[Git][security-tracker-team/security-tracker][master] automatic update

Fri Apr 17 09:10:24 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1e6cf800 by security tracker role at 2020-04-17T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2020-11875
+	RESERVED
+CVE-2020-11874
+	RESERVED
+CVE-2020-11873
+	RESERVED
+CVE-2020-11872 (The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication ...)
+	TODO: check
+CVE-2020-11871
+	RESERVED
+CVE-2020-11870
+	RESERVED
+CVE-2020-11869
+	RESERVED
+CVE-2020-11868 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-pat ...)
+	TODO: check
+CVE-2020-11867
+	RESERVED
+CVE-2020-11866
+	RESERVED
+CVE-2020-11865
+	RESERVED
+CVE-2020-11864
+	RESERVED
+CVE-2020-11863
+	RESERVED
+CVE-2019-20785
+	RESERVED
+CVE-2019-20784
+	RESERVED
+CVE-2019-20783
+	RESERVED
+CVE-2019-20782
+	RESERVED
+CVE-2019-20781
+	RESERVED
+CVE-2019-20780
+	RESERVED
+CVE-2019-20779
+	RESERVED
+CVE-2019-20778
+	RESERVED
+CVE-2019-20777
+	RESERVED
+CVE-2019-20776
+	RESERVED
+CVE-2019-20775
+	RESERVED
+CVE-2019-20774
+	RESERVED
+CVE-2019-20773
+	RESERVED
+CVE-2019-20772
+	RESERVED
+CVE-2019-20771
+	RESERVED
+CVE-2019-20770
+	RESERVED
+CVE-2019-20769
+	RESERVED
 CVE-2020-11862
 	RESERVED
 CVE-2020-11861
@@ -198,82 +258,82 @@ CVE-2020-11768 (Certain NETGEAR devices are affected by Stored XSS. This affects
 	NOT-FOR-US: Netgear
 CVE-2019-20767 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
 	NOT-FOR-US: Netgear
-CVE-2019-20766
-	RESERVED
-CVE-2019-20765
-	RESERVED
-CVE-2019-20764
-	RESERVED
-CVE-2019-20763
-	RESERVED
-CVE-2019-20762
-	RESERVED
-CVE-2019-20761
-	RESERVED
-CVE-2019-20760
-	RESERVED
-CVE-2019-20759
-	RESERVED
-CVE-2019-20758
-	RESERVED
-CVE-2019-20757
-	RESERVED
-CVE-2019-20756
-	RESERVED
-CVE-2019-20755
-	RESERVED
-CVE-2019-20754
-	RESERVED
-CVE-2019-20753
-	RESERVED
-CVE-2019-20752
-	RESERVED
-CVE-2019-20751
-	RESERVED
-CVE-2019-20750
-	RESERVED
-CVE-2019-20749
-	RESERVED
-CVE-2019-20748
-	RESERVED
-CVE-2019-20747
-	RESERVED
-CVE-2019-20746
-	RESERVED
-CVE-2019-20745
-	RESERVED
-CVE-2019-20744
-	RESERVED
-CVE-2019-20743
-	RESERVED
-CVE-2019-20742
-	RESERVED
-CVE-2019-20741
-	RESERVED
-CVE-2019-20740
-	RESERVED
-CVE-2019-20739
-	RESERVED
-CVE-2019-20738
-	RESERVED
-CVE-2019-20737
-	RESERVED
-CVE-2019-20736
-	RESERVED
-CVE-2019-20735
-	RESERVED
-CVE-2019-20734
-	RESERVED
-CVE-2019-20733
-	RESERVED
-CVE-2019-20732
-	RESERVED
-CVE-2019-20731
-	RESERVED
-CVE-2019-20730
-	RESERVED
-CVE-2019-20729
-	RESERVED
+CVE-2019-20766 (NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based bu ...)
+	TODO: check
+CVE-2019-20765 (NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based bu ...)
+	TODO: check
+CVE-2019-20764 (NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based bu ...)
+	TODO: check
+CVE-2019-20763 (NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based bu ...)
+	TODO: check
+CVE-2019-20762 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+	TODO: check
+CVE-2019-20761 (NETGEAR R7800 devices before 1.0.2.62 are affected by command injectio ...)
+	TODO: check
+CVE-2019-20760 (NETGEAR R9000 devices before 1.0.4.26 are affected by authentication b ...)
+	TODO: check
+CVE-2019-20759 (NETGEAR R9000 devices before 1.0.4.26 are affected by stored XSS. ...)
+	TODO: check
+CVE-2019-20758 (NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflo ...)
+	TODO: check
+CVE-2019-20757 (NETGEAR R7800 devices before 1.0.2.62 are affected by command injectio ...)
+	TODO: check
+CVE-2019-20756 (Certain NETGEAR devices are affected by reflected XSS. This affects EX ...)
