[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 21 21:11:18 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
35b1ed85 by security tracker role at 2020-04-21T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,177 @@
-CVE-2020-11968
+CVE-2020-12049
RESERVED
-CVE-2020-11967
+CVE-2020-12048
RESERVED
-CVE-2020-11966
+CVE-2020-12047
RESERVED
-CVE-2020-11965
+CVE-2020-12046
RESERVED
-CVE-2020-11964
+CVE-2020-12045
RESERVED
-CVE-2020-11963
+CVE-2020-12044
RESERVED
+CVE-2020-12043
+ RESERVED
+CVE-2020-12042
+ RESERVED
+CVE-2020-12041
+ RESERVED
+CVE-2020-12040
+ RESERVED
+CVE-2020-12039
+ RESERVED
+CVE-2020-12038
+ RESERVED
+CVE-2020-12037
+ RESERVED
+CVE-2020-12036
+ RESERVED
+CVE-2020-12035
+ RESERVED
+CVE-2020-12034
+ RESERVED
+CVE-2020-12033
+ RESERVED
+CVE-2020-12032
+ RESERVED
+CVE-2020-12031
+ RESERVED
+CVE-2020-12030
+ RESERVED
+CVE-2020-12029
+ RESERVED
+CVE-2020-12028
+ RESERVED
+CVE-2020-12027
+ RESERVED
+CVE-2020-12026
+ RESERVED
+CVE-2020-12025
+ RESERVED
+CVE-2020-12024
+ RESERVED
+CVE-2020-12023
+ RESERVED
+CVE-2020-12022
+ RESERVED
+CVE-2020-12021
+ RESERVED
+CVE-2020-12020
+ RESERVED
+CVE-2020-12019
+ RESERVED
+CVE-2020-12018
+ RESERVED
+CVE-2020-12017
+ RESERVED
+CVE-2020-12016
+ RESERVED
+CVE-2020-12015
+ RESERVED
+CVE-2020-12014
+ RESERVED
+CVE-2020-12013
+ RESERVED
+CVE-2020-12012
+ RESERVED
+CVE-2020-12011
+ RESERVED
+CVE-2020-12010
+ RESERVED
+CVE-2020-12009
+ RESERVED
+CVE-2020-12008
+ RESERVED
+CVE-2020-12007
+ RESERVED
+CVE-2020-12006
+ RESERVED
+CVE-2020-12005
+ RESERVED
+CVE-2020-12004
+ RESERVED
+CVE-2020-12003
+ RESERVED
+CVE-2020-12002
+ RESERVED
+CVE-2020-12001
+ RESERVED
+CVE-2020-12000
+ RESERVED
+CVE-2020-11999
+ RESERVED
+CVE-2020-11998
+ RESERVED
+CVE-2020-11997
+ RESERVED
+CVE-2020-11996
+ RESERVED
+CVE-2020-11995
+ RESERVED
+CVE-2020-11994
+ RESERVED
+CVE-2020-11993
+ RESERVED
+CVE-2020-11992
+ RESERVED
+CVE-2020-11991
+ RESERVED
+CVE-2020-11990
+ RESERVED
+CVE-2020-11989
+ RESERVED
+CVE-2020-11988
+ RESERVED
+CVE-2020-11987
+ RESERVED
+CVE-2020-11986
+ RESERVED
+CVE-2020-11985
+ RESERVED
+CVE-2020-11984
+ RESERVED
+CVE-2020-11983
+ RESERVED
+CVE-2020-11982
+ RESERVED
+CVE-2020-11981
+ RESERVED
+CVE-2020-11980
+ RESERVED
+CVE-2020-11979
+ RESERVED
+CVE-2020-11978
+ RESERVED
+CVE-2020-11977
+ RESERVED
+CVE-2020-11976
+ RESERVED
+CVE-2020-11975
+ RESERVED
+CVE-2020-11974
+ RESERVED
+CVE-2020-11973
+ RESERVED
+CVE-2020-11972
+ RESERVED
+CVE-2020-11971
+ RESERVED
+CVE-2020-11970
+ RESERVED
+CVE-2020-11969
+ RESERVED
+CVE-2020-11968 (In the web-panel in IQrouter through 3.3.1, remote attackers can read ...)
