Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e0234400 by security tracker role at 2020-03-09T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2020-10250 (BWA DiREX-Pro 1.2181 devices allow remote attackers to execute
arbitra ...)
+ TODO: check
+CVE-2020-10249 (BWA DiREX-Pro 1.2181 devices allow full path disclosure via an
invalid ...)
+ TODO: check
+CVE-2020-10248 (BWA DiREX-Pro 1.2181 devices allow remote attackers to
discover passwo ...)
+ TODO: check
+CVE-2020-10247 (MISP 2.4.122 has Persistent XSS in the sighting popover tool.
This is ...)
+ TODO: check
+CVE-2020-10246 (MISP 2.4.122 has reflected XSS via unsanitized URL parameters.
This is ...)
+ TODO: check
+CVE-2020-10245
+ RESERVED
+CVE-2020-10244 (JPaseto before 0.3.0 generates weak hashes when using v2.local
tokens. ...)
+ TODO: check
+CVE-2020-10243
+ RESERVED
+CVE-2020-10242
+ RESERVED
+CVE-2020-10241
+ RESERVED
+CVE-2020-10240
+ RESERVED
+CVE-2020-10239
+ RESERVED
+CVE-2020-10238
+ RESERVED
+CVE-2020-10237 (An issue was discovered in Froxlor through 0.10.15. The
installer wrot ...)
+ TODO: check
+CVE-2020-10236 (An issue was discovered in Froxlor before 0.10.14. It created
files wi ...)
+ TODO: check
+CVE-2020-10235 (An issue was discovered in Froxlor before 0.10.14. Remote
attackers wi ...)
+ TODO: check
CVE-2020-10234
RESERVED
CVE-2020-10233 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is
a heap- ...)
@@ -92,13 +124,13 @@ CVE-2020-10194
RESERVED
CVE-2020-10193 (ESET Archive Support Module before 1294 allows virus-detection
bypass ...)
NOT-FOR-US: ESET Archive Support Module
-CVE-2020-10192
- RESERVED
-CVE-2020-10191
- RESERVED
-CVE-2020-10190
- RESERVED
-CVE-2020-10189 (Zoho ManageEngine Desktop Central 10 allows remote code
execution beca ...)
+CVE-2020-10192 (An issue was discovered in Munkireport before 5.3.0.3923. An
unauthent ...)
+ TODO: check
+CVE-2020-10191 (An issue was discovered in MunkiReport before 5.3.0. An
authenticated ...)
+ TODO: check
+CVE-2020-10190 (An issue was discovered in MunkiReport before 5.3.0. An
authenticated ...)
+ TODO: check
+CVE-2020-10189 (Zoho ManageEngine Desktop Central before 10.0.474 allows
remote code e ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows
remote attac ...)
- netkit-telnet <unfixed>
@@ -141,7 +173,7 @@ CVE-2020-10177
CVE-2020-10176
RESERVED
CVE-2020-10175
- RESERVED
+ REJECTED
CVE-2020-10174 (init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03
unsafely ...)
- timeshift <unfixed> (bug #953385)
NOTE: https://www.openwall.com/lists/oss-security/2020/03/06/3
@@ -1009,8 +1041,8 @@ CVE-2020-9760
RESERVED
CVE-2020-9759
RESERVED
-CVE-2020-9758
- RESERVED
+CVE-2020-9758 (An issue was discovered in chat.php in LiveZilla Live Chat
8.0.1.3 (He ...)
+ TODO: check
CVE-2020-9757 (The Seomatic component before 3.2.46 for Craft CMS allows
Server-Side ...)
NOT-FOR-US: Seomatic component for Craft CMS
CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows
insuff ...)
@@ -1514,8 +1546,8 @@ CVE-2020-9519
RESERVED
CVE-2020-9518
RESERVED
-CVE-2020-9517
- RESERVED
+CVE-2020-9517 (There is an improper restriction of rendered UI layers or
frames vulne ...)
+ TODO: check
CVE-2020-9516
RESERVED
CVE-2020-9515
@@ -1827,8 +1859,8 @@ CVE-2020-9388
RESERVED
CVE-2020-9387
RESERVED
-CVE-2020-9386
- RESERVED
+CVE-2020-9386 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10
before ...)
