[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Apr 28 09:10:24 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8cd01a2e by security tracker role at 2020-04-28T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2020-12286 (In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the Task ...)
+	TODO: check
+CVE-2020-12285
+	RESERVED
+CVE-2020-12284 (cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.2.2 has a ...)
+	TODO: check
+CVE-2017-18863
+	RESERVED
+CVE-2017-18862
+	RESERVED
+CVE-2017-18861
+	RESERVED
+CVE-2017-18860
+	RESERVED
+CVE-2017-18859
+	RESERVED
+CVE-2017-18858
+	RESERVED
+CVE-2017-18857
+	RESERVED
+CVE-2017-18856
+	RESERVED
+CVE-2017-18855
+	RESERVED
+CVE-2017-18854
+	RESERVED
+CVE-2017-18853
+	RESERVED
+CVE-2016-11060
+	RESERVED
+CVE-2016-11059
+	RESERVED
+CVE-2016-11058
+	RESERVED
+CVE-2016-11057
+	RESERVED
+CVE-2016-11056
+	RESERVED
+CVE-2016-11055
+	RESERVED
+CVE-2016-11054
+	RESERVED
 CVE-2020-12283
 	RESERVED
 CVE-2020-12282
@@ -868,18 +910,18 @@ CVE-2018-21182
 	RESERVED
 CVE-2018-21181
 	RESERVED
-CVE-2018-21180
-	RESERVED
-CVE-2018-21179
-	RESERVED
-CVE-2018-21178
-	RESERVED
-CVE-2018-21177
-	RESERVED
-CVE-2018-21176
-	RESERVED
-CVE-2018-21175
-	RESERVED
+CVE-2018-21180 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2018-21179 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2018-21178 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2018-21177 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2018-21176 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2018-21175 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
 CVE-2018-21174 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
 	NOT-FOR-US: Netgear
 CVE-2018-21173 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
@@ -2877,7 +2919,7 @@ CVE-2020-11545 (Project Worlds Official Car Rental System 1 is vulnerable to mul
 	NOT-FOR-US: Project Worlds Official Car Rental System 1
 CVE-2020-11544 (An issue was discovered in Project Worlds Official Car Rental System 1 ...)
 	NOT-FOR-US: Project Worlds Official Car Rental System 1
-CVE-2020-11543 (OpsRamp Gateway 3.0.0 has a backdoor account vadmin with the password  ...)
+CVE-2020-11543 (OpsRamp Gateway before 5.5.0 has a backdoor account vadmin with the pa ...)
 	NOT-FOR-US: OpsRamp Gateway
 CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...)
 	NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices
@@ -5107,6 +5149,7 @@ CVE-2020-10664 (The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in
 	TODO: check
 CVE-2020-10663 [Unsafe Object Creation Vulnerability in JSON (Additional fix to CVE-2013-0269]
 	RESERVED
+	{DLA-2190-1}
 	- ruby-json 2.3.0+dfsg-1
 	- ruby2.7 <not-affected> (Fixed before initial upload to Debian)
 	- ruby2.5 <unfixed>
@@ -5192,7 +5235,7 @@ CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified b
 	NOTE: http://www.openwall.com/lists/oss-security/2020/03/18/5
 	NOTE: https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/
 	NOTE: https://lists.denx.de/pipermail/u-boot/2020-March/403409.html
-CVE-2020-10647 (Wind River VxWorks tftp client library, as distributed in VxWorks 5.5  ...)
+CVE-2020-10647 (Wind River VxWorks tftp client library, as distributed in VxWorks 6.9  ...)
 	TODO: check
 CVE-2020-10646 (Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a h ...)
 	NOT-FOR-US: Fuji Electric V-Server Lite
@@ -7736,8 +7779,7 @@ CVE-2020-9483
 CVE-2020-9482
 	RESERVED
 	NOT-FOR-US: Apache NiFi
-CVE-2020-9481
-	RESERVED
+CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulne ...)
 	- trafficserver 8.0.7+ds-1
 	NOTE: https://lists.apache.org/thread.html/rcb8bae0b289d71d18a3220be256c1dfcc4d9ab49d2d6e07d1eac7c9d%40%3Cannounce.trafficserver.apache.org%3E
 CVE-2020-9480
@@ -12073,8 +12115,8 @@ CVE-2020-7642 (lazysizes through 5.2.0 allows execution of malicious JavaScript.
 	NOT-FOR-US: Node lazysizes 
 CVE-2020-7641
 	RESERVED
-CVE-2020-7640
-	RESERVED
+CVE-2020-7640 (pixl-class prior to 1.0.3 allows execution of arbitrary commands. The  ...)
+	TODO: check
 CVE-2020-7639 (eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.T ...)
 	NOT-FOR-US: Node eivindfjeldstad-dot
 CVE-2020-7638 (confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDe ...)
@@ -12139,8 +12181,8 @@ CVE-2020-7610 (All versions of bson before 1.1.4 are vulnerable to Deserializati
 	NOTE: Fixed in js-bson v1.1.4 included in 3.5.5+~cs11.12.19
 	NOTE: https://snyk.io/vuln/SNYK-JS-BSON-561052
 	NOTE: https://github.com/mongodb/js-bson/commit/3809c1313a7b2a8001065f0271199df9fa3d16a8
-CVE-2020-7609
-	RESERVED
+CVE-2020-7609 (node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbi ...)
