Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: e0234400 by security tracker role at 2020-03-09T20:10:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,35 @@ +CVE-2020-10250 (BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitra ...) + TODO: check +CVE-2020-10249 (BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid ...) + TODO: check +CVE-2020-10248 (BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwo ...) + TODO: check +CVE-2020-10247 (MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is ...) + TODO: check +CVE-2020-10246 (MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is ...) + TODO: check +CVE-2020-10245 + RESERVED +CVE-2020-10244 (JPaseto before 0.3.0 generates weak hashes when using v2.local tokens. ...) + TODO: check +CVE-2020-10243 + RESERVED +CVE-2020-10242 + RESERVED +CVE-2020-10241 + RESERVED +CVE-2020-10240 + RESERVED +CVE-2020-10239 + RESERVED +CVE-2020-10238 + RESERVED +CVE-2020-10237 (An issue was discovered in Froxlor through 0.10.15. The installer wrot ...) + TODO: check +CVE-2020-10236 (An issue was discovered in Froxlor before 0.10.14. It created files wi ...) + TODO: check +CVE-2020-10235 (An issue was discovered in Froxlor before 0.10.14. Remote attackers wi ...) + TODO: check CVE-2020-10234 RESERVED CVE-2020-10233 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap- ...) @@ -92,13 +124,13 @@ CVE-2020-10194 RESERVED CVE-2020-10193 (ESET Archive Support Module before 1294 allows virus-detection bypass ...) NOT-FOR-US: ESET Archive Support Module -CVE-2020-10192 - RESERVED -CVE-2020-10191 - RESERVED -CVE-2020-10190 - RESERVED -CVE-2020-10189 (Zoho ManageEngine Desktop Central 10 allows remote code execution beca ...) +CVE-2020-10192 (An issue was discovered in Munkireport before 5.3.0.3923. An unauthent ...) + TODO: check +CVE-2020-10191 (An issue was discovered in MunkiReport before 5.3.0. An authenticated ...) + TODO: check +CVE-2020-10190 (An issue was discovered in MunkiReport before 5.3.0. An authenticated ...) + TODO: check +CVE-2020-10189 (Zoho ManageEngine Desktop Central before 10.0.474 allows remote code e ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote attac ...) - netkit-telnet <unfixed> @@ -141,7 +173,7 @@ CVE-2020-10177 CVE-2020-10176 RESERVED CVE-2020-10175 - RESERVED + REJECTED CVE-2020-10174 (init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely ...) - timeshift <unfixed> (bug #953385) NOTE: https://www.openwall.com/lists/oss-security/2020/03/06/3 @@ -1009,8 +1041,8 @@ CVE-2020-9760 RESERVED CVE-2020-9759 RESERVED -CVE-2020-9758 - RESERVED +CVE-2020-9758 (An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (He ...) + TODO: check CVE-2020-9757 (The Seomatic component before 3.2.46 for Craft CMS allows Server-Side ...) NOT-FOR-US: Seomatic component for Craft CMS CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insuff ...) @@ -1514,8 +1546,8 @@ CVE-2020-9519 RESERVED CVE-2020-9518 RESERVED -CVE-2020-9517 - RESERVED +CVE-2020-9517 (There is an improper restriction of rendered UI layers or frames vulne ...) + TODO: check CVE-2020-9516 RESERVED CVE-2020-9515 @@ -1827,8 +1859,8 @@ CVE-2020-9388 RESERVED CVE-2020-9387 RESERVED -CVE-2020-9386 - RESERVED +CVE-2020-9386 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...) + TODO: check CVE-2020-9391 (An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 ...) - linux <unfixed> [buster] - linux <not-affected> (Vulnerable code not present) @@ -2090,8 +2122,8 @@ CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for [stretch] - golang-go.crypto <no-dsa> (Minor issue) [jessie] - golang-go.crypto <no-dsa> (Minor issue) NOTE: https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236 -CVE-2020-9282 - RESERVED +CVE-2020-9282 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...) + TODO: check CVE-2020-9281 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor ...) TODO: check CVE-2020-9280 @@ -2632,6 +2664,7 @@ CVE-2019-20474 (An issue was discovered in Zoho ManageEngine Remote Access Plus CVE-2016-11019 RESERVED CVE-2020-9355 (danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalati ...) + {DSA-4637-1} - network-manager-ssh 1.2.11-1 NOTE: https://github.com/danfruehauf/NetworkManager-ssh/pull/98 