[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Apr 13 21:10:38 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5aeb501e by security tracker role at 2020-04-13T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,12 @@
-CVE-2020-11736 [libarchive: do not follow external links when extracting files]
+CVE-2020-11737
+ RESERVED
+CVE-2020-11735
+ RESERVED
+CVE-2020-11736 (fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Dir ...)
- file-roller <unfixed> (bug #956638)
NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0
-CVE-2020-11734
- RESERVED
+CVE-2020-11734 (cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the A ...)
+ TODO: check
CVE-2020-11733
RESERVED
CVE-2020-11732 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...)
@@ -132,8 +136,8 @@ CVE-2020-11675
RESERVED
CVE-2020-11674
RESERVED
-CVE-2020-11673
- RESERVED
+CVE-2020-11673 (An issue was discovered in the Responsive Poll through 1.3.4 for Wordp ...)
+ TODO: check
CVE-2020-11672
RESERVED
CVE-2020-11671
@@ -2988,16 +2992,16 @@ CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified b
NOTE: https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/
CVE-2020-10647
RESERVED
-CVE-2020-10646
- RESERVED
+CVE-2020-10646 (Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a h ...)
+ TODO: check
CVE-2020-10645
RESERVED
CVE-2020-10644
RESERVED
CVE-2020-10643
RESERVED
-CVE-2020-10642
- RESERVED
+CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an au ...)
+ TODO: check
CVE-2020-10641
RESERVED
CVE-2020-10640
@@ -5537,8 +5541,8 @@ CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holdin
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=a663a860819287e041c3de672aad1d8543098ecc (v6.0.0-rc1)
CVE-2013-7487 (On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr ap ...)
NOT-FOR-US: Swann
-CVE-2020-9478
- RESERVED
+CVE-2020-9478 (An issue was discovered in Rubrik 5.0.3-2296. An OS command injection ...)
+ TODO: check
CVE-2020-9477 (An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vu ...)
NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices
CVE-2020-9476 (ARRIS TG1692A devices allow remote attackers to discover the administr ...)
@@ -8045,8 +8049,8 @@ CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in th
NOTE: https://lists.denx.de/pipermail/u-boot/2020-January/396853.html
CVE-2020-8431
RESERVED
-CVE-2020-8430
- RESERVED
+CVE-2020-8430 (Stormshield Network Security 310 3.7.10 devices have an auth/lang.html ...)
+ TODO: check
CVE-2020-8429 (The Admin web application in Kinetica 7.0.9.2.20191118151947 does not ...)
NOT-FOR-US: Kinetica
CVE-2020-8427 (Kaseya Traverse before 9.5.20 allows OS command injection attacks agai ...)
@@ -8613,8 +8617,8 @@ CVE-2020-8150
RESERVED
CVE-2020-8149
RESERVED
-CVE-2020-8148
- RESERVED
+CVE-2020-8148 (UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enab ...)
+ TODO: check
CVE-2020-8147 (Flaw in input validation in npm package utils-extend version 1.0.8 and ...)
NOT-FOR-US: Node utils-extend
CVE-2020-8146 (In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privi ...)
