[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Jun 8 21:10:34 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
90fe9188 by security tracker role at 2020-06-08T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2020-13959
+ RESERVED
+CVE-2020-13958
+ RESERVED
+CVE-2020-13957
+ RESERVED
+CVE-2020-13956
+ RESERVED
+CVE-2020-13955
+ RESERVED
+CVE-2020-13954
+ RESERVED
+CVE-2020-13953
+ RESERVED
+CVE-2020-13952
+ RESERVED
+CVE-2020-13951
+ RESERVED
+CVE-2020-13950
+ RESERVED
+CVE-2020-13949
+ RESERVED
+CVE-2020-13948
+ RESERVED
+CVE-2020-13947
+ RESERVED
+CVE-2020-13946
+ RESERVED
+CVE-2020-13945
+ RESERVED
+CVE-2020-13944
+ RESERVED
+CVE-2020-13943
+ RESERVED
+CVE-2020-13942
+ RESERVED
+CVE-2020-13941
+ RESERVED
+CVE-2020-13940
+ RESERVED
+CVE-2020-13939
+ RESERVED
+CVE-2020-13938
+ RESERVED
+CVE-2020-13937
+ RESERVED
+CVE-2020-13936
+ RESERVED
+CVE-2020-13935
+ RESERVED
+CVE-2020-13934
+ RESERVED
+CVE-2020-13933
+ RESERVED
+CVE-2020-13932
+ RESERVED
+CVE-2020-13931
+ RESERVED
+CVE-2020-13930
+ RESERVED
+CVE-2020-13929
+ RESERVED
+CVE-2020-13928
+ RESERVED
+CVE-2020-13927
+ RESERVED
+CVE-2020-13926
+ RESERVED
+CVE-2020-13925
+ RESERVED
+CVE-2020-13924
+ RESERVED
+CVE-2020-13923
+ RESERVED
+CVE-2020-13922
+ RESERVED
+CVE-2020-13921
+ RESERVED
+CVE-2020-13920
+ RESERVED
CVE-2020-13919
RESERVED
CVE-2020-13918
@@ -70,15 +150,16 @@ CVE-2020-13895 (Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module
NOTE: https://github.com/FGasper/p5-Crypt-Perl/commit/f960ce75502acf7404187231a706672f8369acb2
CVE-2020-13886
RESERVED
-CVE-2020-13885
- RESERVED
-CVE-2020-13884
- RESERVED
+CVE-2020-13885 (Citrix Workspace App before 2006.1 on Windows has Insecure Permissions ...)
+ TODO: check
+CVE-2020-13884 (Citrix Workspace App before 2006.1 on Windows has Insecure Permissions ...)
+ TODO: check
CVE-2020-13883 (In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, an ...)
NOT-FOR-US: WSO2 API Manager
CVE-2020-13882
RESERVED
CVE-2020-13881 (In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared se ...)
+ {DLA-2239-1}
- libpam-tacplus <unfixed>
NOTE: https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0
NOTE: https://github.com/kravietz/pam_tacplus/issues/149
@@ -114,8 +195,8 @@ CVE-2020-13868 (An issue was discovered in the Comments plugin before 1.5.5 for
CVE-2020-13867 (Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/t ...)
- targetcli-fb <unfixed> (bug #962331)
NOTE: https://github.com/open-iscsi/targetcli-fb/pull/172
-CVE-2020-13866
- RESERVED
+CVE-2020-13866 (WinGate v9.4.1.5998 has insecure permissions for the installation dire ...)
+ TODO: check
CVE-2020-13865 (The Elementor Page Builder plugin before 2.9.9 for WordPress suffers f ...)
NOT-FOR-US: Elementor Page Builder plugin for WordPress
CVE-2020-13864 (The Elementor Page Builder plugin before 2.9.9 for WordPress suffers f ...)
@@ -593,8 +674,7 @@ CVE-2020-13698
RESERVED
CVE-2020-13697
RESERVED
-CVE-2020-13696 [v4l-conf setuid-root program allows file existence tests and open(..., O_RDRW) on arbitrary files]
- RESERVED
+CVE-2020-13696 (An issue was discovered in LinuxTV xawtv before 3.107. The function de ...)
- xawtv <unfixed> (bug #962221)
NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/6
NOTE: Fixed by: https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3
@@ -764,8 +844,8 @@ CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote attackers
- centreon-web <itp> (bug #913903)
CVE-2020-13626
RESERVED
-CVE-2020-13625
- RESERVED
+CVE-2020-13625 (PHPMailer before 6.1.6 contains an output escaping bug when the name o ...)
+ TODO: check
CVE-2020-13624
RESERVED
CVE-2020-13623 (JerryScript 2.2.0 allows attackers to cause a denial of service (stack ...)