+ TODO: check
CVE-2020-9391 (An issue was discovered in the Linux kernel 5.4 and 5.5 through
5.5.6 ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -2090,8 +2122,8 @@ CVE-2020-9283 (golang.org/x/crypto before
v0.0.0-20200220183623-bac4c82f6975 for
[stretch] - golang-go.crypto <no-dsa> (Minor issue)
[jessie] - golang-go.crypto <no-dsa> (Minor issue)
NOTE:
https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236
-CVE-2020-9282
- RESERVED
+CVE-2020-9282 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10
before ...)
+ TODO: check
CVE-2020-9281 (A cross-site scripting (XSS) vulnerability in the HTML Data
Processor ...)
TODO: check
CVE-2020-9280
@@ -2632,6 +2664,7 @@ CVE-2019-20474 (An issue was discovered in Zoho
ManageEngine Remote Access Plus
CVE-2016-11019
RESERVED
CVE-2020-9355 (danfruehauf NetworkManager-ssh before 1.2.11 allows privilege
escalati ...)
+ {DSA-4637-1}
- network-manager-ssh 1.2.11-1
NOTE: https://github.com/danfruehauf/NetworkManager-ssh/pull/98
NOTE:
https://github.com/danfruehauf/NetworkManager-ssh/commit/5d88cd89795352b5df54cc0ebb6a0076b8c89ee4
@@ -2781,8 +2814,8 @@ CVE-2020-8989 (In the Voatz application 2020-01-01 for
Android, the amount of da
NOT-FOR-US: Voatz application for Android
CVE-2020-8988 (The Voatz application 2020-01-01 for Android allows only 100
million d ...)
NOT-FOR-US: Voatz application for Android
-CVE-2020-8987
- RESERVED
+CVE-2020-8987 (Avast AntiTrack before 1.5.1.172 and AVG Antitrack before
2.0.0.178 pr ...)
+ TODO: check
CVE-2020-8986
RESERVED
CVE-2020-8985
@@ -3870,7 +3903,7 @@ CVE-2020-8502
RESERVED
CVE-2020-8501
RESERVED
-CVE-2020-8500 (In Artica Pandora FMS 7.42, Web Admin users can execute
arbitrary code ...)
+CVE-2020-8500 (** DISPUTED ** In Artica Pandora FMS 7.42, Web Admin users can
execute ...)
NOT-FOR-US: Artica Pandora FMS
CVE-2020-8499
RESERVED
@@ -11092,8 +11125,8 @@ CVE-2020-5258
RESERVED
CVE-2020-5257
RESERVED
-CVE-2020-5256
- RESERVED
+CVE-2020-5256 (BookStack before version 0.25.5 has a vulnerability where a
user could ...)
+ TODO: check
CVE-2020-5255
RESERVED
CVE-2020-5254
@@ -13676,8 +13709,8 @@ CVE-2020-4219
RESERVED
CVE-2020-4218
RESERVED
-CVE-2020-4217
- RESERVED
+CVE-2020-4217 (The IBM Spectrum Scale 4.2 and 5.0 file system component is
affected b ...)
+ TODO: check
CVE-2020-4216
RESERVED
CVE-2020-4215
@@ -13942,8 +13975,8 @@ CVE-2020-4086
RESERVED
CVE-2020-4085
RESERVED
-CVE-2020-4084
- RESERVED
+CVE-2020-4084 (HCL Connections v5.5, v6.0, and v6.5 are vulnerable to
cross-site scri ...)
+ TODO: check
CVE-2020-4083 (HCL Connections 6.5 is vulnerable to possible information
leakage. Con ...)
NOT-FOR-US: HCL Connections
CVE-2020-4082 (The HCL Connections 5.5 help system is vulnerable to cross-site
script ...)
@@ -18718,8 +18751,8 @@ CVE-2019-19616 (An Insecure Direct Object Reference
(IDOR) vulnerability in the
NOT-FOR-US: Microsoft Dynamics NAV
CVE-2019-19615
RESERVED
-CVE-2019-19614
- RESERVED
+CVE-2019-19614 (An issue was discovered in Halvotec RAQuest 10.23.10801.0. The
login p ...)
