[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 23 21:10:33 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2a868bba by security tracker role at 2020-04-23T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2020-12113 (BigBlueButton before 2.2.4 allows XSS via closed captions because dang ...)
+ TODO: check
+CVE-2020-12112 (BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2020-12111
+ RESERVED
+CVE-2020-12110
+ RESERVED
+CVE-2020-12109
+ RESERVED
+CVE-2020-12108
+ RESERVED
+CVE-2020-12107
+ RESERVED
+CVE-2020-12106
+ RESERVED
+CVE-2020-12105 (OpenConnect through 8.08 mishandles negative return values from X509_c ...)
+ TODO: check
+CVE-2020-12104
+ RESERVED
+CVE-2020-12103
+ RESERVED
+CVE-2020-12102
+ RESERVED
+CVE-2020-12101
+ RESERVED
+CVE-2020-12100
+ RESERVED
+CVE-2020-12099
+ RESERVED
+CVE-2020-12098
+ RESERVED
+CVE-2020-12097
+ RESERVED
+CVE-2020-12096
+ RESERVED
+CVE-2020-12095
+ RESERVED
+CVE-2020-12094
+ RESERVED
+CVE-2020-12093
+ RESERVED
+CVE-2020-12092
+ RESERVED
+CVE-2020-12091
+ RESERVED
+CVE-2020-12090
+ RESERVED
+CVE-2020-12089
+ RESERVED
+CVE-2020-12088
+ RESERVED
+CVE-2020-12087
+ RESERVED
+CVE-2020-12086
+ RESERVED
+CVE-2020-12085
+ RESERVED
+CVE-2020-12084
+ RESERVED
+CVE-2020-12083
+ RESERVED
+CVE-2020-12082
+ RESERVED
+CVE-2020-12081
+ RESERVED
+CVE-2020-12080
+ RESERVED
+CVE-2019-20788 (libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCurso ...)
+ TODO: check
CVE-2020-XXXX [GNU Mailman 2.x stored XSS in attachments]
- mailman <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/2
@@ -59,8 +129,8 @@ CVE-2020-12056
RESERVED
CVE-2020-12055
RESERVED
-CVE-2020-12054
- RESERVED
+CVE-2020-12054 (The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflecte ...)
+ TODO: check
CVE-2020-12053
RESERVED
CVE-2020-12052
@@ -285,8 +355,7 @@ CVE-2020-11947
RESERVED
CVE-2020-11946 (Zoho ManageEngine OpManager before 125120 allows an unauthenticated us ...)
NOT-FOR-US: Zoho ManageEngine OpManager
-CVE-2020-11945 [Multiple issues in HTTP Digest authentication]
- RESERVED
+CVE-2020-11945 (An issue was discovered in Squid before 5.0.2. A remote attacker can r ...)
- squid <unfixed>
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_4.txt
@@ -299,10 +368,10 @@ CVE-2020-11942
RESERVED
CVE-2020-11941
RESERVED
-CVE-2020-11940
- RESERVED
-CVE-2020-11939
- RESERVED
+CVE-2020-11940 (In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_strin ...)
+ TODO: check
+CVE-2020-11939 (In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KE ...)
+ TODO: check
CVE-2020-11938 (In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator ...)
TODO: check
CVE-2020-11937
@@ -567,20 +636,20 @@ CVE-2018-21109
RESERVED
CVE-2018-21108
RESERVED
-CVE-2018-21107
- RESERVED
-CVE-2018-21106
- RESERVED
-CVE-2018-21105
- RESERVED
-CVE-2018-21104
- RESERVED
-CVE-2018-21103
- RESERVED
-CVE-2018-21102
- RESERVED
-CVE-2018-21101
- RESERVED
+CVE-2018-21107 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
+ TODO: check
+CVE-2018-21106 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
+ TODO: check
+CVE-2018-21105 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
+ TODO: check
+CVE-2018-21104 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
+ TODO: check
+CVE-2018-21103 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
+ TODO: check
+CVE-2018-21102 (NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF. ...)
+ TODO: check
+CVE-2018-21101 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
+ TODO: check
CVE-2018-21100
RESERVED
CVE-2018-21099
@@ -799,46 +868,46 @@ CVE-2017-18753
RESERVED
CVE-2017-18752 (Certain NETGEAR devices are affected by an attacker's ability to read ...)
NOT-FOR-US: Netgear
-CVE-2017-18751
- RESERVED
-CVE-2017-18750
- RESERVED
-CVE-2017-18749
- RESERVED
-CVE-2017-18748
- RESERVED
-CVE-2017-18747
- RESERVED
-CVE-2017-18746
- RESERVED
-CVE-2017-18745
- RESERVED
-CVE-2017-18744
- RESERVED
-CVE-2017-18743
- RESERVED
-CVE-2017-18742
- RESERVED
-CVE-2017-18741
- RESERVED
-CVE-2017-18740
- RESERVED
-CVE-2017-18739
- RESERVED
-CVE-2017-18738
- RESERVED
-CVE-2017-18737
- RESERVED
-CVE-2017-18736
- RESERVED
-CVE-2017-18735
- RESERVED
-CVE-2017-18734
- RESERVED
-CVE-2017-18733
- RESERVED
-CVE-2017-18732
- RESERVED
+CVE-2017-18751 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2017-18750 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2017-18749 (Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 b ...)
+ TODO: check
+CVE-2017-18748 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ TODO: check
+CVE-2017-18747 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ TODO: check
+CVE-2017-18746 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ TODO: check
+CVE-2017-18745 (Certain NETGEAR devices are affected by stored XSS. This affects R6400 ...)
+ TODO: check
+CVE-2017-18744 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+ TODO: check
+CVE-2017-18743 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ TODO: check
+CVE-2017-18742 (Certain NETGEAR devices are affected by CSRF. This affects JR6150 befo ...)
+ TODO: check
+CVE-2017-18741 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ TODO: check
+CVE-2017-18740 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ TODO: check
+CVE-2017-18739 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+ TODO: check
+CVE-2017-18738 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2017-18737 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ TODO: check
+CVE-2017-18736 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ TODO: check
+CVE-2017-18735 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ TODO: check
+CVE-2017-18734 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ TODO: check
+CVE-2017-18733 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ TODO: check
+CVE-2017-18732 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ TODO: check
CVE-2017-18731
RESERVED
CVE-2017-18730
@@ -1218,8 +1287,8 @@ CVE-2020-11808
RESERVED
CVE-2020-11807
RESERVED
-CVE-2020-11806
- RESERVED
+CVE-2020-11806 (In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through ...)
+ TODO: check
CVE-2020-11805
RESERVED
CVE-2020-11804
@@ -7482,7 +7551,7 @@ CVE-2020-9391 (An issue was discovered in the Linux kernel 5.4 and 5.5 through 5
NOTE: https://git.kernel.org/linus/dcde237319e626d1ec3c9d8b7613032f0fd4663a
CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because mul ...)
- zint <itp> (bug #732141)
-CVE-2020-9384 (An Insecure Direct Object Reference (IDOR) vulnerability in the Change ...)
+CVE-2020-9384 (** DISPUTED ** An Insecure Direct Object Reference (IDOR) vulnerabilit ...)
NOT-FOR-US: Subex
CVE-2020-9383 (An issue was discovered in the Linux kernel through 5.5.6. set_fdc in ...)
- linux 5.5.13-1
@@ -8902,10 +8971,10 @@ CVE-2020-8800 (SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFiel
NOT-FOR-US: SuiteCRM
CVE-2020-8799
RESERVED
-CVE-2020-8798
- RESERVED
-CVE-2020-8797
- RESERVED
+CVE-2020-8798 (httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to cha ...)
+ TODO: check
+CVE-2020-8797 (Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to ...)
+ TODO: check
CVE-2020-8796 (Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before ...)