+ TODO: check
+CVE-2020-11967 (In IQrouter through 3.3.1, remote attackers can control the device (re ...)
+ TODO: check
+CVE-2020-11966 (In IQrouter through 3.3.1, the Lua function reset_password in the web- ...)
+ TODO: check
+CVE-2020-11965 (In IQrouter through 3.3.1, there is a root user without a password, wh ...)
+ TODO: check
+CVE-2020-11964 (In IQrouter through 3.3.1, the Lua function diag_set_password in the w ...)
+ TODO: check
+CVE-2020-11963 (IQrouter through 3.3.1, when unconfigured, has multiple remote code ex ...)
+ TODO: check
CVE-2020-11962
RESERVED
CVE-2020-11961
@@ -416,70 +578,70 @@ CVE-2017-18823 (Certain NETGEAR devices are affected by incorrect configuration
NOT-FOR-US: NETGEAR
CVE-2017-18822 (Certain NETGEAR devices are affected by vertical privilege escalation. ...)
NOT-FOR-US: NETGEAR
-CVE-2017-18821
- RESERVED
-CVE-2017-18820
- RESERVED
-CVE-2017-18819
- RESERVED
+CVE-2017-18821 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...)
+ TODO: check
+CVE-2017-18820 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
+ TODO: check
+CVE-2017-18819 (NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6 ...)
+ TODO: check
CVE-2017-18818
RESERVED
CVE-2017-18817
RESERVED
-CVE-2017-18816
- RESERVED
-CVE-2017-18815
- RESERVED
-CVE-2017-18814
- RESERVED
-CVE-2017-18813
- RESERVED
-CVE-2017-18812
- RESERVED
-CVE-2017-18811
- RESERVED
-CVE-2017-18810
- RESERVED
-CVE-2017-18809
- RESERVED
-CVE-2017-18808
- RESERVED
-CVE-2017-18807
- RESERVED
-CVE-2017-18806
- RESERVED
-CVE-2017-18805
- RESERVED
-CVE-2017-18804
- RESERVED
-CVE-2017-18803
- RESERVED
-CVE-2017-18802
- RESERVED
-CVE-2017-18801
- RESERVED
-CVE-2017-18800
- RESERVED
-CVE-2017-18799
- RESERVED
-CVE-2017-18798
- RESERVED
-CVE-2017-18797
- RESERVED
-CVE-2017-18796
- RESERVED
-CVE-2017-18795
- RESERVED
-CVE-2017-18794
- RESERVED
-CVE-2017-18793
- RESERVED
-CVE-2017-18792
- RESERVED
-CVE-2017-18791
- RESERVED
-CVE-2017-18790
- RESERVED
+CVE-2017-18816 (NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6 ...)
+ TODO: check
+CVE-2017-18815 (NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6 ...)
+ TODO: check
+CVE-2017-18814 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
+ TODO: check
+CVE-2017-18813 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
+ TODO: check
+CVE-2017-18812 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
+ TODO: check
+CVE-2017-18811 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
+ TODO: check
+CVE-2017-18810 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
+ TODO: check
+CVE-2017-18809 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
+ TODO: check
+CVE-2017-18808 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
+ TODO: check
+CVE-2017-18807 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
+ TODO: check
+CVE-2017-18806 (Certain NETGEAR devices are affected by command injection. This affect ...)
+ TODO: check
+CVE-2017-18805 (Certain NETGEAR devices are affected by command injection. This affect ...)
+ TODO: check
+CVE-2017-18804 (Certain NETGEAR devices are affected by command injection. This affect ...)