+ TODO: check
CVE-2019-19613
RESERVED
CVE-2019-19612
@@ -19435,58 +19468,58 @@ CVE-2020-2161
RESERVED
CVE-2020-2160
RESERVED
-CVE-2020-2159
- RESERVED
-CVE-2020-2158
- RESERVED
-CVE-2020-2157
- RESERVED
-CVE-2020-2156
- RESERVED
-CVE-2020-2155
- RESERVED
-CVE-2020-2154
- RESERVED
-CVE-2020-2153
- RESERVED
-CVE-2020-2152
- RESERVED
-CVE-2020-2151
- RESERVED
-CVE-2020-2150
- RESERVED
-CVE-2020-2149
- RESERVED
-CVE-2020-2148
- RESERVED
-CVE-2020-2147
- RESERVED
-CVE-2020-2146
- RESERVED
-CVE-2020-2145
- RESERVED
-CVE-2020-2144
- RESERVED
-CVE-2020-2143
- RESERVED
-CVE-2020-2142
- RESERVED
-CVE-2020-2141
- RESERVED
-CVE-2020-2140
- RESERVED
-CVE-2020-2139
- RESERVED
-CVE-2020-2138
- RESERVED
-CVE-2020-2137
- RESERVED
-CVE-2020-2136
- RESERVED
-CVE-2020-2135
- RESERVED
-CVE-2020-2134
- RESERVED
+CVE-2020-2159 (Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers
with Job ...)
+ TODO: check
+CVE-2020-2158 (Jenkins Literate Plugin 1.0 and earlier does not configure its
YAML pa ...)
+ TODO: check
+CVE-2020-2157 (Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits
configured c ...)
+ TODO: check
+CVE-2020-2156 (Jenkins DeployHub Plugin 8.0.14 and earlier transmits
configured crede ...)
+ TODO: check
+CVE-2020-2155 (Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits
configur ...)
+ TODO: check
+CVE-2020-2154 (Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier
stores ...)
+ TODO: check
+CVE-2020-2153 (Jenkins Backlog Plugin 2.4 and earlier transmits configured
credential ...)
+ TODO: check
+CVE-2020-2152 (Jenkins Subversion Release Manager Plugin 1.2 and earlier does
not esc ...)
+ TODO: check
+CVE-2020-2151 (Jenkins Quality Gates Plugin 2.5 and earlier transmits
configured cred ...)
+ TODO: check
+CVE-2020-2150 (Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits
configu ...)
+ TODO: check
+CVE-2020-2149 (Jenkins Repository Connector Plugin 1.2.6 and earlier transmits
config ...)
+ TODO: check
+CVE-2020-2148 (A missing permission check in Jenkins Mac Plugin 1.1.0 and
earlier all ...)
+ TODO: check
+CVE-2020-2147 (A cross-site request forgery vulnerability in Jenkins Mac
Plugin 1.1.0 ...)
+ TODO: check
+CVE-2020-2146 (Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host
keys w ...)
+ TODO: check
+CVE-2020-2145 (Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and
earlier sto ...)
+ TODO: check
+CVE-2020-2144 (Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its
XML pa ...)
+ TODO: check
+CVE-2020-2143 (Jenkins Logstash Plugin 2.3.1 and earlier transmits configured
credent ...)
+ TODO: check
+CVE-2020-2142 (A missing permission check in Jenkins P4 Plugin 1.10.10 and
earlier al ...)
+ TODO: check
+CVE-2020-2141 (A cross-site request forgery vulnerability in Jenkins P4 Plugin
1.10.1 ...)
+ TODO: check
+CVE-2020-2140 (Jenkins Audit Trail Plugin 3.2 and earlier does not escape the
error m ...)
+ TODO: check
+CVE-2020-2139 (An arbitrary file write vulnerability in Jenkins Cobertura
Plugin 1.15 ...)
+ TODO: check
+CVE-2020-2138 (Jenkins Cobertura Plugin 1.15 and earlier does not configure
its XML p ...)
+ TODO: check
+CVE-2020-2137 (Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize
HTML f ...)
+ TODO: check
+CVE-2020-2136 (Jenkins Git Plugin 4.2.0 and earlier does not escape the error
message ...)
+ TODO: check
+CVE-2020-2135 (Sandbox protection in Jenkins Script Security Plugin 1.70 and
earlier ...)
+ TODO: check
+CVE-2020-2134 (Sandbox protection in Jenkins Script Security Plugin 1.70 and
earlier ...)
+ TODO: check
CVE-2020-2133 (Jenkins Applatix Plugin 1.1 and earlier stores a password
unencrypted ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2132 (Jenkins Parasoft Environment Manager Plugin 2.14 and earlier
stores a ...)
@@ -20970,8 +21003,7 @@ CVE-2020-1738 [module package can be selected by the
ansible facts]
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802164
NOTE: https://github.com/ansible/ansible/issues/67796
-CVE-2020-1737 [Extract-Zip function in win_unzip module does not check
extracted path]
- RESERVED
+CVE-2020-1737 (A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior,
and 2.9 ...)
