[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Apr 15 09:10:25 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
091a886a by security tracker role at 2020-04-15T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2020-11767 (Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. I ...)
+ TODO: check
+CVE-2020-11766
+ RESERVED
+CVE-2020-11765 (An issue was discovered in OpenEXR before 2.4.1. There is an off-by-on ...)
+ TODO: check
+CVE-2020-11764 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
+ TODO: check
+CVE-2020-11763 (An issue was discovered in OpenEXR before 2.4.1. There is an std::vect ...)
+ TODO: check
+CVE-2020-11762 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
+ TODO: check
+CVE-2020-11761 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
+ TODO: check
+CVE-2020-11760 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
+ TODO: check
+CVE-2020-11759 (An issue was discovered in OpenEXR before 2.4.1. Because of integer ov ...)
+ TODO: check
+CVE-2020-11758 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
+ TODO: check
+CVE-2020-11757
+ RESERVED
+CVE-2020-11756
+ RESERVED
+CVE-2020-11755
+ RESERVED
+CVE-2020-11754
+ RESERVED
+CVE-2020-11753
+ RESERVED
+CVE-2020-11752
+ RESERVED
+CVE-2020-11751
+ RESERVED
+CVE-2020-11750
+ RESERVED
CVE-2020-11749
RESERVED
CVE-2020-11748
@@ -70,8 +106,8 @@ CVE-2020-11724 (An issue was discovered in OpenResty before 1.15.8.4. ngx_http_l
CVE-2020-11725 (** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux k ...)
- linux <unfixed>
NOTE: https://twitter.com/yabbadabbadrew/status/1248632267028582400
-CVE-2020-11723
- RESERVED
+CVE-2020-11723 (Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys ...)
+ TODO: check
CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote ...)
- crawl <unfixed>
NOTE: https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html
@@ -1898,16 +1934,16 @@ CVE-2020-11007
RESERVED
CVE-2020-11006
RESERVED
-CVE-2020-11005
- RESERVED
+CVE-2020-11005 (The WindowsHello open source library (NuGet HaemmerElectronics.SeppPen ...)
+ TODO: check
CVE-2020-11004
RESERVED
-CVE-2020-11003
- RESERVED
+CVE-2020-11003 (Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vuln ...)
+ TODO: check
CVE-2020-11002 (dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote co ...)
TODO: check
-CVE-2020-11001
- RESERVED
+CVE-2020-11001 (In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XS ...)
+ TODO: check
CVE-2020-11000 (GreenBrowser before version 1.2 has a vulnerability where apps that re ...)
NOT-FOR-US: GreenBrowser
CVE-2020-10999
@@ -2082,6 +2118,7 @@ CVE-2020-10940 (Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO
CVE-2020-10939 (Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT thro ...)
NOT-FOR-US: PHOENIX CONTACT
CVE-2020-10938 (GraphicsMagick before 1.3.35 has an integer overflow and resultant hea ...)
+ {DLA-2173-1}
- graphicsmagick 1.4+really1.3.34-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/95abc2b694ce
CVE-2020-10937
@@ -3327,26 +3364,26 @@ CVE-2020-10516
RESERVED
CVE-2020-10515 (STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting ...)
NOT-FOR-US: STARFACE UCC Client
-CVE-2020-10514
- RESERVED
-CVE-2020-10513
- RESERVED
-CVE-2020-10512
- RESERVED
-CVE-2020-10511
- RESERVED
+CVE-2020-10514 (iCatch DVR do not validate function parameter properly, resulting atta ...)
+ TODO: check
+CVE-2020-10513 (The file management interface of iCatch DVR contains broken access con ...)
+ TODO: check
+CVE-2020-10512 (HGiga C&Cmail contains a SQL Injection vulnerability which allows ...)
+ TODO: check
+CVE-2020-10511 (HGiga C&Cmail contains insecure configurations. Attackers can expl ...)
+ TODO: check
CVE-2020-10510 (Sunnet eHRD, a human training and development management system, conta ...)
NOT-FOR-US: Sunnet eHRD
CVE-2020-10509 (Sunnet eHRD, a human training and development management system, conta ...)
NOT-FOR-US: Sunnet eHRD
CVE-2020-10508 (Sunnet eHRD, a human training and development management system, impro ...)
NOT-FOR-US: Sunnet eHRD
-CVE-2020-10507
- RESERVED
-CVE-2020-10506
- RESERVED
-CVE-2020-10505
- RESERVED
+CVE-2020-10507 (The School Manage System, developed by ALLE INFORMATION CO., LTD., con ...)
+ TODO: check
+CVE-2020-10506 (The School Manage System, developed by ALLE INFORMATION CO., LTD., con ...)
+ TODO: check
+CVE-2020-10505 (The School Manage System, developed by ALLE INFORMATION CO., LTD., con ...)
+ TODO: check
CVE-2020-10504 (CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Languag ...)
NOT-FOR-US: Chadha PHPKB
CVE-2020-10503 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...)
@@ -4009,6 +4046,7 @@ CVE-2020-10190 (An issue was discovered in MunkiReport before 5.3.0. An authenti
CVE-2020-10189 (Zoho ManageEngine Desktop Central before 10.0.474 allows remote code e ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote attac ...)
+ {DLA-2176-1}
- inetutils 2:1.9.4-12 (bug #956084)
- netkit-telnet 0.17-18woody2 (bug #953477)
- netkit-telnet-ssl 0.17.17+0.1-2woody3 (bug #953478)
@@ -5819,8 +5857,8 @@ CVE-2020-9391 (An issue was discovered in the Linux kernel 5.4 and 5.5 through 5
NOTE: https://git.kernel.org/linus/dcde237319e626d1ec3c9d8b7613032f0fd4663a
CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because mul ...)
- zint <itp> (bug #732141)
-CVE-2020-9384
- RESERVED
+CVE-2020-9384 (An Insecure Direct Object Reference (IDOR) vulnerability in the Change ...)
+ TODO: check
CVE-2020-9383 (An issue was discovered in the Linux kernel through 5.5.6. set_fdc in ...)
- linux 5.5.13-1
NOTE: https://git.kernel.org/linus/2e90ca68b0d2f5548804f22f0dd61145516171e3
@@ -7047,6 +7085,7 @@ CVE-2020-8866 (This vulnerability allows remote attackers to create arbitrary fi
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-275/
NOTE: https://github.com/horde/Form/commit/813f8e7e9479fad4546b89c569325ee9eef60b0f
CVE-2020-8865 (This vulnerability allows remote attackers to execute local PHP files ...)
+ {DLA-2175-1}
- php-horde-trean <unfixed> (bug #955019)
[buster] - php-horde-trean <no-dsa> (Minor issue)
[stretch] - php-horde-trean <no-dsa> (Minor issue)
@@ -7854,6 +7893,7 @@ CVE-2020-8520
CVE-2020-8519
RESERVED
CVE-2020-8518 (Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary P ...)
+ {DLA-2174-1}
- php-horde-data <unfixed> (bug #951537)
[buster] - php-horde-data <no-dsa> (Minor issue)
[stretch] - php-horde-data <no-dsa> (Minor issue)
@@ -8294,14 +8334,14 @@ CVE-2020-8329
RESERVED
CVE-2020-8328
RESERVED
-CVE-2020-8327
- RESERVED
+CVE-2020-8327 (A privilege escalation vulnerability was reported in LenovoBatteryGaug ...)
+ TODO: check
CVE-2020-8326
RESERVED
CVE-2020-8325
RESERVED
-CVE-2020-8324
- RESERVED
+CVE-2020-8324 (A vulnerability was reported in LenovoAppScenarioPluginSystem for Leno ...)
+ TODO: check
CVE-2020-8323
RESERVED
CVE-2020-8322
@@ -8310,14 +8350,14 @@ CVE-2020-8321
RESERVED
CVE-2020-8320
RESERVED
-CVE-2020-8319
- RESERVED
-CVE-2020-8318
- RESERVED
+CVE-2020-8319 (A privilege escalation vulnerability was reported in Lenovo System Int ...)
+ TODO: check
+CVE-2020-8318 (A privilege escalation vulnerability was reported in the LenovoSystemU ...)
+ TODO: check
CVE-2020-8317
RESERVED
-CVE-2020-8316
- RESERVED
+CVE-2020-8316 (A vulnerability was reported in Lenovo Vantage prior to version 10.200 ...)
+ TODO: check
CVE-2020-8428 (fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky u ...)
- linux 5.4.19-1
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -10042,10 +10082,10 @@ CVE-2020-7577
RESERVED
CVE-2020-7576
RESERVED
-CVE-2020-7575
- RESERVED
-CVE-2020-7574
- RESERVED
+CVE-2020-7575 (A vulnerability has been identified in Climatix POL908 (BACnet/IP modu ...)
+ TODO: check
+CVE-2020-7574 (A vulnerability has been identified in Climatix POL908 (BACnet/IP modu ...)
+ TODO: check
CVE-2020-7573
RESERVED
CVE-2020-7572
@@ -13284,8 +13324,8 @@ CVE-2020-6227 (SAP Business Objects Business Intelligence Platform (CMS / Auditi
NOT-FOR-US: SAP
CVE-2020-6226 (SAP Business Objects Business Intelligence Platform (Web Intelligence ...)
NOT-FOR-US: SAP
-CVE-2020-6225
- RESERVED
+CVE-2020-6225 (SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7 ...)
+ TODO: check
CVE-2020-6224 (SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, ...)
NOT-FOR-US: SAP
CVE-2020-6223 (The open document of SAP Business Objects Business Intelligence Platfo ...)
@@ -13300,20 +13340,20 @@ CVE-2020-6219 (SAP Business Objects Business Intelligence Platform (CrystalRepor
NOT-FOR-US: SAP
CVE-2020-6218 (Admin tools and Query Builder in SAP Business Objects Business Intelli ...)
NOT-FOR-US: SAP
-CVE-2020-6217
- RESERVED
+CVE-2020-6217 (SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, ver ...)
+ TODO: check
CVE-2020-6216 (SAP Business Objects Business Intelligence Platform (BI Launchpad), ve ...)
NOT-FOR-US: SAP
-CVE-2020-6215
- RESERVED
+CVE-2020-6215 (SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, ver ...)
+ TODO: check
CVE-2020-6214 (SAP S/4HANA (Financial Products Subledger), version 100, uses an incor ...)
NOT-FOR-US: SAP
CVE-2020-6213
RESERVED
CVE-2020-6212
RESERVED
-CVE-2020-6211
- RESERVED
+CVE-2020-6211 (SAP Business Objects Business Intelligence Platform (AdminTools), vers ...)
+ TODO: check
CVE-2020-6210 (SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode ...)
NOT-FOR-US: SAP
CVE-2020-6209 (SAP Disclosure Management, version 10.1, does not perform necessary au ...)
@@ -13344,8 +13384,8 @@ CVE-2020-6197 (SAP Enable Now, before version 1908, does not invalidate session
NOT-FOR-US: SAP
CVE-2020-6196 (SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an a ...)
NOT-FOR-US: SAP
-CVE-2020-6195
- RESERVED
+CVE-2020-6195 (SAP Business Objects Business Intelligence Platform (CMC), version 4.1 ...)
+ TODO: check
CVE-2020-6194
RESERVED
CVE-2020-6193 (SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, ...)
@@ -15388,8 +15428,7 @@ CVE-2020-5262 (In EasyBuild before version 4.1.2, the GitHub Personal Access Tok
NOT-FOR-US: EasyBuild
CVE-2020-5261 (Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Sa ...)
NOT-FOR-US: ASP.NET
-CVE-2020-5260
- RESERVED
+CVE-2020-5260 (Affected versions of Git have a vulnerability whereby Git can be trick ...)
{DSA-4657-1}
- git 1:2.26.1-1
NOTE: https://lore.kernel.org/lkml/xmqqy2qy7xn8.fsf@gitster.c.googlers.com/
@@ -19246,8 +19285,8 @@ CVE-2020-3934 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance M
NOT-FOR-US: Secom Co. Dr.ID
CVE-2020-3933 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Manage ...)
NOT-FOR-US: Secom Co. Dr.ID
-CVE-2020-3932
- RESERVED
+CVE-2020-3932 (A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may ...)
+ TODO: check
CVE-2020-3931
RESERVED
CVE-2020-3930
@@ -25735,10 +25774,10 @@ CVE-2019-19303
RESERVED
CVE-2019-19302
RESERVED
-CVE-2019-19301
- RESERVED
-CVE-2019-19300
- RESERVED
+CVE-2019-19301 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
+ TODO: check
+CVE-2019-19300 (A vulnerability has been identified in KTK ATE530S (All versions), SID ...)
+ TODO: check
CVE-2019-19299 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
CVE-2019-19298 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
@@ -54361,8 +54400,8 @@ CVE-2019-10941
RESERVED
CVE-2019-10940 (A vulnerability has been identified in SINEMA Server (All versions < ...)
NOT-FOR-US: Siemens
-CVE-2019-10939
- RESERVED
+CVE-2019-10939 (A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET var ...)
+ TODO: check
CVE-2019-10938 (A vulnerability has been identified in SIPROTEC 5 devices with CPU var ...)
NOT-FOR-US: Ethernet plug-in communication modules for SIPROTEC 5 devices
CVE-2019-10937 (A vulnerability has been identified in SIMATIC TDC CP51M1 (All version ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/091a886aef9881fa757c8a395c48333a13f11732
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/091a886aef9881fa757c8a395c48333a13f11732
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200415/4321a14f/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list