[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Apr 29 21:10:30 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
35d4d15c by security tracker role at 2020-04-29T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2020-12466
+	RESERVED
+CVE-2020-12465 (An array overflow was discovered in mt76_add_fragment in drivers/net/w ...)
+	TODO: check
+CVE-2020-12464 (usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before ...)
+	TODO: check
+CVE-2020-12463
+	RESERVED
+CVE-2020-12462 (The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with  ...)
+	TODO: check
+CVE-2020-12461 (PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an in ...)
+	TODO: check
+CVE-2020-12460
+	RESERVED
+CVE-2020-12459 (In certain Red Hat packages for Grafana 6.x through 6.3.6, the configu ...)
+	TODO: check
+CVE-2020-12458 (An information-disclosure flaw was found in Grafana through 6.7.3. The ...)
+	TODO: check
+CVE-2020-12457
+	RESERVED
 CVE-2020-12456
 	RESERVED
 CVE-2020-12455
@@ -18,8 +38,8 @@ CVE-2020-12448
 	RESERVED
 CVE-2020-12447 (A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-000 ...)
 	NOT-FOR-US: Onkyo
-CVE-2020-12446
-	RESERVED
+CVE-2020-12446 (The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00. ...)
+	TODO: check
 CVE-2020-12445
 	RESERVED
 CVE-2020-12444
@@ -350,8 +370,8 @@ CVE-2020-12287
 	RESERVED
 CVE-2019-20791 (OpenThread before 2019-12-13 has a stack-based buffer overflow in Mesh ...)
 	TODO: check
-CVE-2018-21232
-	RESERVED
+CVE-2018-21232 (re2c before 2.0 has uncontrolled recursion that causes stack consumpti ...)
+	TODO: check
 CVE-2020-12286 (In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the Task ...)
 	NOT-FOR-US: Octopus Deploy
 CVE-2020-12285
@@ -364,22 +384,22 @@ CVE-2017-18862 (Certain NETGEAR devices are affected by authentication bypass. T
 	NOT-FOR-US: Netgear
 CVE-2017-18861 (Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Su ...)
 	NOT-FOR-US: Netgear
-CVE-2017-18860
-	RESERVED
+CVE-2017-18860 (Certain NETGEAR devices are affected by debugging command execution. T ...)
+	TODO: check
 CVE-2017-18859 (Certain NETGEAR devices are affected by slowdown/stoppage. This affect ...)
 	NOT-FOR-US: Netgear
 CVE-2017-18858 (Certain NETGEAR devices are affected by command execution. This affect ...)
 	NOT-FOR-US: Netgear
 CVE-2017-18857 (The NETGEAR Insight application before 2.42 for Android and iOS is aff ...)
 	NOT-FOR-US: Netgear
-CVE-2017-18856
-	RESERVED
-CVE-2017-18855
-	RESERVED
-CVE-2017-18854
-	RESERVED
-CVE-2017-18853
-	RESERVED
+CVE-2017-18856 (NETGEAR ReadyNAS devices before 6.6.1 are affected by command injectio ...)
+	TODO: check
+CVE-2017-18855 (NETGEAR WNR854T devices before 1.5.2 are affected by command execution ...)
+	TODO: check
+CVE-2017-18854 (NETGEAR ReadyNAS 6.6.1 and earlier is affected by command injection. ...)
+	TODO: check
+CVE-2017-18853 (Certain NETGEAR devices are affected by password recovery and file acc ...)
+	TODO: check
 CVE-2016-11060 (Certain NETGEAR devices are affected by insecure renegotiation. This a ...)
 	NOT-FOR-US: Netgear
 CVE-2016-11059 (Certain NETGEAR devices are affected by password exposure. This affect ...)
@@ -415,12 +435,12 @@ CVE-2020-12278 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before
 	[jessie] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)
 	NOTE: https://github.com/libgit2/libgit2/commit/3f7851eadca36a99627ad78cbe56a40d3776ed01
 	NOTE: https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb
-CVE-2020-12277
-	RESERVED
-CVE-2020-12276
-	RESERVED
-CVE-2020-12275
-	RESERVED
+CVE-2020-12277 (GitLab 10.8 through 12.9 has a vulnerability that allows someone to mi ...)
+	TODO: check
+CVE-2020-12276 (GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin noti ...)
+	TODO: check
+CVE-2020-12275 (GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that  ...)
+	TODO: check
 CVE-2020-12274 (In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url param ...)
 	NOT-FOR-US: TestLink
 CVE-2020-12273 (In TestLink 1.9.20, a crafted login.php viewer parameter exposes clear ...)
@@ -476,10 +496,10 @@ CVE-2019-20789 (Croogo before 3.0.7 allows XSS via the title to admin/menus/menu
 	NOT-FOR-US: Croogo
 CVE-2020-12253
 	RESERVED
-CVE-2020-12252
-	RESERVED
-CVE-2020-12251
-	RESERVED
+CVE-2020-12252 (An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload funct ...)
+	TODO: check
+CVE-2020-12251 (An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload funct ...)
+	TODO: check
 CVE-2020-12250
 	RESERVED
 CVE-2020-12249
@@ -488,8 +508,8 @@ CVE-2020-12248
 	RESERVED
 CVE-2020-12247
 	RESERVED
-CVE-2020-12246
-	RESERVED
+CVE-2020-12246 (Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other & ...)
+	TODO: check
 CVE-2020-12245 (Grafana before 6.7.3 allows table-panel XSS via column.title or cellLi ...)
 	- grafana <removed>
 	NOTE: https://github.com/grafana/grafana/pull/23816
@@ -1861,8 +1881,7 @@ CVE-2020-11886 (OpenNMS Horizon and Meridian allows HQL Injection in element/nod
 	NOT-FOR-US: OpenNMS
 CVE-2020-11885 (WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability wher ...)
 	NOT-FOR-US: WSO2 Enterprise Integrator
-CVE-2020-11884 [s390/mm: fix page table upgrade vs 2ndary address mode accesses]
-	RESERVED
+CVE-2020-11884 (In the Linux kernel through 5.6.7 on the s390 platform, code execution ...)
 	{DSA-4667-1}
 	- linux 5.6.7-1
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -1942,8 +1961,8 @@ CVE-2019-20783 (An issue was discovered on LG mobile devices with Android OS 7.0
 	NOT-FOR-US: LG mobile devices
 CVE-2019-20782 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
 	NOT-FOR-US: LG mobile devices
-CVE-2019-20781
-	RESERVED
+CVE-2019-20781 (An issue was discovered in LG Bridge before April 2019 on Windows. DLL ...)
+	TODO: check
 CVE-2019-20780 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
 	NOT-FOR-US: LG mobile devices
 CVE-2019-20779 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
@@ -2688,14 +2707,14 @@ CVE-2020-11679
 	RESERVED
 CVE-2020-11678
 	RESERVED
-CVE-2020-11677
-	RESERVED
-CVE-2020-11676
-	RESERVED
-CVE-2020-11675
-	RESERVED
-CVE-2020-11674
-	RESERVED
+CVE-2020-11677 (Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3). ...)
+	TODO: check
+CVE-2020-11676 (Cerner medico 26.00 has a Local Buffer Overflow (issue 2 of 3). ...)
+	TODO: check
+CVE-2020-11675 (Cerner medico 26.00 has a Local Buffer Overflow (issue 1 of 3). ...)
+	TODO: check
+CVE-2020-11674 (Cerner medico 26.00 allows variable reuse, possibly causing data corru ...)
+	TODO: check
 CVE-2020-11673 (An issue was discovered in the Responsive Poll through 1.3.4 for Wordp ...)
 	NOT-FOR-US: Responsive Poll for WordPress
 CVE-2020-11672
@@ -3504,8 +3523,8 @@ CVE-2020-11448
 	RESERVED
 CVE-2020-11447
 	RESERVED
-CVE-2020-11446
-	RESERVED
+CVE-2020-11446 (ESET Antivirus and Antispyware Module module 1553 through 1560 allows  ...)
+	TODO: check
 CVE-2020-11445 (TP-Link cloud cameras through 2020-02-09 allow remote attackers to byp ...)
 	NOT-FOR-US: TP-Link
 CVE-2020-11444 (Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has I ...)
@@ -4396,10 +4415,10 @@ CVE-2020-11023
 	RESERVED
 CVE-2020-11022
 	RESERVED
-CVE-2020-11021
-	RESERVED
-CVE-2020-11020
-	RESERVED
+CVE-2020-11021 (Actions Http-Client (NPM @actions/http-client) before version 1.0.8 ca ...)
+	TODO: check
+CVE-2020-11020 (Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1. ...)
+	TODO: check
 CVE-2020-11019
 	RESERVED
 CVE-2020-11018
@@ -4420,8 +4439,8 @@ CVE-2020-11011 (In Phproject before version 1.7.8, there's a vulnerability which
 	NOT-FOR-US: Phproject
 CVE-2020-11010 (In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of S ...)
 	NOT-FOR-US: Tortoise ORM
-CVE-2020-11009
-	RESERVED
+CVE-2020-11009 (In Rundeck before version 3.2.6, authenticated users can craft a reque ...)
+	TODO: check
 CVE-2020-11008 (Affected versions of Git have a vulnerability whereby Git can be trick ...)
 	{DSA-4659-1 DLA-2182-1}
 	- git 1:2.26.2-1
@@ -5184,8 +5203,8 @@ CVE-2020-10799 (The svglib package through 0.9.3 for Python allows XXE attacks v
 	NOT-FOR-US: svglib
 CVE-2020-10798
 	RESERVED
-CVE-2020-10797
-	RESERVED
+CVE-2020-10797 (An XSS vulnerability resides in the hostname field of the diag_ping.ph ...)
+	TODO: check
 CVE-2020-10796
 	RESERVED
 CVE-2020-10795
@@ -7594,7 +7613,7 @@ CVE-2020-9759 (An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are
 	NOTE: https://github.com/weechat/weechat/commit/c827d6fa864e2c0b79cea640c45272e83703081e
 CVE-2020-9758 (An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (He ...)
 	NOT-FOR-US: LiveZilla Live Chat
-CVE-2020-9757 (The Seomatic component before 3.2.46 for Craft CMS allows Server-Side  ...)
+CVE-2020-9757 (The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side T ...)
 	NOT-FOR-US: Seomatic component for Craft CMS
 CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insuff ...)
 	NOT-FOR-US: Patriot Viper RGB Driver
@@ -9919,12 +9938,12 @@ CVE-2020-8777 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.
 	NOT-FOR-US: Alfresco
 CVE-2020-8776 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...)
 	NOT-FOR-US: Alfresco
-CVE-2020-8775
-	RESERVED
-CVE-2020-8774
-	RESERVED
-CVE-2020-8773
-	RESERVED
+CVE-2020-8775 (Pega Platform before version 8.2.6 is affected by a Stored Cross-Site  ...)
+	TODO: check
+CVE-2020-8774 (Pega Platform before version 8.2.6 is affected by a Reflected Cross-Si ...)
+	TODO: check
+CVE-2020-8773 (The Richtext Editor in Pega Platform before 8.2.6 is affected by a Sto ...)
+	TODO: check
 CVE-2020-8772 (The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missin ...)
 	NOT-FOR-US: InfiniteWP Client plugin for WordPress
 CVE-2020-8771 (The Time Capsule plugin before 1.21.16 for WordPress has an authentica ...)
@@ -12194,8 +12213,8 @@ CVE-2020-7806
 	RESERVED
 CVE-2020-7805
 	RESERVED
-CVE-2020-7804
-	RESERVED
+CVE-2020-7804 (ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7,  ...)
+	TODO: check
 CVE-2020-7803
 	RESERVED
 CVE-2020-7802 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...)
@@ -25396,8 +25415,8 @@ CVE-2020-2577 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
 	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
 CVE-2020-2576 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
 	NOT-FOR-US: Oracle
-CVE-2020-2575
-	RESERVED
+CVE-2020-2575 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
 CVE-2020-2574 (Vulnerability in the MySQL Client product of Oracle MySQL (component:  ...)
 	- mysql-5.7 <unfixed> (bug #949994)
 	- mariadb-10.3 1:10.3.22-1
@@ -28936,8 +28955,8 @@ CVE-2019-19167
 	RESERVED
 CVE-2019-19166
 	RESERVED
-CVE-2019-19165
-	RESERVED
+CVE-2019-19165 (AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability  ...)
+	TODO: check
 CVE-2019-19164
 	RESERVED
 CVE-2019-19163
@@ -38857,10 +38876,10 @@ CVE-2019-16655 (joyplus-cms 1.6.0 allows reinstallation if the install/ URI rema
 	NOT-FOR-US: joyplus-cms
 CVE-2019-16654
 	RESERVED
-CVE-2019-16653
-	RESERVED
-CVE-2019-16652
-	RESERVED
+CVE-2019-16653 (An application plugin in Genius Bytes Genius Server (Genius CDDS) 3.2. ...)
+	TODO: check
+CVE-2019-16652 (The BPM component in Genius Bytes Genius Server (Genius CDDS) 3.2.2 al ...)
+	TODO: check
 CVE-2019-16651
 	RESERVED
 CVE-2019-16650 (On Supermicro X10 and X11 products, a client's access privileges may b ...)
@@ -67109,8 +67128,8 @@ CVE-2018-20764 (A buffer overflow exists in HelpSystems tcpcrypt on Linux, used
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1676393
 	NOTE: https://community.helpsystems.com/knowledge-base/fox-technologies/hotfix/515/
 	NOTE: No specific information is provided, but seems caused by BoKS shipping tcpcrypt setuid
-CVE-2019-7634
-	RESERVED
+CVE-2019-7634 (SUAP V2 allows XSS during the update of user information. ...)
+	TODO: check
 CVE-2019-7633
 	RESERVED
 CVE-2019-7632 (LifeSize Team, Room, Passport, and Networker 220 devices allow Authent ...)
@@ -75336,12 +75355,12 @@ CVE-2019-4290
 	RESERVED
 CVE-2019-4289
 	RESERVED
-CVE-2019-4288
-	RESERVED
+CVE-2019-4288 (IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could discl ...)
+	TODO: check
 CVE-2019-4287
 	RESERVED
-CVE-2019-4286
-	RESERVED
+CVE-2019-4286 (IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could discl ...)
+	TODO: check
 CVE-2019-4285 (IBM WebSphere Application Server - Liberty Admin Center could allow a  ...)
 	NOT-FOR-US: IBM
 CVE-2019-4284 (IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35d4d15c40783982528624a524655f1d552d2b2a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35d4d15c40783982528624a524655f1d552d2b2a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200429/08aec5f5/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list