NOT-FOR-US: Biscom Secure File Transfer (SFT)
CVE-2020-8795 (In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a gro ...)
@@ -9557,7 +9626,7 @@ CVE-2020-8511 (In Artica Pandora FMS through 7.42, Web Admin users can execute a
NOT-FOR-US: Artica Pandora FMS
CVE-2020-8510 (An issue was discovered in phpABook 0.9 Intermediate. On the login pag ...)
NOT-FOR-US: phpABook
-CVE-2020-8509 (Zoho ManageEngine Desktop Central 10.0.483 allows unauthenticated user ...)
+CVE-2020-8509 (Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticat ...)
NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2020-8508 (nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbi ...)
NOT-FOR-US: Norman Malware Cleaner
@@ -11560,8 +11629,8 @@ CVE-2020-7645
RESERVED
CVE-2020-7644
RESERVED
-CVE-2020-7643
- RESERVED
+CVE-2020-7643 (paypal-adaptive through 0.4.2 manipulation of JavaScript objects resul ...)
+ TODO: check
CVE-2020-7642 (lazysizes through 5.2.0 allows execution of malicious JavaScript. The ...)
TODO: check
CVE-2020-7641
@@ -12680,8 +12749,8 @@ CVE-2020-7134
RESERVED
CVE-2020-7133
RESERVED
-CVE-2020-7132
- RESERVED
+CVE-2020-7132 (A potential security vulnerability has been identified in HPE Onboard ...)
+ TODO: check
CVE-2020-7131
RESERVED
CVE-2020-7130 (HPE OneView Global Dashboard (OVGD) 1.9 has a remote information discl ...)
@@ -15739,12 +15808,12 @@ CVE-2020-5868
RESERVED
CVE-2020-5867
RESERVED
-CVE-2020-5866
- RESERVED
-CVE-2020-5865
- RESERVED
-CVE-2020-5864
- RESERVED
+CVE-2020-5866 (In versions of NGINX Controller prior to 3.3.0, the helper.sh script, ...)
+ TODO: check
+CVE-2020-5865 (In versions prior to 3.3.0, the NGINX Controller is configured to comm ...)
+ TODO: check
+CVE-2020-5864 (In versions of NGINX Controller prior to 3.2.0, communication between ...)
+ TODO: check
CVE-2020-5863 (In NGINX Controller versions prior to 3.2.0, an unauthenticated attack ...)
NOT-FOR-US: NGINX Controller
CVE-2020-5862 (On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under ...)
@@ -16329,8 +16398,8 @@ CVE-2020-5573
RESERVED
CVE-2020-5572
RESERVED
-CVE-2020-5571
- RESERVED
+CVE-2020-5571 (SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQ ...)
+ TODO: check
CVE-2020-5570
RESERVED
CVE-2020-5569 (An unquoted search path vulnerability exists in HDD Password tool (for ...)
@@ -19305,8 +19374,8 @@ CVE-2020-4417
RESERVED
CVE-2020-4416
RESERVED
-CVE-2020-4415
- RESERVED
+CVE-2020-4415 (IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based ...)
+ TODO: check
CVE-2020-4414
RESERVED
CVE-2020-4413
@@ -19429,8 +19498,8 @@ CVE-2020-4355
RESERVED
CVE-2020-4354
RESERVED
-CVE-2020-4353
- RESERVED
+CVE-2020-4353 (IBM MaaS360 6.82 could allow a user with pysical access to the device ...)
+ TODO: check
CVE-2020-4352
RESERVED
CVE-2020-4351
@@ -19513,8 +19582,8 @@ CVE-2020-4313
RESERVED
CVE-2020-4312
RESERVED
-CVE-2020-4311
- RESERVED
+CVE-2020-4311 (IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute ar ...)
+ TODO: check
CVE-2020-4310
RESERVED
CVE-2020-4309 (IBM Content Navigator 3.0CD could disclose sensitive information to an ...)
@@ -19731,8 +19800,8 @@ CVE-2020-4204 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
NOT-FOR-US: IBM
CVE-2020-4203 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially ...)
