[Git][security-tracker-team/security-tracker][master] automatic update

Wed Apr 22 21:10:30 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e2fcd71 by security tracker role at 2020-04-22T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2020-12070
+	RESERVED
+CVE-2020-12069
+	RESERVED
+CVE-2020-12068
+	RESERVED
+CVE-2020-12067
+	RESERVED
+CVE-2020-12066 (CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before ...)
+	TODO: check
+CVE-2020-12065
+	RESERVED
+CVE-2020-12064
+	RESERVED
+CVE-2020-12063
+	RESERVED
+CVE-2020-12062
+	RESERVED
+CVE-2020-12061
+	RESERVED
+CVE-2020-12060
+	RESERVED
+CVE-2020-12059 (An issue was discovered in Ceph through 13.2.9. A POST request with an ...)
+	TODO: check
+CVE-2019-20787 (Teeworlds before 0.7.4 has an integer overflow when computing a tilema ...)
+	TODO: check
 CVE-2020-12058
 	RESERVED
 CVE-2020-12057
@@ -246,8 +272,8 @@ CVE-2020-11940
 	RESERVED
 CVE-2020-11939
 	RESERVED
-CVE-2020-11938
-	RESERVED
+CVE-2020-11938 (In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator ...)
+	TODO: check
 CVE-2020-11937
 	RESERVED
 CVE-2020-11936
@@ -464,46 +490,46 @@ CVE-2018-21132
 	RESERVED
 CVE-2018-21131
 	RESERVED
-CVE-2018-21130
-	RESERVED
-CVE-2018-21129
-	RESERVED
-CVE-2018-21128
-	RESERVED
-CVE-2018-21127
-	RESERVED
-CVE-2018-21126
-	RESERVED
-CVE-2018-21125
-	RESERVED
-CVE-2018-21124
-	RESERVED
-CVE-2018-21123
-	RESERVED
-CVE-2018-21122
-	RESERVED
-CVE-2018-21121
-	RESERVED
-CVE-2018-21120
-	RESERVED
-CVE-2018-21119
-	RESERVED
-CVE-2018-21118
-	RESERVED
-CVE-2018-21117
-	RESERVED
-CVE-2018-21116
-	RESERVED
-CVE-2018-21115
-	RESERVED
-CVE-2018-21114
-	RESERVED
-CVE-2018-21113
-	RESERVED
-CVE-2018-21112
-	RESERVED
-CVE-2018-21111
-	RESERVED
+CVE-2018-21130 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+	TODO: check
+CVE-2018-21129 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+	TODO: check
+CVE-2018-21128 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+	TODO: check
+CVE-2018-21127 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+	TODO: check
+CVE-2018-21126 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+	TODO: check
+CVE-2018-21125 (NETGEAR WAC510 devices before 5.0.0.17 are affected by authentication  ...)
+	TODO: check
+CVE-2018-21124 (NETGEAR WAC510 devices before 5.0.0.17 are affected by privilege escal ...)
+	TODO: check
+CVE-2018-21123 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+	TODO: check
+CVE-2018-21122 (Certain NETGEAR devices are affected by denial of service. This affect ...)
+	TODO: check
+CVE-2018-21121 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+	TODO: check
+CVE-2018-21120 (Certain NETGEAR devices are affected by CSRF. This affects WAC120 befo ...)
+	TODO: check
+CVE-2018-21119 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2018-21118 (NETGEAR XR500 devices before 2.3.2.32 are affected by authentication b ...)
+	TODO: check
+CVE-2018-21117 (NETGEAR XR500 devices before 2.3.2.32 are affected by remote code exec ...)
+	TODO: check
+CVE-2018-21116 (NETGEAR XR500 devices before 2.3.2.32 are affected by remote code exec ...)
+	TODO: check
+CVE-2018-21115 (NETGEAR XR500 devices before 2.3.2.32 are affected by remote code exec ...)
+	TODO: check
+CVE-2018-21114 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2018-21113 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+	TODO: check
+CVE-2018-21112 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2018-21111 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
 CVE-2018-21110
 	RESERVED
 CVE-2018-21109
@@ -666,82 +692,82 @@ CVE-2017-18791 (Certain NETGEAR devices are affected by CSRF. This affects R6050
 	NOT-FOR-US: Netgear
 CVE-2017-18790 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
 	NOT-FOR-US: Netgear
-CVE-2017-18789
-	RESERVED
-CVE-2017-18788
-	RESERVED
-CVE-2017-18787
-	RESERVED
-CVE-2017-18786
-	RESERVED
-CVE-2017-18785
-	RESERVED
-CVE-2017-18784
-	RESERVED
-CVE-2017-18783
-	RESERVED
-CVE-2017-18782
-	RESERVED
-CVE-2017-18781
-	RESERVED
-CVE-2017-18780
-	RESERVED
-CVE-2017-18779
-	RESERVED
-CVE-2017-18778
-	RESERVED
-CVE-2017-18777
-	RESERVED
-CVE-2017-18776
-	RESERVED
-CVE-2017-18775
-	RESERVED
+CVE-2017-18789 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+	TODO: check
+CVE-2017-18788 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2017-18787 (Certain NETGEAR devices are affected by command injection. This affect ...)
+	TODO: check
+CVE-2017-18786 (Certain NETGEAR devices are affected by command injection. This affect ...)
+	TODO: check
+CVE-2017-18785 (Certain NETGEAR devices are affected by XSS. This affects D3600 before ...)
+	TODO: check
+CVE-2017-18784 (Certain NETGEAR devices are affected by XSS. This affects D6200 before ...)
+	TODO: check
+CVE-2017-18783 (Certain NETGEAR devices are affected by XSS. This affects D6200 before ...)
+	TODO: check
+CVE-2017-18782 (Certain NETGEAR devices are affected by CSRF. This affects D6200 befor ...)
+	TODO: check
+CVE-2017-18781 (Certain NETGEAR devices are affected by CSRF. This affects D6200 befor ...)
+	TODO: check
+CVE-2017-18780 (Certain NETGEAR devices are affected by denial of service. This affect ...)
+	TODO: check
+CVE-2017-18779 (Certain NETGEAR devices are affected by a buffer overflow. This affect ...)
+	TODO: check
+CVE-2017-18778 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+	TODO: check
+CVE-2017-18777 (Certain NETGEAR devices are affected by administrative password disclo ...)
+	TODO: check
+CVE-2017-18776 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+	TODO: check
+CVE-2017-18775 (Certain NETGEAR devices are affected by CSRF. This affects R6100 befor ...)
+	TODO: check
 CVE-2017-18774
 	RESERVED
-CVE-2017-18773
-	RESERVED
-CVE-2017-18772
-	RESERVED
+CVE-2017-18773 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2017-18772 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+	TODO: check
 CVE-2017-18771
 	RESERVED
-CVE-2017-18770
-	RESERVED
-CVE-2017-18769
-	RESERVED
-CVE-2017-18768
-	RESERVED
-CVE-2017-18767
-	RESERVED
-CVE-2017-18766
-	RESERVED
-CVE-2017-18765
-	RESERVED
-CVE-2017-18764
-	RESERVED
-CVE-2017-18763
-	RESERVED
-CVE-2017-18762
-	RESERVED
-CVE-2017-18761
-	RESERVED
+CVE-2017-18770 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+	TODO: check
+CVE-2017-18769 (Certain NETGEAR devices are affected by an attacker's ability to read  ...)
+	TODO: check
+CVE-2017-18768 (Certain NETGEAR devices are affected by CSRF. This affects EX6100 befo ...)
+	TODO: check
+CVE-2017-18767 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2017-18766 (Certain NETGEAR devices are affected by an attacker's ability to read  ...)
+	TODO: check
+CVE-2017-18765 (Certain NETGEAR devices are affected by denial of service. This affect ...)
+	TODO: check
+CVE-2017-18764 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+	TODO: check
+CVE-2017-18763 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+	TODO: check
+CVE-2017-18762 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+	TODO: check
+CVE-2017-18761 (NETGEAR R8000 devices before 1.0.4.2 are affected by a stack-based buf ...)
+	TODO: check
 CVE-2017-18760
 	RESERVED
-CVE-2017-18759
-	RESERVED
-CVE-2017-18758
-	RESERVED
-CVE-2017-18757
-	RESERVED
-CVE-2017-18756
-	RESERVED
-CVE-2017-18755
-	RESERVED
-CVE-2017-18754
-	RESERVED
+CVE-2017-18759 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2017-18758 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2017-18757 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+	TODO: check
+CVE-2017-18756 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+	TODO: check
+CVE-2017-18755 (Certain NETGEAR devices are affected by CSRF. This affects R6300v2 bef ...)
+	TODO: check
+CVE-2017-18754 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
 CVE-2017-18753
 	RESERVED
-CVE-2017-18752
-	RESERVED
+CVE-2017-18752 (Certain NETGEAR devices are affected by an attacker's ability to read  ...)
+	TODO: check
 CVE-2017-18751
 	RESERVED
 CVE-2017-18750
@@ -1182,10 +1208,10 @@ CVE-2020-11798
 	RESERVED
 CVE-2020-11797
 	RESERVED
-CVE-2020-11796
-	RESERVED
-CVE-2020-11795
-	RESERVED
+CVE-2020-11796 (In JetBrains Space through 2020-04-22, the password authentication imp ...)
+	TODO: check
+CVE-2020-11795 (In JetBrains Space through 2020-04-22, the session timeout period was  ...)
+	TODO: check
 CVE-2020-11794
 	RESERVED
 CVE-2020-11793 (A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKi ...)
@@ -1689,24 +1715,24 @@ CVE-2020-11695
 	RESERVED
 CVE-2020-11694 (In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarizatio ...)
 	- pycharm <itp> (bug #742394)
-CVE-2020-11693
-	RESERVED
-CVE-2020-11692
-	RESERVED
-CVE-2020-11691
-	RESERVED
-CVE-2020-11690
-	RESERVED
-CVE-2020-11689
-	RESERVED
-CVE-2020-11688
-	RESERVED
-CVE-2020-11687
-	RESERVED
-CVE-2020-11686
-	RESERVED
-CVE-2020-11685
-	RESERVED
+CVE-2020-11693 (JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could  ...)
+	TODO: check
+CVE-2020-11692 (In JetBrains YouTrack before 2020.1.659, DB export was accessible to r ...)
+	TODO: check
+CVE-2020-11691 (In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAut ...)
+	TODO: check
+CVE-2020-11690 (In JetBrains IntelliJ IDEA before 2020.1, the license server could be  ...)
+	TODO: check
+CVE-2020-11689 (In JetBrains TeamCity before 2019.2.1, a user without appropriate perm ...)
+	TODO: check
+CVE-2020-11688 (In JetBrains TeamCity before 2019.2.1, the application state is kept a ...)
+	TODO: check
+CVE-2020-11687 (In JetBrains TeamCity before 2019.2.2, password values were shown in a ...)
+	TODO: check
+CVE-2020-11686 (In JetBrains TeamCity before 2019.1.4, a project administrator was abl ...)
+	TODO: check
+CVE-2020-11685 (In JetBrains GoLand before 2019.3.2, the plugin repository was accesse ...)
+	TODO: check
 CVE-2015-9547 (An issue was discovered on Samsung mobile devices with JBP(4.3) and KK ...)
 	NOT-FOR-US: Samsung mobile devices
 CVE-2015-9546 (An issue was discovered on Samsung mobile devices with KK(4.4) and lat ...)
