-2020-5329 RESERVED -CVE-2020-5328 - RESERVED -CVE-2020-5327 - RESERVED +CVE-2020-5328 (Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized ...) + TODO: check +CVE-2020-5327 (Dell Security Management Server versions prior to 10.2.10 contain a Ja ...) + TODO: check CVE-2020-5326 (Affected Dell Client platforms contain a BIOS Setup configuration auth ...) NOT-FOR-US: Dell CVE-2020-5325 @@ -15885,10 +15932,10 @@ CVE-2019-19775 (The image thumbnailing handler in Zulip Server versions 1.9.0 to NOT-FOR-US: Zulip CVE-2019-19774 (An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP ...) NOT-FOR-US: Zoho ManageEngine EventLog Analyzer -CVE-2019-19773 - RESERVED -CVE-2019-19772 - RESERVED +CVE-2019-19773 (Various Lexmark products have stored XSS in the embedded web server us ...) + TODO: check +CVE-2019-19772 (Various Lexmark products have reflected XSS in the embedded web server ...) + TODO: check CVE-2019-19771 (The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have b ...) NOT-FOR-US: lodahs malicious package on npm CVE-2019-19830 (_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authent ...) @@ -38199,25 +38246,25 @@ CVE-2019-14510 (An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When CVE-2019-14509 RESERVED CVE-2019-14508 - RESERVED + REJECTED CVE-2019-14507 - RESERVED + REJECTED CVE-2019-14506 - RESERVED + REJECTED CVE-2019-14505 - RESERVED + REJECTED CVE-2019-14504 - RESERVED + REJECTED CVE-2019-14503 - RESERVED + REJECTED CVE-2019-14502 - RESERVED + REJECTED CVE-2019-14501 - RESERVED + REJECTED CVE-2019-14500 - RESERVED + REJECTED CVE-2019-14499 - RESERVED + REJECTED CVE-2019-14498 (A divide-by-zero error exists in the Control function of demux/caf.c i ...) {DSA-4504-1} - vlc 3.0.8-1 @@ -45960,7 +46007,7 @@ CVE-2016-10750 (In Hazelcast before 3.11, the cluster join procedure is vulnerab - hazelcast <itp> (bug #745640) CVE-2019-12274 (In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to de ...) NOT-FOR-US: Rancher -CVE-2019-12273 (OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF ...) +CVE-2019-12273 (** DISPUTED ** OutSystems Platform 10 through 11 allows ImageResourceD ...) NOT-FOR-US: OutSystems Platform CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/band ...) NOT-FOR-US: OpenWrt LuCI @@ -144239,17 +144286,17 @@ CVE-2017-14210 CVE-2017-14209 RESERVED CVE-2017-14208 - RESERVED + REJECTED CVE-2017-14207 - RESERVED + REJECTED CVE-2017-14206 - RESERVED + REJECTED CVE-2017-14205 - RESERVED + REJECTED CVE-2017-14204 - RESERVED + REJECTED CVE-2017-14203 - RESERVED + REJECTED CVE-2017-14202 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...) NOT-FOR-US: Zephyr CVE-2017-14201 (Use After Free vulnerability in the Zephyr shell allows a serial or te ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/584f048172c4d50634fec29e759f196114ce14fc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/584f048172c4d50634fec29e759f196114ce14fc You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits