[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 16 09:10:24 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
46037fbc by security tracker role at 2020-04-16T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2020-11827
+ RESERVED
+CVE-2020-11826
+ RESERVED
+CVE-2020-11825
+ RESERVED
+CVE-2020-11824
+ RESERVED
+CVE-2020-11823
+ RESERVED
+CVE-2020-11822
+ RESERVED
+CVE-2020-11821
+ RESERVED
+CVE-2020-11820
+ RESERVED
+CVE-2020-11819
+ RESERVED
+CVE-2020-11818
+ RESERVED
+CVE-2020-11817
+ RESERVED
+CVE-2020-11816
+ RESERVED
+CVE-2020-11815
+ RESERVED
+CVE-2020-11814
+ RESERVED
+CVE-2020-11813
+ RESERVED
+CVE-2020-11812
+ RESERVED
+CVE-2020-11811
+ RESERVED
+CVE-2020-11810
+ RESERVED
+CVE-2020-11809
+ RESERVED
+CVE-2020-11808
+ RESERVED
+CVE-2020-11807
+ RESERVED
+CVE-2020-11806
+ RESERVED
+CVE-2020-11805
+ RESERVED
+CVE-2020-11804
+ RESERVED
+CVE-2020-11803
+ RESERVED
+CVE-2020-11802
+ RESERVED
+CVE-2020-11801
+ RESERVED
+CVE-2019-20768
+ RESERVED
CVE-2020-11800
RESERVED
CVE-2020-11799 (Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privile ...)
@@ -236,28 +292,28 @@ CVE-2019-20683
RESERVED
CVE-2019-20682
RESERVED
-CVE-2019-20681
- RESERVED
-CVE-2019-20680
- RESERVED
-CVE-2019-20679
- RESERVED
-CVE-2019-20678
- RESERVED
-CVE-2019-20677
- RESERVED
-CVE-2019-20676
- RESERVED
-CVE-2019-20675
- RESERVED
-CVE-2019-20674
- RESERVED
-CVE-2019-20673
- RESERVED
-CVE-2019-20672
- RESERVED
-CVE-2019-20671
- RESERVED
+CVE-2019-20681 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ TODO: check
+CVE-2019-20680 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ TODO: check
+CVE-2019-20679 (NETGEAR MR1100 devices before 12.06.08.00 are affected by lack of acce ...)
+ TODO: check
+CVE-2019-20678 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...)
+ TODO: check
+CVE-2019-20677 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...)
+ TODO: check
+CVE-2019-20676 (Certain NETGEAR devices are affected by lack of access control at the ...)
+ TODO: check
+CVE-2019-20675 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...)
+ TODO: check
+CVE-2019-20674 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...)
+ TODO: check
+CVE-2019-20673 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...)
+ TODO: check
+CVE-2019-20672 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...)
+ TODO: check
+CVE-2019-20671 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...)
+ TODO: check
CVE-2019-20670 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...)
NOT-FOR-US: Netgear
CVE-2019-20669 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...)
@@ -566,18 +622,18 @@ CVE-2020-11665 (CA API Developer Portal 4.3.1 and earlier handles loginRedirect
NOT-FOR-US: CA API Developer Portal
CVE-2020-11664 (CA API Developer Portal 4.3.1 and earlier handles homeRedirect page re ...)
NOT-FOR-US: CA API Developer Portal
-CVE-2020-11663
- RESERVED
-CVE-2020-11662
- RESERVED
-CVE-2020-11661
- RESERVED
-CVE-2020-11660
- RESERVED
-CVE-2020-11659
- RESERVED
-CVE-2020-11658
- RESERVED
+CVE-2020-11663 (CA API Developer Portal 4.3.1 and earlier handles 404 requests in an i ...)
+ TODO: check
+CVE-2020-11662 (CA API Developer Portal 4.3.1 and earlier handles requests insecurely, ...)
+ TODO: check
+CVE-2020-11661 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...)
+ TODO: check
+CVE-2020-11660 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...)
+ TODO: check
+CVE-2020-11659 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...)
+ TODO: check
+CVE-2020-11658 (CA API Developer Portal 4.3.1 and earlier handles shared secret keys i ...)
+ TODO: check
CVE-2020-11657
RESERVED
CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...)
@@ -2419,8 +2475,8 @@ CVE-2020-10952 (GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/pu
[experimental] - gitlab 12.8.8-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
-CVE-2020-10951
- RESERVED
+CVE-2020-10951 (Western Digital My Cloud Home and ibi devices before 2.2.0 allow click ...)
+ TODO: check
CVE-2020-10950
RESERVED
CVE-2020-10949
@@ -6463,8 +6519,8 @@ CVE-2020-9282 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 b
- mahara <removed>
CVE-2020-9281 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor ...)
NOT-FOR-US: CKEditor plugin
-CVE-2020-9280
- RESERVED
+CVE-2020-9280 (In SilverStripe through 4.5, files uploaded via Forms to folders migra ...)
+ TODO: check
CVE-2020-9279
RESERVED
CVE-2020-9278
@@ -10330,7 +10386,7 @@ CVE-2020-7614 (npm-programmatic through 0.0.12 is vulnerable to Command Injectio
CVE-2020-7613 (clamscan through 1.2.0 is vulnerable to Command Injection. It is possi ...)
NOT-FOR-US: Node clamscan
CVE-2020-7612
- RESERVED
+ REJECTED
CVE-2020-7611 (All versions of io.micronaut:micronaut-http-client before 1.2.11 and a ...)
NOT-FOR-US: io.micronaut:micronaut-http-client
CVE-2020-7610 (All versions of bson before 1.1.4 are vulnerable to Deserialization of ...)
@@ -10595,14 +10651,14 @@ CVE-2020-7488
RESERVED
CVE-2020-7487
RESERVED
-CVE-2020-7486
- RESERVED
-CVE-2020-7485
- RESERVED
-CVE-2020-7484
- RESERVED
-CVE-2020-7483
- RESERVED
+CVE-2020-7486 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TC ...)
+ TODO: check
+CVE-2020-7485 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in th ...)
+ TODO: check
+CVE-2020-7484 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the forme ...)
+ TODO: check
+CVE-2020-7483 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause ce ...)
+ TODO: check
CVE-2020-7482 (A CWE-79:Improper Neutralization of Input During Web Page Generation ( ...)
NOT-FOR-US: Andover Continuum
CVE-2020-7481 (A CWE-79:Improper Neutralization of Input During Web Page Generation ( ...)
@@ -14720,8 +14776,8 @@ CVE-2020-5723 (The UCM6200 series 1.0.20.22 and below stores unencrypted user pa
NOT-FOR-US: UCM6200
CVE-2020-5722 (The HTTP interface of the Grandstream UCM6200 series is vulnerable to ...)
NOT-FOR-US: Grandstream
-CVE-2020-5721
- RESERVED
+CVE-2020-5721 (MikroTik WinBox 3.22 and below stores the user's cleartext password in ...)
+ TODO: check
CVE-2020-5720 (MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerab ...)
NOT-FOR-US: MikroTik WinBox
CVE-2020-5719
@@ -21381,8 +21437,8 @@ CVE-2020-3275
RESERVED
CVE-2020-3274
RESERVED
-CVE-2020-3273
- RESERVED
+CVE-2020-3273 (A vulnerability in the 802.11 Generic Advertisement Service (GAS) fram ...)
+ TODO: check
CVE-2020-3272
RESERVED
CVE-2020-3271
@@ -21403,12 +21459,12 @@ CVE-2020-3264 (A vulnerability in Cisco SD-WAN Solution software could allow an
NOT-FOR-US: Cisco
CVE-2020-3263
RESERVED
-CVE-2020-3262
- RESERVED
-CVE-2020-3261
- RESERVED
-CVE-2020-3260
- RESERVED
+CVE-2020-3262 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...)
+ TODO: check
+CVE-2020-3261 (A vulnerability in the web-based management interface of Cisco Mobilit ...)
+ TODO: check
+CVE-2020-3260 (A vulnerability in Cisco Aironet Series Access Points Software could a ...)
+ TODO: check
CVE-2020-3259
RESERVED
CVE-2020-3258
@@ -21423,34 +21479,34 @@ CVE-2020-3254
RESERVED
CVE-2020-3253
RESERVED
-CVE-2020-3252
- RESERVED
-CVE-2020-3251
- RESERVED
-CVE-2020-3250
- RESERVED
-CVE-2020-3249
- RESERVED
-CVE-2020-3248
- RESERVED
-CVE-2020-3247
- RESERVED
+CVE-2020-3252 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
+ TODO: check
+CVE-2020-3251 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
+ TODO: check
+CVE-2020-3250 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
+ TODO: check
+CVE-2020-3249 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
+ TODO: check
+CVE-2020-3248 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
+ TODO: check
+CVE-2020-3247 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
+ TODO: check
CVE-2020-3246
RESERVED
CVE-2020-3245
RESERVED
CVE-2020-3244
RESERVED
-CVE-2020-3243
- RESERVED
+CVE-2020-3243 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
+ TODO: check
CVE-2020-3242
RESERVED
CVE-2020-3241
RESERVED
-CVE-2020-3240
- RESERVED
-CVE-2020-3239
- RESERVED
+CVE-2020-3240 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
+ TODO: check
+CVE-2020-3239 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
+ TODO: check
CVE-2020-3238
RESERVED
CVE-2020-3237
@@ -21539,8 +21595,8 @@ CVE-2020-3196
RESERVED
CVE-2020-3195
RESERVED
-CVE-2020-3194
- RESERVED
+CVE-2020-3194 (A vulnerability in Cisco Webex Network Recording Player for Microsoft ...)
+ TODO: check
CVE-2020-3193 (A vulnerability in the web-based management interface of Cisco Prime C ...)
NOT-FOR-US: Cisco
CVE-2020-3192 (A vulnerability in the web-based management interface of Cisco Prime C ...)
@@ -21573,8 +21629,8 @@ CVE-2020-3179
RESERVED
CVE-2020-3178
RESERVED
-CVE-2020-3177
- RESERVED
+CVE-2020-3177 (A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) ...)
+ TODO: check
CVE-2020-3176 (A vulnerability in Cisco Remote PHY Device Software could allow an aut ...)
NOT-FOR-US: Cisco
CVE-2020-3175 (A vulnerability in the resource handling system of Cisco NX-OS Softwar ...)
@@ -21603,10 +21659,10 @@ CVE-2020-3164 (A vulnerability in the web-based management interface of Cisco As
NOT-FOR-US: Cisco
CVE-2020-3163 (A vulnerability in the Live Data server of Cisco Unified Contact Cente ...)
NOT-FOR-US: Cisco
-CVE-2020-3162
- RESERVED
-CVE-2020-3161
- RESERVED
+CVE-2020-3162 (A vulnerability in the Constrained Application Protocol (CoAP) impleme ...)
+ TODO: check
+CVE-2020-3161 (A vulnerability in the web server for Cisco IP Phones could allow an u ...)
+ TODO: check
CVE-2020-3160 (A vulnerability in the Extensible Messaging and Presence Protocol (XMP ...)
NOT-FOR-US: Cisco
CVE-2020-3159 (A vulnerability in the web-based management interface of Cisco Finesse ...)
@@ -27782,8 +27838,7 @@ CVE-2020-1634 (On High-End SRX Series devices, in specific configurations and wh
NOT-FOR-US: Juniper
CVE-2020-1633 (Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos ...)
NOT-FOR-US: Juniper
-CVE-2020-1632
- RESERVED
+CVE-2020-1632 (In a certain condition, receipt of a specific BGP UPDATE message might ...)
NOT-FOR-US: Juniper
CVE-2020-1631
RESERVED
@@ -50273,10 +50328,10 @@ CVE-2019-12522 (An issue was discovered in Squid through 4.7. When Squid is run
TODO: check
CVE-2019-12521 (An issue was discovered in Squid through 4.7. When Squid is parsing ES ...)
TODO: check
-CVE-2019-12520
- RESERVED
-CVE-2019-12519
- RESERVED
+CVE-2019-12520 (An issue was discovered in Squid through 4.7 and 5. When receiving a r ...)
+ TODO: check
+CVE-2019-12519 (An issue was discovered in Squid through 4.7. When handling the tag es ...)
+ TODO: check
CVE-2017-18376 (An improper authorization check in the User API in TheHive before 2.13 ...)
NOT-FOR-US: User API in TheHive Project
CVE-2019-12518 (Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46037fbc845987a992e972442ad8833b6b3b83d6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46037fbc845987a992e972442ad8833b6b3b83d6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200416/b1f7b0f3/attachment.html>
More information about the debian-security-tracker-commits
mailing list