Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 61ca98e5 by security tracker role at 2020-03-13T20:10:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,35 @@ +CVE-2020-10558 + RESERVED +CVE-2020-10557 + RESERVED +CVE-2020-10556 + RESERVED +CVE-2020-10555 + RESERVED +CVE-2020-10554 + RESERVED +CVE-2020-10553 + RESERVED +CVE-2020-10552 + RESERVED +CVE-2020-10551 + RESERVED +CVE-2020-10550 + RESERVED +CVE-2020-10549 + RESERVED +CVE-2020-10548 + RESERVED +CVE-2020-10547 + RESERVED +CVE-2020-10546 + RESERVED +CVE-2020-10545 + RESERVED +CVE-2020-10544 (An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFac ...) + TODO: check +CVE-2009-5159 (Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Int ...) + TODO: check CVE-2020-10543 RESERVED CVE-2020-10542 @@ -680,8 +712,8 @@ CVE-2020-10220 (An issue was discovered in rConfig through 3.9.4. The web interf NOT-FOR-US: rConfig CVE-2020-10219 RESERVED -CVE-2020-10218 - RESERVED +CVE-2020-10218 (A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 ...) + TODO: check CVE-2020-10217 RESERVED CVE-2020-10216 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) @@ -724,10 +756,10 @@ CVE-2020-10198 RESERVED CVE-2020-10197 RESERVED -CVE-2020-10196 - RESERVED -CVE-2020-10195 - RESERVED +CVE-2020-10196 (An XSS vulnerability in the popup-builder plugin before 3.64.1 for Wor ...) + TODO: check +CVE-2020-10195 (The popup-builder plugin before 3.64.1 for WordPress allows informatio ...) + TODO: check CVE-2020-10194 RESERVED CVE-2020-10193 (ESET Archive Support Module before 1294 allows virus-detection bypass ...) @@ -964,46 +996,46 @@ CVE-2020-10094 RESERVED CVE-2020-10093 RESERVED -CVE-2020-10092 - RESERVED -CVE-2020-10091 - RESERVED -CVE-2020-10090 - RESERVED -CVE-2020-10089 - RESERVED -CVE-2020-10088 - RESERVED -CVE-2020-10087 - RESERVED -CVE-2020-10086 - RESERVED -CVE-2020-10085 - RESERVED -CVE-2020-10084 - RESERVED -CVE-2020-10083 - RESERVED -CVE-2020-10082 - RESERVED -CVE-2020-10081 - RESERVED -CVE-2020-10080 - RESERVED -CVE-2020-10079 - RESERVED -CVE-2020-10078 - RESERVED -CVE-2020-10077 - RESERVED -CVE-2020-10076 - RESERVED -CVE-2020-10075 - RESERVED -CVE-2020-10074 - RESERVED -CVE-2020-10073 - RESERVED +CVE-2020-10092 (GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerab ...) + TODO: check +CVE-2020-10091 (GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerabi ...) + TODO: check +CVE-2020-10090 (GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certai ...) + TODO: check +CVE-2020-10089 (GitLab 8.11 through 12.8.1 allows a Denial of Service when using sever ...) + TODO: check +CVE-2020-10088 (GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on part ...) + TODO: check +CVE-2020-10087 (GitLab before 12.8.2 allows Information Disclosure. Badge images were ...) + TODO: check +CVE-2020-10086 (GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular en ...) + TODO: check +CVE-2020-10085 (GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particul ...) + TODO: check +CVE-2020-10084 (GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a ...) + TODO: check +CVE-2020-10083 (GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain con ...) + TODO: check +CVE-2020-10082 (GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of servi ...) + TODO: check +CVE-2020-10081 (GitLab before 12.8.2 has Incorrect Access Control. It was internally d ...) + TODO: check +CVE-2020-10080 (GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possib ...) + TODO: check +CVE-2020-10079 (GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain ...) + TODO: check +CVE-2020-10078 (GitLab 12.1 through 12.8.1 allows XSS. The merge request submission fo ...) + TODO: check +CVE-2020-10077 (GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation re ...) + TODO: check +CVE-2020-10076 (GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting v ...) + TODO: check +CVE-2020-10075 (GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error h ...) + TODO: check +CVE-2020-10074 (GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario wa ...) + TODO: check +CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was inter ...) + TODO: check CVE-2020-10072 RESERVED CVE-2020-10071 @@ -4286,6 +4318,7 @@ CVE-2020-8610 CVE-2020-8609 RESERVED CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf ...) + {DLA-2142-1} - libslirp <unfixed> - qemu 1:4.1-2 [buster] - qemu <postponed> (Minor issue) @@ -4375,8 +4408,8 @@ CVE-2020-8573 RESERVED CVE-2020-8572 RESERVED -CVE-2020-8571 - RESERVED +CVE-2020-8571 (StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11 ...) + TODO: check CVE-2020-8570 RESERVED CVE-2020-8569 @@ -16663,8 +16696,8 @@ CVE-2019-19801 (In