[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Apr 24 09:10:22 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
57627f18 by security tracker role at 2020-04-24T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2020-12136
+ RESERVED
+CVE-2020-12135 (bson before 0.8 incorrectly uses int rather than size_t for many varia ...)
+ TODO: check
+CVE-2020-12134 (Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishand ...)
+ TODO: check
+CVE-2020-12133
+ RESERVED
+CVE-2020-12132 (Fifthplay S.A.M.I before 2019.3_HP2 allows unauthenticated stored XSS ...)
+ TODO: check
+CVE-2020-12131 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parame ...)
+ TODO: check
+CVE-2020-12130 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parame ...)
+ TODO: check
+CVE-2020-12129 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder para ...)
+ TODO: check
+CVE-2020-12128 (DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal rela ...)
+ TODO: check
+CVE-2020-12127
+ RESERVED
+CVE-2020-12126
+ RESERVED
+CVE-2020-12125
+ RESERVED
+CVE-2020-12124
+ RESERVED
+CVE-2020-12123
+ RESERVED
+CVE-2020-12122
+ RESERVED
+CVE-2020-12121
+ RESERVED
+CVE-2020-12120
+ RESERVED
+CVE-2020-12119
+ RESERVED
+CVE-2020-12118 (The keygen protocol implementation in Binance tss-lib before 1.2.0 all ...)
+ TODO: check
+CVE-2020-12117
+ RESERVED
+CVE-2020-12116
+ RESERVED
+CVE-2020-12115
+ RESERVED
+CVE-2020-12114
+ RESERVED
CVE-2020-12113 (BigBlueButton before 2.2.4 allows XSS via closed captions because dang ...)
NOT-FOR-US: BigBlueButton
CVE-2020-12112 (BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive ...)
@@ -68,6 +114,7 @@ CVE-2020-12081
CVE-2020-12080
RESERVED
CVE-2019-20788 (libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCurso ...)
+ {DLA-2146-1}
- libvncserver 0.9.12+dfsg-9 (bug #954163)
[buster] - libvncserver <no-dsa> (Minor issue)
[stretch] - libvncserver <no-dsa> (Minor issue)
@@ -522,20 +569,20 @@ CVE-2018-21168
RESERVED
CVE-2018-21167
RESERVED
-CVE-2018-21166
- RESERVED
-CVE-2018-21165
- RESERVED
-CVE-2018-21164
- RESERVED
-CVE-2018-21163
- RESERVED
-CVE-2018-21162
- RESERVED
-CVE-2018-21161
- RESERVED
-CVE-2018-21160
- RESERVED
+CVE-2018-21166 (Certain NETGEAR devices are affected by denial of service. This affect ...)
+ TODO: check
+CVE-2018-21165 (Certain NETGEAR devices are affected by denial of service. This affect ...)
+ TODO: check
+CVE-2018-21164 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ TODO: check
+CVE-2018-21163 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2018-21162 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ TODO: check
+CVE-2018-21161 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ TODO: check
+CVE-2018-21160 (NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF. ...)
+ TODO: check
CVE-2018-21159
RESERVED
CVE-2018-21158
@@ -570,30 +617,30 @@ CVE-2018-21144 (Certain NETGEAR devices are affected by a stack-based buffer ove
NOT-FOR-US: Netgear
CVE-2018-21143 (NETGEAR GS810EMX devices before 1.0.0.5 are affected by disclosure of ...)
NOT-FOR-US: Netgear
-CVE-2018-21142
- RESERVED
+CVE-2018-21142 (Certain NETGEAR devices are affected by denial of service. This affect ...)
+ TODO: check
CVE-2018-21141 (Certain NETGEAR devices are affected by denial of service. This affect ...)
NOT-FOR-US: Netgear
CVE-2018-21140 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
NOT-FOR-US: Netgear
-CVE-2018-21139
- RESERVED
-CVE-2018-21138
- RESERVED
-CVE-2018-21137
- RESERVED
-CVE-2018-21136
- RESERVED
-CVE-2018-21135
- RESERVED
-CVE-2018-21134
- RESERVED
-CVE-2018-21133
- RESERVED
-CVE-2018-21132
- RESERVED
-CVE-2018-21131
- RESERVED
+CVE-2018-21139 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ TODO: check
+CVE-2018-21138 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ TODO: check
+CVE-2018-21137 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...)
+ TODO: check
+CVE-2018-21136 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ TODO: check
+CVE-2018-21135 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2018-21134 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2018-21133 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2018-21132 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ TODO: check
+CVE-2018-21131 (Certain NETGEAR devices are affected by unauthenticated firmware downg ...)
+ TODO: check
CVE-2018-21130 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2018-21129 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
@@ -634,12 +681,12 @@ CVE-2018-21112 (Certain NETGEAR devices are affected by command injection by an
NOT-FOR-US: Netgear
CVE-2018-21111 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
NOT-FOR-US: Netgear
-CVE-2018-21110
- RESERVED
-CVE-2018-21109
- RESERVED
-CVE-2018-21108
- RESERVED
+CVE-2018-21110 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
+ TODO: check
+CVE-2018-21109 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
+ TODO: check
+CVE-2018-21108 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
+ TODO: check
CVE-2018-21107 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
NOT-FOR-US: Netgear
CVE-2018-21106 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
@@ -3581,8 +3628,8 @@ CVE-2020-11014
RESERVED
CVE-2020-11013
RESERVED
-CVE-2020-11012
- RESERVED
+CVE-2020-11012 (MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authenticat ...)
+ TODO: check
CVE-2020-11011 (In Phproject before version 1.7.8, there's a vulnerability which allow ...)
NOT-FOR-US: Phproject
CVE-2020-11010 (In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of S ...)
@@ -3590,7 +3637,7 @@ CVE-2020-11010 (In Tortoise ORM before versions 0.15.23 and 0.16.6, various form
CVE-2020-11009
RESERVED
CVE-2020-11008 (Affected versions of Git have a vulnerability whereby Git can be trick ...)
- {DSA-4659-1}
+ {DSA-4659-1 DLA-2182-1}
- git 1:2.26.2-1
NOTE: https://lore.kernel.org/lkml/xmqq4kterq5s.fsf@gitster.c.googlers.com/
NOTE: https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7
@@ -12260,7 +12307,7 @@ CVE-2020-7352
RESERVED
CVE-2020-7351
RESERVED
-CVE-2020-7350 (Rapid7 Metasploit Framework version 5.0.84 and prior suffers from an i ...)
+CVE-2020-7350 (Rapid7 Metasploit Framework versions before 5.0.85 suffers from an ins ...)
TODO: check
CVE-2020-7349
RESERVED
@@ -15810,8 +15857,8 @@ CVE-2020-5869
RESERVED
CVE-2020-5868
RESERVED
-CVE-2020-5867
- RESERVED
+CVE-2020-5867 (In versions prior to 3.3.0, the NGINX Controller Agent installer scrip ...)
+ TODO: check
CVE-2020-5866 (In versions of NGINX Controller prior to 3.3.0, the helper.sh script, ...)
TODO: check
CVE-2020-5865 (In versions prior to 3.3.0, the NGINX Controller is configured to comm ...)
@@ -17126,7 +17173,7 @@ CVE-2020-5270 (In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an o
NOT-FOR-US: PrestaShop
CVE-2020-5269 (In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflect ...)
NOT-FOR-US: PrestaShop
-CVE-2020-5268 (In Saml2 Authentication Services for ASP.NET before versions 2.7.0 and ...)
+CVE-2020-5268 (In Saml2 Authentication Services for ASP.NET versions before 1.0.2, an ...)
NOT-FOR-US: Saml2 Authentication Services for ASP.NET
CVE-2020-5267 (In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible ...)
{DLA-2149-1}
@@ -40339,22 +40386,18 @@ CVE-2019-15795 (python-apt only checks the MD5 sums of downloaded files in `Vers
{DSA-4609-1 DLA-2074-1}
- python-apt 1.8.5
NOTE: https://salsa.debian.org/apt-team/python-apt/commit/e175130e51c2b0424f3dfeb825e3dc598fec1a24 (1.8.5)
-CVE-2019-15794
- RESERVED
+CVE-2019-15794 (Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the ...)
- linux <unfixed>
[stretch] - linux <not-affected> (overlayfs passes through mmap)
[jessie] - linux <not-affected> (overlayfs not present)
NOTE: https://bugs.launchpad.net/bugs/1850994
-CVE-2019-15793
- RESERVED
+CVE-2019-15793 (In shiftfs, a non-upstream patch to the Linux kernel included in the U ...)
- linux <not-affected> (Ubuntu-specific patch set, shiftfs not in Debian kernels)
NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1850867
-CVE-2019-15792
- RESERVED
+CVE-2019-15792 (In shiftfs, a non-upstream patch to the Linux kernel included in the U ...)
- linux <not-affected> (Ubuntu-specific patch set, shiftfs not in Debian kernels)
NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1850867
-CVE-2019-15791
- RESERVED
+CVE-2019-15791 (In shiftfs, a non-upstream patch to the Linux kernel included in the U ...)
- linux <not-affected> (Ubuntu-specific patch set, shiftfs not in Debian kernels)
NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1850867
CVE-2019-15790
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57627f188a641d7e9a82fcae5dd08e147f5824ab
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57627f188a641d7e9a82fcae5dd08e147f5824ab
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200424/cd97a0c7/attachment.html>
More information about the debian-security-tracker-commits
mailing list