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802154
NOTE: https://github.com/ansible/ansible/issues/67795
@@ -21079,8 +21111,7 @@ CVE-2020-1708 (It has been found in
openshift-enterprise version 3.11 and all op
CVE-2020-1707
RESERVED
NOT-FOR-US: openshift
-CVE-2020-1706
- RESERVED
+CVE-2020-1706 (It has been found that in openshift-enterprise version 3.11 and
opensh ...)
NOT-FOR-US: openshift
CVE-2020-1705
RESERVED
@@ -27537,6 +27568,7 @@ CVE-2020-0035
NOT-FOR-US: Android
CVE-2020-0034
RESERVED
+ {DLA-2136-1}
- libvpx 1.7.0-3
[stretch] - libvpx <no-dsa> (Minor issue)
NOTE:
https://github.com/webmproject/libvpx/commit/45daecb4f73a47ab3236a29a3a48c52324cbf19a
@@ -50254,8 +50286,8 @@ CVE-2019-10808
RESERVED
CVE-2019-10807
RESERVED
-CVE-2019-10806
- RESERVED
+CVE-2019-10806 (vega-util prior to 1.13.1 allows manipulation of object
prototype. The ...)
+ TODO: check
CVE-2019-10805 (valib through 2.0.0 allows Internal Property Tampering. A
maliciously ...)
NOT-FOR-US: Node valib
CVE-2019-10804 (serial-number through 1.3.0 allows execution of arbritary
commands. Th ...)
@@ -194334,8 +194366,8 @@ CVE-2016-6920 (Heap-based buffer overflow in the
decode_block function in libavc
NOTE: Vulnerable code not present in any Libav version.
CVE-2016-6919
RESERVED
-CVE-2016-6918
- RESERVED
+CVE-2016-6918 (Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote
attacke ...)
+ TODO: check
CVE-2016-6917 (Buffer overflow in nvhost_job.c in the NVIDIA video driver for
Android ...)
NOT-FOR-US: Nvidia driver for Android
CVE-2016-6916 (Integer overflow in nvhost_job.c in the NVIDIA video driver for
Androi ...)
@@ -206918,7 +206950,8 @@ CVE-2016-3182 (The color_esycc_to_rgb function in
bin/common/color.c in OpenJPEG
[jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in
2.1.0)
NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/13
NOTE: https://github.com/uclouvain/openjpeg/issues/725
-CVE-2016-3181 (DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-3182.
Reason: T ...)
+CVE-2016-3181
+ REJECTED
- openjpeg2 2.1.1-1
[jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in
2.1.0)
NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/12
@@ -212761,8 +212794,8 @@ CVE-2016-1489 (Lenovo SHAREit before 3.2.0 for
Windows and SHAREit before 3.5.48
NOT-FOR-US: Lenovo
CVE-2016-1488 (Cross-site scripting (XSS) vulnerability in the login form in
the inte ...)
NOT-FOR-US: Siemens
-CVE-2016-1487
- RESERVED
+CVE-2016-1487 (Lexmark Markvision Enterprise before 2.3.0 misuses the Apache
Commons ...)
+ TODO: check
CVE-2016-1486 (A vulnerability in the email attachment scanning functionality
of the ...)
NOT-FOR-US: Siemens OZW OZW672
CVE-2016-1485 (Cross-site scripting (XSS) vulnerability in Cisco Identity
Services En ...)
@@ -213923,8 +213956,8 @@ CVE-2016-1161 (Cross-site request forgery (CSRF)
vulnerability in ManageEngine P
NOT-FOR-US: ManageEngine Password Manager Pro
CVE-2016-1160 (Cross-site scripting (XSS) vulnerability in the WP Favorite
Posts plug ...)
NOT-FOR-US: WP Favorite Posts plugin for WordPress
-CVE-2016-1159
- RESERVED
+CVE-2016-1159 (In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0
(Build ...)
+ TODO: check
CVE-2016-1158 (Cross-site request forgery (CSRF) vulnerability on Corega
CG-WLBARGMH ...)
NOT-FOR-US: Corega
CVE-2016-1157 (Cross-site scripting (XSS) vulnerability in log_chat.cgi in
Script* Lo ...)