@@ -2343,8 +2369,8 @@ CVE-2020-11541
 	RESERVED
 CVE-2020-11540
 	RESERVED
-CVE-2020-11539
-	RESERVED
+CVE-2020-11539 (An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It  ...)
+	TODO: check
 CVE-2020-11538
 	RESERVED
 CVE-2020-11537 (A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5 ...)
@@ -2605,8 +2631,8 @@ CVE-2020-11418
 	RESERVED
 CVE-2020-11417
 	RESERVED
-CVE-2020-11416
-	RESERVED
+CVE-2020-11416 (JetBrains Space through 2020-04-22 allows stored XSS in Chats. ...)
+	TODO: check
 CVE-2020-11415
 	RESERVED
 CVE-2020-11414 (An issue was discovered in Progress Telerik UI for Silverlight before  ...)
@@ -3455,8 +3481,8 @@ CVE-2020-11013
 	RESERVED
 CVE-2020-11012
 	RESERVED
-CVE-2020-11011
-	RESERVED
+CVE-2020-11011 (In Phproject before version 1.7.8, there's a vulnerability which allow ...)
+	TODO: check
 CVE-2020-11010 (In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of S ...)
 	NOT-FOR-US: Tortoise ORM
 CVE-2020-11009
@@ -4389,8 +4415,7 @@ CVE-2020-10714
 	RESERVED
 CVE-2020-10713
 	RESERVED
-CVE-2020-10712
-	RESERVED
+CVE-2020-10712 (A flaw was found in OpenShift Container Platform version 4.1 and later ...)
 	NOT-FOR-US: image registry operator in OpenShift Container Platform
 CVE-2020-10711
 	RESERVED
@@ -9503,7 +9528,7 @@ CVE-2020-8511 (In Artica Pandora FMS through 7.42, Web Admin users can execute a
 	NOT-FOR-US: Artica Pandora FMS
 CVE-2020-8510 (An issue was discovered in phpABook 0.9 Intermediate. On the login pag ...)
 	NOT-FOR-US: phpABook
-CVE-2020-8509 (Zoho ManageEngine Desktop Central allows unauthenticated users to acce ...)
+CVE-2020-8509 (Zoho ManageEngine Desktop Central 10.0.483 allows unauthenticated user ...)
 	NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2020-8508 (nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbi ...)
 	NOT-FOR-US: Norman Malware Cleaner
@@ -9581,14 +9606,14 @@ CVE-2020-8479
 	RESERVED
 CVE-2020-8478
 	RESERVED
-CVE-2020-8477
-	RESERVED
+CVE-2020-8477 (The installations for ABB System 800xA Information Manager versions 5. ...)
+	TODO: check
 CVE-2020-8476
 	RESERVED
 CVE-2020-8475
 	RESERVED
-CVE-2020-8474
-	RESERVED
+CVE-2020-8474 (Weak Registry permissions in ABB System 800xA Base allow low privilege ...)
+	TODO: check
 CVE-2020-8473
 	RESERVED
 CVE-2020-8472
@@ -11508,8 +11533,8 @@ CVE-2020-7644
 	RESERVED
 CVE-2020-7643
 	RESERVED
-CVE-2020-7642
-	RESERVED
+CVE-2020-7642 (lazysizes through 5.2.0 allows execution of malicious JavaScript. The  ...)
+	TODO: check
 CVE-2020-7641
 	RESERVED
 CVE-2020-7640
@@ -11826,14 +11851,14 @@ CVE-2020-7492
 	RESERVED
 CVE-2020-7491
 	RESERVED
-CVE-2020-7490
-	RESERVED
-CVE-2020-7489
-	RESERVED
-CVE-2020-7488
-	RESERVED
-CVE-2020-7487
-	RESERVED
+CVE-2020-7490 (A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designe ...)
+	TODO: check
+CVE-2020-7489 (A CWE-74: Improper Neutralization of Special Elements in Output Used b ...)
+	TODO: check
+CVE-2020-7488 (A CWE-319: Cleartext Transmission of Sensitive Information vulnerabili ...)
+	TODO: check
+CVE-2020-7487 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...)
+	TODO: check
 CVE-2020-7486 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TC ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2020-7485 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in th ...)
@@ -12847,8 +12872,8 @@ CVE-2020-7057 (Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version send
 	NOT-FOR-US: Hikvision
 CVE-2020-7056
 	RESERVED
-CVE-2020-7055
-	RESERVED
+CVE-2020-7055 (An issue was discovered in Elementor 2.7.4. Arbitrary file upload is p ...)
+	TODO: check
 CVE-2020-7054 (MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in li ...)
 	NOT-FOR-US: libIEC61850
 CVE-2020-7053 (In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm t ...)
@@ -15933,8 +15958,8 @@ CVE-2020-5742
 	RESERVED
 CVE-2020-5741
 	RESERVED
-CVE-2020-5740
-	RESERVED
+CVE-2020-5740 (Improper Input Validation in Plex Media Server on Windows allows a loc ...)
+	TODO: check
 CVE-2020-5739 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable  ...)
 	NOT-FOR-US: Grandstream
 CVE-2020-5738 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable  ...)
@@ -19907,8 +19932,8 @@ CVE-2020-4087
 	RESERVED
 CVE-2020-4086
 	RESERVED
-CVE-2020-4085
-	RESERVED
+CVE-2020-4085 ("HCL Connections is vulnerable to possible information leakage and cou ...)
+	TODO: check
 CVE-2020-4084 (HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scri ...)
 	NOT-FOR-US: HCL Connections
 CVE-2020-4083 (HCL Connections 6.5 is vulnerable to possible information leakage. Con ...)
@@ -28006,14 +28031,14 @@ CVE-2019-19109
 	RESERVED
 CVE-2019-19108 (An authentication weakness in the SNMP service in B&R Automation R ...)
 	NOT-FOR-US: B&R Automation Runtime
-CVE-2019-19107
-	RESERVED
-CVE-2019-19106
-	RESERVED
-CVE-2019-19105
-	RESERVED
-CVE-2019-19104
-	RESERVED
+CVE-2019-19107 (The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Ja ...)
+	TODO: check
+CVE-2019-19106 (Improper implementation of Access Control in ABB Telephone Gateway TG/ ...)
+	TODO: check
+CVE-2019-19105 (The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger ...)
+	TODO: check
+CVE-2019-19104 (The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186 ...)
+	TODO: check
 CVE-2019-19103
 	RESERVED
 CVE-2019-19102
@@ -68067,8 +68092,8 @@ CVE-2019-6861
 	RESERVED
 CVE-2019-6860
 	RESERVED
-CVE-2019-6859
-	RESERVED
+CVE-2019-6859 (A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modico ...)
+	TODO: check
 CVE-2019-6858 (A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX ...)
 	NOT-FOR-US: MSX Configurator
 CVE-2019-6857 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
@@ -90001,8 +90026,8 @@ CVE-2018-18407 (A heap-based buffer over-read was discovered in the tcpreplay-ed
 	NOTE: https://github.com/appneta/tcpreplay/commit/1d7561a4d542842a1aeabf55bfd4aaf88b3a1071
 CVE-2018-18406 (An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 bu ...)
 	NOT-FOR-US: Tufin SecureTrack
-CVE-2018-18405
-	RESERVED
+CVE-2018-18405 (jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG ele ...)
+	TODO: check
 CVE-2018-18404
 	RESERVED
 CVE-2018-18403



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e2fcd7166d047f9cff829c0e082239fe9637676

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e2fcd7166d047f9cff829c0e082239fe9637676
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200422/14b68c10/attachment-0001.html>
