[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Apr 29 21:10:30 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
35d4d15c by security tracker role at 2020-04-29T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2020-12466
+ RESERVED
+CVE-2020-12465 (An array overflow was discovered in mt76_add_fragment in drivers/net/w ...)
+ TODO: check
+CVE-2020-12464 (usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before ...)
+ TODO: check
+CVE-2020-12463
+ RESERVED
+CVE-2020-12462 (The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with ...)
+ TODO: check
+CVE-2020-12461 (PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an in ...)
+ TODO: check
+CVE-2020-12460
+ RESERVED
+CVE-2020-12459 (In certain Red Hat packages for Grafana 6.x through 6.3.6, the configu ...)
+ TODO: check
+CVE-2020-12458 (An information-disclosure flaw was found in Grafana through 6.7.3. The ...)
+ TODO: check
+CVE-2020-12457
+ RESERVED
CVE-2020-12456
RESERVED
CVE-2020-12455
@@ -18,8 +38,8 @@ CVE-2020-12448
RESERVED
CVE-2020-12447 (A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-000 ...)
NOT-FOR-US: Onkyo
-CVE-2020-12446
- RESERVED
+CVE-2020-12446 (The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00. ...)
+ TODO: check
CVE-2020-12445
RESERVED
CVE-2020-12444
@@ -350,8 +370,8 @@ CVE-2020-12287
RESERVED
CVE-2019-20791 (OpenThread before 2019-12-13 has a stack-based buffer overflow in Mesh ...)
TODO: check
-CVE-2018-21232
- RESERVED
+CVE-2018-21232 (re2c before 2.0 has uncontrolled recursion that causes stack consumpti ...)
+ TODO: check
CVE-2020-12286 (In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the Task ...)
NOT-FOR-US: Octopus Deploy
CVE-2020-12285
@@ -364,22 +384,22 @@ CVE-2017-18862 (Certain NETGEAR devices are affected by authentication bypass. T
NOT-FOR-US: Netgear
CVE-2017-18861 (Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Su ...)
NOT-FOR-US: Netgear
-CVE-2017-18860
- RESERVED
+CVE-2017-18860 (Certain NETGEAR devices are affected by debugging command execution. T ...)
+ TODO: check
CVE-2017-18859 (Certain NETGEAR devices are affected by slowdown/stoppage. This affect ...)
NOT-FOR-US: Netgear
CVE-2017-18858 (Certain NETGEAR devices are affected by command execution. This affect ...)
NOT-FOR-US: Netgear
CVE-2017-18857 (The NETGEAR Insight application before 2.42 for Android and iOS is aff ...)
NOT-FOR-US: Netgear
-CVE-2017-18856
- RESERVED
-CVE-2017-18855
- RESERVED
-CVE-2017-18854
- RESERVED
-CVE-2017-18853
- RESERVED
+CVE-2017-18856 (NETGEAR ReadyNAS devices before 6.6.1 are affected by command injectio ...)
+ TODO: check
+CVE-2017-18855 (NETGEAR WNR854T devices before 1.5.2 are affected by command execution ...)
+ TODO: check
+CVE-2017-18854 (NETGEAR ReadyNAS 6.6.1 and earlier is affected by command injection. ...)
+ TODO: check
+CVE-2017-18853 (Certain NETGEAR devices are affected by password recovery and file acc ...)
+ TODO: check
CVE-2016-11060 (Certain NETGEAR devices are affected by insecure renegotiation. This a ...)
NOT-FOR-US: Netgear
CVE-2016-11059 (Certain NETGEAR devices are affected by password exposure. This affect ...)
@@ -415,12 +435,12 @@ CVE-2020-12278 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before
[jessie] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)
NOTE: https://github.com/libgit2/libgit2/commit/3f7851eadca36a99627ad78cbe56a40d3776ed01
NOTE: https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb
-CVE-2020-12277
- RESERVED
-CVE-2020-12276
- RESERVED
-CVE-2020-12275
- RESERVED
+CVE-2020-12277 (GitLab 10.8 through 12.9 has a vulnerability that allows someone to mi ...)
+ TODO: check
+CVE-2020-12276 (GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin noti ...)
+ TODO: check
+CVE-2020-12275 (GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that ...)
+ TODO: check
CVE-2020-12274 (In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url param ...)
NOT-FOR-US: TestLink
CVE-2020-12273 (In TestLink 1.9.20, a crafted login.php viewer parameter exposes clear ...)
@@ -476,10 +496,10 @@ CVE-2019-20789 (Croogo before 3.0.7 allows XSS via the title to admin/menus/menu
NOT-FOR-US: Croogo
CVE-2020-12253
RESERVED
-CVE-2020-12252
- RESERVED
-CVE-2020-12251
- RESERVED
+CVE-2020-12252 (An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload funct ...)
+ TODO: check
+CVE-2020-12251 (An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload funct ...)
+ TODO: check
CVE-2020-12250
RESERVED
CVE-2020-12249
@@ -488,8 +508,8 @@ CVE-2020-12248
RESERVED
CVE-2020-12247
RESERVED
-CVE-2020-12246
- RESERVED
+CVE-2020-12246 (Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other & ...)
+ TODO: check
CVE-2020-12245 (Grafana before 6.7.3 allows table-panel XSS via column.title or cellLi ...)
- grafana <removed>
NOTE: https://github.com/grafana/grafana/pull/23816
@@ -1861,8 +1881,7 @@ CVE-2020-11886 (OpenNMS Horizon and Meridian allows HQL Injection in element/nod
NOT-FOR-US: OpenNMS
CVE-2020-11885 (WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability wher ...)
NOT-FOR-US: WSO2 Enterprise Integrator
-CVE-2020-11884 [s390/mm: fix page table upgrade vs 2ndary address mode accesses]
- RESERVED
+CVE-2020-11884 (In the Linux kernel through 5.6.7 on the s390 platform, code execution ...)
{DSA-4667-1}
- linux 5.6.7-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -1942,8 +1961,8 @@ CVE-2019-20783 (An issue was discovered on LG mobile devices with Android OS 7.0
NOT-FOR-US: LG mobile devices
CVE-2019-20782 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
NOT-FOR-US: LG mobile devices
-CVE-2019-20781
- RESERVED
+CVE-2019-20781 (An issue was discovered in LG Bridge before April 2019 on Windows. DLL ...)
+ TODO: check
CVE-2019-20780 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
NOT-FOR-US: LG mobile devices
CVE-2019-20779 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
@@ -2688,14 +2707,14 @@ CVE-2020-11679
RESERVED
CVE-2020-11678
RESERVED
-CVE-2020-11677
- RESERVED
-CVE-2020-11676
- RESERVED
-CVE-2020-11675
- RESERVED
-CVE-2020-11674
- RESERVED
+CVE-2020-11677 (Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3). ...)
+ TODO: check
+CVE-2020-11676 (Cerner medico 26.00 has a Local Buffer Overflow (issue 2 of 3). ...)
+ TODO: check
+CVE-2020-11675 (Cerner medico 26.00 has a Local Buffer Overflow (issue 1 of 3). ...)
+ TODO: check
+CVE-2020-11674 (Cerner medico 26.00 allows variable reuse, possibly causing data corru ...)
+ TODO: check
CVE-2020-11673 (An issue was discovered in the Responsive Poll through 1.3.4 for Wordp ...)
NOT-FOR-US: Responsive Poll for WordPress
CVE-2020-11672
@@ -3504,8 +3523,8 @@ CVE-2020-11448
RESERVED
CVE-2020-11447
RESERVED
-CVE-2020-11446
- RESERVED
+CVE-2020-11446 (ESET Antivirus and Antispyware Module module 1553 through 1560 allows ...)
+ TODO: check
CVE-2020-11445 (TP-Link cloud cameras through 2020-02-09 allow remote attackers to byp ...)
NOT-FOR-US: TP-Link
CVE-2020-11444 (Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has I ...)
@@ -4396,10 +4415,10 @@ CVE-2020-11023
RESERVED
CVE-2020-11022
RESERVED
-CVE-2020-11021
- RESERVED
-CVE-2020-11020
- RESERVED
+CVE-2020-11021 (Actions Http-Client (NPM @actions/http-client) before version 1.0.8 ca ...)
+ TODO: check
+CVE-2020-11020 (Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1. ...)
+ TODO: check
CVE-2020-11019
RESERVED
CVE-2020-11018
@@ -4420,8 +4439,8 @@ CVE-2020-11011 (In Phproject before version 1.7.8, there's a vulnerability which
NOT-FOR-US: Phproject
CVE-2020-11010 (In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of S ...)
NOT-FOR-US: Tortoise ORM
-CVE-2020-11009
- RESERVED
+CVE-2020-11009 (In Rundeck before version 3.2.6, authenticated users can craft a reque ...)
+ TODO: check
CVE-2020-11008 (Affected versions of Git have a vulnerability whereby Git can be trick ...)
{DSA-4659-1 DLA-2182-1}
- git 1:2.26.2-1
@@ -5184,8 +5203,8 @@ CVE-2020-10799 (The svglib package through 0.9.3 for Python allows XXE attacks v
NOT-FOR-US: svglib
CVE-2020-10798
RESERVED
-CVE-2020-10797
- RESERVED
+CVE-2020-10797 (An XSS vulnerability resides in the hostname field of the diag_ping.ph ...)
+ TODO: check
CVE-2020-10796
RESERVED
CVE-2020-10795
@@ -7594,7 +7613,7 @@ CVE-2020-9759 (An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are
NOTE: https://github.com/weechat/weechat/commit/c827d6fa864e2c0b79cea640c45272e83703081e
CVE-2020-9758 (An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (He ...)
NOT-FOR-US: LiveZilla Live Chat
-CVE-2020-9757 (The Seomatic component before 3.2.46 for Craft CMS allows Server-Side ...)
+CVE-2020-9757 (The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side T ...)
NOT-FOR-US: Seomatic component for Craft CMS
CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insuff ...)
NOT-FOR-US: Patriot Viper RGB Driver
@@ -9919,12 +9938,12 @@ CVE-2020-8777 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.
NOT-FOR-US: Alfresco
CVE-2020-8776 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...)
NOT-FOR-US: Alfresco
-CVE-2020-8775
- RESERVED
-CVE-2020-8774
- RESERVED
-CVE-2020-8773
- RESERVED
+CVE-2020-8775 (Pega Platform before version 8.2.6 is affected by a Stored Cross-Site ...)
+ TODO: check
+CVE-2020-8774 (Pega Platform before version 8.2.6 is affected by a Reflected Cross-Si ...)
+ TODO: check
+CVE-2020-8773 (The Richtext Editor in Pega Platform before 8.2.6 is affected by a Sto ...)
+ TODO: check
CVE-2020-8772 (The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missin ...)
NOT-FOR-US: InfiniteWP Client plugin for WordPress
CVE-2020-8771 (The Time Capsule plugin before 1.21.16 for WordPress has an authentica ...)
@@ -12194,8 +12213,8 @@ CVE-2020-7806
RESERVED
CVE-2020-7805
RESERVED
-CVE-2020-7804
- RESERVED
+CVE-2020-7804 (ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, ...)
+ TODO: check
CVE-2020-7803
RESERVED
CVE-2020-7802 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...)
@@ -25396,8 +25415,8 @@ CVE-2020-2577 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2576 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
NOT-FOR-US: Oracle
-CVE-2020-2575
- RESERVED
+CVE-2020-2575 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
CVE-2020-2574 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
- mysql-5.7 <unfixed> (bug #949994)
- mariadb-10.3 1:10.3.22-1
@@ -28936,8 +28955,8 @@ CVE-2019-19167
RESERVED
CVE-2019-19166
RESERVED
-CVE-2019-19165
- RESERVED
+CVE-2019-19165 (AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability ...)
+ TODO: check
CVE-2019-19164
RESERVED
CVE-2019-19163
@@ -38857,10 +38876,10 @@ CVE-2019-16655 (joyplus-cms 1.6.0 allows reinstallation if the install/ URI rema
NOT-FOR-US: joyplus-cms
CVE-2019-16654
RESERVED
-CVE-2019-16653
- RESERVED
-CVE-2019-16652
- RESERVED
+CVE-2019-16653 (An application plugin in Genius Bytes Genius Server (Genius CDDS) 3.2. ...)
+ TODO: check
+CVE-2019-16652 (The BPM component in Genius Bytes Genius Server (Genius CDDS) 3.2.2 al ...)
+ TODO: check
CVE-2019-16651
RESERVED
CVE-2019-16650 (On Supermicro X10 and X11 products, a client's access privileges may b ...)
@@ -67109,8 +67128,8 @@ CVE-2018-20764 (A buffer overflow exists in HelpSystems tcpcrypt on Linux, used
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1676393
NOTE: https://community.helpsystems.com/knowledge-base/fox-technologies/hotfix/515/
NOTE: No specific information is provided, but seems caused by BoKS shipping tcpcrypt setuid
-CVE-2019-7634
- RESERVED
+CVE-2019-7634 (SUAP V2 allows XSS during the update of user information. ...)
+ TODO: check
CVE-2019-7633
RESERVED
CVE-2019-7632 (LifeSize Team, Room, Passport, and Networker 220 devices allow Authent ...)
@@ -75336,12 +75355,12 @@ CVE-2019-4290
RESERVED
CVE-2019-4289
RESERVED
-CVE-2019-4288
- RESERVED
+CVE-2019-4288 (IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could discl ...)
+ TODO: check
CVE-2019-4287
RESERVED
-CVE-2019-4286
- RESERVED
+CVE-2019-4286 (IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could discl ...)
+ TODO: check
CVE-2019-4285 (IBM WebSphere Application Server - Liberty Admin Center could allow a ...)
NOT-FOR-US: IBM
CVE-2019-4284 (IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35d4d15c40783982528624a524655f1d552d2b2a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35d4d15c40783982528624a524655f1d552d2b2a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200429/08aec5f5/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list