[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Aug 31 21:10:32 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
00e78ba1 by security tracker role at 2020-08-31T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-25042
+ RESERVED
+CVE-2020-25041
+ RESERVED
+CVE-2020-25040
+ RESERVED
+CVE-2020-25039
+ RESERVED
+CVE-2020-25038
+ RESERVED
+CVE-2020-25037
+ RESERVED
+CVE-2020-25036
+ RESERVED
+CVE-2020-25035
+ RESERVED
+CVE-2020-25034
+ RESERVED
CVE-2020-25033 (The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for ...)
TODO: check
CVE-2020-25032 (An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) ...)
@@ -495,8 +513,8 @@ CVE-2020-24788
RESERVED
CVE-2020-24787
RESERVED
-CVE-2020-24786
- RESERVED
+CVE-2020-24786 (An issue was discovered in Zoho ManageEngine Exchange Reporter Plus be ...)
+ TODO: check
CVE-2020-24785
RESERVED
CVE-2020-24784
@@ -669,8 +687,8 @@ CVE-2020-24701
RESERVED
CVE-2020-24700
RESERVED
-CVE-2020-24699
- RESERVED
+CVE-2020-24699 (The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress al ...)
+ TODO: check
CVE-2020-24698
RESERVED
CVE-2020-24697
@@ -1376,8 +1394,8 @@ CVE-2020-24365
RESERVED
CVE-2020-24364 (MineTime through 1.8.5 allows arbitrary command execution via the note ...)
NOT-FOR-US: MineTime
-CVE-2020-24363
- RESERVED
+CVE-2020-24363 (TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticat ...)
+ TODO: check
CVE-2016-11085 (php/qmn_options_questions_tab.php in the quiz-master-next plugin befor ...)
NOT-FOR-US: Wordpress plugin
CVE-2020-24362
@@ -1397,8 +1415,8 @@ CVE-2020-24356
RESERVED
CVE-2020-24355
RESERVED
-CVE-2020-24354
- RESERVED
+CVE-2020-24354 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibl ...)
+ TODO: check
CVE-2020-24353
RESERVED
CVE-2020-24352
@@ -1904,8 +1922,8 @@ CVE-2020-24117
RESERVED
CVE-2020-24116
RESERVED
-CVE-2020-24115
- RESERVED
+CVE-2020-24115 (In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials i ...)
+ TODO: check
CVE-2020-24114
RESERVED
CVE-2020-24113
@@ -8878,14 +8896,14 @@ CVE-2020-20630
RESERVED
CVE-2020-20629
RESERVED
-CVE-2020-20628
- RESERVED
-CVE-2020-20627
- RESERVED
-CVE-2020-20626
- RESERVED
-CVE-2020-20625
- RESERVED
+CVE-2020-20628 (controller/controller-comments.php in WP GDPR plugin through 2.1.1 has ...)
+ TODO: check
+CVE-2020-20627 (The includes/gateways/stripe/includes/admin/admin-actions.php in GiveW ...)
+ TODO: check
+CVE-2020-20626 (lara-google-analytics.php in Lara Google Analytics plugin through 2.0. ...)
+ TODO: check
+CVE-2020-20625 (Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthen ...)
+ TODO: check
CVE-2020-20624
RESERVED
CVE-2020-20623
@@ -15230,8 +15248,8 @@ CVE-2020-17467
RESERVED
CVE-2020-17466 (Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by ...)
NOT-FOR-US: Turcom TRCwifiZone
-CVE-2020-17465
- RESERVED
+CVE-2020-17465 (Dashboards and progressiveProfileForms in ForgeRock Identity Manager b ...)
+ TODO: check
CVE-2020-17464
REJECTED
CVE-2020-17463 (FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/it ...)
@@ -19097,8 +19115,8 @@ CVE-2020-15689 (Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI su
NOT-FOR-US: Appweb
CVE-2020-15688 (The HTTP Digest Authentication in the GoAhead web server before 5.1.2 ...)
NOT-FOR-US: Embedthis GoAhead
-CVE-2020-15687
- RESERVED
+CVE-2020-15687 (Missing access control restrictions in the Hypervisor component of the ...)
+ TODO: check
CVE-2019-20908 (An issue was discovered in drivers/firmware/efi/efi.c in the Linux ker ...)
- linux 5.2.6-1
[buster] - linux 4.19.132-1
@@ -19160,7 +19178,7 @@ CVE-2020-15670
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15670
CVE-2020-15669
RESERVED
- {DSA-4754-1 DSA-4749-1 DLA-2346-1}
+ {DSA-4754-1 DSA-4749-1 DLA-2360-1 DLA-2346-1}
- firefox-esr 68.12.0esr-1
- thunderbird 1:68.12.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15669
@@ -19183,7 +19201,7 @@ CVE-2020-15665
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15665
CVE-2020-15664
RESERVED
- {DSA-4754-1 DSA-4749-1 DLA-2346-1}
+ {DSA-4754-1 DSA-4749-1 DLA-2360-1 DLA-2346-1}
- firefox 80.0-1
- firefox-esr 68.12.0esr-1
- thunderbird 1:68.12.0-1
@@ -20736,8 +20754,8 @@ CVE-2020-15022
RESERVED
CVE-2020-15021
RESERVED
-CVE-2020-15020
- RESERVED
+CVE-2020-15020 (An issue was discovered in the Elementor plugin through 2.9.13 for Wor ...)
+ TODO: check
CVE-2020-15019
RESERVED
CVE-2020-15018 (playSMS through 1.4.3 is vulnerable to session fixation. ...)
@@ -22504,8 +22522,7 @@ CVE-2020-14366
RESERVED
CVE-2020-14365
RESERVED
-CVE-2020-14364 [usb: out-of-bounds r/w access issue]
- RESERVED
+CVE-2020-14364 (An out-of-bounds read/write access flaw was found in the USB emulator ...)
- qemu <unfixed> (bug #968947)
NOTE: https://xenbits.xen.org/xsa/advisory-335.html
NOTE: https://www.openwall.com/lists/oss-security/2020/08/24/3
@@ -23972,8 +23989,8 @@ CVE-2020-13830 (An issue was discovered on Samsung mobile devices with P(9.0) so
NOT-FOR-US: Samsung mobile devices
CVE-2020-13829 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
NOT-FOR-US: Samsung mobile devices
-CVE-2020-13828
- RESERVED
+CVE-2020-13828 (Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (X ...)
+ TODO: check
CVE-2020-13827 (phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/a ...)
- phplist <itp> (bug #612288)
CVE-2020-13826 (A CSV injection (aka Excel Macro Injection or Formula Injection) issue ...)
@@ -24499,8 +24516,8 @@ CVE-2020-13657 (An elevation of privilege vulnerability exists in Avast Free Ant
NOT-FOR-US: Avast
CVE-2020-13656 (In Morgan Stanley Hobbes through 2020-05-21, the array implementation ...)
NOT-FOR-US: Hobbes
-CVE-2020-13655
- RESERVED
+CVE-2020-13655 (An issue was discovered in Collabtive 3.0 and later. managefile.php is ...)
+ TODO: check
CVE-2020-13654
RESERVED
CVE-2020-13653 (An XSS vulnerability exists in the Webmail component of Zimbra Collabo ...)
@@ -24663,12 +24680,12 @@ CVE-2020-13596 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 befo
NOTE: https://github.com/django/django/commit/49d7cc19e33a104bb23f7ae1dbb1240b4f6c40f9 (3.1 branch)
NOTE: https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38 (3.0 branch)
NOTE: https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815 (2.2. branch)
-CVE-2020-13595
- RESERVED
-CVE-2020-13594
- RESERVED
-CVE-2020-13593
- RESERVED
+CVE-2020-13595 (The Bluetooth Low Energy (BLE) controller implementation in Espressif ...)
+ TODO: check
+CVE-2020-13594 (The Bluetooth Low Energy (BLE) controller implementation in Espressif ...)
+ TODO: check
+CVE-2020-13593 (The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation ...)
+ TODO: check
CVE-2020-13662 [Drupal SA 2020-003]
RESERVED
{DSA-4693-1 DLA-2250-1}
@@ -24915,26 +24932,26 @@ CVE-2020-13474
RESERVED
CVE-2020-13473
RESERVED
-CVE-2020-13472
- RESERVED
-CVE-2020-13471
- RESERVED
-CVE-2020-13470
- RESERVED
-CVE-2020-13469
- RESERVED
-CVE-2020-13468
- RESERVED
-CVE-2020-13467
- RESERVED
-CVE-2020-13466
- RESERVED
-CVE-2020-13465
- RESERVED
-CVE-2020-13464
- RESERVED
-CVE-2020-13463
- RESERVED
+CVE-2020-13472 (The flash memory readout protection in Gigadevice GD32F103 devices all ...)
+ TODO: check
+CVE-2020-13471 (Apex Microelectronics APM32F103 devices allow physical attackers to ex ...)
+ TODO: check
+CVE-2020-13470 (Gigadevice GD32F103 and GD32F130 devices allow physical attackers to e ...)
+ TODO: check
+CVE-2020-13469 (The flash memory readout protection in Gigadevice GD32VF103 devices al ...)
+ TODO: check
+CVE-2020-13468 (Gigadevice GD32F130 devices allow physical attackers to escalate their ...)
+ TODO: check
+CVE-2020-13467 (The flash memory readout protection in China Key Systems & Integra ...)
+ TODO: check
+CVE-2020-13466 (STMicroelectronics STM32F103 devices through 2020-05-20 allow physical ...)
+ TODO: check
+CVE-2020-13465 (The security protection in Gigadevice GD32F103 devices allows physical ...)
+ TODO: check
+CVE-2020-13464 (The flash memory readout protection in China Key Systems & Integra ...)
+ TODO: check
+CVE-2020-13463 (The flash memory readout protection in Apex Microelectronics APM32F103 ...)
+ TODO: check
CVE-2020-13462
RESERVED
CVE-2020-13461
@@ -26441,8 +26458,7 @@ CVE-2020-12831 (** DISPUTED ** An issue was discovered in FRRouting FRR (aka Fre
NOTE: https://github.com/FRRouting/frr/commit/7734484a378052a513c9e21165c13bf85f78ad48
CVE-2020-12830
RESERVED
-CVE-2020-12829
- RESERVED
+CVE-2020-12829 (In QEMU through 5.0.0, an integer overflow was found in the SM501 disp ...)
- qemu 1:5.0-12 (low; bug #961451)
[buster] - qemu <no-dsa> (Minor issue)
[stretch] - qemu <no-dsa> (Minor issue)
@@ -26999,14 +27015,14 @@ CVE-2020-12648 (A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and
NOTE: https://labs.bishopfox.com/advisories/tinymce-version-5.2.1
CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 6 ...)
NOT-FOR-US: Unisys ALGOL Compiler
-CVE-2020-12646
- RESERVED
-CVE-2020-12645
- RESERVED
-CVE-2020-12644
- RESERVED
-CVE-2020-12643
- RESERVED
+CVE-2020-12646 (OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text ...)
+ TODO: check
+CVE-2020-12645 (OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate l ...)
+ TODO: check
+CVE-2020-12644 (OX App Suite 7.10.3 and earlier allows SSRF, related to the mail accou ...)
+ TODO: check
+CVE-2020-12643 (OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /a ...)
+ TODO: check
CVE-2020-12642 (An issue was discovered in service-api before 4.3.12 and 5.x before 5. ...)
NOT-FOR-US: Report Portal
CVE-2020-12641 (rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to ...)
@@ -28648,6 +28664,7 @@ CVE-2020-11995
CVE-2020-11994 (Server-Side Template Injection and arbitrary file disclosure on Camel ...)
NOT-FOR-US: Apache Camel
CVE-2020-11993 (Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enab ...)
+ {DSA-4757-1}
- apache2 2.4.46-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993
NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/3
@@ -28683,6 +28700,7 @@ CVE-2020-11985 (IP address spoofing when proxying using mod_remoteip and mod_rew
NOTE: Upstream patch: https://svn.apache.org/r1688399
NOTE: https://github.com/apache/httpd/commit/dd6c959b3625048ee15ba4ad72e6cb7bcaf91020
CVE-2020-11984 (Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure an ...)
+ {DSA-4757-1}
- apache2 2.4.46-1
[stretch] - apache2 <not-affected> (Vulnerable code not present)
- uwsgi <unfixed> (unimportant)
@@ -30556,10 +30574,10 @@ CVE-2020-11619 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the in
NOTE: https://github.com/FasterXML/jackson-databind/issues/2680
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
-CVE-2020-11618
- RESERVED
-CVE-2020-11617
- RESERVED
+CVE-2020-11618 (THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top b ...)
+ TODO: check
+CVE-2020-11617 (The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA ...)
+ TODO: check
CVE-2020-11616
RESERVED
CVE-2020-11615
@@ -36441,6 +36459,7 @@ CVE-2020-9492
CVE-2020-9491
RESERVED
CVE-2020-9490 (Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted valu ...)
+ {DSA-4757-1}
- apache2 2.4.46-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490
NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/4
@@ -41282,20 +41301,20 @@ CVE-2020-7529
RESERVED
CVE-2020-7528
RESERVED
-CVE-2020-7527
- RESERVED
-CVE-2020-7526
- RESERVED
-CVE-2020-7525
- RESERVED
-CVE-2020-7524
- RESERVED
-CVE-2020-7523
- RESERVED
-CVE-2020-7522
- RESERVED
-CVE-2020-7521
- RESERVED
+CVE-2020-7527 (Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) a ...)
+ TODO: check
+CVE-2020-7526 (Improper Input Validation vulnerability exists in PowerChute Business ...)
+ TODO: check
+CVE-2020-7525 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
+ TODO: check
+CVE-2020-7524 (Out-of-bounds Write vulnerability exists in Modicon M218 Logic Control ...)
+ TODO: check
+CVE-2020-7523 (Improper Privilege Management vulnerability exists in Schneider Electr ...)
+ TODO: check
+CVE-2020-7522 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2020-7521 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
CVE-2020-7520 (A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnera ...)
NOT-FOR-US: Schneider
CVE-2020-7519 (A CWE-521: Weak Password Requirements vulnerability exists in Easergy ...)
@@ -46513,8 +46532,8 @@ CVE-2020-5421
RESERVED
CVE-2020-5420
RESERVED
-CVE-2020-5419
- RESERVED
+CVE-2020-5419 (RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific ...)
+ TODO: check
CVE-2020-5418
RESERVED
CVE-2020-5417 (Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when ...)
@@ -48996,8 +49015,8 @@ CVE-2020-4494 (IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Wi
NOT-FOR-US: IBM
CVE-2020-4493
RESERVED
-CVE-2020-4492
- RESERVED
+CVE-2020-4492 (IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2 ...)
+ TODO: check
CVE-2020-4491
RESERVED
CVE-2020-4490 (IBM Business Automation Workflow 18 and 19, and IBM Business Process M ...)
@@ -55720,8 +55739,8 @@ CVE-2020-2077 (SICK Package Analytics software up to and including version V04.0
NOT-FOR-US: SICK
CVE-2020-2076 (SICK Package Analytics software up to and including version V04.0.0 ar ...)
NOT-FOR-US: SICK
-CVE-2020-2075
- RESERVED
+CVE-2020-2075 (Platform mechanism AutoIP allows remote attackers to reboot the device ...)
+ TODO: check
CVE-2020-2074
RESERVED
CVE-2020-2073
@@ -56340,6 +56359,7 @@ CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to
NOTE: https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56 (8.5.51)
NOTE: https://github.com/apache/tomcat/commit/702bf15bea292915684d931526d95d4990b2e73d (7.0.100)
CVE-2020-1934 (In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitial ...)
+ {DSA-4757-1}
- apache2 2.4.43-1 (low)
[stretch] - apache2 <no-dsa> (Minor issue)
[jessie] - apache2 <ignored> (Minor issue)
@@ -56366,6 +56386,7 @@ CVE-2020-1929 (The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 ha
CVE-2020-1928 (An information disclosure vulnerability was found in Apache NiFi 1.10. ...)
NOT-FOR-US: Apache NiFi
CVE-2020-1927 (In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_r ...)
+ {DSA-4757-1}
- apache2 2.4.43-1 (low)
[stretch] - apache2 <no-dsa> (Minor issue)
[jessie] - apache2 <ignored> (Minor issue)
@@ -200050,7 +200071,7 @@ CVE-2017-7878 (SQL Injection vulnerability in flatCore version 1.4.6 allows an a
NOT-FOR-US: flatCore
CVE-2017-7877 (CSRF vulnerability in flatCore version 1.4.6 allows remote attackers t ...)
NOT-FOR-US: flatCore
-CVE-2017-7876 (QNAP QTS before 4.2.6 build 20170517 allows command injection. ...)
+CVE-2017-7876 (This command injection vulnerability in authLogout.cgi allows attacker ...)
NOT-FOR-US: QNAP QTS
CVE-2017-7875 (In wallpaper.c in feh before v2.18.3, if a malicious client pretends t ...)
{DLA-2219-1 DLA-899-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00e78ba19cd1558519f8c6a8adcdb62a51577118
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00e78ba19cd1558519f8c6a8adcdb62a51577118
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200831/6a45cef2/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list