+ TODO: check
+CVE-2017-18803 (NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect config ...)
+ TODO: check
+CVE-2017-18802 (Certain NETGEAR devices are affected by command injection. This affect ...)
+ TODO: check
+CVE-2017-18801 (Certain NETGEAR devices are affected by command injection. This affect ...)
+ TODO: check
+CVE-2017-18800 (Certain NETGEAR devices are affected by reflected XSS. This affects R6 ...)
+ TODO: check
+CVE-2017-18799 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ TODO: check
+CVE-2017-18798 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ TODO: check
+CVE-2017-18797 (Certain NETGEAR devices are affected by an attacker's ability to read ...)
+ TODO: check
+CVE-2017-18796 (Certain NETGEAR devices are affected by command injection. This affect ...)
+ TODO: check
+CVE-2017-18795 (Certain NETGEAR devices are affected by command injection. This affect ...)
+ TODO: check
+CVE-2017-18794 (Certain NETGEAR devices are affected by command injection. This affect ...)
+ TODO: check
+CVE-2017-18793 (NETGEAR R7800 devices before 1.0.2.36 are affected by command injectio ...)
+ TODO: check
+CVE-2017-18792 (NETGEAR D6100 devices before 1.0.0.50_0.0.50 are affected by command i ...)
+ TODO: check
+CVE-2017-18791 (Certain NETGEAR devices are affected by CSRF. This affects R6050/JR615 ...)
+ TODO: check
+CVE-2017-18790 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ TODO: check
CVE-2017-18789
RESERVED
CVE-2017-18788
@@ -748,12 +910,12 @@ CVE-2020-11893
RESERVED
CVE-2020-11892
RESERVED
-CVE-2020-11891
- RESERVED
-CVE-2020-11890
- RESERVED
-CVE-2020-11889
- RESERVED
+CVE-2020-11891 (An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks ...)
+ TODO: check
+CVE-2020-11890 (An issue was discovered in Joomla! before 3.9.17. Improper input valid ...)
+ TODO: check
+CVE-2020-11889 (An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks ...)
+ TODO: check
CVE-2020-11888 (python-markdown2 through 2.3.8 allows XSS because element names are mi ...)
TODO: check
CVE-2020-11887 (svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an ...)
@@ -924,8 +1086,8 @@ CVE-2020-11830
RESERVED
CVE-2020-11829
RESERVED
-CVE-2020-11828
- RESERVED
+CVE-2020-11828 (In ColorOS (oppo mobile phone operating system, based on AOSP framewor ...)
+ TODO: check
CVE-2020-11827
RESERVED
CVE-2020-11826 (Users can lock their notes with a password in Memono version 3.8. Thus ...)
@@ -1411,12 +1573,12 @@ CVE-2020-11731 (The Media Library Assistant plugin before 2.82 for Wordpress suf
CVE-2020-11730
RESERVED
CVE-2020-11729 (An issue was discovered in DAViCal Andrew's Web Libraries (AWL) throug ...)
- {DLA-2178-1}
+ {DSA-4660-1 DLA-2178-1}
- awl 0.61-1 (bug #956650)
NOTE: https://gitlab.com/davical-project/awl/-/issues/18
NOTE: https://gitlab.com/davical-project/awl/-/commit/535505c9acd0dda9cf664c38f5f8cb8dd61dc0cd
CVE-2020-11728 (An issue was discovered in DAViCal Andrew's Web Libraries (AWL) throug ...)
- {DLA-2178-1}
+ {DSA-4660-1 DLA-2178-1}
- awl 0.61-1 (bug #956650)
NOTE: https://gitlab.com/davical-project/awl/-/issues/19
NOTE: https://gitlab.com/davical-project/awl/-/commit/c2e808cc2420f8d870ac0a4aa9cc1f2c90562428
@@ -3272,8 +3434,7 @@ CVE-2020-11010 (In Tortoise ORM before versions 0.15.23 and 0.16.6, various form
TODO: check
CVE-2020-11009
RESERVED
-CVE-2020-11008
- RESERVED
+CVE-2020-11008 (Affected versions of Git have a vulnerability whereby Git can be trick ...)
