[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Jun 8 21:10:34 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
90fe9188 by security tracker role at 2020-06-08T20:10:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2020-13959
+	RESERVED
+CVE-2020-13958
+	RESERVED
+CVE-2020-13957
+	RESERVED
+CVE-2020-13956
+	RESERVED
+CVE-2020-13955
+	RESERVED
+CVE-2020-13954
+	RESERVED
+CVE-2020-13953
+	RESERVED
+CVE-2020-13952
+	RESERVED
+CVE-2020-13951
+	RESERVED
+CVE-2020-13950
+	RESERVED
+CVE-2020-13949
+	RESERVED
+CVE-2020-13948
+	RESERVED
+CVE-2020-13947
+	RESERVED
+CVE-2020-13946
+	RESERVED
+CVE-2020-13945
+	RESERVED
+CVE-2020-13944
+	RESERVED
+CVE-2020-13943
+	RESERVED
+CVE-2020-13942
+	RESERVED
+CVE-2020-13941
+	RESERVED
+CVE-2020-13940
+	RESERVED
+CVE-2020-13939
+	RESERVED
+CVE-2020-13938
+	RESERVED
+CVE-2020-13937
+	RESERVED
+CVE-2020-13936
+	RESERVED
+CVE-2020-13935
+	RESERVED
+CVE-2020-13934
+	RESERVED
+CVE-2020-13933
+	RESERVED
+CVE-2020-13932
+	RESERVED
+CVE-2020-13931
+	RESERVED
+CVE-2020-13930
+	RESERVED
+CVE-2020-13929
+	RESERVED
+CVE-2020-13928
+	RESERVED
+CVE-2020-13927
+	RESERVED
+CVE-2020-13926
+	RESERVED
+CVE-2020-13925
+	RESERVED
+CVE-2020-13924
+	RESERVED
+CVE-2020-13923
+	RESERVED
+CVE-2020-13922
+	RESERVED
+CVE-2020-13921
+	RESERVED
+CVE-2020-13920
+	RESERVED
 CVE-2020-13919
 	RESERVED
 CVE-2020-13918
@@ -70,15 +150,16 @@ CVE-2020-13895 (Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module
 	NOTE: https://github.com/FGasper/p5-Crypt-Perl/commit/f960ce75502acf7404187231a706672f8369acb2
 CVE-2020-13886
 	RESERVED
-CVE-2020-13885
-	RESERVED
-CVE-2020-13884
-	RESERVED
+CVE-2020-13885 (Citrix Workspace App before 2006.1 on Windows has Insecure Permissions ...)
+	TODO: check
+CVE-2020-13884 (Citrix Workspace App before 2006.1 on Windows has Insecure Permissions ...)
+	TODO: check
 CVE-2020-13883 (In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, an ...)
 	NOT-FOR-US: WSO2 API Manager
 CVE-2020-13882
 	RESERVED
 CVE-2020-13881 (In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared se ...)
+	{DLA-2239-1}
 	- libpam-tacplus <unfixed>
 	NOTE: https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0
 	NOTE: https://github.com/kravietz/pam_tacplus/issues/149
@@ -114,8 +195,8 @@ CVE-2020-13868 (An issue was discovered in the Comments plugin before 1.5.5 for
 CVE-2020-13867 (Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/t ...)
 	- targetcli-fb <unfixed> (bug #962331)
 	NOTE: https://github.com/open-iscsi/targetcli-fb/pull/172
-CVE-2020-13866
-	RESERVED
+CVE-2020-13866 (WinGate v9.4.1.5998 has insecure permissions for the installation dire ...)
+	TODO: check
 CVE-2020-13865 (The Elementor Page Builder plugin before 2.9.9 for WordPress suffers f ...)
 	NOT-FOR-US: Elementor Page Builder plugin for WordPress
 CVE-2020-13864 (The Elementor Page Builder plugin before 2.9.9 for WordPress suffers f ...)
@@ -593,8 +674,7 @@ CVE-2020-13698
 	RESERVED
 CVE-2020-13697
 	RESERVED
-CVE-2020-13696 [v4l-conf setuid-root program allows file existence tests and open(..., O_RDRW) on arbitrary files]
-	RESERVED
+CVE-2020-13696 (An issue was discovered in LinuxTV xawtv before 3.107. The function de ...)
 	- xawtv <unfixed> (bug #962221)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/6
 	NOTE: Fixed by: https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3
@@ -764,8 +844,8 @@ CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote attackers
 	- centreon-web <itp> (bug #913903)
 CVE-2020-13626
 	RESERVED
-CVE-2020-13625
-	RESERVED
+CVE-2020-13625 (PHPMailer before 6.1.6 contains an output escaping bug when the name o ...)
+	TODO: check
 CVE-2020-13624
 	RESERVED
 CVE-2020-13623 (JerryScript 2.2.0 allows attackers to cause a denial of service (stack ...)
@@ -1176,8 +1256,8 @@ CVE-2020-13434 (SQLite through 3.32.0 has an integer overflow in sqlite3_str_vap
 	NOTE: https://www.sqlite.org/src/info/d08d3405878d394e
 CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php h ...)
 	NOT-FOR-US: Jason2605 AdminPanel
-CVE-2020-13432
-	RESERVED
+CVE-2020-13432 (rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual file ...)
+	TODO: check
 CVE-2020-13431
 	RESERVED
 CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. ...)
@@ -1185,8 +1265,8 @@ CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datas
 	NOTE: https://github.com/grafana/grafana/pull/24539
 CVE-2020-13429 (legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1. ...)
 	NOT-FOR-US: piechart-panel plugin for Grafana
-CVE-2020-13428
-	RESERVED
+CVE-2020-13428 (A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in mod ...)
+	TODO: check
 CVE-2020-13427
 	RESERVED
 CVE-2020-13426
@@ -2596,18 +2676,18 @@ CVE-2020-12805
 	RESERVED
 CVE-2020-12804
 	RESERVED
-CVE-2020-12803
-	RESERVED
-CVE-2020-12802
-	RESERVED
+CVE-2020-12803 (ODF documents can contain forms to be filled out by the user. Similar  ...)
+	TODO: check
+CVE-2020-12802 (LibreOffice has a 'stealth mode' in which only documents from location ...)
+	TODO: check
 CVE-2020-12801 (If LibreOffice has an encrypted document open and crashes, that docume ...)
 	- libreoffice 1:6.4.3-1 (low)
 	[buster] - libreoffice <ignored> (Minor issue)
 	[stretch] - libreoffice <ignored> (Minor issue)
 	[jessie] - libreoffice <no-dsa> (Minor issue)
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801
-CVE-2020-12800
-	RESERVED
+CVE-2020-12800 (The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1. ...)
+	TODO: check
 CVE-2020-12799
 	RESERVED
 CVE-2020-12798 (Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system pol ...)
@@ -2658,8 +2738,8 @@ CVE-2020-12775
 	RESERVED
 CVE-2020-12774
 	RESERVED
-CVE-2020-12773
-	RESERVED
+CVE-2020-12773 (A security misconfiguration vulnerability exists in the SDK of some Re ...)
+	TODO: check
 CVE-2020-12783 (Exim through 4.93 has an out-of-bounds read in the SPA authenticator t ...)
 	{DSA-4687-1 DLA-2213-1}
 	- exim4 4.93-16
@@ -2873,8 +2953,8 @@ CVE-2020-12697 (The direct_mail extension through 5.2.3 for TYPO3 allows Denial
 	NOT-FOR-US: Typo3 extension
 CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a URL. ...)
 	NOT-FOR-US: iframe plugin for WordPress
-CVE-2020-12695
-	RESERVED
+CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-04-17  ...)
+	TODO: check
 CVE-2020-12694
 	RESERVED
 CVE-2020-12693 (Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare c ...)
@@ -4477,8 +4557,7 @@ CVE-2020-12050 (SQLiteODBC 0.9996, as packaged for certain Linux distributions a
 	NOTE: The issue is located in the *.spec files used for rpm packaging using insecurely
 	NOTE: /tmp/sqliteodbc$$. Debian packaging maintainer scripts do not suffer from same
 	NOTE: issue.
-CVE-2020-12049
-	RESERVED
+CVE-2020-12049 (An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusSe ...)
 	{DLA-2235-1}
 	- dbus 1.12.18-1
 	[buster] - dbus <no-dsa> (Minor issue)
@@ -9143,8 +9222,7 @@ CVE-2020-10755
 	NOTE: https://bugs.launchpad.net/cinder/+bug/1823200
 	NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0086
 	TODO: check, affects as well  python-os-brick or needs a respective update?
-CVE-2020-10754 [user configuration not honoured leaving the connection unauthenticated via insecure defaults]
-	RESERVED
+CVE-2020-10754 (It was found that nmcli, a command line interface to NetworkManager di ...)
 	- network-manager <unfixed> (unimportant)
 	NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/448
 	NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/8affcc19b61fc3c516474ba075e61b82030feeb4
@@ -13070,8 +13148,8 @@ CVE-2020-9101
 	RESERVED
 CVE-2020-9100
 	RESERVED
-CVE-2020-9099
-	RESERVED
+CVE-2020-9099 (Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Se ...)
+	TODO: check
 CVE-2020-9098 (Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9097
@@ -13184,12 +13262,12 @@ CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Ser
 	NOT-FOR-US: Johnson Controls
 CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows disclosure of t ...)
 	NOT-FOR-US: wpCentral plugin for WordPress
-CVE-2020-9042
-	RESERVED
-CVE-2020-9041
-	RESERVED
-CVE-2020-9040
-	RESERVED
+CVE-2020-9042 (In Couchbase Server 6.0, credentials cached by a browser can be used t ...)
+	TODO: check
+CVE-2020-9041 (In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, th ...)
+	TODO: check
+CVE-2020-9040 (Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker t ...)
+	TODO: check
 CVE-2020-9039 (Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6. ...)
 	NOT-FOR-US: Couchbase
 CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...)
@@ -13428,8 +13506,8 @@ CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat thro
 	[buster] - weechat <no-dsa> (Minor issue)
 	[stretch] - weechat <no-dsa> (Minor issue)
 	NOTE: https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da
-CVE-2020-8954
-	RESERVED
+CVE-2020-8954 (OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link  ...)
+	TODO: check
 CVE-2020-8953 (OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication by ...)
 	NOT-FOR-US: OpenVPN Access Server
 CVE-2020-8952 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the logout.jsp ti ...)
@@ -15191,8 +15269,8 @@ CVE-2020-8182
 	RESERVED
 CVE-2020-8181
 	RESERVED
-CVE-2020-8180
-	RESERVED
+CVE-2020-8180 (A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a cod ...)
+	TODO: check
 CVE-2020-8179
 	RESERVED
 CVE-2020-8178
@@ -15212,8 +15290,7 @@ CVE-2020-8174 [napi_get_value_string_*() allows various kinds of memory corrupti
 	NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#napi_get_value_string_-allows-various-kinds-of-memory-corruption-high-cve-2020-8174
 CVE-2020-8173
 	RESERVED
-CVE-2020-8172 [TLS session reuse can lead to host certificate verification bypass]
-	RESERVED
+CVE-2020-8172 (TLS session reuse can lead to host certificate verification bypass in  ...)
 	- nodejs <not-affected> (Only affects 12.x and later)
 	NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#tls-session-reuse-can-lead-to-host-certificate-verification-bypass-high-cve-2020-8172
 CVE-2020-8171 (We have recently released new version of AirMax AirOS firmware v6.3.0  ...)
@@ -16476,8 +16553,8 @@ CVE-2020-7678
 	RESERVED
 CVE-2020-7677
 	RESERVED
-CVE-2020-7676
-	RESERVED
+CVE-2020-7676 (angular.js prior to 1.8.0 allows cross site scripting. The regex-based ...)
+	TODO: check
 CVE-2020-7675
 	RESERVED
 CVE-2020-7674
@@ -20266,10 +20343,10 @@ CVE-2020-6112
 	RESERVED
 CVE-2020-6111
 	RESERVED
-CVE-2020-6110
-	RESERVED
-CVE-2020-6109
-	RESERVED
+CVE-2020-6110 (An exploitable partial path traversal vulnerability exists in the way  ...)
+	TODO: check
+CVE-2020-6109 (An exploitable path traversal vulnerability exists in the Zoom client, ...)
+	TODO: check
 CVE-2020-6108
 	RESERVED
 CVE-2020-6107
@@ -22048,8 +22125,8 @@ CVE-2020-5306 (Codoforum 4.8.3 allows XSS via a post using parameters display na
 	NOT-FOR-US: Codoforum
 CVE-2020-5305 (Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of  ...)
 	NOT-FOR-US: Codoforum
-CVE-2020-5304
-	RESERVED
+CVE-2020-5304 (The dashboard in WhiteSource Application Vulnerability Management (AVM ...)
+	TODO: check
 CVE-2020-5303 (Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-o ...)
 	NOT-FOR-US: Tendermint
 CVE-2020-5302 (MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a b ...)
@@ -24168,8 +24245,8 @@ CVE-2020-4531
 	RESERVED
 CVE-2020-4530
 	RESERVED
-CVE-2020-4529
-	RESERVED
+CVE-2020-4529 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server si ...)
+	TODO: check
 CVE-2020-4528
 	RESERVED
 CVE-2020-4527
@@ -32087,8 +32164,8 @@ CVE-2019-19414 (There is an integer overflow vulnerability in LDAP server of som
 	NOT-FOR-US: Huawei
 CVE-2019-19413 (There is an integer overflow vulnerability in LDAP client of some Huaw ...)
 	NOT-FOR-US: Huawei
-CVE-2019-19412
-	RESERVED
+CVE-2019-19412 (Some Huawei smart phones have a Factory Reset Protection (FRP) bypass  ...)
+	TODO: check
 CVE-2019-19411 (USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R00 ...)
 	NOT-FOR-US: Huawei
 CVE-2019-19410
@@ -32146,8 +32223,8 @@ CVE-2020-1777
 	RESERVED
 CVE-2020-1776
 	RESERVED
-CVE-2020-1775
-	RESERVED
+CVE-2020-1775 (BCC recipients in mails sent from OTRS are visible in article detail o ...)
+	TODO: check
 CVE-2020-1774 (When user downloads PGP or S/MIME keys/certificates, exported file has ...)
 	{DLA-2198-1}
 	- otrs2 6.0.28-1 (bug #959448)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90fe91880037ad90dab838164765f60f21d152b8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90fe91880037ad90dab838164765f60f21d152b8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200608/75b0fdb0/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list