NOT-FOR-US: IBM
-CVE-2020-4202
- RESERVED
+CVE-2020-4202 (IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenti ...)
+ TODO: check
CVE-2020-4201
RESERVED
CVE-2020-4200 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...)
@@ -27094,8 +27163,7 @@ CVE-2020-1762
CVE-2020-1761
RESERVED
NOT-FOR-US: OpenShift
-CVE-2020-1760 [header-splitting in RGW GetObject has a possible XSS]
- RESERVED
+CVE-2020-1760 (A flaw was found in the Ceph Object Gateway, where it supports request ...)
{DLA-2171-1}
- ceph <unfixed> (bug #956142)
NOTE: Introduced with: https://github.com/ceph/ceph-ci/commit/f4a0b2d9260a4523745875e3977a8a1ef9dc5e2e
@@ -36523,8 +36591,8 @@ CVE-2019-17103 (An Incorrect Default Permissions vulnerability in the BDLDaemon
NOT-FOR-US: Bitdefender AV for Mac
CVE-2019-17102 (An exploitable command execution vulnerability exists in the recovery ...)
NOT-FOR-US: Bitdefender BOX 2
-CVE-2019-17101
- RESERVED
+CVE-2019-17101 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
+ TODO: check
CVE-2019-17100 (An Untrusted Search Path vulnerability in bdserviceshost.exe as used i ...)
NOT-FOR-US: Bitdefender Total Security
CVE-2019-17099 (An Untrusted Search Path vulnerability in EPSecurityService.exe as use ...)
@@ -62058,8 +62126,8 @@ CVE-2019-9185 (Controller/Async/FilesystemManager.php in the filemanager in Bolt
NOT-FOR-US: Bolt CMS
CVE-2019-9184 (SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for ...)
NOT-FOR-US: J2Store plugin for Joomla!
-CVE-2019-9183
- RESERVED
+CVE-2019-9183 (An issue was discovered in Contiki-NG through 4.2 and Contiki through ...)
+ TODO: check
CVE-2019-9182 (There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=e ...)
NOT-FOR-US: ZZZCMS
CVE-2019-9181 (SchoolCMS version 2.3.1 allows file upload via the logo upload feature ...)
@@ -64412,8 +64480,8 @@ CVE-2019-8361 (PHP Scripts Mall Responsive Video News Script has XSS via the Sea
NOT-FOR-US: PHP Scripts Mall Responsive Video News Script
CVE-2019-8360 (Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find ...)
NOT-FOR-US: Themerig Find a Place CMS Directory
-CVE-2019-8359
- RESERVED
+CVE-2019-8359 (An issue was discovered in Contiki-NG through 4.2 and Contiki through ...)
+ TODO: check
CVE-2019-8358 (In Hiawatha before 10.8.4, a remote attacker is able to do directory t ...)
NOT-FOR-US: Hiawatha
CVE-2019-8357 (An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c ...)
@@ -73426,8 +73494,8 @@ CVE-2019-4737 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is v
NOT-FOR-US: IBM
CVE-2019-4736 (IBM Financial Transaction Manager 3.0 is vulnerable to cross-site requ ...)
NOT-FOR-US: IBM
-CVE-2019-4735
- RESERVED
+CVE-2019-4735 (IBM MaaS360 3.96.62 for iOS could allow an attacker with physical acce ...)
+ TODO: check
CVE-2019-4734
RESERVED
CVE-2019-4733
@@ -73560,8 +73628,8 @@ CVE-2019-4670 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could all
NOT-FOR-US: IBM
CVE-2019-4669 (IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 ...)
NOT-FOR-US: IBM
-CVE-2019-4668
- RESERVED
+CVE-2019-4668 (IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in ...)
+ TODO: check
CVE-2019-4667
RESERVED
CVE-2019-4666 (IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a868bbaf0797f32098f3807db2dc2443b194fa1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a868bbaf0797f32098f3807db2dc2443b194fa1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200423/835ae47a/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list