{DSA-4659-1}
- git 1:2.26.2-1
NOTE: https://lore.kernel.org/lkml/xmqq4kterq5s.fsf@gitster.c.googlers.com/
@@ -4051,10 +4212,10 @@ CVE-2020-10789 (openITCOCKPIT before 3.7.3 has a web-based terminal that allows
NOT-FOR-US: openITCOCKPIT
CVE-2020-10788 (openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a941523 ...)
NOT-FOR-US: openITCOCKPIT
-CVE-2020-10787
- RESERVED
-CVE-2020-10786
- RESERVED
+CVE-2020-10787 (An elevation of privilege in Vesta Control Panel through 0.9.8-26 allo ...)
+ TODO: check
+CVE-2020-10786 (A remote command execution in Vesta Control Panel through 0.9.8-26 all ...)
+ TODO: check
CVE-2020-10785
RESERVED
CVE-2020-10784
@@ -4622,8 +4783,8 @@ CVE-2020-10571 (An issue was discovered in psd-tools before 1.9.4. The Cython im
NOT-FOR-US: psd-tools
CVE-2020-10570 (The Telegram application through 5.12 for Android, when Show Popup is ...)
NOT-FOR-US: Telegram for Android
-CVE-2020-10569
- RESERVED
+CVE-2020-10569 (SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, w ...)
+ TODO: check
CVE-2020-10568 (The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for Word ...)
NOT-FOR-US: sitepress-multilingual-cms (WPML) plugin for WordPress
CVE-2020-10567 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...)
@@ -8393,8 +8554,8 @@ CVE-2020-8897
RESERVED
CVE-2020-8896
RESERVED
-CVE-2020-8895
- RESERVED
+CVE-2020-8895 (A vulnerability in the windows installer of Google Earth Pro versions ...)
+ TODO: check
CVE-2020-8894 (An issue was discovered in MISP before 2.4.121. ACLs for discussion th ...)
NOT-FOR-US: MISP
CVE-2020-8893 (An issue was discovered in MISP before 2.4.121. The Galaxy view contai ...)
@@ -8520,8 +8681,8 @@ CVE-2020-8844 (This vulnerability allows remote attackers to execute arbitrary c
NOT-FOR-US: Foxit Reader
CVE-2020-8843 (An issue was discovered in Istio 1.3 through 1.3.6. Under certain circ ...)
NOT-FOR-US: itsio
-CVE-2020-8842
- RESERVED
+CVE-2020-8842 (Unquoted search path vulnerability in MSI True Color before 3.0.52.0 a ...)
+ TODO: check
CVE-2020-8841 (An issue was discovered in TestLink 1.9.19. The relation_type paramete ...)
NOT-FOR-US: TestLink
CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean- ...)
@@ -10203,8 +10364,8 @@ CVE-2020-8101
RESERVED
CVE-2020-8100
RESERVED
-CVE-2020-8099
- RESERVED
+CVE-2020-8099 (A vulnerability in the improper handling of junctions in Bitdefender A ...)
+ TODO: check
CVE-2020-8098
RESERVED
CVE-2020-8097
@@ -16079,7 +16240,7 @@ CVE-2020-5571
RESERVED
CVE-2020-5570
RESERVED
-CVE-2020-5569 (An unquoted search path vulnerability exists HDD Password tool (for Wi ...)
+CVE-2020-5569 (An unquoted search path vulnerability exists in HDD Password tool (for ...)
NOT-FOR-US: HDD Password tool (CANVIO)
CVE-2020-5568
RESERVED
@@ -16800,8 +16961,8 @@ CVE-2020-5270 (In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an o
NOT-FOR-US: PrestaShop
CVE-2020-5269 (In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflect ...)
