Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5ab37263 by security tracker role at 2020-03-11T20:10:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -16,8 +16,8 @@ CVE-2020-10378 RESERVED CVE-2020-10377 RESERVED -CVE-2020-10376 - RESERVED +CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to ...) + TODO: check CVE-2020-10375 RESERVED CVE-2020-10374 @@ -424,6 +424,7 @@ CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote NOTE: https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html TODO: check further details CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_address ...) + {DSA-4639-1} - libusrsctp <unfixed> (bug #953270) - firefox <unfixed> - firefox-esr 68.6.0esr-1 @@ -448,8 +449,8 @@ CVE-2020-10183 RESERVED CVE-2020-10182 RESERVED -CVE-2020-10181 - RESERVED +CVE-2020-10181 (goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4. ...) + TODO: check CVE-2019-20502 (An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer ...) NOT-FOR-US: EFS Easy Chat Server CVE-2020-10180 (The ESET AV parsing engine allows virus-detection bypass via a crafted ...) @@ -4108,8 +4109,8 @@ CVE-2020-8542 RESERVED CVE-2020-8541 RESERVED -CVE-2020-8540 - RESERVED +CVE-2020-8540 (An XML external entity (XXE) vulnerability iin Zoho ManageEngine Deskt ...) + TODO: check CVE-2020-8539 RESERVED CVE-2020-8538 @@ -8045,6 +8046,7 @@ CVE-2020-6815 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815 CVE-2020-6814 RESERVED + {DSA-4639-1} - firefox <unfixed> - firefox-esr 68.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6814 @@ -8055,12 +8057,14 @@ CVE-2020-6813 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6813 CVE-2020-6812 RESERVED + {DSA-4639-1} - firefox <unfixed> - firefox-esr 68.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6812 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812 CVE-2020-6811 RESERVED + {DSA-4639-1} - firefox <unfixed> - firefox-esr 68.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6811 @@ -8079,18 +8083,21 @@ CVE-2020-6808 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6808 CVE-2020-6807 RESERVED + {DSA-4639-1} - firefox <unfixed> - firefox-esr 68.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6807 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807 CVE-2020-6806 RESERVED + {DSA-4639-1} - firefox <unfixed> - firefox-esr 68.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6806 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806 CVE-2020-6805 RESERVED + {DSA-4639-1} - firefox <unfixed> - firefox-esr 68.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6805 @@ -11501,11 +11508,13 @@ CVE-2020-5261 CVE-2020-5260 RESERVED CVE-2020-5259 (In affected versions of dojox (NPM package), the jqMix method is vulne ...) + {DLA-2139-1} - dojo 1.15.3+dfsg1-1 (bug #953587) [buster] - dojo <no-dsa> (Minor issue) NOTE: https://github.com/dojo/dojox/security/advisories/GHSA-3hw5-q855-g6cw NOTE: https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da CVE-2020-5258 (In affected versions of dojo (NPM package), the deepCopy method is vul ...) + {DLA-2139-1} - dojo 1.15.3+dfsg1-1 (bug #953585) [buster] - dojo <no-dsa> (Minor issue) NOTE: https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2 @@ -11678,8 +11687,8 @@ CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in Po NOT-FOR-US: Pow CVE-2020-5204 (In uftpd before 2.11, there is a buffer overflow vulnerability in hand ...) NOT-FOR-US: uftpd -CVE-2020-5203 - RESERVED +CVE-2020-5203 (In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code exec ...) + TODO: check CVE-2020-5202 (apt-cacher-ng through 3.3 allows local users to obtain sensitive infor ...) - apt-cacher-ng 3.3.1-1 [buster] - apt-cacher-ng <no-dsa> (Minor issue) @@ -20222,12 +20231,12 @@ CVE-2020-1983 RESERVED CVE-2020-1982 RESERVED -CVE-2020-1981 - RESERVED -CVE-2020-1980 - RESERVED -CVE-2020-1979 - RESERVED +CVE-2020-1981 (A predictable temporary filename vulnerability in PAN-OS allows local ...) + TODO: check +CVE-2020-1980 (A shell command injection vulnerability in the PAN-OS CLI allows a loc ...) + TODO: check +CVE-2020-1979 (A format string vulnerability in the PAN-OS log daemon (logd) on Panor ...) + TODO: check CVE-2020-1978 RESERVED CVE-2020-1977 (Insufficient Cross-Site Request Forgery (XSRF) protection on Expeditio ...) @@ -21281,8 +21290,8 @@ CVE-2019-19383 (freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a c NOT-FOR-US: freeFTPd CVE-2019-19382 (Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the ...) NOT-FOR-US: Max Secure Anti Virus Plus -CVE-2019-19381 - RESERVED +CVE-2019-19381 (oauth/oauth2/v1/saml/ in Abacus OAuth Login 2019_01_r4_20191021_0000 b ...) + TODO: check CVE-2019-19380 RESERVED CVE-2019-19379 (In app/Controller/TagsController.php in MISP 2.4.118, users can bypass ...) @@ -21422,8 +21431,7 @@ CVE-2020-1734 (A flaw was found in the pipe lookup plugin of ansible. Arbitrary NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801804 NOTE: https://github.com/ansible/ansible/issues/6550 NOTE: https://github.com/ansible/ansible/issues/67792 -CVE-2020-1733 [insecure temporary directory when running become_user from become directive] - RESERVED +CVE-2020-1733 (A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2. ...) - ansible <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801735 CVE-2020-1732 @@ -30082,7 +30090,7 @@ CVE-2019-17373 (Certain NETGEAR devices allow unauthenticated access to critical NOT-FOR-US: NETGEAR CVE-2019-17372 (Certain NETGEAR devices allow remote attackers to disable all authenti ...) NOT-FOR-US: NETGEAR -CVE-2019-17371 (libpng 1.6.37 has memory leaks in png_malloc_warn and png_create_info_ ...) +CVE-2019-17371 (gif2png 2.5.13 has a memory leak in the writefile function. ...) - gif2png <removed> (unimportant) NOTE: https://github.com/glennrp/libpng/issues/307 NOTE: Initially filed for libpng, but the bug is actually in gif2png @@ -33586,8 +33594,8 @@ CVE-2019-16109 (An issue was discovered in Plataformatec Devise before 4.7.1. It NOT-FOR-US: Plataformatec Devise CVE-2019-16108 RESERVED -CVE-2019-16107 - RESERVED +CVE-2019-16107 (Missing form token validation in phpBB 3.2.7 allows CSRF in deleting p ...) + TODO: check CVE-2018-21014 (The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. ...) NOT-FOR-US: Wordpress plugin CVE-2018-21013 (The Swape theme before 1.2.1 for WordPress has incorrect access contro ...) @@ -56398,26 +56406,26 @@ CVE-2019-9106 (The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEB NOT-FOR-US: SAET Impianti Speciali TEBE Small devices CVE-2019-9105 (The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Sma ...) NOT-FOR-US: SAET Impianti Speciali TEBE Small devices -CVE-2019-9104 - RESERVED -CVE-2019-9103 - RESERVED -CVE-2019-9102 - RESERVED -CVE-2019-9101 - RESERVED +CVE-2019-9104 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) + TODO: check +CVE-2019-9103 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) + TODO: check +CVE-2019-9102 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) + TODO: check +CVE-2019-9101 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) + TODO: check CVE-2019-9100 RESERVED -CVE-2019-9099 - RESERVED -CVE-2019-9098 - RESERVED -CVE-2019-9097 - RESERVED -CVE-2019-9096 - RESERVED -CVE-2019-9095 - RESERVED +CVE-2019-9099 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) + TODO: check +CVE-2019-9098 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) + TODO: check +CVE-2019-9097 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) + TODO: check +CVE-2019-9096 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) + TODO: check +CVE-2019-9095 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) + TODO: check CVE-2019-9094 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...) NOT-FOR-US: Humhub CVE-2019-9093 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...) @@ -199894,8 +199902,7 @@ CVE-2016-5388 (Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the NOTE: versions in Debian. NOTE: https://svn.apache.org/r1756941 (8.0.x) NOTE: https://svn.apache.org/r1756942 (7.0.x) -CVE-2016-1000111 - RESERVED +CVE-2016-1000111 (Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1 ...) - twisted <unfixed> (unimportant) [wheezy] - twisted <not-affected> (For wheezy affected file twcgi.py is in src:twisted-web) - twisted-web <removed> @@ -282673,8 +282680,7 @@ CVE-2013-1755 RESERVED CVE-2013-1754 RESERVED -CVE-2013-1753 - RESERVED +CVE-2013-1753 (The gzip_decode function in the xmlrpc client library in Python 3.4 an ...) - python2.5 <removed> (low) - python2.6 <removed> (low) - python2.7 2.7.9-1 (low; bug #742929) @@ -301661,8 +301667,7 @@ CVE-2012-1104 (A Security Bypass vulnerability exists in the phpCAS 1.2.2 librar CVE-2012-1103 (emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs in ...) {DSA-2416-1} - notmuch 0.11.1-1 -CVE-2012-1101 - RESERVED +CVE-2012-1101 (systemd 37-1 does not properly handle non-existent services, which cau ...) - systemd 43-1 (bug #662029) CVE-2012-1100 (Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and ...) NOT-FOR-US: JBoss Operations Network @@ -312183,8 +312188,7 @@ CVE-2011-2489 (Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-te - opie <removed> (bug #631344) CVE-2011-2488 (Joomla! before 1.5.23 does not properly check for errors, which allows ...) NOT-FOR-US: Joomla! -CVE-2011-2487 - RESERVED +CVE-2011-2487 (The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncr ...) NOT-FOR-US: Apache CXF CVE-2011-2486 (nspluginwrapper before 1.4.4 does not properly provide access to NPNVp ...) - nspluginwrapper <unfixed> (bug #671846) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ab3726323d6016c4ece7dfcffee1f008780bdf9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ab3726323d6016c4ece7dfcffee1f008780bdf9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits