[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Jun 5 21:10:34 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
07d00f1e by security tracker role at 2020-06-05T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2020-13870 (An issue was discovered in the Comments plugin before 1.5.5 for Craft  ...)
+	TODO: check
+CVE-2020-13869 (An issue was discovered in the Comments plugin before 1.5.6 for Craft  ...)
+	TODO: check
+CVE-2020-13868 (An issue was discovered in the Comments plugin before 1.5.5 for Craft  ...)
+	TODO: check
+CVE-2020-13867 (Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/t ...)
+	TODO: check
 CVE-2020-13866
 	RESERVED
 CVE-2020-13865
@@ -107,7 +115,7 @@ CVE-2020-13817 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remo
 	NOTE: https://bugs.ntp.org/show_bug.cgi?id=3596
 	TODO: check ntpsec
 CVE-2020-13816
-	RESERVED
+	REJECTED
 CVE-2020-13815 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. I ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2020-13814 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. I ...)
@@ -2363,10 +2371,10 @@ CVE-2020-12851 (Pydio Cells 2.0.4 allows an authenticated user to write or overw
 	TODO: check
 CVE-2020-12850
 	RESERVED
-CVE-2020-12849
-	RESERVED
-CVE-2020-12848
-	RESERVED
+CVE-2020-12849 (Pydio Cells 2.0.4 allows any user to upload a profile image to the web ...)
+	TODO: check
+CVE-2020-12848 (In Pydio Cells 2.0.4, once an authenticated user shares a file selecti ...)
+	TODO: check
 CVE-2020-12847 (Pydio Cells 2.0.4 web application offers an administrative console nam ...)
 	TODO: check
 CVE-2020-12846 (Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remo ...)
@@ -2691,8 +2699,7 @@ CVE-2020-12725
 	RESERVED
 CVE-2020-12724
 	RESERVED
-CVE-2020-12723 [Buffer overflow caused by a crafted regular expression]
-	RESERVED
+CVE-2020-12723 (regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted ...)
 	- perl 5.30.3-1 (bug #962005)
 	[buster] - perl <no-dsa> (Minor issue)
 	[stretch] - perl <no-dsa> (Minor issue)
@@ -4345,6 +4352,7 @@ CVE-2020-12050 (SQLiteODBC 0.9996, as packaged for certain Linux distributions a
 	NOTE: issue.
 CVE-2020-12049
 	RESERVED
+	{DLA-2235-1}
 	- dbus 1.12.18-1
 	[buster] - dbus <no-dsa> (Minor issue)
 	[stretch] - dbus <no-dsa> (Minor issue)
@@ -4498,8 +4506,7 @@ CVE-2020-11977
 	RESERVED
 CVE-2020-11976
 	RESERVED
-CVE-2020-11975
-	RESERVED
+CVE-2020-11975 (Apache Unomi allows conditions to use OGNL scripting which offers the  ...)
 	NOT-FOR-US: Apache Unomi
 CVE-2020-11974
 	RESERVED
@@ -6907,8 +6914,8 @@ CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c i
 	NOTE: https://lore.kernel.org/netdev/20200401100639.20199-1-rpalethorpe@suse.com/
 CVE-2020-11493
 	RESERVED
-CVE-2020-11492
-	RESERVED
+CVE-2020-11492 (An issue was discovered in Docker Desktop through 2.2.0.5 on Windows.  ...)
+	TODO: check
 CVE-2020-11491 (Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticat ...)
 	NOT-FOR-US: Zen Load Balancer
 CVE-2020-11490 (Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authent ...)
@@ -8502,8 +8509,7 @@ CVE-2020-10880
 	RESERVED
 CVE-2020-10879 (rConfig before 3.9.5 allows command injection by sending a crafted GET ...)
 	NOT-FOR-US: rConfig
-CVE-2020-10878 [Integer overflow via malformed bytecode produced by a crafted regular expression]
-	RESERVED
+CVE-2020-10878 (Perl before 5.30.3 has an integer overflow related to mishandling of a ...)
 	- perl 5.30.3-1 (bug #962005)
 	[buster] - perl <no-dsa> (Minor issue)
 	[stretch] - perl <no-dsa> (Minor issue)
@@ -9653,8 +9659,7 @@ CVE-2020-10544 (An XSS issue was discovered in tooltip/tooltip.js in PrimeTek Pr
 	NOT-FOR-US: PrimeTek PrimeFaces
 CVE-2009-5159 (Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Int ...)
 	NOT-FOR-US: Invision Power Board
-CVE-2020-10543 [Buffer overflow caused by a crafted regular expression]
-	RESERVED
+CVE-2020-10543 (Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer over ...)
 	- perl 5.30.3-1 (bug #962005)
 	[buster] - perl <no-dsa> (Minor issue)
 	[stretch] - perl <no-dsa> (Minor issue)
@@ -10722,14 +10727,14 @@ CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was
 	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10072
 	RESERVED
-CVE-2020-10071
-	RESERVED
-CVE-2020-10070
-	RESERVED
+CVE-2020-10071 (The Zephyr MQTT parsing code performs insufficient checking of the len ...)
+	TODO: check
+CVE-2020-10070 (In the Zephyr Project MQTT code, improper bounds checking can result i ...)
+	TODO: check
 CVE-2020-10069
 	RESERVED
-CVE-2020-10068
-	RESERVED
+CVE-2020-10068 (In the Zephyr project Bluetooth subsystem, certain duplicate and back- ...)
+	TODO: check
 CVE-2020-10067 (A malicious userspace application can cause a integer overflow and byp ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10066
@@ -10738,12 +10743,12 @@ CVE-2020-10065
 	RESERVED
 CVE-2020-10064
 	RESERVED
-CVE-2020-10063
-	RESERVED
-CVE-2020-10062
-	RESERVED
-CVE-2020-10061
-	RESERVED
+CVE-2020-10063 (A remote adversary with the ability to send arbitrary CoAP packets to  ...)
+	TODO: check
+CVE-2020-10062 (An off-by-one error in the Zephyr project MQTT packet length decoder c ...)
+	TODO: check
+CVE-2020-10061 (Improper handling of the full-buffer case in the Zephyr Bluetooth impl ...)
+	TODO: check
 CVE-2020-10060 (In updatehub_probe, right after JSON parsing is complete, objects\[1]  ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10059 (The UpdateHub module disables DTLS peer checking, which allows for a m ...)
@@ -11115,8 +11120,8 @@ CVE-2020-9861
 	RESERVED
 CVE-2020-9860
 	RESERVED
-CVE-2020-9859
-	RESERVED
+CVE-2020-9859 (A memory consumption issue was addressed with improved memory handling ...)
+	TODO: check
 CVE-2020-9858
 	RESERVED
 CVE-2020-9857
@@ -12974,8 +12979,8 @@ CVE-2020-9076
 	RESERVED
 CVE-2020-9075
 	RESERVED
-CVE-2020-9074
-	RESERVED
+CVE-2020-9074 (Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an imprope ...)
+	TODO: check
 CVE-2020-9073 (Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1 ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9072 (Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a  ...)
@@ -15262,8 +15267,8 @@ CVE-2020-8105
 	RESERVED
 CVE-2020-8104
 	RESERVED
-CVE-2020-8103
-	RESERVED
+CVE-2020-8103 (A vulnerability in the improper handling of symbolic links in Bitdefen ...)
+	TODO: check
 CVE-2020-8102
 	RESERVED
 CVE-2020-8101
@@ -21201,8 +21206,8 @@ CVE-2020-5593
 	RESERVED
 CVE-2020-5592
 	RESERVED
-CVE-2020-5591
-	RESERVED
+CVE-2020-5591 (XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to ...)
+	TODO: check
 CVE-2020-5590
 	RESERVED
 CVE-2020-5589
@@ -24158,12 +24163,12 @@ CVE-2020-4452
 	RESERVED
 CVE-2020-4451
 	RESERVED
-CVE-2020-4450
-	RESERVED
-CVE-2020-4449
-	RESERVED
-CVE-2020-4448
-	RESERVED
+CVE-2020-4450 (IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a ...)
+	TODO: check
+CVE-2020-4449 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional co ...)
+	TODO: check
+CVE-2020-4448 (IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and ...)
+	TODO: check
 CVE-2020-4447
 	RESERVED
 CVE-2020-4446 (IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automa ...)
@@ -24600,8 +24605,8 @@ CVE-2020-4231 (IBM Security Identity Governance and Intelligence 5.2.6 could all
 	NOT-FOR-US: IBM
 CVE-2020-4230 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
 	NOT-FOR-US: IBM
-CVE-2020-4229
-	RESERVED
+CVE-2020-4229 (IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate se ...)
+	TODO: check
 CVE-2020-4228
 	RESERVED
 CVE-2020-4227
@@ -31601,8 +31606,8 @@ CVE-2019-19467
 	RESERVED
 CVE-2020-1884
 	RESERVED
-CVE-2020-1883
-	RESERVED
+CVE-2020-1883 (Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak v ...)
+	TODO: check
 CVE-2020-1882 (Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6 ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1881 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07d00f1e84b5a4a5799a2a662afa530f7d8e70ff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07d00f1e84b5a4a5799a2a662afa530f7d8e70ff
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200605/86cad3d8/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list