[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Apr 3 21:10:32 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4cb5414b by security tracker role at 2020-04-03T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2020-11507
+ RESERVED
+CVE-2020-11506
+ RESERVED
+CVE-2020-11505
+ RESERVED
+CVE-2020-11504
+ RESERVED
+CVE-2020-11503
+ RESERVED
+CVE-2020-11502
+ RESERVED
+CVE-2020-11500 (Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for vi ...)
+ TODO: check
CVE-2020-11499 (Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when upd ...)
NOT-FOR-US: Firmware Analysis and Comparison Tool
CVE-2020-11498 (Slack Nebula through 1.1.0 contains a relative path vulnerability that ...)
@@ -35,7 +49,7 @@ CVE-2020-11483
RESERVED
CVE-2019-20635 (codeBeamer before 9.5.0-RC3 does not properly restrict the ability to ...)
NOT-FOR-US: codeBeamer
-CVE-2020-11501 [DTLS client hello contains a random value of all zeroes]
+CVE-2020-11501 (GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The e ...)
- gnutls28 3.6.13-2 (bug #955556)
[stretch] - gnutls28 <not-affected> (Vulnerable code introduced later)
[jessie] - gnutls28 <not-affected> (Vulnerable code introduced later)
@@ -1123,8 +1137,7 @@ CVE-2020-10962
RESERVED
CVE-2020-10961
RESERVED
-CVE-2020-10960 [mediawiki: makeCollapsible allows applying event handler to any CSS selector]
- RESERVED
+CVE-2020-10960 (In MediaWiki before 1.34.1, users can add various Cascading Style Shee ...)
{DSA-4651-1}
- mediawiki 1:1.31.7-1
[stretch] - mediawiki <not-affected> (Vulnerable code introduced later)
@@ -1964,8 +1977,8 @@ CVE-2020-10691
TODO: check upstream details
CVE-2020-10690
RESERVED
-CVE-2020-10689
- RESERVED
+CVE-2020-10689 (A flaw was found in the Eclipse Che up to version 7.8.x, where it did ...)
+ TODO: check
CVE-2020-10688
RESERVED
- resteasy <undetermined>
@@ -2204,12 +2217,12 @@ CVE-2020-10603
RESERVED
CVE-2020-10602
RESERVED
-CVE-2020-10601
- RESERVED
+CVE-2020-10601 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow ...)
+ TODO: check
CVE-2020-10600
RESERVED
-CVE-2020-10599
- RESERVED
+CVE-2020-10599 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...)
+ TODO: check
CVE-2020-10598 (In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES ...)
NOT-FOR-US: Pyxis
CVE-2020-10597 (The affected insulin pump is designed to communicate using a wireless ...)
@@ -6643,12 +6656,12 @@ CVE-2020-8647 (There is a use-after-free vulnerability in the Linux kernel throu
NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56
CVE-2020-8640
RESERVED
-CVE-2020-8639
- RESERVED
-CVE-2020-8638
- RESERVED
-CVE-2020-8637
- RESERVED
+CVE-2020-8639 (An unrestricted file upload vulnerability in keywordsImport.php in Tes ...)
+ TODO: check
+CVE-2020-8638 (A SQL injection vulnerability in TestLink 1.9.20 allows attackers to e ...)
+ TODO: check
+CVE-2020-8637 (A SQL injection vulnerability in TestLink 1.9.20 allows attackers to e ...)
+ TODO: check
CVE-2020-8636 (An issue was discovered in OpServices OpMon 9.3.2 that allows Remote C ...)
NOT-FOR-US: OpServices OpMon
CVE-2020-8635 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...)
@@ -10424,24 +10437,24 @@ CVE-2020-7010
RESERVED
CVE-2020-7009 (Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 ...)
- elasticsearch <removed>
-CVE-2020-7008
- RESERVED
+CVE-2020-7008 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...)
+ TODO: check
CVE-2020-7007 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker ...)
NOT-FOR-US: Moxa
CVE-2020-7006 (Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), ...)
NOT-FOR-US: Systech Corporation
CVE-2020-7005 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected produ ...)
NOT-FOR-US: Honeywell
-CVE-2020-7004
- RESERVED
+CVE-2020-7004 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...)
+ TODO: check
CVE-2020-7003 (In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpre ...)
NOT-FOR-US: Moxa
CVE-2020-7002 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. ...)
NOT-FOR-US: McAfee
CVE-2020-7001 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected ...)
NOT-FOR-US: Moxa
-CVE-2020-7000
- RESERVED
+CVE-2020-7000 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...)
+ TODO: check
CVE-2020-6999 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the p ...)
NOT-FOR-US: Moxa
CVE-2020-6998
@@ -10452,8 +10465,8 @@ CVE-2020-6996
RESERVED
CVE-2020-6995 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...)
NOT-FOR-US: Moxa
-CVE-2020-6994
- RESERVED
+CVE-2020-6994 (A buffer overflow vulnerability was found in some devices of Hirschman ...)
+ TODO: check
CVE-2020-6993 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...)
NOT-FOR-US: Moxa
CVE-2020-6992
@@ -16890,8 +16903,8 @@ CVE-2020-4275
RESERVED
CVE-2020-4274
RESERVED
-CVE-2020-4273
- RESERVED
+CVE-2020-4273 (IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attack ...)
+ TODO: check
CVE-2020-4272
RESERVED
CVE-2020-4271
@@ -20322,7 +20335,7 @@ CVE-2020-3111 (A vulnerability in the Cisco Discovery Protocol implementation fo
NOT-FOR-US: Cisco
CVE-2020-3110 (A vulnerability in the Cisco Discovery Protocol implementation for the ...)
NOT-FOR-US: Cisco
-CVE-2019-19770 (In the Linux kernel 4.19.83, there is a use-after-free (read) in the d ...)
+CVE-2019-19770 (** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free ...)
- linux <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205713
CVE-2019-19769 (In the Linux kernel 5.3.10, there is a use-after-free (read) in the pe ...)
@@ -25781,10 +25794,10 @@ CVE-2019-18907
RESERVED
CVE-2019-18906
RESERVED
-CVE-2019-18905
- RESERVED
-CVE-2019-18904
- RESERVED
+CVE-2019-18905 (A Insufficient Verification of Data Authenticity vulnerability in auto ...)
+ TODO: check
+CVE-2019-18904 (A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux ...)
+ TODO: check
CVE-2019-18903 (A Use After Free vulnerability in wicked of SUSE Linux Enterprise Serv ...)
NOT-FOR-US: openSUSE wicked
CVE-2019-18902 (A Use After Free vulnerability in wicked of SUSE Linux Enterprise Serv ...)
@@ -33354,10 +33367,10 @@ CVE-2019-17233 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin throug
NOT-FOR-US: Wordpress plugin
CVE-2019-17232 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8. ...)
NOT-FOR-US: Wordpress plugin
-CVE-2019-17231
- RESERVED
-CVE-2019-17230
- RESERVED
+CVE-2019-17231 (includes/theme-functions.php in the OneTone theme through 3.0.6 for Wo ...)
+ TODO: check
+CVE-2019-17230 (includes/theme-functions.php in the OneTone theme through 3.0.6 for Wo ...)
+ TODO: check
CVE-2019-17229 (includes/options.php in the motors-car-dealership-classified-listings ...)
NOT-FOR-US: motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin for WordPress
CVE-2019-17228 (includes/options.php in the motors-car-dealership-classified-listings ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cb5414bd690e6119abbe27426831c8950e3531f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cb5414bd690e6119abbe27426831c8950e3531f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200403/4e4348f5/attachment.html>
More information about the debian-security-tracker-commits
mailing list