[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 14 21:10:32 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3cc2d7cf by security tracker role at 2020-04-14T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,25 +1,32 @@
-CVE-2020-11743
+CVE-2020-11749
RESERVED
+CVE-2020-11748
+ RESERVED
+CVE-2020-11747
+ RESERVED
+CVE-2020-11746
+ RESERVED
+CVE-2020-11745
+ RESERVED
+CVE-2020-11744
+ RESERVED
+CVE-2020-11743 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-316.html
-CVE-2020-11742
- RESERVED
+CVE-2020-11742 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-318.html
-CVE-2020-11741
- RESERVED
+CVE-2020-11741 (An issue was discovered in xenoprof in Xen through 4.13.x, allowing gu ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-313.html
-CVE-2020-11740
- RESERVED
+CVE-2020-11740 (An issue was discovered in xenoprof in Xen through 4.13.x, allowing gu ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-313.html
-CVE-2020-11739
- RESERVED
+CVE-2020-11739 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-314.html
@@ -60,7 +67,7 @@ CVE-2020-11724 (An issue was discovered in OpenResty before 1.15.8.4. ngx_http_l
- nginx <unfixed>
NOTE: Patch: https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch
TODO: check details (patch applies to src:ngnix, but check if issue is specific to OpenResty before 1.15.8.4)
-CVE-2020-11725 (snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5 ...)
+CVE-2020-11725 (** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux k ...)
- linux <unfixed>
NOTE: https://twitter.com/yabbadabbadrew/status/1248632267028582400
CVE-2020-11723
@@ -3580,14 +3587,14 @@ CVE-2020-10386 (admin/imagepaster/image-upload.php in Chadha PHPKB Standard Mult
NOT-FOR-US: Chadha PHPKB
CVE-2020-10385 (A stored cross-site scripting (XSS) vulnerability exists in the WPForm ...)
NOT-FOR-US: WPForms Contact Form plugin for WordPress
-CVE-2020-10384
- RESERVED
-CVE-2020-10383
- RESERVED
-CVE-2020-10382
- RESERVED
-CVE-2020-10381
- RESERVED
+CVE-2020-10384 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...)
+ TODO: check
+CVE-2020-10383 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...)
+ TODO: check
+CVE-2020-10382 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...)
+ TODO: check
+CVE-2020-10381 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...)
+ TODO: check
CVE-2020-10380 (RMySQL through 0.10.19 allows SQL Injection. ...)
- rmysql 0.10.20-1
[jessie] - rmysql <no-dsa> (Minor issue)
@@ -5609,10 +5616,10 @@ CVE-2020-9463 (Centreon 19.10 allows remote authenticated users to execute arbit
- centreon-web <itp> (bug #913903)
CVE-2020-9462
RESERVED
-CVE-2020-9461
- RESERVED
-CVE-2020-9460
- RESERVED
+CVE-2020-9461 (Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated us ...)
+ TODO: check
+CVE-2020-9460 (Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The ...)
+ TODO: check
CVE-2020-9459 (Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webn ...)
NOT-FOR-US: Webnus Modern Events Calendar Lite plugin for WordPress
CVE-2020-9458 (In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the exp ...)
@@ -6723,8 +6730,8 @@ CVE-2020-9006 (The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is v
NOT-FOR-US: Popup Builder plugin for WordPress
CVE-2020-9005 (meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attack ...)
NOT-FOR-US: Dota 2
-CVE-2020-9004
- RESERVED
+CVE-2020-9004 (A remote authenticated authorization-bypass vulnerability in Wowza Str ...)
+ TODO: check
CVE-2020-9003 (A stored XSS vulnerability exists in the Modula Image Gallery plugin b ...)
NOT-FOR-US: Modula Image Gallery plugin for WordPress
CVE-2020-9002
@@ -9144,8 +9151,8 @@ CVE-2020-7960
RESERVED
CVE-2020-7959 (LabVantage LIMS 8.3 does not properly maintain the confidentiality of ...)
NOT-FOR-US: LabVantage LIMS
-CVE-2020-7958
- RESERVED
+CVE-2020-7958 (An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. ...)
+ TODO: check
CVE-2020-7957 (The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle ...)
- dovecot <not-affected> (Only affects 2.3.9)
NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/2
@@ -9567,12 +9574,12 @@ CVE-2020-7804
RESERVED
CVE-2020-7803
RESERVED
-CVE-2020-7802
- RESERVED
-CVE-2020-7801
- RESERVED
-CVE-2020-7800
- RESERVED
+CVE-2020-7802 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...)
+ TODO: check
+CVE-2020-7801 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...)
+ TODO: check
+CVE-2020-7800 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...)
+ TODO: check
CVE-2020-7799 (An issue was discovered in FusionAuth before 1.11.0. An authenticated ...)
NOT-FOR-US: FusionAuth
CVE-2020-7798
@@ -11763,7 +11770,7 @@ CVE-2020-6826
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6826
CVE-2020-6825
RESERVED
- {DSA-4656-1 DSA-4655-1 DLA-2170-1}
+ {DSA-4656-1 DSA-4655-1 DLA-2172-1 DLA-2170-1}
- firefox 75.0-1
- firefox-esr 68.7.0esr-1
- thunderbird 1:68.7.0-1
@@ -11780,7 +11787,7 @@ CVE-2020-6823
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6823
CVE-2020-6822
RESERVED
- {DSA-4656-1 DSA-4655-1 DLA-2170-1}
+ {DSA-4656-1 DSA-4655-1 DLA-2172-1 DLA-2170-1}
- firefox 75.0-1
- firefox-esr 68.7.0esr-1
- thunderbird 1:68.7.0-1
@@ -11789,7 +11796,7 @@ CVE-2020-6822
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6822
CVE-2020-6821
RESERVED
- {DSA-4656-1 DSA-4655-1 DLA-2170-1}
+ {DSA-4656-1 DSA-4655-1 DLA-2172-1 DLA-2170-1}
- firefox 75.0-1
- firefox-esr 68.7.0esr-1
- thunderbird 1:68.7.0-1
@@ -11798,7 +11805,7 @@ CVE-2020-6821
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6821
CVE-2020-6820
RESERVED
- {DSA-4656-1 DSA-4653-1 DLA-2170-1}
+ {DSA-4656-1 DSA-4653-1 DLA-2172-1 DLA-2170-1}
- firefox 74.0.1-1
- firefox-esr 68.6.1esr-1
- thunderbird 1:68.7.0-1
@@ -11806,7 +11813,7 @@ CVE-2020-6820
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6820
CVE-2020-6819
RESERVED
- {DSA-4656-1 DSA-4653-1 DLA-2170-1}
+ {DSA-4656-1 DSA-4653-1 DLA-2172-1 DLA-2170-1}
- firefox 74.0.1-1
- firefox-esr 68.6.1esr-1
- thunderbird 1:68.7.0-1
@@ -13251,56 +13258,56 @@ CVE-2020-6240
RESERVED
CVE-2020-6239
RESERVED
-CVE-2020-6238
- RESERVED
-CVE-2020-6237
- RESERVED
-CVE-2020-6236
- RESERVED
-CVE-2020-6235
- RESERVED
-CVE-2020-6234
- RESERVED
-CVE-2020-6233
- RESERVED
-CVE-2020-6232
- RESERVED
-CVE-2020-6231
- RESERVED
-CVE-2020-6230
- RESERVED
-CVE-2020-6229
- RESERVED
-CVE-2020-6228
- RESERVED
-CVE-2020-6227
- RESERVED
-CVE-2020-6226
- RESERVED
+CVE-2020-6238 (SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process ...)
+ TODO: check
+CVE-2020-6237 (Under certain conditions, SAP Business Objects Business Intelligence P ...)
+ TODO: check
+CVE-2020-6236 (SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, ve ...)
+ TODO: check
+CVE-2020-6235 (SAP Solution Manager (Diagnostics Agent), version 7.2, does not perfor ...)
+ TODO: check
+CVE-2020-6234 (SAP Host Agent, version 7.21, allows an attacker with admin privileges ...)
+ TODO: check
+CVE-2020-6233 (SAP S/4 HANA (Financial Products Subledger and Banking Services), vers ...)
+ TODO: check
+CVE-2020-6232 (SAP Commerce, versions 1811, 1905, does not perform necessary authoriz ...)
+ TODO: check
+CVE-2020-6231 (SAP Business Objects Business Intelligence Platform (Web Intelligence ...)
+ TODO: check
+CVE-2020-6230 (SAP OrientDB, version 3.0, allows an authenticated attacker with scrip ...)
+ TODO: check
+CVE-2020-6229 (SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME ...)
+ TODO: check
+CVE-2020-6228 (SAP Business Client, versions 6.5, 7.0, does not perform necessary int ...)
+ TODO: check
+CVE-2020-6227 (SAP Business Objects Business Intelligence Platform (CMS / Auditing is ...)
+ TODO: check
+CVE-2020-6226 (SAP Business Objects Business Intelligence Platform (Web Intelligence ...)
+ TODO: check
CVE-2020-6225
RESERVED
-CVE-2020-6224
- RESERVED
-CVE-2020-6223
- RESERVED
-CVE-2020-6222
- RESERVED
-CVE-2020-6221
- RESERVED
+CVE-2020-6224 (SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, ...)
+ TODO: check
+CVE-2020-6223 (The open document of SAP Business Objects Business Intelligence Platfo ...)
+ TODO: check
+CVE-2020-6222 (SAP Business Objects Business Intelligence Platform (Web Intelligence ...)
+ TODO: check
+CVE-2020-6221 (Web Intelligence HTML interface in SAP Business Objects Business Intel ...)
+ TODO: check
CVE-2020-6220
RESERVED
-CVE-2020-6219
- RESERVED
-CVE-2020-6218
- RESERVED
+CVE-2020-6219 (SAP Business Objects Business Intelligence Platform (CrystalReports We ...)
+ TODO: check
+CVE-2020-6218 (Admin tools and Query Builder in SAP Business Objects Business Intelli ...)
+ TODO: check
CVE-2020-6217
RESERVED
-CVE-2020-6216
- RESERVED
+CVE-2020-6216 (SAP Business Objects Business Intelligence Platform (BI Launchpad), ve ...)
+ TODO: check
CVE-2020-6215
RESERVED
-CVE-2020-6214
- RESERVED
+CVE-2020-6214 (SAP S/4HANA (Financial Products Subledger), version 100, uses an incor ...)
+ TODO: check
CVE-2020-6213
RESERVED
CVE-2020-6212
@@ -14300,10 +14307,10 @@ CVE-2020-5741
RESERVED
CVE-2020-5740
RESERVED
-CVE-2020-5739
- RESERVED
-CVE-2020-5738
- RESERVED
+CVE-2020-5739 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable ...)
+ TODO: check
+CVE-2020-5738 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable ...)
+ TODO: check
CVE-2020-5737
RESERVED
CVE-2020-5736 (Amcrest cameras and NVR are vulnerable to a null pointer dereference o ...)
@@ -15383,6 +15390,7 @@ CVE-2020-5261 (Saml2 Authentication services for ASP.NET (NuGet package Sustains
NOT-FOR-US: ASP.NET
CVE-2020-5260
RESERVED
+ {DSA-4657-1}
- git 1:2.26.1-1
NOTE: https://lore.kernel.org/lkml/xmqqy2qy7xn8.fsf@gitster.c.googlers.com/
NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=9a6bbee8006c24b46a85d29e7b38cfa79e9ab21b
@@ -18138,8 +18146,8 @@ CVE-2020-4153
RESERVED
CVE-2020-4152
RESERVED
-CVE-2020-4151
- RESERVED
+CVE-2020-4151 (IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attac ...)
+ TODO: check
CVE-2020-4150
RESERVED
CVE-2020-4149
@@ -27033,8 +27041,8 @@ CVE-2019-18824 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Mi
NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
CVE-2019-18823
RESERVED
-CVE-2019-18822
- RESERVED
+CVE-2019-18822 (A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allo ...)
+ TODO: check
CVE-2019-18821 (Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiCu ...)
NOT-FOR-US: Eximious Logo Designer
CVE-2019-18820 (Eximious Logo Designer 3.82 has Heap Corruption starting at ntdll!Rtlp ...)
@@ -35377,8 +35385,8 @@ CVE-2019-16881 (An issue was discovered in the portaudio-rs crate through 0.3.1
NOT-FOR-US: Rustportaudio-rs crate
CVE-2019-16880 (An issue was discovered in the linea crate through 0.9.4 for Rust. The ...)
NOT-FOR-US: Rust linea crate
-CVE-2019-16879
- RESERVED
+CVE-2019-16879 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...)
+ TODO: check
CVE-2019-16878 (Portainer before 1.22.1 has XSS (issue 2 of 2). ...)
NOT-FOR-US: Portainer
CVE-2019-16877 (Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). ...)
@@ -43872,8 +43880,8 @@ CVE-2019-14328 (The Simple Membership plugin before 3.8.5 for WordPress has CSRF
NOT-FOR-US: Simple Membership plugin for WordPress
CVE-2019-14327 (A CSRF vulnerability in Settings form in the Custom Simple Rss plugin ...)
NOT-FOR-US: Custom Simple Rss plugin for WordPress
-CVE-2019-14326
- RESERVED
+CVE-2019-14326 (An issue was discovered in AndyOS Andy versions up to 46.11.113. By de ...)
+ TODO: check
CVE-2019-14325
RESERVED
CVE-2019-14324
@@ -121026,8 +121034,8 @@ CVE-2018-6404
RESERVED
CVE-2018-6403
RESERVED
-CVE-2018-6402
- RESERVED
+CVE-2018-6402 (Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and c ...)
+ TODO: check
CVE-2018-6401 (Meross MSS110 devices before 1.1.24 contain a TELNET listener providin ...)
NOT-FOR-US: Meross
CVE-2018-6400 (Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privil ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cc2d7cf8f10c67262202da51d045cbd6be9130e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cc2d7cf8f10c67262202da51d045cbd6be9130e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200414/6c0de02a/attachment.html>
More information about the debian-security-tracker-commits
mailing list