+	TODO: check
+CVE-2019-20755 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2019-20754 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+	TODO: check
+CVE-2019-20753 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2019-20752 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...)
+	TODO: check
+CVE-2019-20751 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2019-20750 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2019-20749 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2019-20748 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2019-20747 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2019-20746 (Certain NETGEAR devices are affected by reflected XSS. This affects D3 ...)
+	TODO: check
+CVE-2019-20745 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2019-20744 (NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of s ...)
+	TODO: check
+CVE-2019-20743 (NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS. ...)
+	TODO: check
+CVE-2019-20742 (NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS. ...)
+	TODO: check
+CVE-2019-20741 (NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of s ...)
+	TODO: check
+CVE-2019-20740 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2019-20739 (NETGEAR R8500 devices before v1.0.2.128 are affected by a buffer overf ...)
+	TODO: check
+CVE-2019-20738 (Certain NETGEAR devices are affected by stored XSS. This affects D6100 ...)
+	TODO: check
+CVE-2019-20737 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2019-20736 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2019-20735 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2019-20734 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+	TODO: check
+CVE-2019-20733 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2019-20732 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2019-20731 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+	TODO: check
+CVE-2019-20730 (Certain NETGEAR devices are affected by SQL injection. This affects D3 ...)
+	TODO: check
+CVE-2019-20729 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+	TODO: check
 CVE-2019-20728 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
 	NOT-FOR-US: Netgear
 CVE-2019-20727 (Certain NETGEAR devices are affected by command injection by an authen ...)
@@ -15816,8 +15876,8 @@ CVE-2020-5296
 	RESERVED
 CVE-2020-5295
 	RESERVED
-CVE-2020-5294
-	RESERVED
+CVE-2020-5294 (PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflect ...)
+	TODO: check
 CVE-2020-5293
 	RESERVED
 CVE-2020-5292 (Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vuln ...)
@@ -15873,8 +15933,8 @@ CVE-2020-5274 (In Symfony before versions 5.0.5 and 4.4.5, some properties of th
 	NOTE: https://symfony.com/blog/cve-2020-5274-fix-exception-message-escaping-rendered-by-errorhandler
 	NOTE: https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad
 	NOTE: https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db
-CVE-2020-5273
-	RESERVED
+CVE-2020-5273 (In PrestaShop module ps_linklist versions before 3.1.0, there is a sto ...)
+	TODO: check
 CVE-2020-5272
 	RESERVED
 CVE-2020-5271
@@ -15892,8 +15952,8 @@ CVE-2020-5267 (In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a pos
 	[stretch] - rails <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/03/19/1
 	NOTE: https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a (master)
-CVE-2020-5266
-	RESERVED
+CVE-2020-5266 (In the ps_link module for PrestaShop before version 3.1.0, there is a  ...)
+	TODO: check
 CVE-2020-5265
 	RESERVED
 CVE-2020-5264
@@ -39746,7 +39806,8 @@ CVE-2019-15603 (The seefl package v0.1.1 is vulnerable to a stored Cross-Site Sc
 	NOT-FOR-US: seefl
 CVE-2019-15602 (The fileview package v0.1.6 has inadequate output encoding and escapin ...)
 	NOT-FOR-US: fileview
-CVE-2019-15601 (CURL before 7.68.0 lacks proper input validation, which allows users t ...)
+CVE-2019-15601
+	REJECTED
 	- curl <not-affected> (Windows only)
 CVE-2019-15600 (A Path traversal exists in http_server which allows an attacker to rea ...)
 	NOT-FOR-US: Node module http_server
@@ -53981,7 +54042,7 @@ CVE-2019-11287 (Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior
 CVE-2019-11286
 	RESERVED
 CVE-2019-11285
-	RESERVED
+	REJECTED
 CVE-2019-11284 (Pivotal Reactor Netty, versions prior to 0.8.11, passes headers throug ...)
 	NOT-FOR-US: Pivotal
 CVE-2019-11283 (Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outpu ...)
@@ -65881,8 +65942,7 @@ CVE-2019-7308 (kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs
 	NOTE: Fixed by: https://git.kernel.org/linus/d3bd7413e0ca40b60cf60d4003246d067cafdeda
 CVE-2019-7307 (Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2. ...)
 	NOT-FOR-US: Apport
-CVE-2019-7306 [Apport hook may expose sensitive information]
-	RESERVED
+CVE-2019-7306 (Byobu Apport hook may disclose sensitive information since it automati ...)
 	- byobu <unfixed> (unimportant)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/byobu/+bug/1827202
 	NOTE: Issue in /usr/share/apport/package-hooks/source_byobu.py hook,



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e6cf80098fd02b2ada4e78e43aa9b228ac4cdb8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e6cf80098fd02b2ada4e78e43aa9b228ac4cdb8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200417/c6a5e42b/attachment.html>
