[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 28 09:10:24 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8cd01a2e by security tracker role at 2020-04-28T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2020-12286 (In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the Task ...)
+ TODO: check
+CVE-2020-12285
+ RESERVED
+CVE-2020-12284 (cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.2.2 has a ...)
+ TODO: check
+CVE-2017-18863
+ RESERVED
+CVE-2017-18862
+ RESERVED
+CVE-2017-18861
+ RESERVED
+CVE-2017-18860
+ RESERVED
+CVE-2017-18859
+ RESERVED
+CVE-2017-18858
+ RESERVED
+CVE-2017-18857
+ RESERVED
+CVE-2017-18856
+ RESERVED
+CVE-2017-18855
+ RESERVED
+CVE-2017-18854
+ RESERVED
+CVE-2017-18853
+ RESERVED
+CVE-2016-11060
+ RESERVED
+CVE-2016-11059
+ RESERVED
+CVE-2016-11058
+ RESERVED
+CVE-2016-11057
+ RESERVED
+CVE-2016-11056
+ RESERVED
+CVE-2016-11055
+ RESERVED
+CVE-2016-11054
+ RESERVED
CVE-2020-12283
RESERVED
CVE-2020-12282
@@ -868,18 +910,18 @@ CVE-2018-21182
RESERVED
CVE-2018-21181
RESERVED
-CVE-2018-21180
- RESERVED
-CVE-2018-21179
- RESERVED
-CVE-2018-21178
- RESERVED
-CVE-2018-21177
- RESERVED
-CVE-2018-21176
- RESERVED
-CVE-2018-21175
- RESERVED
+CVE-2018-21180 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2018-21179 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2018-21178 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2018-21177 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2018-21176 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2018-21175 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
CVE-2018-21174 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
NOT-FOR-US: Netgear
CVE-2018-21173 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
@@ -2877,7 +2919,7 @@ CVE-2020-11545 (Project Worlds Official Car Rental System 1 is vulnerable to mul
NOT-FOR-US: Project Worlds Official Car Rental System 1
CVE-2020-11544 (An issue was discovered in Project Worlds Official Car Rental System 1 ...)
NOT-FOR-US: Project Worlds Official Car Rental System 1
-CVE-2020-11543 (OpsRamp Gateway 3.0.0 has a backdoor account vadmin with the password ...)
+CVE-2020-11543 (OpsRamp Gateway before 5.5.0 has a backdoor account vadmin with the pa ...)
NOT-FOR-US: OpsRamp Gateway
CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...)
NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices
@@ -5107,6 +5149,7 @@ CVE-2020-10664 (The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in
TODO: check
CVE-2020-10663 [Unsafe Object Creation Vulnerability in JSON (Additional fix to CVE-2013-0269]
RESERVED
+ {DLA-2190-1}
- ruby-json 2.3.0+dfsg-1
- ruby2.7 <not-affected> (Fixed before initial upload to Debian)
- ruby2.5 <unfixed>
@@ -5192,7 +5235,7 @@ CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified b
NOTE: http://www.openwall.com/lists/oss-security/2020/03/18/5
NOTE: https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/
NOTE: https://lists.denx.de/pipermail/u-boot/2020-March/403409.html
-CVE-2020-10647 (Wind River VxWorks tftp client library, as distributed in VxWorks 5.5 ...)
+CVE-2020-10647 (Wind River VxWorks tftp client library, as distributed in VxWorks 6.9 ...)
TODO: check
CVE-2020-10646 (Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a h ...)
NOT-FOR-US: Fuji Electric V-Server Lite
@@ -7736,8 +7779,7 @@ CVE-2020-9483
CVE-2020-9482
RESERVED
NOT-FOR-US: Apache NiFi
-CVE-2020-9481
- RESERVED
+CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulne ...)
- trafficserver 8.0.7+ds-1
NOTE: https://lists.apache.org/thread.html/rcb8bae0b289d71d18a3220be256c1dfcc4d9ab49d2d6e07d1eac7c9d%40%3Cannounce.trafficserver.apache.org%3E
CVE-2020-9480
@@ -12073,8 +12115,8 @@ CVE-2020-7642 (lazysizes through 5.2.0 allows execution of malicious JavaScript.
NOT-FOR-US: Node lazysizes
CVE-2020-7641
RESERVED
-CVE-2020-7640
- RESERVED
+CVE-2020-7640 (pixl-class prior to 1.0.3 allows execution of arbitrary commands. The ...)
+ TODO: check
CVE-2020-7639 (eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.T ...)
NOT-FOR-US: Node eivindfjeldstad-dot
CVE-2020-7638 (confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDe ...)
@@ -12139,8 +12181,8 @@ CVE-2020-7610 (All versions of bson before 1.1.4 are vulnerable to Deserializati
NOTE: Fixed in js-bson v1.1.4 included in 3.5.5+~cs11.12.19
NOTE: https://snyk.io/vuln/SNYK-JS-BSON-561052
NOTE: https://github.com/mongodb/js-bson/commit/3809c1313a7b2a8001065f0271199df9fa3d16a8
-CVE-2020-7609
- RESERVED
+CVE-2020-7609 (node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbi ...)
+ TODO: check
CVE-2020-7608 (yargs-parser could be tricked into adding or modifying properties of O ...)
- node-yargs-parser 18.1.1-1
[buster] - node-yargs-parser <no-dsa> (Minor issue; can be fixed via point release)
@@ -13331,8 +13373,7 @@ CVE-2020-7069
RESERVED
CVE-2020-7068
RESERVED
-CVE-2020-7067 [OOB Read in urldecode()]
- RESERVED
+CVE-2020-7067 (In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below ...)
{DLA-2188-1}
- php7.4 7.4.5-1
- php7.3 <removed>
@@ -13340,7 +13381,7 @@ CVE-2020-7067 [OOB Read in urldecode()]
- php5 <removed>
NOTE: Fixed in PHP 7.4.5, 7.3.17
NOTE: PHP Bug: https://bugs.php.net/79465
-CVE-2020-7066 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below ...)
+CVE-2020-7066 (In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below ...)
{DLA-2188-1}
- php7.4 7.4.5-1
- php7.3 <removed>
@@ -16831,24 +16872,24 @@ CVE-2020-5572
RESERVED
CVE-2020-5571 (SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQ ...)
NOT-FOR-US: SHARP AQUOS
-CVE-2020-5570
- RESERVED
+CVE-2020-5570 (Cross-site scripting vulnerability in Sales Force Assistant version 11 ...)
+ TODO: check
CVE-2020-5569 (An unquoted search path vulnerability exists in HDD Password tool (for ...)
NOT-FOR-US: HDD Password tool (CANVIO)
-CVE-2020-5568
- RESERVED
-CVE-2020-5567
- RESERVED
-CVE-2020-5566
- RESERVED
-CVE-2020-5565
- RESERVED
-CVE-2020-5564
- RESERVED
-CVE-2020-5563
- RESERVED
-CVE-2020-5562
- RESERVED
+CVE-2020-5568 (Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 all ...)
+ TODO: check
+CVE-2020-5567 (Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 ...)
+ TODO: check
+CVE-2020-5566 (Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 ...)
+ TODO: check
+CVE-2020-5565 (Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10 ...)
+ TODO: check
+CVE-2020-5564 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 al ...)
+ TODO: check
+CVE-2020-5563 (Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 ...)
+ TODO: check
+CVE-2020-5562 (Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6. ...)
+ TODO: check
CVE-2020-5561 (Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS ...)
NOT-FOR-US: Keijiban Tsumiki
CVE-2020-5560 (WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS c ...)
@@ -27634,8 +27675,7 @@ CVE-2020-1764 (A hard-coded cryptographic key vulnerability in the default confi
NOT-FOR-US: Kiali
CVE-2020-1763
RESERVED
-CVE-2020-1762
- RESERVED
+CVE-2020-1762 (An insufficient JWT validation vulnerability was found in Kiali versio ...)
NOT-FOR-US: Kiali
CVE-2020-1761
RESERVED
@@ -27806,8 +27846,7 @@ CVE-2020-1724
RESERVED
CVE-2020-1723
RESERVED
-CVE-2020-1722
- RESERVED
+CVE-2020-1722 (A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending ...)
- freeipa <unfixed>
NOTE: https://pagure.io/freeipa/issue/8268
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793071
@@ -40829,8 +40868,7 @@ CVE-2019-15792 (In shiftfs, a non-upstream patch to the Linux kernel included in
CVE-2019-15791 (In shiftfs, a non-upstream patch to the Linux kernel included in the U ...)
- linux <not-affected> (Ubuntu-specific patch set, shiftfs not in Debian kernels)
NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1850867
-CVE-2019-15790
- RESERVED
+CVE-2019-15790 (Apport reads and writes information on a crashed process to /proc/pid ...)
NOT-FOR-US: Apport
CVE-2019-15789 (Privilege escalation vulnerability in MicroK8s allows a low privilege ...)
NOT-FOR-US: MicroK8s
@@ -72693,10 +72731,10 @@ CVE-2019-5305 (The image processing module of some Huawei Mate 10 smartphones ve
NOT-FOR-US: Huawei
CVE-2019-5304 (Some Huawei products have a buffer error vulnerability. An unauthentic ...)
NOT-FOR-US: Huawei
-CVE-2019-5303
- RESERVED
-CVE-2019-5302
- RESERVED
+CVE-2019-5303 (There are two denial of service vulnerabilities on some Huawei smartph ...)
+ TODO: check
+CVE-2019-5302 (There are two denial of service vulnerabilities on some Huawei smartph ...)
+ TODO: check
CVE-2019-5301 (Huawei smart phones Honor V20 with the versions before 9.0.1.161(C00E1 ...)
NOT-FOR-US: Huawei
CVE-2019-5300 (There is a digital signature verification bypass vulnerability in AR12 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cd01a2e744410a81ca69504ab595d029e0e7e5b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cd01a2e744410a81ca69504ab595d029e0e7e5b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200428/244faee6/attachment.html>
More information about the debian-security-tracker-commits
mailing list