NOT-FOR-US: PrestaShop
-CVE-2020-5268
- RESERVED
+CVE-2020-5268 (In Saml2 Authentication Services for ASP.NET before versions 2.7.0 and ...)
+ TODO: check
CVE-2020-5267 (In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible ...)
{DLA-2149-1}
- rails 2:5.2.4.1+dfsg-2 (bug #954304)
@@ -25825,8 +25986,8 @@ CVE-2020-1969
RESERVED
CVE-2020-1968
RESERVED
-CVE-2020-1967
- RESERVED
+CVE-2020-1967 (Server or client applications that call the SSL_check_chain() function ...)
+ {DSA-4661-1}
- openssl <unfixed>
[stretch] - openssl <not-affected> (Only affects 1.1.1d to 1.1.1f)
[jessie] - openssl <not-affected> (Only affects 1.1.1d to 1.1.1f)
@@ -26852,8 +27013,7 @@ CVE-2020-1759 (A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat O
NOTE: https://www.openwall.com/lists/oss-security/2020/04/07/2
CVE-2020-1758
RESERVED
-CVE-2020-1757
- RESERVED
+CVE-2020-1757 (A flaw was found in all undertow-2.x.x SP1 versions prior to undertow- ...)
- undertow <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1752770
CVE-2020-1756
@@ -27088,8 +27248,7 @@ CVE-2020-1700 (A flaw was found in the way the Ceph RGW Beast front-end handles
NOTE: https://tracker.ceph.com/issues/42531
NOTE: https://github.com/ceph/ceph/pull/33017
NOTE: https://github.com/ceph/ceph/commit/ff72c50a2c43c57aead933eb4903ad1ca6d1748a
-CVE-2020-1699 [improper URL checking leads to information disclosure]
- RESERVED
+CVE-2020-1699 (A path traversal flaw was found in the Ceph dashboard implemented in u ...)
- ceph 14.2.6-4 (bug #949206)
[buster] - ceph <not-affected> (Vulnerable code introduced later)
[stretch] - ceph <not-affected> (Vulnerable code introduced later)
@@ -35218,8 +35377,8 @@ CVE-2019-17527 (dataForDepandantField in models/custormfields.php in the JS JOBS
NOT-FOR-US: JS JOBS FREE extension for Joomla!
CVE-2019-17526 (** DISPUTED ** An issue was discovered in SageMath Sage Cell Server th ...)
NOT-FOR-US: Sage Cell Server (not part of SafeMath as packaged in Debian)
-CVE-2019-17525
- RESERVED
+CVE-2019-17525 (The login page on D-Link DIR-615 T1 20.10 devices allows remote attack ...)
+ TODO: check
CVE-2019-17524 (An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows r ...)
NOT-FOR-US: Technicolor TC7300 STFA.51.20 devices
CVE-2019-17523 (An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows r ...)
@@ -62490,10 +62649,10 @@ CVE-2019-8963
RESERVED
CVE-2019-8962
RESERVED
-CVE-2019-8961
- RESERVED
-CVE-2019-8960
- RESERVED
+CVE-2019-8961 (A Denial of Service vulnerability related to stack exhaustion has been ...)
+ TODO: check
+CVE-2019-8960 (A Denial of Service vulnerability related to command handling has been ...)
+ TODO: check
CVE-2019-8959
RESERVED
CVE-2019-8958
@@ -73970,8 +74129,8 @@ CVE-2019-4329 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses inc
NOT-FOR-US: IBM
CVE-2019-4328
RESERVED
-CVE-2019-4327
- RESERVED
+CVE-2019-4327 ("HCL AppScan Enterprise uses hard-coded credentials which can be explo ...)
+ TODO: check
CVE-2019-4326
RESERVED
CVE-2019-4325
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35b1ed855419b366ce378f1ec029258f16c83601
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35b1ed855419b366ce378f1ec029258f16c83601
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200421/7251740d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list