+	TODO: check
 CVE-2020-7608 (yargs-parser could be tricked into adding or modifying properties of O ...)
 	- node-yargs-parser 18.1.1-1
 	[buster] - node-yargs-parser <no-dsa> (Minor issue; can be fixed via point release)
@@ -13331,8 +13373,7 @@ CVE-2020-7069
 	RESERVED
 CVE-2020-7068
 	RESERVED
-CVE-2020-7067 [OOB Read in urldecode()]
-	RESERVED
+CVE-2020-7067 (In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below ...)
 	{DLA-2188-1}
 	- php7.4 7.4.5-1
 	- php7.3 <removed>
@@ -13340,7 +13381,7 @@ CVE-2020-7067 [OOB Read in urldecode()]
 	- php5 <removed>
 	NOTE: Fixed in PHP 7.4.5, 7.3.17
 	NOTE: PHP Bug: https://bugs.php.net/79465
-CVE-2020-7066 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below  ...)
+CVE-2020-7066 (In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below ...)
 	{DLA-2188-1}
 	- php7.4 7.4.5-1
 	- php7.3 <removed>
@@ -16831,24 +16872,24 @@ CVE-2020-5572
 	RESERVED
 CVE-2020-5571 (SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQ ...)
 	NOT-FOR-US: SHARP AQUOS
-CVE-2020-5570
-	RESERVED
+CVE-2020-5570 (Cross-site scripting vulnerability in Sales Force Assistant version 11 ...)
+	TODO: check
 CVE-2020-5569 (An unquoted search path vulnerability exists in HDD Password tool (for ...)
 	NOT-FOR-US: HDD Password tool (CANVIO)
-CVE-2020-5568
-	RESERVED
-CVE-2020-5567
-	RESERVED
-CVE-2020-5566
-	RESERVED
-CVE-2020-5565
-	RESERVED
-CVE-2020-5564
-	RESERVED
-CVE-2020-5563
-	RESERVED
-CVE-2020-5562
-	RESERVED
+CVE-2020-5568 (Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 all ...)
+	TODO: check
+CVE-2020-5567 (Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 ...)
+	TODO: check
+CVE-2020-5566 (Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3  ...)
+	TODO: check
+CVE-2020-5565 (Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10 ...)
+	TODO: check
+CVE-2020-5564 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 al ...)
+	TODO: check
+CVE-2020-5563 (Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 ...)
+	TODO: check
+CVE-2020-5562 (Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6. ...)
+	TODO: check
 CVE-2020-5561 (Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS ...)
 	NOT-FOR-US: Keijiban Tsumiki
 CVE-2020-5560 (WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS c ...)
@@ -27634,8 +27675,7 @@ CVE-2020-1764 (A hard-coded cryptographic key vulnerability in the default confi
 	NOT-FOR-US: Kiali
 CVE-2020-1763
 	RESERVED
-CVE-2020-1762
-	RESERVED
+CVE-2020-1762 (An insufficient JWT validation vulnerability was found in Kiali versio ...)
 	NOT-FOR-US: Kiali
 CVE-2020-1761
 	RESERVED
@@ -27806,8 +27846,7 @@ CVE-2020-1724
 	RESERVED
 CVE-2020-1723
 	RESERVED
-CVE-2020-1722
-	RESERVED
+CVE-2020-1722 (A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending ...)
 	- freeipa <unfixed>
 	NOTE: https://pagure.io/freeipa/issue/8268
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793071
@@ -40829,8 +40868,7 @@ CVE-2019-15792 (In shiftfs, a non-upstream patch to the Linux kernel included in
 CVE-2019-15791 (In shiftfs, a non-upstream patch to the Linux kernel included in the U ...)
 	- linux <not-affected> (Ubuntu-specific patch set, shiftfs not in Debian kernels)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1850867
-CVE-2019-15790
-	RESERVED
+CVE-2019-15790 (Apport reads and writes information on a crashed process to /proc/pid  ...)
 	NOT-FOR-US: Apport
 CVE-2019-15789 (Privilege escalation vulnerability in MicroK8s allows a low privilege  ...)
 	NOT-FOR-US: MicroK8s
@@ -72693,10 +72731,10 @@ CVE-2019-5305 (The image processing module of some Huawei Mate 10 smartphones ve
 	NOT-FOR-US: Huawei
 CVE-2019-5304 (Some Huawei products have a buffer error vulnerability. An unauthentic ...)
 	NOT-FOR-US: Huawei
-CVE-2019-5303
-	RESERVED
-CVE-2019-5302
-	RESERVED
+CVE-2019-5303 (There are two denial of service vulnerabilities on some Huawei smartph ...)
+	TODO: check
+CVE-2019-5302 (There are two denial of service vulnerabilities on some Huawei smartph ...)
+	TODO: check
 CVE-2019-5301 (Huawei smart phones Honor V20 with the versions before 9.0.1.161(C00E1 ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5300 (There is a digital signature verification bypass vulnerability in AR12 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cd01a2e744410a81ca69504ab595d029e0e7e5b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cd01a2e744410a81ca69504ab595d029e0e7e5b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200428/244faee6/attachment.html>


More information about the debian-security-tracker-commits mailing list