[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 2 21:10:34 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2a43fdbe by security tracker role at 2020-04-02T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2020-11493
+ RESERVED
+CVE-2020-11492
+ RESERVED
+CVE-2020-11491 (Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticat ...)
+ TODO: check
+CVE-2020-11490 (Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authent ...)
+ TODO: check
+CVE-2020-11489
+ RESERVED
+CVE-2020-11488
+ RESERVED
+CVE-2020-11487
+ RESERVED
+CVE-2020-11486
+ RESERVED
+CVE-2020-11485
+ RESERVED
+CVE-2020-11484
+ RESERVED
+CVE-2020-11483
+ RESERVED
+CVE-2019-20635 (codeBeamer before 9.5.0-RC3 does not properly restrict the ability to ...)
+ TODO: check
CVE-2020-XXXX [DTLS client hello contains a random value of all zeroes]
- gnutls28 <unfixed> (bug #955556)
[stretch] - gnutls28 <not-affected> (Vulnerable code introduced later)
@@ -54,24 +78,24 @@ CVE-2020-11460
RESERVED
CVE-2020-11459
RESERVED
-CVE-2020-11458
- RESERVED
+CVE-2020-11458 (app/Model/feed.php in MISP before 2.4.124 allows administrators to cho ...)
+ TODO: check
CVE-2020-11457 (pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php ...)
NOT-FOR-US: pfSense
CVE-2020-11456 (LimeSurvey before 4.1.12+200324 has stored XSS in application/views/ad ...)
- limesurvey <itp> (bug #472802)
CVE-2020-11455 (LimeSurvey before 4.1.12+200324 contains a path traversal vulnerabilit ...)
- limesurvey <itp> (bug #472802)
-CVE-2020-11454
- RESERVED
-CVE-2020-11453
- RESERVED
-CVE-2020-11452
- RESERVED
-CVE-2020-11451
- RESERVED
-CVE-2020-11450
- RESERVED
+CVE-2020-11454 (Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Contain ...)
+ TODO: check
+CVE-2020-11453 (Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in ...)
+ TODO: check
+CVE-2020-11452 (Microstrategy Web 10.4 includes functionality to allow users to import ...)
+ TODO: check
+CVE-2020-11451 (The Upload Visualization plugin in the Microstrategy Web 10.4 admin pa ...)
+ TODO: check
+CVE-2020-11450 (Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture ...)
+ TODO: check
CVE-2020-11449 (An issue was discovered on Technicolor TC7337 8.89.17 devices. An atta ...)
NOT-FOR-US: Technicolor devices
CVE-2020-11448
@@ -82,8 +106,8 @@ CVE-2020-11446
RESERVED
CVE-2020-11445 (TP-Link cloud cameras through 2020-02-09 allow remote attackers to byp ...)
NOT-FOR-US: TP-Link
-CVE-2020-11444
- RESERVED
+CVE-2020-11444 (Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has I ...)
+ TODO: check
CVE-2020-11443
RESERVED
CVE-2020-11442
@@ -772,8 +796,8 @@ CVE-2020-11109
RESERVED
CVE-2020-11108
RESERVED
-CVE-2020-11107
- RESERVED
+CVE-2020-11107 (An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , ...)
+ TODO: check
CVE-2020-11106 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...)
NOT-FOR-US: Responsive Filemanager
CVE-2020-11105 (An issue was discovered in USC iLab cereal through 1.3.0. It employs c ...)
@@ -786,12 +810,12 @@ CVE-2020-11102
RESERVED
CVE-2020-11101
RESERVED
-CVE-2020-11100 (In HAProxy 1.8 through 2.1.3, a remote attacker can write arbitrary ...)
+CVE-2020-11100 (In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 ...)
{DSA-4649-1}
- haproxy 2.0.13-2
[stretch] - haproxy <not-affected> (Vulnerable code introduced in 1.8)
[jessie] - haproxy <not-affected> (Vulnerable code introduced in 1.8)
- NOTE: https://git.haproxy.org/?p=haproxy-2.1.git;a=commit;h=f17f86304f187b0f10ca6a8d46346afd9851a543
+ NOTE: https://git.haproxy.org/?p=haproxy-2.1.git;a=commit;h=f17f86304f187b0f10ca6a8d46346afd9851a543
CVE-2019-20634 (An issue was discovered in Proofpoint Email Protection through 2019-09 ...)
NOT-FOR-US: Proofpoint Email Protection
CVE-2016-11024 (odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: ...)
@@ -4955,8 +4979,8 @@ CVE-2020-9351 (An issue was discovered in SmartClient 12.0. If an unauthenticate
NOT-FOR-US: SmartClient
CVE-2020-9350 (Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph templ ...)
NOT-FOR-US: Graph Builder in SAS Visual Analytics
-CVE-2020-9349
- RESERVED
+CVE-2020-9349 (The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmwar ...)
+ TODO: check
CVE-2020-9348
RESERVED
CVE-2020-9347 (** DISPUTED ** Zoho ManageEngine Password Manager Pro through 10.x has ...)
@@ -5709,7 +5733,7 @@ CVE-2020-9017 (LiteCart through 2.2.1 allows CSV injection via a customer's prof
NOT-FOR-US: LiteCart
CVE-2020-9016 (Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, ...)
- dolibarr <removed>
-CVE-2020-9015 (Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7 ...)
+CVE-2020-9015 (** DISPUTED ** Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20 ...)
NOT-FOR-US: Arista devices
CVE-2020-9014
RESERVED
@@ -6157,8 +6181,7 @@ CVE-2020-8837
RESERVED
CVE-2020-8836
RESERVED
-CVE-2020-8835
- RESERVED
+CVE-2020-8835 (In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/veri ...)
- linux 5.5.13-2
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -7126,8 +7149,8 @@ CVE-2020-8425 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF th
NOT-FOR-US: Cups Easy (Purchase & Inventory)
CVE-2020-8424 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that le ...)
NOT-FOR-US: Cups Easy (Purchase & Inventory)
-CVE-2020-8423
- RESERVED
+CVE-2020-8423 (A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmwa ...)
+ TODO: check
CVE-2020-8422 (An authorization issue was discovered in the Credential Manager featur ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2020-8421 (An issue was discovered in Joomla! before 3.9.15. Inadequate escaping ...)
@@ -7991,12 +8014,12 @@ CVE-2020-8019
RESERVED
CVE-2020-8018
RESERVED
-CVE-2020-8017
- RESERVED
-CVE-2020-8016
- RESERVED
-CVE-2020-8015
- RESERVED
+CVE-2020-8017 (A Race Condition Enabling Link Following vulnerability in the cron job ...)
+ TODO: check
+CVE-2020-8016 (A Race Condition Enabling Link Following vulnerability in the packagin ...)
+ TODO: check
+CVE-2020-8015 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...)
+ TODO: check
CVE-2020-8014
RESERVED
CVE-2020-8013 (A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of S ...)
@@ -8969,8 +8992,8 @@ CVE-2020-7619
RESERVED
CVE-2020-7618
RESERVED
-CVE-2020-7617
- RESERVED
+CVE-2020-7617 (ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The libr ...)
+ TODO: check
CVE-2020-7616
RESERVED
CVE-2020-7615
@@ -10386,7 +10409,7 @@ CVE-2020-7011
RESERVED
CVE-2020-7010
RESERVED
-CVE-2020-7009 (Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain ...)
+CVE-2020-7009 (Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 ...)
- elasticsearch <removed>
CVE-2020-7008
RESERVED
@@ -10705,8 +10728,8 @@ CVE-2020-6854 (A cross-site scripting (XSS) vulnerability in the JOC Cockpit com
NOT-FOR-US: JOC Cockpit, different from src:cockpit
CVE-2020-6853
RESERVED
-CVE-2020-6852
- RESERVED
+CVE-2020-6852 (CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3. ...)
+ TODO: check
CVE-2020-6851 (OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl ...)
{DLA-2081-1}
- openjpeg2 <unfixed> (bug #950000)
@@ -16738,8 +16761,8 @@ CVE-2020-4327
RESERVED
CVE-2020-4326
RESERVED
-CVE-2020-4325
- RESERVED
+CVE-2020-4325 (The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0 ...)
+ TODO: check
CVE-2020-4324
RESERVED
CVE-2020-4323
@@ -16780,10 +16803,10 @@ CVE-2020-4306
RESERVED
CVE-2020-4305
RESERVED
-CVE-2020-4304
- RESERVED
-CVE-2020-4303
- RESERVED
+CVE-2020-4304 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 i ...)
+ TODO: check
+CVE-2020-4303 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 i ...)
+ TODO: check
CVE-2020-4302
RESERVED
CVE-2020-4301
@@ -24094,7 +24117,7 @@ CVE-2020-1775
RESERVED
CVE-2020-1774
RESERVED
-CVE-2020-1773 (It's possible that an authenticated user guess other session IDs based ...)
+CVE-2020-1773 (An attacker with the ability to generate session IDs or password reset ...)
- otrs2 6.0.27-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
@@ -40515,8 +40538,7 @@ CVE-2019-14869 (A flaw was found in all versions of ghostscript 9.x before 9.50,
NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting
NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
NOTE: which changed the access to file permissions.
-CVE-2019-14868 [environment variables on startup are interpreted as arithmetic expression leading to code injection]
- RESERVED
+CVE-2019-14868 (In ksh version 20120801, a flaw was found in the way it evaluates cert ...)
- ksh 2020.0.0-2.1 (bug #948989)
[jessie] - ksh <ignored> (Minor issue)
NOTE: https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2
@@ -64827,25 +64849,25 @@ CVE-2019-7019 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 201
CVE-2019-7018 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
NOT-FOR-US: Adobe
CVE-2019-7017
- RESERVED
+ REJECTED
CVE-2019-7016
- RESERVED
+ REJECTED
CVE-2019-7015
- RESERVED
+ REJECTED
CVE-2019-7014
- RESERVED
+ REJECTED
CVE-2019-7013
- RESERVED
+ REJECTED
CVE-2019-7012
- RESERVED
+ REJECTED
CVE-2019-7011
- RESERVED
+ REJECTED
CVE-2019-7010
- RESERVED
+ REJECTED
CVE-2019-7009
- RESERVED
+ REJECTED
CVE-2019-7008
- RESERVED
+ REJECTED
CVE-2019-7007 (A directory traversal vulnerability has been found in the Avaya Equino ...)
NOT-FOR-US: Avaya
CVE-2019-7006 (Avaya one-X Communicator uses weak cryptographic algorithms in the cli ...)
@@ -64863,7 +64885,7 @@ CVE-2019-7001 (A SQL injection vulnerability in the WebUI component of IP Office
CVE-2019-7000 (A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura ...)
NOT-FOR-US: Web UI of Avaya Aura Conferencing
CVE-2019-6999
- RESERVED
+ REJECTED
CVE-2019-6998
RESERVED
CVE-2019-6997 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
@@ -100296,8 +100318,8 @@ CVE-2018-13373
RESERVED
CVE-2018-13372
RESERVED
-CVE-2018-13371
- RESERVED
+CVE-2018-13371 (An external control of system vulnerability in FortiOS may allow an au ...)
+ TODO: check
CVE-2018-13370
RESERVED
CVE-2018-13369
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a43fdbeee9a2d930601a543bc963640d0f0a86d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a43fdbeee9a2d930601a543bc963640d0f0a86d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200402/86dc4ed9/attachment.html>
More information about the debian-security-tracker-commits
mailing list