@@ -219093,8 +219126,8 @@ CVE-2015-7969 (Multiple memory leaks in Xen 4.0
through 4.6.x allow local guest
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
NOTE: http://xenbits.xen.org/xsa/advisory-149.html
NOTE: http://xenbits.xen.org/xsa/advisory-151.html
-CVE-2015-7968
- RESERVED
+CVE-2015-7968 (nwbc_ext2int in SAP NetWeaver Application Server before
Security Note ...)
+ TODO: check
CVE-2015-7967 (SafeNet Authentication Service for Citrix Web Interface Agent
uses a w ...)
NOT-FOR-US: SafeNet Authentication Service
CVE-2015-7966 (SafeNet Authentication Service Windows Logon Agent uses a weak
ACL for ...)
@@ -220979,20 +221012,20 @@ CVE-2015-7346 (SQL injection vulnerability in ZCMS
1.1. ...)
NOT-FOR-US: ZCMS
CVE-2015-7345
RESERVED
-CVE-2015-7344
- RESERVED
-CVE-2015-7343
- RESERVED
-CVE-2015-7342
- RESERVED
-CVE-2015-7341
- RESERVED
-CVE-2015-7340
- RESERVED
-CVE-2015-7339
- RESERVED
-CVE-2015-7338
- RESERVED
+CVE-2015-7344 (HikaShop Joomla Component before 2.6.0 has XSS via an injected
payload ...)
+ TODO: check
+CVE-2015-7343 (JNews Joomla Component before 8.5.0 has XSS via the
mailingsearch para ...)
+ TODO: check
+CVE-2015-7342 (JNews Joomla Component before 8.5.0 allows SQL injection via
upload th ...)
+ TODO: check
+CVE-2015-7341 (JNews Joomla Component before 8.5.0 allows arbitrary File
Upload via S ...)
+ TODO: check
+CVE-2015-7340 (JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via
evid i ...)
+ TODO: check
+CVE-2015-7339 (JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file
upload via a ...)
+ TODO: check
+CVE-2015-7338 (SQL Injection exists in AcyMailing Joomla Component before
4.9.5 via e ...)
+ TODO: check
CVE-2015-7336
RESERVED
CVE-2015-7335
@@ -263439,8 +263472,8 @@ CVE-2014-1636 (Multiple SQL injection vulnerabilities
in Command School Student
NOT-FOR-US: Command School Student Management System
CVE-2014-1635 (Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router
with f ...)
NOT-FOR-US: Belkin router
-CVE-2014-1634
- RESERVED
+CVE-2014-1634 (SQL Injection exists in Advanced Newsletter Magento extension
before 2 ...)
+ TODO: check
CVE-2014-1633
RESERVED
CVE-2014-1632 (htdocs/setup/index.php in Eventum before 2.3.5 allows remote
attackers ...)
@@ -305476,8 +305509,8 @@ CVE-2011-4539 (dhcpd in ISC DHCP 4.x before 4.2.3-P1
and 4.1-ESV before 4.1-ESV-
{DSA-2519-2 DSA-2519-1}
- dhcp3 <not-affected> (Only affects DHCP 4.x)
- isc-dhcp 4.2.2.dfsg.1-5 (bug #652259; low)
-CVE-2011-4538
- RESERVED
+CVE-2011-4538 (Lexmark X, W, T, E, and C devices before 2012-02-09 allow
attackers to ...)
+ TODO: check
CVE-2011-4537 (Multiple buffer overflows in 7-Technologies (7T) Interactive
Graphical ...)
NOT-FOR-US: 7-Technologies IGSS
CVE-2011-4536 (Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe
(aka H ...)
@@ -309349,8 +309382,8 @@ CVE-2011-3271 (Unspecified vulnerability in the Smart
Install functionality in C
NOT-FOR-US: Cisco
CVE-2011-3270 (Unspecified vulnerability in Cisco IOS 12.2SB before
12.2(33)SB10 and ...)
NOT-FOR-US: Cisco
-CVE-2011-3269
- RESERVED
+CVE-2011-3269 (Lexmark X, W, T, E, C, 6500e, and 25xxN devices before
2011-11-15 allo ...)
+ TODO: check
CVE-2011-3268 (Buffer overflow in the crypt function in PHP before 5.3.7
allows conte ...)
- php5 5.3.8-1
[squeeze] - php5 <not-affected> (Only affected 5.3.7)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0234400b99f0dfed081f8ec31d116f292556394
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0234400b99f0dfed081f8ec31d116f292556394
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