NOTE: https://github.com/danfruehauf/NetworkManager-ssh/commit/5d88cd89795352b5df54cc0ebb6a0076b8c89ee4 @@ -2781,8 +2814,8 @@ CVE-2020-8989 (In the Voatz application 2020-01-01 for Android, the amount of da NOT-FOR-US: Voatz application for Android CVE-2020-8988 (The Voatz application 2020-01-01 for Android allows only 100 million d ...) NOT-FOR-US: Voatz application for Android -CVE-2020-8987 - RESERVED +CVE-2020-8987 (Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 pr ...) + TODO: check CVE-2020-8986 RESERVED CVE-2020-8985 @@ -3870,7 +3903,7 @@ CVE-2020-8502 RESERVED CVE-2020-8501 RESERVED -CVE-2020-8500 (In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code ...) +CVE-2020-8500 (** DISPUTED ** In Artica Pandora FMS 7.42, Web Admin users can execute ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-8499 RESERVED @@ -11092,8 +11125,8 @@ CVE-2020-5258 RESERVED CVE-2020-5257 RESERVED -CVE-2020-5256 - RESERVED +CVE-2020-5256 (BookStack before version 0.25.5 has a vulnerability where a user could ...) + TODO: check CVE-2020-5255 RESERVED CVE-2020-5254 @@ -13676,8 +13709,8 @@ CVE-2020-4219 RESERVED CVE-2020-4218 RESERVED -CVE-2020-4217 - RESERVED +CVE-2020-4217 (The IBM Spectrum Scale 4.2 and 5.0 file system component is affected b ...) + TODO: check CVE-2020-4216 RESERVED CVE-2020-4215 @@ -13942,8 +13975,8 @@ CVE-2020-4086 RESERVED CVE-2020-4085 RESERVED -CVE-2020-4084 - RESERVED +CVE-2020-4084 (HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scri ...) + TODO: check CVE-2020-4083 (HCL Connections 6.5 is vulnerable to possible information leakage. Con ...) NOT-FOR-US: HCL Connections CVE-2020-4082 (The HCL Connections 5.5 help system is vulnerable to cross-site script ...) @@ -18718,8 +18751,8 @@ CVE-2019-19616 (An Insecure Direct Object Reference (IDOR) vulnerability in the NOT-FOR-US: Microsoft Dynamics NAV CVE-2019-19615 RESERVED -CVE-2019-19614 - RESERVED +CVE-2019-19614 (An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login p ...) + TODO: check CVE-2019-19613 RESERVED CVE-2019-19612 @@ -19435,58 +19468,58 @@ CVE-2020-2161 RESERVED CVE-2020-2160 RESERVED -CVE-2020-2159 - RESERVED -CVE-2020-2158 - RESERVED -CVE-2020-2157 - RESERVED -CVE-2020-2156 - RESERVED -CVE-2020-2155 - RESERVED -CVE-2020-2154 - RESERVED -CVE-2020-2153 - RESERVED -CVE-2020-2152 - RESERVED -CVE-2020-2151 - RESERVED -CVE-2020-2150 - RESERVED -CVE-2020-2149 - RESERVED -CVE-2020-2148 - RESERVED -CVE-2020-2147 - RESERVED -CVE-2020-2146 - RESERVED -CVE-2020-2145 - RESERVED -CVE-2020-2144 - RESERVED -CVE-2020-2143 - RESERVED -CVE-2020-2142 - RESERVED -CVE-2020-2141 - RESERVED -CVE-2020-2140 - RESERVED -CVE-2020-2139 - RESERVED -CVE-2020-2138 - RESERVED -CVE-2020-2137 - RESERVED -CVE-2020-2136 - RESERVED -CVE-2020-2135 - RESERVED -CVE-2020-2134 - RESERVED +CVE-2020-2159 (Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job ...) + TODO: check +CVE-2020-2158 (Jenkins Literate Plugin 1.0 and earlier does not configure its YAML pa ...) + TODO: check +CVE-2020-2157 (Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured c ...) + TODO: check +CVE-2020-2156 (Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured crede ...) + TODO: check +CVE-2020-2155 (Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configur ...) + TODO: check +CVE-2020-2154 (Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores ...) + TODO: check +CVE-2020-2153 (Jenkins Backlog Plugin 2.4 and earlier transmits configured credential ...) + TODO: check +CVE-2020-2152 (Jenkins Subversion Release Manager Plugin 1.2 and earlier does not esc ...) + TODO: check +CVE-2020-2151 (Jenkins Quality Gates Plugin 2.5 and earlier transmits configured cred ...) + TODO: check +CVE-2020-2150 (Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configu ...) + TODO: check +CVE-2020-2149 (Jenkins Repository Connector Plugin 1.2.6 and earlier transmits config ...) + TODO: check +CVE-2020-2148 (A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier all ...) + TODO: check +CVE-2020-2147 (A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 ...) + TODO: check +CVE-2020-2146 (Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys w ...) + TODO: check +CVE-2020-2145 (Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier sto ...) + TODO: check +CVE-2020-2144 (Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML pa ...) + TODO: check +CVE-2020-2143 (Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credent ...) + TODO: check +CVE-2020-2142 (A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier al ...) + TODO: check +CVE-2020-2141 (A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.1 ...) + TODO: check +CVE-2020-2140 (Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error m ...) + TODO: check +CVE-2020-2139 (An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 ...) + TODO: check +CVE-2020-2138 (Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML p ...) + TODO: check +CVE-2020-2137 (Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML f ...) + TODO: check +CVE-2020-2136 (Jenkins Git Plugin 4.2.0 and earlier does not escape the error message ...) + TODO: check +CVE-2020-2135 (Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier ...) + TODO: check +CVE-2020-2134 (Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier ...) + TODO: check CVE-2020-2133 (Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted ...) NOT-FOR-US: Jenkins plugin CVE-2020-2132 (Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a ...) @@ -20970,8 +21003,7 @@ CVE-2020-1738 [module package can be selected by the ansible facts] - ansible <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802164 NOTE: https://github.com/ansible/ansible/issues/67796 -CVE-2020-1737 [Extract-Zip function in win_unzip module does not check extracted path] - RESERVED +CVE-2020-1737 (A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9 ...) - ansible <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802154 NOTE: https://github.com/ansible/ansible/issues/67795 @@ -21079,8 +21111,7 @@ CVE-2020-1708 (It has been found in openshift-enterprise version 3.11 and all op CVE-2020-1707 RESERVED NOT-FOR-US: openshift -CVE-2020-1706 - RESERVED +CVE-2020-1706 (It has been found that in openshift-enterprise version 3.11 and opensh ...) NOT-FOR-US: openshift CVE-2020-1705 RESERVED @@ -27537,6 +27568,7 @@ CVE-2020-0035 NOT-FOR-US: Android CVE-2020-0034 RESERVED + {DLA-2136-1} - libvpx 1.7.0-3 [stretch] - libvpx <no-dsa> (Minor issue) NOTE: https://github.com/webmproject/libvpx/commit/45daecb4f73a47ab3236a29a3a48c52324cbf19a @@ -50254,8 +50286,8 @@ CVE-2019-10808 RESERVED CVE-2019-10807 RESERVED -CVE-2019-10806 - RESERVED +CVE-2019-10806 (vega-util prior to 1.13.1 allows manipulation of object prototype. The ...) + TODO: check CVE-2019-10805 (valib through 2.0.0 allows Internal Property Tampering. A maliciously ...) NOT-FOR-US: Node valib CVE-2019-10804 (serial-number through 1.3.0 allows execution of arbritary commands. Th ...) @@ -194334,8 +194366,8 @@ CVE-2016-6920 (Heap-based buffer overflow in the decode_block function in libavc NOTE: Vulnerable code not present in any Libav version. CVE-2016-6919 RESERVED -CVE-2016-6918 - RESERVED +CVE-2016-6918 (Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attacke ...) + TODO: check CVE-2016-6917 (Buffer overflow in nvhost_job.c in the NVIDIA video driver for Android ...) NOT-FOR-US: Nvidia driver for Android CVE-2016-6916 (Integer overflow in nvhost_job.c in the NVIDIA video driver for Androi ...) @@ -206918,7 +206950,8 @@ CVE-2016-3182 (The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG [jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0) NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/13 NOTE: https://github.com/uclouvain/openjpeg/issues/725 -CVE-2016-3181 (DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-3182. Reason: T ...) +CVE-2016-3181 + REJECTED - openjpeg2 2.1.1-1 [jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0) NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/12 @@ -212761,8 +212794,8 @@ CVE-2016-1489 (Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48 NOT-FOR-US: Lenovo CVE-2016-1488 (Cross-site scripting (XSS) vulnerability in the login form in the inte ...) NOT-FOR-US: Siemens -CVE-2016-1487 - RESERVED +CVE-2016-1487 (Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons ...) + TODO: check CVE-2016-1486 (A vulnerability in the