@@ -11725,7 +11729,7 @@ CVE-2020-6826
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6826
CVE-2020-6825
RESERVED
- {DSA-4655-1 DLA-2170-1}
+ {DSA-4656-1 DSA-4655-1 DLA-2170-1}
- firefox 75.0-1
- firefox-esr 68.7.0esr-1
- thunderbird 1:68.7.0-1
@@ -11742,7 +11746,7 @@ CVE-2020-6823
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6823
CVE-2020-6822
RESERVED
- {DSA-4655-1 DLA-2170-1}
+ {DSA-4656-1 DSA-4655-1 DLA-2170-1}
- firefox 75.0-1
- firefox-esr 68.7.0esr-1
- thunderbird 1:68.7.0-1
@@ -11751,7 +11755,7 @@ CVE-2020-6822
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6822
CVE-2020-6821
RESERVED
- {DSA-4655-1 DLA-2170-1}
+ {DSA-4656-1 DSA-4655-1 DLA-2170-1}
- firefox 75.0-1
- firefox-esr 68.7.0esr-1
- thunderbird 1:68.7.0-1
@@ -11760,7 +11764,7 @@ CVE-2020-6821
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6821
CVE-2020-6820
RESERVED
- {DSA-4653-1 DLA-2170-1}
+ {DSA-4656-1 DSA-4653-1 DLA-2170-1}
- firefox 74.0.1-1
- firefox-esr 68.6.1esr-1
- thunderbird 1:68.7.0-1
@@ -11768,7 +11772,7 @@ CVE-2020-6820
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6820
CVE-2020-6819
RESERVED
- {DSA-4653-1 DLA-2170-1}
+ {DSA-4656-1 DSA-4653-1 DLA-2170-1}
- firefox 74.0.1-1
- firefox-esr 68.6.1esr-1
- thunderbird 1:68.7.0-1
@@ -12648,32 +12652,26 @@ CVE-2020-6458
RESERVED
CVE-2020-6457
RESERVED
-CVE-2020-6456
- RESERVED
+CVE-2020-6456 (Insufficient validation of untrusted input in clipboard in Google Chro ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6455
- RESERVED
+CVE-2020-6455 (Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 al ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6454
- RESERVED
+CVE-2020-6454 (Use after free in extensions in Google Chrome prior to 81.0.4044.92 al ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6453
RESERVED
-CVE-2020-6452
- RESERVED
+CVE-2020-6452 (Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 ...)
{DSA-4654-1}
- chromium 80.0.3987.162-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6451
- RESERVED
+CVE-2020-6451 (Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 all ...)
{DSA-4654-1}
- chromium 80.0.3987.162-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6450
- RESERVED
+CVE-2020-6450 (Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 all ...)
{DSA-4654-1}
- chromium 80.0.3987.162-1
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -12681,80 +12679,61 @@ CVE-2020-6449 (Use after free in audio in Google Chrome prior to 80.0.3987.149 a
{DSA-4645-1}
- chromium 80.0.3987.149-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6448
- RESERVED
+CVE-2020-6448 (Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6447
- RESERVED
+CVE-2020-6447 (Inappropriate implementation in developer tools in Google Chrome prior ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6446
- RESERVED
+CVE-2020-6446 (Insufficient policy enforcement in trusted types in Google Chrome prio ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6445
- RESERVED
+CVE-2020-6445 (Insufficient policy enforcement in trusted types in Google Chrome prio ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6444
- RESERVED
+CVE-2020-6444 (Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 all ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6443
- RESERVED
+CVE-2020-6443 (Insufficient data validation in developer tools in Google Chrome prior ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6442
- RESERVED
+CVE-2020-6442 (Inappropriate implementation in cache in Google Chrome prior to 81.0.4 ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6441
- RESERVED
+CVE-2020-6441 (Insufficient policy enforcement in omnibox in Google Chrome prior to 8 ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6440
- RESERVED
+CVE-2020-6440 (Inappropriate implementation in extensions in Google Chrome prior to 8 ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6439
- RESERVED
+CVE-2020-6439 (Insufficient policy enforcement in navigations in Google Chrome prior ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6438
- RESERVED
+CVE-2020-6438 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6437
- RESERVED
+CVE-2020-6437 (Inappropriate implementation in WebView in Google Chrome prior to 81.0 ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6436
- RESERVED
+CVE-2020-6436 (Use after free in window management in Google Chrome prior to 81.0.404 ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6435
- RESERVED
+CVE-2020-6435 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6434
- RESERVED
+CVE-2020-6434 (Use after free in devtools in Google Chrome prior to 81.0.4044.92 allo ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6433
- RESERVED
+CVE-2020-6433 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6432
- RESERVED
+CVE-2020-6432 (Insufficient policy enforcement in navigations in Google Chrome prior ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6431
- RESERVED
+CVE-2020-6431 (Insufficient policy enforcement in full screen in Google Chrome prior ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6430
- RESERVED
+CVE-2020-6430 (Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6429 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...)
@@ -12781,8 +12760,7 @@ CVE-2020-6424 (Use after free in media in Google Chrome prior to 80.0.3987.149 a
{DSA-4645-1}
- chromium 80.0.3987.149-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6423
- RESERVED
+CVE-2020-6423 (Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed ...)
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6422 (Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowe ...)
@@ -21271,8 +21249,8 @@ CVE-2020-3128 (Multiple vulnerabilities in Cisco Webex Network Recording Player
NOT-FOR-US: Cisco
CVE-2020-3127 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
NOT-FOR-US: Cisco
-CVE-2020-3126
- RESERVED
+CVE-2020-3126 (vulnerability within the Multimedia Viewer feature of Cisco Webex Meet ...)
+ TODO: check
CVE-2020-3125
RESERVED
CVE-2020-3124
@@ -25278,8 +25256,7 @@ CVE-2020-1760 [header-splitting in RGW GetObject has a possible XSS]
NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/18eb4d918b27d362312c29a3bbd57a421897c0a5
NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/1bf14094fec34770d2cc74317f4238ccb2dfef98
NOTE: https://www.openwall.com/lists/oss-security/2020/04/07/1
-CVE-2020-1759 [ceph: secure mode of msgr2 breaks both confidentiality and integrity aspects for long-lived sessions]
- RESERVED
+CVE-2020-1759 (A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Opensh ...)
- ceph <unfixed> (bug #956139)
[buster] - ceph <not-affected> (Vulnerable code not present)
[stretch] - ceph <not-affected> (Vulnerable code not present)
@@ -25401,8 +25378,7 @@ CVE-2020-1732
- wildfly <itp> (bug #752018)
CVE-2020-1731 (A flaw was found in all versions of the Keycloak operator, before vers ...)
NOT-FOR-US: Keycloak
-CVE-2020-1730
- RESERVED
+CVE-2020-1730 (A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in t ...)
- libssh 0.9.4-1 (bug #956308)
[stretch] - libssh <not-affected> (Vulnerable code introduced later)
[jessie] - libssh <not-affected> (Vulnerable code introduced later)
@@ -44952,8 +44928,8 @@ CVE-2019-13917 (Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code exec
NOTE: https://www.openwall.com/lists/oss-security/2019/07/22/3
NOTE: https://www.exim.org/static/doc/security/CVE-2019-13917.txt
NOTE: https://git.exim.org/exim.git/commit/21aa05977abff1eaa69bb97ef99080220915f7c0
-CVE-2019-13916
- RESERVED
+CVE-2019-13916 (An issue was discovered in Cypress (formerly Broadcom) WICED Studio 6. ...)
+ TODO: check
CVE-2019-13915 (b3log Wide before 1.6.0 allows three types of attacks to access arbitr ...)
NOT-FOR-US: b3log Wide
CVE-2019-13914
@@ -80372,8 +80348,8 @@ CVE-2019-1868 (A vulnerability in the web-based management interface of Cisco We
NOT-FOR-US: Cisco
CVE-2019-1867 (A vulnerability in the REST API of Cisco Elastic Services Controller ( ...)
NOT-FOR-US: Cisco
-CVE-2019-1866
- RESERVED
+CVE-2019-1866 (Cisco Webex Business Suite before 39.1.0 contains a vulnerability that ...)
+ TODO: check
CVE-2019-1865 (A vulnerability in the web-based management interface of Cisco Integra ...)
NOT-FOR-US: Cisco
CVE-2019-1864 (A vulnerability in the web-based management interface of Cisco Integra ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aeb501e32d6fad85d2b9fdeb73d31b573ab9bc7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aeb501e32d6fad85d2b9fdeb73d31b573ab9bc7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200413/6e8fea61/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list