Gallagher Command Centre Server versions of v8.10 prior to v8 NOT-FOR-US: Gallagher Command Centre Server CVE-2019-19800 (Zoho ManageEngine Applications Manager 14 before 14520 allows a remote ...) NOT-FOR-US: Zoho ManageEngine Applications Manager -CVE-2019-19799 - RESERVED +CVE-2019-19799 (Zoho ManageEngine Applications Manager 14590 and before allows a remot ...) + TODO: check CVE-2019-19798 RESERVED CVE-2019-19797 (read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds wr ...) @@ -17804,8 +17837,8 @@ CVE-2019-19758 (A vulnerability in the web interface of Lenovo EZ Media & Ba NOT-FOR-US: Lenovo CVE-2019-19757 (An internal product security audit of Lenovo XClarity Administrator (L ...) NOT-FOR-US: Lenovo -CVE-2019-19756 - RESERVED +CVE-2019-19756 (An internal product security audit of Lenovo XClarity Administrator (L ...) + TODO: check CVE-2019-19755 RESERVED CVE-2019-19754 @@ -19497,8 +19530,8 @@ CVE-2019-19613 RESERVED CVE-2019-19612 RESERVED -CVE-2019-19611 - RESERVED +CVE-2019-19611 (An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the ...) + TODO: check CVE-2019-19610 RESERVED CVE-2019-19609 (The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Co ...) @@ -20879,8 +20912,8 @@ CVE-2020-1955 RESERVED CVE-2020-1954 RESERVED -CVE-2020-1953 - RESERVED +CVE-2020-1953 (Apache Commons Configuration uses a third-party library to parse YAML ...) + TODO: check CVE-2020-1952 RESERVED CVE-2020-1951 @@ -33817,8 +33850,8 @@ CVE-2019-16159 (BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through NOTE: https://gitlab.labs.nic.cz/labs/bird/commit/8388f5a7e14108a1458fea35bfbb5a453e2c563c (2.0.x) CVE-2019-16158 RESERVED -CVE-2019-16157 - RESERVED +CVE-2019-16157 (An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI a ...) + TODO: check CVE-2019-16156 (An Improper Neutralization of Input vulnerability in the Anomaly Detec ...) TODO: check CVE-2019-16155 (A privilege escalation vulnerability in FortiClient for Linux 6.2.1 an ...) @@ -40208,10 +40241,10 @@ CVE-2019-14312 (Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion NOT-FOR-US: Aptana Jaxer CVE-2019-14311 RESERVED -CVE-2019-14310 - RESERVED -CVE-2019-14309 - RESERVED +CVE-2019-14310 (Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). U ...) + TODO: check +CVE-2019-14309 (Ricoh SP C250DN 1.05 devices have a fixed password. FTP service creden ...) + TODO: check CVE-2019-14308 (Several Ricoh printers have multiple buffer overflows parsing LPD pack ...) NOT-FOR-US: Ricoh CVE-2019-14307 (Several Ricoh printers have multiple buffer overflows parsing HTTP par ...) @@ -40222,16 +40255,16 @@ CVE-2019-14305 (Several Ricoh printers have multiple buffer overflows parsing HT NOT-FOR-US: Ricoh CVE-2019-14304 (Ricoh SP C250DN 1.06 devices allow CSRF. ...) NOT-FOR-US: Ricoh SP C250DN 1.06 devices -CVE-2019-14303 - RESERVED +CVE-2019-14303 (Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). S ...) + TODO: check CVE-2019-14302 (On Ricoh SP C250DN 1.06 devices, a debug port can be used. ...) NOT-FOR-US: Ricoh SP C250DN 1.06 devices CVE-2019-14301 (Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of ...) NOT-FOR-US: Ricoh SP C250DN 1.06 devices CVE-2019-14300 (Several Ricoh printers have multiple buffer overflows parsing HTTP coo ...) NOT-FOR-US: Ricoh -CVE-2019-14299 - RESERVED +CVE-2019-14299 (Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable ...) + TODO: check CVE-2019-14298 (Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(con ...) NOT-FOR-US: Veeam ONE Reporter CVE-2019-14297 (Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with ...) @@ -43686,12 +43719,12 @@ CVE-2019-13397 (Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote at NOT-FOR-US: osTicket CVE-2019-13396 (FlightPath 4.x and 5.0-x allows directory traversal and Local File Inc ...) NOT-FOR-US: FlightPath -CVE-2019-13395 - RESERVED -CVE-2019-13394 - RESERVED -CVE-2019-13393 - RESERVED +CVE-2019-13395 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF a ...) + TODO: check +CVE-2019-13394 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Bas ...) + TODO: check +CVE-2019-13393 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same ...) + TODO: check CVE-2019-13392 (A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette Na ...) NOT-FOR-US: MindPalette NateMail CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has ...) @@ -44237,36 +44270,36 @@ CVE-2019-13207 (nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer O - nsd3 <removed> NOTE: https://github.com/NLnetLabs/nsd/issues/20 NOTE: https://github.com/NLnetLabs/nsd/commit/91102da24d5949ccfec8fdab5bae2d01c4cabab5 -CVE-2019-13206 - RESERVED -CVE-2019-13205 - RESERVED -CVE-2019-13204 - RESERVED -CVE-2019-13203 - RESERVED -CVE-2019-13202 - RESERVED -CVE-2019-13201 - RESERVED -CVE-2019-13200 - RESERVED -CVE-2019-13199 - RESERVED -CVE-2019-13198 - RESERVED -CVE-2019-13197 - RESERVED -CVE-2019-13196 - RESERVED -CVE-2019-13195 - RESERVED -CVE-2019-13194 - RESERVED -CVE-2019-13193 - RESERVED -CVE-2019-13192 - RESERVED +CVE-2019-13206 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...) + TODO: check +CVE-2019-13205 (All configuration parameters of certain Kyocera printers (such as the ...) + TODO: check +CVE-2019-13204 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...) + TODO: check +CVE-2019-13203 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...) + TODO: check +CVE-2019-13202 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...) + TODO: check +CVE-2019-13201 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...) + TODO: check +CVE-2019-13200 (The web application of several Kyocera printers (such as the ECOSYS M5 ...) + TODO: check +CVE-2019-13199 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) d ...) + TODO: check +CVE-2019-13198 (The web application of several Kyocera printers (such as the ECOSYS M5 ...) + TODO: check +CVE-2019-13197 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...) + TODO: check +CVE-2019-13196 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...) + TODO: check +CVE-2019-13195 (The web application of some Kyocera printers (such as the ECOSYS M5526 ...) + TODO: check +CVE-2019-13194 (Some Brother printers (such as the HL-L8360CDW v1.20) were affected by ...) + TODO: check +CVE-2019-13193 (Some Brother printers (such as the HL-L8360CDW v1.20) were affected by ...) + TODO: check +CVE-2019-13192 (Some Brother printers (such as the HL-L8360CDW v1.20) were affected by ...) + TODO: check CVE-2019-13191 (A SQL injection vulnerability in IntraMaps MapControl 8 allows attacke ...) NOT-FOR-US: IntraMaps MapControl CVE-2019-13190 (In Knowage through 6.1.1, the sign up page does not invalidate a valid ...) @@ -44323,22 +44356,22 @@ CVE-2019-13173 (fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. [jessie] - node-fstream <end-of-life> (Nodejs in jessie not covered by security support) NOTE: https://www.npmjs.com/advisories/886 NOTE: https://github.com/npm/fstream/commit/6a77d2fa6e1462693cf8e46f930da96ec1b0bb22 -CVE-2019-13172 - RESERVED -CVE-2019-13171 - RESERVED -CVE-2019-13170 - RESERVED -CVE-2019-13169 - RESERVED -CVE-2019-13168 - RESERVED -CVE-2019-13167 - RESERVED -CVE-2019-13166 - RESERVED -CVE-2019-13165 - RESERVED +CVE-2019-13172 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...) + TODO: check +CVE-2019-13171 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...) + TODO: check +CVE-2019-13170 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not i ...) + TODO: check +CVE-2019-13169 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...) + TODO: check +CVE-2019-13168 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...) + TODO: check +CVE-2019-13167 (Multiple Stored XSS vulnerabilities were found in the Xerox Web Applic ...) + TODO: check +CVE-2019-13166 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not i ...) + TODO: check +CVE-2019-13165 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...) + TODO: check CVE-2019-13164 (qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a network inte ...) {DSA-4512-1 DSA-4506-1 DLA-1927-1} - qemu 1:4.1-1 (bug #931351) @@ -47078,8 +47111,8 @@ CVE-2019-12184 (There is XSS in browser/components/MarkdownPreview.js in BoostIO NOT-FOR-US: Boostnote CVE-2019-12183 (Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 serie ...) NOT-FOR-US: Safescan Timemoto -CVE-2019-12182 - RESERVED +CVE-2019-12182 (Directory Traversal in Safescan Timemoto and TA-8000 series version 1. ...) + TODO: check CVE-2019-12181 (A privilege escalation vulnerability exists in SolarWinds Serv-U befor ...) NOT-FOR-US: SolarWinds CVE-2019-12180 (An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 ...) @@ -62967,8 +63000,8 @@ CVE-2019-6701 RESERVED CVE-2019-6700 (An information exposure vulnerability in the external authentication p ...) NOT-FOR-US: FortiSIEM (Fortiguard) -CVE-2019-6699 - RESERVED +CVE-2019-6699 (An improper neutralization of input vulnerability in Fortinet FortiADC ...) + TODO: check CVE-2019-6698 (Use of Hard-coded Credentials vulnerability in FortiRecorder all versi ...) NOT-FOR-US: Fortinet CVE-2019-6697 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61ca98e5c50e5e0baf199a929c24325ca22cd72a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61ca98e5c50e5e0baf199a929c24325ca22cd72a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits