[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Jun 1 21:10:32 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a10e9c42 by security tracker role at 2020-06-01T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,115 @@
+CVE-2020-13758 (modules/security/classes/general.post_filter.php/post_filter.php in th ...)
+ TODO: check
+CVE-2020-13757 (Python-RSA 4.0 ignores leading '\0' bytes during decryption of ciphert ...)
+ TODO: check
+CVE-2020-13756
+ RESERVED
+CVE-2020-13755
+ RESERVED
+CVE-2020-13753
+ RESERVED
+CVE-2020-13752
+ RESERVED
+CVE-2020-13751
+ RESERVED
+CVE-2020-13750
+ RESERVED
+CVE-2020-13749
+ RESERVED
+CVE-2020-13748
+ RESERVED
+CVE-2020-13747
+ RESERVED
+CVE-2020-13746
+ RESERVED
+CVE-2020-13745
+ RESERVED
+CVE-2020-13744
+ RESERVED
+CVE-2020-13743
+ RESERVED
+CVE-2020-13742
+ RESERVED
+CVE-2020-13741
+ RESERVED
+CVE-2020-13740
+ RESERVED
+CVE-2020-13739
+ RESERVED
+CVE-2020-13738
+ RESERVED
+CVE-2020-13737
+ RESERVED
+CVE-2020-13736
+ RESERVED
+CVE-2020-13735
+ RESERVED
+CVE-2020-13734
+ RESERVED
+CVE-2020-13733
+ RESERVED
+CVE-2020-13732
+ RESERVED
+CVE-2020-13731
+ RESERVED
+CVE-2020-13730
+ RESERVED
+CVE-2020-13729
+ RESERVED
+CVE-2020-13728
+ RESERVED
+CVE-2020-13727
+ RESERVED
+CVE-2020-13726
+ RESERVED
+CVE-2020-13725
+ RESERVED
+CVE-2020-13724
+ RESERVED
+CVE-2020-13723
+ RESERVED
+CVE-2020-13722
+ RESERVED
+CVE-2020-13721
+ RESERVED
+CVE-2020-13720
+ RESERVED
+CVE-2020-13719
+ RESERVED
+CVE-2020-13718
+ RESERVED
+CVE-2020-13717
+ RESERVED
+CVE-2020-13716
+ RESERVED
+CVE-2020-13715
+ RESERVED
+CVE-2020-13714
+ RESERVED
+CVE-2020-13713
+ RESERVED
+CVE-2020-13712
+ RESERVED
+CVE-2020-13711
+ RESERVED
+CVE-2020-13710
+ RESERVED
+CVE-2020-13709
+ RESERVED
+CVE-2020-13708
+ RESERVED
+CVE-2020-13707
+ RESERVED
+CVE-2020-13706
+ RESERVED
+CVE-2020-13705
+ RESERVED
+CVE-2020-13704
+ RESERVED
+CVE-2020-13703
+ RESERVED
+CVE-2019-20809
+ RESERVED
CVE-2020-13754 [msix: OOB access during mmio operations may lead to DoS]
RESERVED
- qemu <unfixed>
@@ -16,10 +128,10 @@ CVE-2020-13697
RESERVED
CVE-2020-13696
RESERVED
-CVE-2020-13695
- RESERVED
-CVE-2020-13694
- RESERVED
+CVE-2020-13695 (In QuickBox Community Edition through 2.5.5 and Pro Edition through 2. ...)
+ TODO: check
+CVE-2020-13694 (In QuickBox Community Edition through 2.5.5 and Pro Edition through 2. ...)
+ TODO: check
CVE-2020-13693 (An unauthenticated privilege-escalation issue exists in the bbPress pl ...)
NOT-FOR-US: bbPress plugin for WordPress
CVE-2020-13692
@@ -542,8 +654,8 @@ CVE-2020-13450
RESERVED
CVE-2020-13449
RESERVED
-CVE-2020-13448
- RESERVED
+CVE-2020-13448 (QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 ...)
+ TODO: check
CVE-2020-13447
RESERVED
CVE-2020-13446
@@ -749,8 +861,8 @@ CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is
[buster] - linux 4.19.118-1
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/2e7682ebfc750177a4944eeb56e97a3f05734528
-CVE-2019-20805
- RESERVED
+CVE-2019-20805 (p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacki ...)
+ TODO: check
CVE-2019-20804 (Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/th ...)
NOT-FOR-US: Gila CMS
CVE-2019-20803 (Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcat ...)
@@ -1803,8 +1915,7 @@ CVE-2020-12869
RESERVED
CVE-2020-12868
RESERVED
-CVE-2020-12867
- RESERVED
+CVE-2020-12867 (A NULL pointer dereference in sanei_epson_net_read in SANE Backends th ...)
{DLA-2231-1}
[experimental] - sane-backends 1.0.30-1~experimental1
- sane-backends <unfixed> (bug #961302)
@@ -3785,8 +3896,8 @@ CVE-2020-12063 (** DISPUTED ** A certain Postfix 2.10.1-7 package could allow an
NOTE: https://www.openwall.com/lists/oss-security/2020/04/23/3
NOTE: https://www.openwall.com/lists/oss-security/2020/04/23/12
NOTE: Not considered a Postfix vulnerability and scope is outside of the design goals
-CVE-2020-12062
- RESERVED
+CVE-2020-12062 (** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplica ...)
+ TODO: check
CVE-2020-12061
RESERVED
CVE-2020-12060
@@ -7285,6 +7396,7 @@ CVE-2020-11080
CVE-2020-11079 (node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of ...)
TODO: check
CVE-2020-11078 (In httplib2 before version 0.18.0, an attacker controlling unescaped p ...)
+ {DLA-2232-1}
- python-httplib2 0.18.1-1
[buster] - python-httplib2 <no-dsa> (Minor issue)
[stretch] - python-httplib2 <no-dsa> (Minor issue)
@@ -11956,8 +12068,8 @@ CVE-2020-9293
RESERVED
CVE-2020-9292
RESERVED
-CVE-2020-9291
- RESERVED
+CVE-2020-9291 (An Insecure Temporary File vulnerability in FortiClient for Windows 6. ...)
+ TODO: check
CVE-2020-9290 (An Unsafe Search Path vulnerability in FortiClient for Windows online ...)
NOT-FOR-US: Fortiguard
CVE-2020-9289
@@ -12444,8 +12556,8 @@ CVE-2020-9073 (Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E
NOT-FOR-US: Huawei
CVE-2020-9072 (Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a ...)
NOT-FOR-US: Huawei
-CVE-2020-9071
- RESERVED
+CVE-2020-9071 (There is a few bytes out-of-bounds read vulnerability in some Huawei p ...)
+ TODO: check
CVE-2020-9070 (Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205( ...)
NOT-FOR-US: Huawei
CVE-2020-9069 (There is an information leakage vulnerability in some Huawei products. ...)
@@ -12716,8 +12828,8 @@ CVE-2020-8969
RESERVED
CVE-2020-8968
RESERVED
-CVE-2020-8967
- RESERVED
+CVE-2020-8967 (There is an improper Neutralization of Special Elements used in an SQL ...)
+ TODO: check
CVE-2020-8966 (There is an Improper Neutralization of Script-Related HTML Tags in a W ...)
NOT-FOR-US: Tiki-Wiki Groupware
CVE-2020-8965
@@ -15793,10 +15905,10 @@ CVE-2020-7662
RESERVED
CVE-2020-7661
RESERVED
-CVE-2020-7660
- RESERVED
-CVE-2020-7659
- RESERVED
+CVE-2020-7660 (serialize-javascript prior to 3.1.0 allows remote attackers to inject ...)
+ TODO: check
+CVE-2020-7659 (reel through 0.6.1 allows Request Smuggling attacks due to incorrect C ...)
+ TODO: check
CVE-2020-7658 (meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP ...)
NOT-FOR-US: meinheld
CVE-2020-7657
@@ -17601,8 +17713,8 @@ CVE-2020-6870
RESERVED
CVE-2020-6869
RESERVED
-CVE-2020-6868
- RESERVED
+CVE-2020-6868 (ZTE's PON terminal product is impacted by the access control vulnerabi ...)
+ TODO: check
CVE-2020-6867 (ZTE's SDON controller is impacted by the resource management error vul ...)
NOT-FOR-US: ZTE
CVE-2020-6866 (A ZTE product is impacted by a resource management error vulnerability ...)
@@ -45117,8 +45229,8 @@ CVE-2019-15711 (A privilege escalation vulnerability in FortiClient for Linux 6.
NOT-FOR-US: Fortiguard FortiClient
CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, ...)
NOT-FOR-US: FortiExtender
-CVE-2019-15709
- RESERVED
+CVE-2019-15709 (An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and ...)
+ TODO: check
CVE-2019-15708 (A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6. ...)
NOT-FOR-US: Fortiguard
CVE-2019-15707 (An improper access control vulnerability in FortiMail admin webUI 6.2. ...)
@@ -57554,81 +57666,81 @@ CVE-2019-12042 (Insecure permissions of the section object Global\PandaDevicesAg
CVE-2019-12041 (lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression De ...)
NOT-FOR-US: remarkable
CVE-2019-12040
- RESERVED
+ REJECTED
CVE-2019-12039
- RESERVED
+ REJECTED
CVE-2019-12038
- RESERVED
+ REJECTED
CVE-2019-12037
- RESERVED
+ REJECTED
CVE-2019-12036
- RESERVED
+ REJECTED
CVE-2019-12035
- RESERVED
+ REJECTED
CVE-2019-12034
- RESERVED
+ REJECTED
CVE-2019-12033
- RESERVED
+ REJECTED
CVE-2019-12032
- RESERVED
+ REJECTED
CVE-2019-12031
- RESERVED
+ REJECTED
CVE-2019-12030
- RESERVED
+ REJECTED
CVE-2019-12029
- RESERVED
+ REJECTED
CVE-2019-12028
- RESERVED
+ REJECTED
CVE-2019-12027
- RESERVED
+ REJECTED
CVE-2019-12026
- RESERVED
+ REJECTED
CVE-2019-12025
- RESERVED
+ REJECTED
CVE-2019-12024
- RESERVED
+ REJECTED
CVE-2019-12023
- RESERVED
+ REJECTED
CVE-2019-12022
- RESERVED
+ REJECTED
CVE-2019-12021
- RESERVED
+ REJECTED
CVE-2019-12020
- RESERVED
+ REJECTED
CVE-2019-12019
- RESERVED
+ REJECTED
CVE-2019-12018
- RESERVED
+ REJECTED
CVE-2019-12017 (A remote code execution vulnerability exists in MapR CLDB code, specif ...)
NOT-FOR-US: MapR
CVE-2019-12016
- RESERVED
+ REJECTED
CVE-2019-12015
- RESERVED
+ REJECTED
CVE-2019-12014
- RESERVED
+ REJECTED
CVE-2019-12013
- RESERVED
+ REJECTED
CVE-2019-12012
- RESERVED
+ REJECTED
CVE-2019-12011
- RESERVED
+ REJECTED
CVE-2019-12010
- RESERVED
+ REJECTED
CVE-2019-12009
- RESERVED
+ REJECTED
CVE-2019-12008
- RESERVED
+ REJECTED
CVE-2019-12007
- RESERVED
+ REJECTED
CVE-2019-12006
- RESERVED
+ REJECTED
CVE-2019-12005
- RESERVED
+ REJECTED
CVE-2019-12004
- RESERVED
+ REJECTED
CVE-2019-12003
- RESERVED
+ REJECTED
CVE-2019-12002 (A remote session reuse vulnerability leading to access restriction byp ...)
NOT-FOR-US: HPE
CVE-2019-12001 (A remote session reuse vulnerability leading to access restriction byp ...)
@@ -76515,13 +76627,13 @@ CVE-2019-5414 (If an attacker can control the port, which in itself is a very se
CVE-2019-5413 (An attacker can use the format parameter to inject arbitrary commands ...)
NOT-FOR-US: morgan node module
CVE-2019-5412
- RESERVED
+ REJECTED
CVE-2019-5411
- RESERVED
+ REJECTED
CVE-2019-5410
- RESERVED
+ REJECTED
CVE-2019-5409
- RESERVED
+ REJECTED
CVE-2019-5408 (Command View Advanced Edition (CVAE) products contain a vulnerability ...)
NOT-FOR-US: Command View Advanced Edition (CVAE) products
CVE-2019-5407 (A remote information disclosure vulnerability was discovered in HPE 3P ...)
@@ -76665,33 +76777,33 @@ CVE-2019-5339 (A remote code execution vulnerability was identified in HPE Intel
CVE-2019-5338 (A remote code execution vulnerability was identified in HPE Intelligen ...)
NOT-FOR-US: HPE
CVE-2019-5337
- RESERVED
+ REJECTED
CVE-2019-5336
- RESERVED
+ REJECTED
CVE-2019-5335
- RESERVED
+ REJECTED
CVE-2019-5334
- RESERVED
+ REJECTED
CVE-2019-5333
- RESERVED
+ REJECTED
CVE-2019-5332
- RESERVED
+ REJECTED
CVE-2019-5331
- RESERVED
+ REJECTED
CVE-2019-5330
- RESERVED
+ REJECTED
CVE-2019-5329
- RESERVED
+ REJECTED
CVE-2019-5328
- RESERVED
+ REJECTED
CVE-2019-5327
- RESERVED
+ REJECTED
CVE-2019-5326 (An administrative application user of or application user with write a ...)
NOT-FOR-US: Aruba Airwave VisualRF
CVE-2019-5325
RESERVED
CVE-2019-5324
- RESERVED
+ REJECTED
CVE-2019-5323 (There are command injection vulnerabilities present in the AirWave app ...)
NOT-FOR-US: Aruba Airwave
CVE-2019-5322 (A remotely exploitable information disclosure vulnerability is present ...)
@@ -82488,7 +82600,7 @@ CVE-2018-20227 (RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a
NOT-FOR-US: RDF4J
CVE-2018-20226 (An organization administrator can add a super administrator in THEHIVE ...)
NOT-FOR-US: THEHIVE
-CVE-2018-20225 (An issue was discovered in pip (all versions) because it installs the ...)
+CVE-2018-20225 (** DISPUTED ** An issue was discovered in pip (all versions) because i ...)
- python-pip <unfixed> (unimportant)
NOTE: https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html
NOTE: pip is inherently affected by malicious packages, use packages from Debian instead :-)
@@ -246219,8 +246331,8 @@ CVE-2014-9704
RESERVED
CVE-2014-9703
RESERVED
-CVE-2014-9702
- RESERVED
+CVE-2014-9702 (system/classes/DbPDO.php in Cmfive through 2015-03-15, when database c ...)
+ TODO: check
CVE-2014-9700
RESERVED
CVE-2014-9699 (The MakerBot Replicator 5G printer runs an Apache HTTP Server with dir ...)
@@ -255444,24 +255556,24 @@ CVE-2014-8947
RESERVED
CVE-2014-8946
RESERVED
-CVE-2014-8945
- RESERVED
-CVE-2014-8944
- RESERVED
-CVE-2014-8943
- RESERVED
-CVE-2014-8942
- RESERVED
-CVE-2014-8941
- RESERVED
-CVE-2014-8940
- RESERVED
-CVE-2014-8939
- RESERVED
-CVE-2014-8938
- RESERVED
-CVE-2014-8937
- RESERVED
+CVE-2014-8945 (admin.php?page=projects in Lexiglot through 2014-11-20 allows command ...)
+ TODO: check
+CVE-2014-8944 (Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, o ...)
+ TODO: check
+CVE-2014-8943 (Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=project ...)
+ TODO: check
+CVE-2014-8942 (Lexiglot through 2014-11-20 allows CSRF. ...)
+ TODO: check
+CVE-2014-8941 (Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page ...)
+ TODO: check
+CVE-2014-8940 (Lexiglot through 2014-11-20 allows remote attackers to obtain sensitiv ...)
+ TODO: check
+CVE-2014-8939 (Lexiglot through 2014-11-20 allows remote attackers to obtain sensitiv ...)
+ TODO: check
+CVE-2014-8938 (Lexiglot through 2014-11-20 allows local users to obtain sensitive inf ...)
+ TODO: check
+CVE-2014-8937 (Lexiglot through 2014-11-20 allows denial of service because api/updat ...)
+ TODO: check
CVE-2014-8936
REJECTED
CVE-2014-8935
@@ -260040,12 +260152,12 @@ CVE-2014-7177 (XML External Entity vulnerability in Enalean Tuleap 7.2 and earli
NOT-FOR-US: Enalean Tuleap
CVE-2014-7176 (SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows r ...)
NOT-FOR-US: Enalean Tuleap
-CVE-2014-7175
- RESERVED
-CVE-2014-7174
- RESERVED
-CVE-2014-7173
- RESERVED
+CVE-2014-7175 (FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbit ...)
+ TODO: check
+CVE-2014-7174 (FarLinX X25 Gateway through 2014-09-25 allows directory traversal via ...)
+ TODO: check
+CVE-2014-7173 (FarLinX X25 Gateway through 2014-09-25 allows command injection via sh ...)
+ TODO: check
CVE-2014-7172
RESERVED
CVE-2014-7171
@@ -263939,7 +264051,7 @@ CVE-2014-5457 (QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC16
NOT-FOR-US: QNAP
CVE-2014-5456 (Cross-site scripting (XSS) vulnerability in the Social Stats module be ...)
NOT-FOR-US: Drupal Social Stats module
-CVE-2014-5455 (Unquoted Windows search path vulnerability in the ptservice service in ...)
+CVE-2014-5455 (Unquoted Windows search path vulnerability in the ptservice service pr ...)
NOT-FOR-US: PrivateTunnel as bundled in OpenVPN
CVE-2014-5454 (Unrestricted file upload vulnerability in the image upload module in S ...)
NOT-FOR-US: SAS Visual Analytics
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a10e9c4210f5229fc3f8cde8a738034eccdc1715
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a10e9c4210f5229fc3f8cde8a738034eccdc1715
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200601/d863c87e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list