[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Apr 23 09:10:30 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ba330a8b by security tracker role at 2020-04-23T08:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-12079 (Beaker before 0.8.9 allows a sandbox escape, enabling system access an ...)
+	TODO: check
+CVE-2020-12078
+	RESERVED
+CVE-2020-12077 (The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPr ...)
+	TODO: check
+CVE-2020-12076 (The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPr ...)
+	TODO: check
+CVE-2020-12075 (The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPr ...)
+	TODO: check
+CVE-2020-12074 (The users-customers-import-export-for-wp-woocommerce plugin before 1.3 ...)
+	TODO: check
+CVE-2020-12073 (The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect ...)
+	TODO: check
+CVE-2020-12072
+	RESERVED
+CVE-2020-12071 (Anchor 0.12.7 allows admins to cause XSS via crafted post content. ...)
+	TODO: check
 CVE-2020-12070
 	RESERVED
 CVE-2020-12069
@@ -451,10 +469,10 @@ CVE-2018-21153
 	RESERVED
 CVE-2018-21152
 	RESERVED
-CVE-2018-21151
-	RESERVED
-CVE-2018-21150
-	RESERVED
+CVE-2018-21151 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+	TODO: check
+CVE-2018-21150 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
 CVE-2018-21149
 	RESERVED
 CVE-2018-21148 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
@@ -1828,8 +1846,7 @@ CVE-2020-11651
 	RESERVED
 CVE-2020-11650 (An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before ...)
 	NOT-FOR-US: FreeNAS
-CVE-2020-11649
-	RESERVED
+CVE-2020-11649 (An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Membe ...)
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/
 CVE-2020-11648
@@ -2438,12 +2455,10 @@ CVE-2020-11508 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 f
 	NOT-FOR-US: WP Lead Plus X plugin for WordPress
 CVE-2020-11507 (An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0. ...)
 	NOT-FOR-US: Malwarebytes AdwCleaner
-CVE-2020-11506
-	RESERVED
+CVE-2020-11506 (An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A W ...)
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/
-CVE-2020-11505
-	RESERVED
+CVE-2020-11505 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
 	- gitlab <not-affected> (Only affects GitLab EE 12.8.0 and later)
 	NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/
 CVE-2020-11504
@@ -3741,60 +3756,60 @@ CVE-2020-10917
 	RESERVED
 CVE-2020-10916
 	RESERVED
-CVE-2020-10915
-	RESERVED
-CVE-2020-10914
-	RESERVED
-CVE-2020-10913
-	RESERVED
-CVE-2020-10912
-	RESERVED
-CVE-2020-10911
-	RESERVED
-CVE-2020-10910
-	RESERVED
-CVE-2020-10909
-	RESERVED
-CVE-2020-10908
-	RESERVED
-CVE-2020-10907
-	RESERVED
-CVE-2020-10906
-	RESERVED
-CVE-2020-10905
-	RESERVED
-CVE-2020-10904
-	RESERVED
-CVE-2020-10903
-	RESERVED
-CVE-2020-10902
-	RESERVED
-CVE-2020-10901
-	RESERVED
-CVE-2020-10900
-	RESERVED
-CVE-2020-10899
-	RESERVED
-CVE-2020-10898
-	RESERVED
-CVE-2020-10897
-	RESERVED
-CVE-2020-10896
-	RESERVED
-CVE-2020-10895
-	RESERVED
-CVE-2020-10894
-	RESERVED
-CVE-2020-10893
-	RESERVED
-CVE-2020-10892
-	RESERVED
-CVE-2020-10891
-	RESERVED
-CVE-2020-10890
-	RESERVED
-CVE-2020-10889
-	RESERVED
+CVE-2020-10915 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10914 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10913 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10912 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10911 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10910 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10909 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10908 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10907 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10906 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10905 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2020-10904 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10903 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2020-10902 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10901 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2020-10900 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10899 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10898 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10897 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10896 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10895 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10894 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2020-10893 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10892 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10891 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10890 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10889 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2020-10888 (This vulnerability allows remote attackers to bypass authentication on ...)
 	NOT-FOR-US: TP-Link
 CVE-2020-10887 (This vulnerability allows a firewall bypass on affected installations  ...)
@@ -8675,8 +8690,8 @@ CVE-2020-8869
 	RESERVED
 CVE-2020-8868 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Quest Foglight Evolve
-CVE-2020-8867
-	RESERVED
+CVE-2020-8867 (This vulnerability allows remote attackers to create a denial-of-servi ...)
+	TODO: check
 CVE-2020-8866 (This vulnerability allows remote attackers to create arbitrary files o ...)
 	{DLA-2162-1}
 	- php-horde-form <unfixed> (bug #955020)
@@ -8778,8 +8793,8 @@ CVE-2020-8834 (KVM in the Linux kernel on Power8 processors has a conflicting us
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/2
-CVE-2020-8833
-	RESERVED
+CVE-2020-8833 (Time-of-check Time-of-use Race Condition vulnerability on crash report ...)
+	TODO: check
 CVE-2020-8832 (The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 (" ...)
 	- linux 4.16.5-1
 	[jessie] - linux <not-affected> (No support for this hardware)
@@ -8789,8 +8804,8 @@ CVE-2020-8832 (The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-146
 	NOTE: CVE-2019-14615 which is bc8a76a152c5 ("drm/i915/gen9: Clear residual context
 	NOTE: state on context switch"). But there is need to apply as well the prerequistite
 	NOTE: d2b4b97933f5 ("drm/i915: Record the default hw state after reset upon load").
-CVE-2020-8831
-	RESERVED
+CVE-2020-8831 (Apport creates a world writable lock file with root ownership in the w ...)
+	TODO: check
 CVE-2019-20451 (The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 ...)
 	NOT-FOR-US: Prismview
 CVE-2017-18642 (Syska Smart Bulb devices through 2017-08-06 receive RGB parameters ove ...)
@@ -12161,8 +12176,8 @@ CVE-2020-7352
 	RESERVED
 CVE-2020-7351
 	RESERVED
-CVE-2020-7350
-	RESERVED
+CVE-2020-7350 (Rapid7 Metasploit Framework version 5.0.84 and prior suffers from an i ...)
+	TODO: check
 CVE-2020-7349
 	RESERVED
 CVE-2020-7348
@@ -25890,8 +25905,7 @@ CVE-2020-1985 (Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder
 	NOT-FOR-US: Palo Alto Networks
 CVE-2020-1984 (Secdo tries to execute a script at a hardcoded path if present, which  ...)
 	NOT-FOR-US: Palo Alto Networks
-CVE-2020-1983
-	RESERVED
+CVE-2020-1983 (A use after free vulnerability in ip_reass() in ip_input.c of libslirp ...)
 	- qemu 1:4.1-2
 	- qemu-kvm <removed>
 	- libslirp 4.2.0-2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba330a8b0733de4bf166f9c5095dadc13904e85b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba330a8b0733de4bf166f9c5095dadc13904e85b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200423/b9ba28fd/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list