@@ -1176,8 +1256,8 @@ CVE-2020-13434 (SQLite through 3.32.0 has an integer overflow in sqlite3_str_vap
NOTE: https://www.sqlite.org/src/info/d08d3405878d394e
CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php h ...)
NOT-FOR-US: Jason2605 AdminPanel
-CVE-2020-13432
- RESERVED
+CVE-2020-13432 (rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual file ...)
+ TODO: check
CVE-2020-13431
RESERVED
CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. ...)
@@ -1185,8 +1265,8 @@ CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datas
NOTE: https://github.com/grafana/grafana/pull/24539
CVE-2020-13429 (legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1. ...)
NOT-FOR-US: piechart-panel plugin for Grafana
-CVE-2020-13428
- RESERVED
+CVE-2020-13428 (A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in mod ...)
+ TODO: check
CVE-2020-13427
RESERVED
CVE-2020-13426
@@ -2596,18 +2676,18 @@ CVE-2020-12805
RESERVED
CVE-2020-12804
RESERVED
-CVE-2020-12803
- RESERVED
-CVE-2020-12802
- RESERVED
+CVE-2020-12803 (ODF documents can contain forms to be filled out by the user. Similar ...)
+ TODO: check
+CVE-2020-12802 (LibreOffice has a 'stealth mode' in which only documents from location ...)
+ TODO: check
CVE-2020-12801 (If LibreOffice has an encrypted document open and crashes, that docume ...)
- libreoffice 1:6.4.3-1 (low)
[buster] - libreoffice <ignored> (Minor issue)
[stretch] - libreoffice <ignored> (Minor issue)
[jessie] - libreoffice <no-dsa> (Minor issue)
NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801
-CVE-2020-12800
- RESERVED
+CVE-2020-12800 (The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1. ...)
+ TODO: check
CVE-2020-12799
RESERVED
CVE-2020-12798 (Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system pol ...)
@@ -2658,8 +2738,8 @@ CVE-2020-12775
RESERVED
CVE-2020-12774
RESERVED
-CVE-2020-12773
- RESERVED
+CVE-2020-12773 (A security misconfiguration vulnerability exists in the SDK of some Re ...)
+ TODO: check
CVE-2020-12783 (Exim through 4.93 has an out-of-bounds read in the SPA authenticator t ...)
{DSA-4687-1 DLA-2213-1}
- exim4 4.93-16
@@ -2873,8 +2953,8 @@ CVE-2020-12697 (The direct_mail extension through 5.2.3 for TYPO3 allows Denial
NOT-FOR-US: Typo3 extension
CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a URL. ...)
NOT-FOR-US: iframe plugin for WordPress
-CVE-2020-12695
- RESERVED
+CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-04-17 ...)
+ TODO: check
CVE-2020-12694
RESERVED
CVE-2020-12693 (Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare c ...)
@@ -4477,8 +4557,7 @@ CVE-2020-12050 (SQLiteODBC 0.9996, as packaged for certain Linux distributions a
NOTE: The issue is located in the *.spec files used for rpm packaging using insecurely
NOTE: /tmp/sqliteodbc$$. Debian packaging maintainer scripts do not suffer from same
NOTE: issue.
-CVE-2020-12049
- RESERVED
+CVE-2020-12049 (An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusSe ...)
{DLA-2235-1}
- dbus 1.12.18-1
[buster] - dbus <no-dsa> (Minor issue)
@@ -9143,8 +9222,7 @@ CVE-2020-10755
NOTE: https://bugs.launchpad.net/cinder/+bug/1823200
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0086
TODO: check, affects as well python-os-brick or needs a respective update?
-CVE-2020-10754 [user configuration not honoured leaving the connection unauthenticated via insecure defaults]
- RESERVED
+CVE-2020-10754 (It was found that nmcli, a command line interface to NetworkManager di ...)
- network-manager <unfixed> (unimportant)
NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/448
NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/8affcc19b61fc3c516474ba075e61b82030feeb4
@@ -13070,8 +13148,8 @@ CVE-2020-9101
RESERVED
CVE-2020-9100
RESERVED
-CVE-2020-9099
- RESERVED
+CVE-2020-9099 (Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Se ...)
+ TODO: check
CVE-2020-9098 (Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an ...)
NOT-FOR-US: Huawei
CVE-2020-9097
@@ -13184,12 +13262,12 @@ CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Ser
NOT-FOR-US: Johnson Controls
CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows disclosure of t ...)
NOT-FOR-US: wpCentral plugin for WordPress
-CVE-2020-9042
- RESERVED
-CVE-2020-9041
- RESERVED
-CVE-2020-9040
- RESERVED
+CVE-2020-9042 (In Couchbase Server 6.0, credentials cached by a browser can be used t ...)