email attachment scanning functionality of the ...) NOT-FOR-US: Siemens OZW OZW672 CVE-2016-1485 (Cross-site scripting (XSS) vulnerability in Cisco Identity Services En ...) @@ -213923,8 +213956,8 @@ CVE-2016-1161 (Cross-site request forgery (CSRF) vulnerability in ManageEngine P NOT-FOR-US: ManageEngine Password Manager Pro CVE-2016-1160 (Cross-site scripting (XSS) vulnerability in the WP Favorite Posts plug ...) NOT-FOR-US: WP Favorite Posts plugin for WordPress -CVE-2016-1159 - RESERVED +CVE-2016-1159 (In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build ...) + TODO: check CVE-2016-1158 (Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH ...) NOT-FOR-US: Corega CVE-2016-1157 (Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Lo ...) @@ -219093,8 +219126,8 @@ CVE-2015-7969 (Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest [squeeze] - xen <end-of-life> (not supported in squeeze-lts) NOTE: http://xenbits.xen.org/xsa/advisory-149.html NOTE: http://xenbits.xen.org/xsa/advisory-151.html -CVE-2015-7968 - RESERVED +CVE-2015-7968 (nwbc_ext2int in SAP NetWeaver Application Server before Security Note ...) + TODO: check CVE-2015-7967 (SafeNet Authentication Service for Citrix Web Interface Agent uses a w ...) NOT-FOR-US: SafeNet Authentication Service CVE-2015-7966 (SafeNet Authentication Service Windows Logon Agent uses a weak ACL for ...) @@ -220979,20 +221012,20 @@ CVE-2015-7346 (SQL injection vulnerability in ZCMS 1.1. ...) NOT-FOR-US: ZCMS CVE-2015-7345 RESERVED -CVE-2015-7344 - RESERVED -CVE-2015-7343 - RESERVED -CVE-2015-7342 - RESERVED -CVE-2015-7341 - RESERVED -CVE-2015-7340 - RESERVED -CVE-2015-7339 - RESERVED -CVE-2015-7338 - RESERVED +CVE-2015-7344 (HikaShop Joomla Component before 2.6.0 has XSS via an injected payload ...) + TODO: check +CVE-2015-7343 (JNews Joomla Component before 8.5.0 has XSS via the mailingsearch para ...) + TODO: check +CVE-2015-7342 (JNews Joomla Component before 8.5.0 allows SQL injection via upload th ...) + TODO: check +CVE-2015-7341 (JNews Joomla Component before 8.5.0 allows arbitrary File Upload via S ...) + TODO: check +CVE-2015-7340 (JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid i ...) + TODO: check +CVE-2015-7339 (JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a ...) + TODO: check +CVE-2015-7338 (SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via e ...) + TODO: check CVE-2015-7336 RESERVED CVE-2015-7335 @@ -263439,8 +263472,8 @@ CVE-2014-1636 (Multiple SQL injection vulnerabilities in Command School Student NOT-FOR-US: Command School Student Management System CVE-2014-1635 (Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with f ...) NOT-FOR-US: Belkin router -CVE-2014-1634 - RESERVED +CVE-2014-1634 (SQL Injection exists in Advanced Newsletter Magento extension before 2 ...) + TODO: check CVE-2014-1633 RESERVED CVE-2014-1632 (htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers ...) @@ -305476,8 +305509,8 @@ CVE-2011-4539 (dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV- {DSA-2519-2 DSA-2519-1} - dhcp3 <not-affected> (Only affects DHCP 4.x) - isc-dhcp 4.2.2.dfsg.1-5 (bug #652259; low) -CVE-2011-4538 - RESERVED +CVE-2011-4538 (Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to ...) + TODO: check CVE-2011-4537 (Multiple buffer overflows in 7-Technologies (7T) Interactive Graphical ...) NOT-FOR-US: 7-Technologies IGSS CVE-2011-4536 (Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka H ...) @@ -309349,8 +309382,8 @@ CVE-2011-3271 (Unspecified vulnerability in the Smart Install functionality in C NOT-FOR-US: Cisco CVE-2011-3270 (Unspecified vulnerability in Cisco IOS 12.2SB before 12.2(33)SB10 and ...) NOT-FOR-US: Cisco -CVE-2011-3269 - RESERVED +CVE-2011-3269 (Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allo ...) + TODO: check CVE-2011-3268 (Buffer overflow in the crypt function in PHP before 5.3.7 allows conte ...) - php5 5.3.8-1 [squeeze] - php5 <not-affected> (Only affected 5.3.7) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0234400b99f0dfed081f8ec31d116f292556394 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0234400b99f0dfed081f8ec31d116f292556394 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits