[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jun 17 21:10:36 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cec1a47e by security tracker role at 2020-06-17T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,393 @@
+CVE-2020-14407
+ RESERVED
+CVE-2020-14406
+ RESERVED
+CVE-2020-14405 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rf ...)
+ TODO: check
+CVE-2020-14404 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rr ...)
+ TODO: check
+CVE-2020-14403 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/he ...)
+ TODO: check
+CVE-2020-14402 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/co ...)
+ TODO: check
+CVE-2020-14401 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/sc ...)
+ TODO: check
+CVE-2020-14400 (An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned da ...)
+ TODO: check
+CVE-2020-14399 (An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned da ...)
+ TODO: check
+CVE-2020-14398 (An issue was discovered in LibVNCServer before 0.9.13. An improperly c ...)
+ TODO: check
+CVE-2020-14397 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rf ...)
+ TODO: check
+CVE-2020-14396 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tl ...)
+ TODO: check
+CVE-2020-14395
+ RESERVED
+CVE-2020-14394
+ RESERVED
+CVE-2020-14393
+ RESERVED
+CVE-2020-14392
+ RESERVED
+CVE-2020-14391
+ RESERVED
+CVE-2020-14390
+ RESERVED
+CVE-2020-14389
+ RESERVED
+CVE-2020-14388
+ RESERVED
+CVE-2020-14387
+ RESERVED
+CVE-2020-14386
+ RESERVED
+CVE-2020-14385
+ RESERVED
+CVE-2020-14384
+ RESERVED
+CVE-2020-14383
+ RESERVED
+CVE-2020-14382
+ RESERVED
+CVE-2020-14381
+ RESERVED
+CVE-2020-14380
+ RESERVED
+CVE-2020-14379
+ RESERVED
+CVE-2020-14378
+ RESERVED
+CVE-2020-14377
+ RESERVED
+CVE-2020-14376
+ RESERVED
+CVE-2020-14375
+ RESERVED
+CVE-2020-14374
+ RESERVED
+CVE-2020-14373
+ RESERVED
+CVE-2020-14372
+ RESERVED
+CVE-2020-14371
+ RESERVED
+CVE-2020-14370
+ RESERVED
+CVE-2020-14369
+ RESERVED
+CVE-2020-14368
+ RESERVED
+CVE-2020-14367
+ RESERVED
+CVE-2020-14366
+ RESERVED
+CVE-2020-14365
+ RESERVED
+CVE-2020-14364
+ RESERVED
+CVE-2020-14363
+ RESERVED
+CVE-2020-14362
+ RESERVED
+CVE-2020-14361
+ RESERVED
+CVE-2020-14360
+ RESERVED
+CVE-2020-14359
+ RESERVED
+CVE-2020-14358
+ RESERVED
+CVE-2020-14357
+ RESERVED
+CVE-2020-14356
+ RESERVED
+CVE-2020-14355
+ RESERVED
+CVE-2020-14354
+ RESERVED
+CVE-2020-14353
+ RESERVED
+CVE-2020-14352
+ RESERVED
+CVE-2020-14351
+ RESERVED
+CVE-2020-14350
+ RESERVED
+CVE-2020-14349
+ RESERVED
+CVE-2020-14348
+ RESERVED
+CVE-2020-14347
+ RESERVED
+CVE-2020-14346
+ RESERVED
+CVE-2020-14345
+ RESERVED
+CVE-2020-14344
+ RESERVED
+CVE-2020-14343
+ RESERVED
+CVE-2020-14342
+ RESERVED
+CVE-2020-14341
+ RESERVED
+CVE-2020-14340
+ RESERVED
+CVE-2020-14339
+ RESERVED
+CVE-2020-14338
+ RESERVED
+CVE-2020-14337
+ RESERVED
+CVE-2020-14336
+ RESERVED
+CVE-2020-14335
+ RESERVED
+CVE-2020-14334
+ RESERVED
+CVE-2020-14333
+ RESERVED
+CVE-2020-14332
+ RESERVED
+CVE-2020-14331
+ RESERVED
+CVE-2020-14330
+ RESERVED
+CVE-2020-14329
+ RESERVED
+CVE-2020-14328
+ RESERVED
+CVE-2020-14327
+ RESERVED
+CVE-2020-14326
+ RESERVED
+CVE-2020-14325
+ RESERVED
+CVE-2020-14324
+ RESERVED
+CVE-2020-14323
+ RESERVED
+CVE-2020-14322
+ RESERVED
+CVE-2020-14321
+ RESERVED
+CVE-2020-14320
+ RESERVED
+CVE-2020-14319
+ RESERVED
+CVE-2020-14318
+ RESERVED
+CVE-2020-14317
+ RESERVED
+CVE-2020-14316
+ RESERVED
+CVE-2020-14315
+ RESERVED
+CVE-2020-14314
+ RESERVED
+CVE-2020-14313
+ RESERVED
+CVE-2020-14312
+ RESERVED
+CVE-2020-14311
+ RESERVED
+CVE-2020-14310
+ RESERVED
+CVE-2020-14309
+ RESERVED
+CVE-2020-14308
+ RESERVED
+CVE-2020-14307
+ RESERVED
+CVE-2020-14306
+ RESERVED
+CVE-2020-14305
+ RESERVED
+CVE-2020-14304
+ RESERVED
+CVE-2020-14303
+ RESERVED
+CVE-2020-14302
+ RESERVED
+CVE-2020-14301
+ RESERVED
+CVE-2020-14300
+ RESERVED
+CVE-2020-14299
+ RESERVED
+CVE-2020-14298
+ RESERVED
+CVE-2020-14297
+ RESERVED
+CVE-2020-14296
+ RESERVED
+CVE-2020-14295 (A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to ...)
+ TODO: check
+CVE-2020-14294
+ RESERVED
+CVE-2020-14293
+ RESERVED
+CVE-2020-14292
+ RESERVED
+CVE-2020-14291
+ RESERVED
+CVE-2020-14290
+ RESERVED
+CVE-2020-14289
+ RESERVED
+CVE-2020-14288
+ RESERVED
+CVE-2020-14287
+ RESERVED
+CVE-2020-14286
+ RESERVED
+CVE-2020-14285
+ RESERVED
+CVE-2020-14284
+ RESERVED
+CVE-2020-14283
+ RESERVED
+CVE-2020-14282
+ RESERVED
+CVE-2020-14281
+ RESERVED
+CVE-2020-14280
+ RESERVED
+CVE-2020-14279
+ RESERVED
+CVE-2020-14278
+ RESERVED
+CVE-2020-14277
+ RESERVED
+CVE-2020-14276
+ RESERVED
+CVE-2020-14275
+ RESERVED
+CVE-2020-14274
+ RESERVED
+CVE-2020-14273
+ RESERVED
+CVE-2020-14272
+ RESERVED
+CVE-2020-14271
+ RESERVED
+CVE-2020-14270
+ RESERVED
+CVE-2020-14269
+ RESERVED
+CVE-2020-14268
+ RESERVED
+CVE-2020-14267
+ RESERVED
+CVE-2020-14266
+ RESERVED
+CVE-2020-14265
+ RESERVED
+CVE-2020-14264
+ RESERVED
+CVE-2020-14263
+ RESERVED
+CVE-2020-14262
+ RESERVED
+CVE-2020-14261
+ RESERVED
+CVE-2020-14260
+ RESERVED
+CVE-2020-14259
+ RESERVED
+CVE-2020-14258
+ RESERVED
+CVE-2020-14257
+ RESERVED
+CVE-2020-14256
+ RESERVED
+CVE-2020-14255
+ RESERVED
+CVE-2020-14254
+ RESERVED
+CVE-2020-14253
+ RESERVED
+CVE-2020-14252
+ RESERVED
+CVE-2020-14251
+ RESERVED
+CVE-2020-14250
+ RESERVED
+CVE-2020-14249
+ RESERVED
+CVE-2020-14248
+ RESERVED
+CVE-2020-14247
+ RESERVED
+CVE-2020-14246
+ RESERVED
+CVE-2020-14245
+ RESERVED
+CVE-2020-14244
+ RESERVED
+CVE-2020-14243
+ RESERVED
+CVE-2020-14242
+ RESERVED
+CVE-2020-14241
+ RESERVED
+CVE-2020-14240
+ RESERVED
+CVE-2020-14239
+ RESERVED
+CVE-2020-14238
+ RESERVED
+CVE-2020-14237
+ RESERVED
+CVE-2020-14236
+ RESERVED
+CVE-2020-14235
+ RESERVED
+CVE-2020-14234
+ RESERVED
+CVE-2020-14233
+ RESERVED
+CVE-2020-14232
+ RESERVED
+CVE-2020-14231
+ RESERVED
+CVE-2020-14230
+ RESERVED
+CVE-2020-14229
+ RESERVED
+CVE-2020-14228
+ RESERVED
+CVE-2020-14227
+ RESERVED
+CVE-2020-14226
+ RESERVED
+CVE-2020-14225
+ RESERVED
+CVE-2020-14224
+ RESERVED
+CVE-2020-14223
+ RESERVED
+CVE-2020-14222
+ RESERVED
+CVE-2020-14221
+ RESERVED
+CVE-2020-14220
+ RESERVED
+CVE-2020-14219
+ RESERVED
+CVE-2020-14218
+ RESERVED
+CVE-2020-14217
+ RESERVED
+CVE-2020-14216
+ RESERVED
+CVE-2019-20840 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws ...)
+ TODO: check
+CVE-2019-20839 (libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer over ...)
+ TODO: check
+CVE-2018-21247 (An issue was discovered in LibVNCServer before 0.9.13. There is a memo ...)
+ TODO: check
CVE-2020-14215
RESERVED
CVE-2020-14214 (Zammad before 3.3.1, when Domain Based Assignment is enabled, relies o ...)
@@ -1445,8 +1835,8 @@ CVE-2020-13639
RESERVED
CVE-2020-13638
RESERVED
-CVE-2020-13637
- RESERVED
+CVE-2020-13637 (An issue was discovered in the stashcat app through 3.9.2 for macOS, W ...)
+ TODO: check
CVE-2020-13636
RESERVED
CVE-2020-13635
@@ -2373,8 +2763,8 @@ CVE-2020-13226 (WSO2 API Manager 3.0.0 does not properly restrict outbound netwo
CVE-2020-13225 (phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability ...)
- phpipam <itp> (bug #731713)
NOTE: https://github.com/phpipam/phpipam/issues/3025
-CVE-2020-13224
- RESERVED
+CVE-2020-13224 (TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices throu ...)
+ TODO: check
CVE-2020-13223 (HashiCorp Vault and Vault Enterprise before 1.3.6, and 1.4.2 before 1. ...)
NOT-FOR-US: HashiCorp Vault
CVE-2020-13222
@@ -3266,8 +3656,8 @@ CVE-2020-12829
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1786026
CVE-2020-12828 (An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VP ...)
NOT-FOR-US: AnchorFree VPN SDK
-CVE-2020-12827
- RESERVED
+CVE-2020-12827 (MJML prior to 4.6.3 contains a path traversal vulnerability when proce ...)
+ TODO: check
CVE-2019-20796
RESERVED
CVE-2020-12826 (A signal access-control issue was discovered in the Linux kernel befor ...)
@@ -6129,44 +6519,44 @@ CVE-2020-11915
RESERVED
CVE-2019-20786 (handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a chec ...)
NOT-FOR-US: Pion DTLS
-CVE-2020-11914
- RESERVED
-CVE-2020-11913
- RESERVED
-CVE-2020-11912
- RESERVED
-CVE-2020-11911
- RESERVED
-CVE-2020-11910
- RESERVED
-CVE-2020-11909
- RESERVED
-CVE-2020-11908
- RESERVED
-CVE-2020-11907
- RESERVED
-CVE-2020-11906
- RESERVED
-CVE-2020-11905
- RESERVED
-CVE-2020-11904
- RESERVED
-CVE-2020-11903
- RESERVED
-CVE-2020-11902
- RESERVED
-CVE-2020-11901
- RESERVED
-CVE-2020-11900
- RESERVED
-CVE-2020-11899
- RESERVED
-CVE-2020-11898
- RESERVED
-CVE-2020-11897
- RESERVED
-CVE-2020-11896
- RESERVED
+CVE-2020-11914 (The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read. ...)
+ TODO: check
+CVE-2020-11913 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. ...)
+ TODO: check
+CVE-2020-11912 (The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read. ...)
+ TODO: check
+CVE-2020-11911 (The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Cont ...)
+ TODO: check
+CVE-2020-11910 (The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Rea ...)
+ TODO: check
+CVE-2020-11909 (The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow. ...)
+ TODO: check
+CVE-2020-11908 (The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in ...)
+ TODO: check
+CVE-2020-11907 (The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Par ...)
+ TODO: check
+CVE-2020-11906 (The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Inte ...)
+ TODO: check
+CVE-2020-11905 (The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read ...)
+ TODO: check
+CVE-2020-11904 (The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during ...)
+ TODO: check
+CVE-2020-11903 (The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read. ...)
+ TODO: check
+CVE-2020-11902 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling O ...)
+ TODO: check
+CVE-2020-11901 (The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution vi ...)
+ TODO: check
+CVE-2020-11900 (The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Fr ...)
+ TODO: check
+CVE-2020-11899 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. ...)
+ TODO: check
+CVE-2020-11898 (The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMP ...)
+ TODO: check
+CVE-2020-11897 (The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via ...)
+ TODO: check
+CVE-2020-11896 (The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, r ...)
+ TODO: check
CVE-2020-11895 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) i ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/197
@@ -13338,8 +13728,8 @@ CVE-2020-9334 (A stored XSS vulnerability exists in the Envira Photo Gallery plu
NOT-FOR-US: Envira Photo Gallery plugin for WordPress
CVE-2020-9333
RESERVED
-CVE-2020-9332
- RESERVED
+CVE-2020-9332 (ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 ...)
+ TODO: check
CVE-2020-9331
RESERVED
CVE-2020-9330 (Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not requ ...)
@@ -16664,8 +17054,8 @@ CVE-2020-7934 (In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle
NOT-FOR-US: LifeRay Portal
CVE-2020-7933
RESERVED
-CVE-2020-7932
- RESERVED
+CVE-2020-7932 (OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g. ...)
+ TODO: check
CVE-2020-7931 (In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template process ...)
NOT-FOR-US: JFrog Artifactory
CVE-2020-7930
@@ -17297,16 +17687,16 @@ CVE-2020-7670 (agoo through 2.12.3 allows request smuggling attacks where agoo i
TODO: check
CVE-2020-7669
RESERVED
-CVE-2020-7668
- RESERVED
+CVE-2020-7668 (The ExtractTo function doesn't securely escape file paths in zip archi ...)
+ TODO: check
CVE-2020-7667
RESERVED
CVE-2020-7666
RESERVED
CVE-2020-7665
RESERVED
-CVE-2020-7664
- RESERVED
+CVE-2020-7664 (The ExtractTo function doesn't securely escape file paths in zip archi ...)
+ TODO: check
CVE-2020-7663 (websocket-extensions ruby module prior to 0.1.5 allows Denial of Servi ...)
- ruby-websocket-extensions <unfixed>
NOTE: https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2
@@ -19123,8 +19513,8 @@ CVE-2020-6871
RESERVED
CVE-2020-6870
RESERVED
-CVE-2020-6869
- RESERVED
+CVE-2020-6869 (All versions up to 10.06 of ZTEMarket APK are impacted by an informati ...)
+ TODO: check
CVE-2020-6868 (ZTE's PON terminal product is impacted by the access control vulnerabi ...)
NOT-FOR-US: ZTE
CVE-2020-6867 (ZTE's SDON controller is impacted by the resource management error vul ...)
@@ -19508,8 +19898,8 @@ CVE-2020-6754 (dotCMS before 5.2.4 is vulnerable to directory traversal, leading
NOT-FOR-US: dotCMS
CVE-2020-6753 (The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS ...)
NOT-FOR-US: Login by Auth0 plugin for WordPress
-CVE-2020-6752
- RESERVED
+CVE-2020-6752 (In OMERO before 5.6.1, group owners can access members' data in other ...)
+ TODO: check
CVE-2020-6751
RESERVED
CVE-2019-20376 (A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG ...)
@@ -24976,8 +25366,8 @@ CVE-2020-4534
RESERVED
CVE-2020-4533
RESERVED
-CVE-2020-4532
- RESERVED
+CVE-2020-4532 (IBM Business Automation Workflow and IBM Business Process Manager (IBM ...)
+ TODO: check
CVE-2020-4531
RESERVED
CVE-2020-4530
@@ -45107,8 +45497,8 @@ CVE-2019-16247 (Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!
NOT-FOR-US: Delta DCISoft
CVE-2019-16246 (Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a differen ...)
NOT-FOR-US: Intesync Solismed
-CVE-2019-16245
- RESERVED
+CVE-2019-16245 (OMERO before 5.6.1 makes the details of each user available to all use ...)
+ TODO: check
CVE-2019-16244
RESERVED
CVE-2019-16243 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocument ...)
@@ -65079,10 +65469,10 @@ CVE-2019-9946 (Cloud Native Computing Foundation (CNCF) CNI (Container Networkin
TODO: singularity-container seems to embed as well a copy of cni
CVE-2019-9945 (SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGI ...)
NOT-FOR-US: SoftNAS Cloud
-CVE-2019-9944
- RESERVED
-CVE-2019-9943
- RESERVED
+CVE-2019-9944 (In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the r ...)
+ TODO: check
+CVE-2019-9943 (In ome.services.graphs.GraphTraversal.findObjectDetails in Open Micros ...)
+ TODO: check
CVE-2016-10743 (hostapd before 2.6 does not prevent use of the low-quality PRNG that i ...)
{DLA-1733-1}
- wpa 2:2.6-7 (unimportant)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cec1a47e840d2ddc546c52e71a27f488d34eeec9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cec1a47e840d2ddc546c52e71a27f488d34eeec9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200617/27547a74/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list