+ TODO: check
+CVE-2020-9041 (In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, th ...)
+ TODO: check
+CVE-2020-9040 (Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker t ...)
+ TODO: check
CVE-2020-9039 (Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6. ...)
NOT-FOR-US: Couchbase
CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...)
@@ -13428,8 +13506,8 @@ CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat thro
[buster] - weechat <no-dsa> (Minor issue)
[stretch] - weechat <no-dsa> (Minor issue)
NOTE: https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da
-CVE-2020-8954
- RESERVED
+CVE-2020-8954 (OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link ...)
+ TODO: check
CVE-2020-8953 (OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication by ...)
NOT-FOR-US: OpenVPN Access Server
CVE-2020-8952 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the logout.jsp ti ...)
@@ -15191,8 +15269,8 @@ CVE-2020-8182
RESERVED
CVE-2020-8181
RESERVED
-CVE-2020-8180
- RESERVED
+CVE-2020-8180 (A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a cod ...)
+ TODO: check
CVE-2020-8179
RESERVED
CVE-2020-8178
@@ -15212,8 +15290,7 @@ CVE-2020-8174 [napi_get_value_string_*() allows various kinds of memory corrupti
NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#napi_get_value_string_-allows-various-kinds-of-memory-corruption-high-cve-2020-8174
CVE-2020-8173
RESERVED
-CVE-2020-8172 [TLS session reuse can lead to host certificate verification bypass]
- RESERVED
+CVE-2020-8172 (TLS session reuse can lead to host certificate verification bypass in ...)
- nodejs <not-affected> (Only affects 12.x and later)
NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#tls-session-reuse-can-lead-to-host-certificate-verification-bypass-high-cve-2020-8172
CVE-2020-8171 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...)
@@ -16476,8 +16553,8 @@ CVE-2020-7678
RESERVED
CVE-2020-7677
RESERVED
-CVE-2020-7676
- RESERVED
+CVE-2020-7676 (angular.js prior to 1.8.0 allows cross site scripting. The regex-based ...)
+ TODO: check
CVE-2020-7675
RESERVED
CVE-2020-7674
@@ -20266,10 +20343,10 @@ CVE-2020-6112
RESERVED
CVE-2020-6111
RESERVED
-CVE-2020-6110
- RESERVED
-CVE-2020-6109
- RESERVED
+CVE-2020-6110 (An exploitable partial path traversal vulnerability exists in the way ...)
+ TODO: check
+CVE-2020-6109 (An exploitable path traversal vulnerability exists in the Zoom client, ...)
+ TODO: check
CVE-2020-6108
RESERVED
CVE-2020-6107
@@ -22048,8 +22125,8 @@ CVE-2020-5306 (Codoforum 4.8.3 allows XSS via a post using parameters display na
NOT-FOR-US: Codoforum
CVE-2020-5305 (Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of ...)
NOT-FOR-US: Codoforum
-CVE-2020-5304
- RESERVED
+CVE-2020-5304 (The dashboard in WhiteSource Application Vulnerability Management (AVM ...)
+ TODO: check
CVE-2020-5303 (Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-o ...)
NOT-FOR-US: Tendermint
CVE-2020-5302 (MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a b ...)
@@ -24168,8 +24245,8 @@ CVE-2020-4531
RESERVED
CVE-2020-4530
RESERVED
-CVE-2020-4529
- RESERVED
+CVE-2020-4529 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server si ...)
+ TODO: check
CVE-2020-4528
RESERVED
CVE-2020-4527
@@ -32087,8 +32164,8 @@ CVE-2019-19414 (There is an integer overflow vulnerability in LDAP server of som
NOT-FOR-US: Huawei
CVE-2019-19413 (There is an integer overflow vulnerability in LDAP client of some Huaw ...)
NOT-FOR-US: Huawei
-CVE-2019-19412
- RESERVED
+CVE-2019-19412 (Some Huawei smart phones have a Factory Reset Protection (FRP) bypass ...)
+ TODO: check
CVE-2019-19411 (USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R00 ...)
NOT-FOR-US: Huawei
CVE-2019-19410
@@ -32146,8 +32223,8 @@ CVE-2020-1777
RESERVED
CVE-2020-1776
RESERVED
-CVE-2020-1775
- RESERVED
+CVE-2020-1775 (BCC recipients in mails sent from OTRS are visible in article detail o ...)
+ TODO: check
CVE-2020-1774 (When user downloads PGP or S/MIME keys/certificates, exported file has ...)
{DLA-2198-1}
- otrs2 6.0.28-1 (bug #959448)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90fe91880037ad90dab838164765f60f21d152b8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90fe91880037ad90dab838164765f60f21d152b8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200608/75b0fdb0/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list