[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Apr 29 09:10:26 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bd9f4885 by security tracker role at 2020-04-29T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2020-12456
+ RESERVED
+CVE-2020-12455
+ RESERVED
+CVE-2020-12454
+ RESERVED
+CVE-2020-12453
+ RESERVED
+CVE-2020-12452
+ RESERVED
+CVE-2020-12451
+ RESERVED
+CVE-2020-12450
+ RESERVED
+CVE-2020-12449
+ RESERVED
+CVE-2020-12448
+ RESERVED
+CVE-2020-12447 (A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-000 ...)
+ TODO: check
+CVE-2020-12446
+ RESERVED
+CVE-2020-12445
+ RESERVED
+CVE-2020-12444
+ RESERVED
+CVE-2020-12443 (BigBlueButton before 2.2.6 allows remote attackers to read arbitrary f ...)
+ TODO: check
+CVE-2020-12442 (Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated ...)
+ TODO: check
+CVE-2020-12441
+ RESERVED
+CVE-2020-12440
+ RESERVED
+CVE-2020-12439
+ RESERVED
+CVE-2020-12438 (An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03 ...)
+ TODO: check
+CVE-2020-12437
+ RESERVED
+CVE-2020-12436
+ RESERVED
+CVE-2020-12435
+ RESERVED
+CVE-2020-12434
+ RESERVED
+CVE-2020-12433
+ RESERVED
+CVE-2020-12432
+ RESERVED
+CVE-2020-12431
+ RESERVED
+CVE-2020-12430 (An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_dri ...)
+ TODO: check
+CVE-2019-20792 (OpenSC before 0.20.0 has a double free in coolkey_free_private_data be ...)
+ TODO: check
CVE-2020-12429 (Online Course Registration 2.0 has multiple SQL injections that would ...)
NOT-FOR-US: Online Course Registration
CVE-2020-12428
@@ -392,8 +448,8 @@ CVE-2020-12263
RESERVED
CVE-2020-12262
RESERVED
-CVE-2020-12261
- RESERVED
+CVE-2020-12261 (Open-AudIT 3.3.0 allows an XSS attack after login. ...)
+ TODO: check
CVE-2020-12260
RESERVED
CVE-2020-12259
@@ -715,10 +771,10 @@ CVE-2020-12105 (OpenConnect through 8.08 mishandles negative return values from
NOTE: https://gitlab.com/openconnect/openconnect/-/merge_requests/96
CVE-2020-12104
RESERVED
-CVE-2020-12103
- RESERVED
-CVE-2020-12102
- RESERVED
+CVE-2020-12103 (In Tiny File Manager 2.4.1, there is a vulnerability in the ajax file ...)
+ TODO: check
+CVE-2020-12102 (In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in ...)
+ TODO: check
CVE-2020-12101
RESERVED
CVE-2020-12100
@@ -4346,8 +4402,8 @@ CVE-2020-11016
RESERVED
CVE-2020-11015
RESERVED
-CVE-2020-11014
- RESERVED
+CVE-2020-11014 (Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token ...)
+ TODO: check
CVE-2020-11013 (Their is an information disclosure vulnerability in Helm from version ...)
- helm-kubernetes <itp> (bug #910799)
CVE-2020-11012 (MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authenticat ...)
@@ -5418,6 +5474,7 @@ CVE-2020-10684 (A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x an
NOTE: https://github.com/ansible/ansible/commit/a9d2ceafe429171c0e2ad007058b88bae57c74ce
CVE-2020-10683 [XML External Entity vulnerability in default SAX parser]
RESERVED
+ {DLA-2191-1}
- dom4j <unfixed> (bug #958055)
NOTE: https://github.com/dom4j/dom4j/commit/1707bf3d898a8ada3b213acb0e3b38f16eaae73d (the fix?)
NOTE: https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658 (post-fix refactor?)
@@ -5478,9 +5535,8 @@ CVE-2020-10665 (Docker Desktop allows local privilege escalation to NT AUTHORITY
NOT-FOR-US: Docker Desktop on Windows
CVE-2020-10664 (The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 ...)
TODO: check
-CVE-2020-10663 [Unsafe Object Creation Vulnerability in JSON (Additional fix to CVE-2013-0269]
- RESERVED
- {DLA-2190-1}
+CVE-2020-10663 (The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9 ...)
+ {DLA-2192-1 DLA-2190-1}
- ruby-json 2.3.0+dfsg-1
[buster] - ruby-json <no-dsa> (Minor issue)
[stretch] - ruby-json <no-dsa> (Minor issue)
@@ -10499,44 +10555,44 @@ CVE-2020-8491
RESERVED
CVE-2020-8490
RESERVED
-CVE-2020-8489
- RESERVED
-CVE-2020-8488
- RESERVED
-CVE-2020-8487
- RESERVED
-CVE-2020-8486
- RESERVED
-CVE-2020-8485
- RESERVED
-CVE-2020-8484
- RESERVED
+CVE-2020-8489 (Insufficient protection of the inter-process communication functions i ...)
+ TODO: check
+CVE-2020-8488 (Insufficient protection of the inter-process communication functions i ...)
+ TODO: check
+CVE-2020-8487 (Insufficient protection of the inter-process communication functions i ...)
+ TODO: check
+CVE-2020-8486 (Insufficient protection of the inter-process communication functions i ...)
+ TODO: check
+CVE-2020-8485 (Insufficient protection of the inter-process communication functions i ...)
+ TODO: check
+CVE-2020-8484 (Insufficient protection of the inter-process communication functions i ...)
+ TODO: check
CVE-2020-8483
RESERVED
CVE-2020-8482
RESERVED
-CVE-2020-8481
- RESERVED
+CVE-2020-8481 (For ABB products ABB Ability™ System 800xA and related system ex ...)
+ TODO: check
CVE-2020-8480
RESERVED
-CVE-2020-8479
- RESERVED
-CVE-2020-8478
- RESERVED
+CVE-2020-8479 (For the Central Licensing Server component used in ABB products ABB Ab ...)
+ TODO: check
+CVE-2020-8478 (Insufficient protection of the inter-process communication functions i ...)
+ TODO: check
CVE-2020-8477 (The installations for ABB System 800xA Information Manager versions 5. ...)
NOT-FOR-US: ABB
-CVE-2020-8476
- RESERVED
-CVE-2020-8475
- RESERVED
+CVE-2020-8476 (For the Central Licensing Server component used in ABB products ABB Ab ...)
+ TODO: check
+CVE-2020-8475 (For the Central Licensing Server component used in ABB products ABB Ab ...)
+ TODO: check
CVE-2020-8474 (Weak Registry permissions in ABB System 800xA Base allow low privilege ...)
NOT-FOR-US: ABB
-CVE-2020-8473
- RESERVED
-CVE-2020-8472
- RESERVED
-CVE-2020-8471
- RESERVED
+CVE-2020-8473 (Insufficient folder permissions used by system functions in ABB System ...)
+ TODO: check
+CVE-2020-8472 (Insufficient folder permissions used by system functions in ABB System ...)
+ TODO: check
+CVE-2020-8471 (For the Central Licensing Server component used in ABB products ABB Ab ...)
+ TODO: check
CVE-2020-8470 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...)
NOT-FOR-US: Trend Micro
CVE-2020-8469 (Trend Micro Password Manager for Windows version 5.0 is affected by a ...)
@@ -12871,12 +12927,12 @@ CVE-2020-7455
RESERVED
CVE-2020-7454
RESERVED
-CVE-2020-7453
- RESERVED
-CVE-2020-7452
- RESERVED
-CVE-2020-7451
- RESERVED
+CVE-2020-7453 (In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEAS ...)
+ TODO: check
+CVE-2020-7452 (In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEAS ...)
+ TODO: check
+CVE-2020-7451 (In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEAS ...)
+ TODO: check
CVE-2020-7450 (In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEAS ...)
NOT-FOR-US: FreeBSD
CVE-2020-7449
@@ -21114,8 +21170,8 @@ CVE-2020-3957
RESERVED
CVE-2020-3956
RESERVED
-CVE-2020-3955
- RESERVED
+CVE-2020-3955 (ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ...)
+ TODO: check
CVE-2020-3954 (Open Redirect vulnerability exists in VMware vRealize Log Insight prio ...)
NOT-FOR-US: VMware
CVE-2020-3953 (Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log ...)
@@ -24692,7 +24748,7 @@ CVE-2020-2832 (Vulnerability in the Oracle One-to-One Fulfillment product of Ora
CVE-2020-2831 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
NOT-FOR-US: Oracle
CVE-2020-2830 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4662-1}
+ {DSA-4662-1 DLA-2193-1}
- openjdk-14 14.0.1+7-1
- openjdk-11 11.0.7+10-1
- openjdk-8 8u252-b09-1
@@ -24751,7 +24807,7 @@ CVE-2020-2806 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
- mysql-5.7 <unfixed> (bug #956832)
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2805 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4668-1 DSA-4662-1}
+ {DSA-4668-1 DSA-4662-1 DLA-2193-1}
- openjdk-14 14.0.1+7-1
- openjdk-11 11.0.7+10-1
- openjdk-8 8u252-b09-1
@@ -24760,7 +24816,7 @@ CVE-2020-2804 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
- mysql-5.7 <unfixed> (bug #956832)
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2803 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4668-1 DSA-4662-1}
+ {DSA-4668-1 DSA-4662-1 DLA-2193-1}
- openjdk-14 14.0.1+7-1
- openjdk-11 11.0.7+10-1
- openjdk-8 8u252-b09-1
@@ -24770,7 +24826,7 @@ CVE-2020-2802 (Vulnerability in the Oracle GraalVM Enterprise Edition product of
CVE-2020-2801 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
NOT-FOR-US: Oracle
CVE-2020-2800 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4668-1 DSA-4662-1}
+ {DSA-4668-1 DSA-4662-1 DLA-2193-1}
- openjdk-14 14.0.1+7-1
- openjdk-11 11.0.7+10-1
- openjdk-8 8u252-b09-1
@@ -24813,7 +24869,7 @@ CVE-2020-2783 (Vulnerability in the Oracle Outside In Technology product of Orac
CVE-2020-2782 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
NOT-FOR-US: Oracle
CVE-2020-2781 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4668-1 DSA-4662-1}
+ {DSA-4668-1 DSA-4662-1 DLA-2193-1}
- openjdk-14 14.0.1+7-1
- openjdk-11 11.0.7+10-1
- openjdk-8 8u252-b09-1
@@ -24838,7 +24894,7 @@ CVE-2020-2774 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
- mysql-5.7 <not-affected> (Only affects MySQL 8)
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2773 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4668-1 DSA-4662-1}
+ {DSA-4668-1 DSA-4662-1 DLA-2193-1}
- openjdk-14 14.0.1+7-1
- openjdk-11 11.0.7+10-1
- openjdk-8 8u252-b09-1
@@ -24885,13 +24941,13 @@ CVE-2020-2758 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtu
- virtualbox 6.1.6-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2757 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4668-1 DSA-4662-1}
+ {DSA-4668-1 DSA-4662-1 DLA-2193-1}
- openjdk-14 14.0.1+7-1
- openjdk-11 11.0.7+10-1
- openjdk-8 8u252-b09-1
- openjdk-7 <removed>
CVE-2020-2756 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4668-1 DSA-4662-1}
+ {DSA-4668-1 DSA-4662-1 DLA-2193-1}
- openjdk-14 14.0.1+7-1
- openjdk-11 11.0.7+10-1
- openjdk-8 8u252-b09-1
@@ -29011,12 +29067,12 @@ CVE-2019-19104 (The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaege
NOT-FOR-US: ABB
CVE-2019-19103
RESERVED
-CVE-2019-19102
- RESERVED
-CVE-2019-19101
- RESERVED
-CVE-2019-19100
- RESERVED
+CVE-2019-19102 (A directory traversal vulnerability in SharpZipLib used in the upgrade ...)
+ TODO: check
+CVE-2019-19101 (A missing secure communication definition and an incomplete TLS valida ...)
+ TODO: check
+CVE-2019-19100 (A privilege escalation vulnerability in the upgrade service in B&R ...)
+ TODO: check
CVE-2019-19099
RESERVED
CVE-2019-19098
@@ -40989,15 +41045,15 @@ CVE-2019-15879
RESERVED
CVE-2019-15878
RESERVED
-CVE-2019-15877
- RESERVED
-CVE-2019-15876
- RESERVED
+CVE-2019-15877 (In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-REL ...)
+ TODO: check
+CVE-2019-15876 (In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEAS ...)
+ TODO: check
CVE-2019-15875 (In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEAS ...)
- kfreebsd-10 <unfixed> (unimportant)
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:03.thrmisc.asc
-CVE-2019-15874
- RESERVED
+CVE-2019-15874 (In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEAS ...)
+ TODO: check
CVE-2019-15873 (The profilegrid-user-profiles-groups-and-communities plugin before 2.8 ...)
NOT-FOR-US: profilegrid-user-profiles-groups-and-communities plugin for WordPress
CVE-2019-15872 (The LoginPress plugin before 1.1.4 for WordPress has SQL injection via ...)
@@ -72350,8 +72406,8 @@ CVE-2019-5616 (CircuitWerkes Sicon-8, a hardware device used for managing electr
NOT-FOR-US: CircuitWerkes Sicon-8
CVE-2019-5615 (Users with Site-level permissions can access files containing the user ...)
NOT-FOR-US: Rapid7 InsightVM
-CVE-2019-5614
- RESERVED
+CVE-2019-5614 (In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEAS ...)
+ TODO: check
CVE-2019-5613 (In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in th ...)
- kfreebsd-10 <not-affected> (Only affects kfreebsd 12)
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:02.ipsec.asc
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd9f488517c8fec97d83933bac310156794e0096
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd9f488517c8fec97d83933bac310156794e0096
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200429/b8a01087/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list