[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jun 18 21:10:35 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9b82dbd0 by security tracker role at 2020-06-18T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,66 @@
-CVE-2020-14416 [can, slip: Protect tty->disc_data in write_wakeup and close with RCU]
+CVE-2020-14446 (An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO ...)
+ TODO: check
+CVE-2020-14445 (An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 ...)
+ TODO: check
+CVE-2020-14444 (An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 ...)
+ TODO: check
+CVE-2020-14443 (A SQL injection vulnerability in accountancy/customer/card.php in Doli ...)
+ TODO: check
+CVE-2020-14442 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ TODO: check
+CVE-2020-14441 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ TODO: check
+CVE-2020-14440 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ TODO: check
+CVE-2020-14439 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ TODO: check
+CVE-2020-14438 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ TODO: check
+CVE-2020-14437 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ TODO: check
+CVE-2020-14436 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ TODO: check
+CVE-2020-14435 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ TODO: check
+CVE-2020-14434 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ TODO: check
+CVE-2020-14433 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ TODO: check
+CVE-2020-14432 (Certain NETGEAR devices are affected by CSRF. This affects RBK752 befo ...)
+ TODO: check
+CVE-2020-14431 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ TODO: check
+CVE-2020-14430 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ TODO: check
+CVE-2020-14429 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ TODO: check
+CVE-2020-14428 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ TODO: check
+CVE-2020-14427 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ TODO: check
+CVE-2020-14426 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ TODO: check
+CVE-2020-14425
+ RESERVED
+CVE-2020-14424
+ RESERVED
+CVE-2020-14423 (Convos before 4.20 does not properly generate a random secret in Core/ ...)
+ TODO: check
+CVE-2020-14422 (Lib/ipaddress.py in Python through 3.8.3 improperly computes hash valu ...)
+ TODO: check
+CVE-2020-14421 (aaPanel through 6.6.6 allows remote authenticated users to execute arb ...)
+ TODO: check
+CVE-2020-14420
+ RESERVED
+CVE-2020-14419
+ RESERVED
+CVE-2020-14418
+ RESERVED
+CVE-2020-14417
+ RESERVED
+CVE-2020-14415
+ RESERVED
+CVE-2020-14416 (In the Linux kernel before 5.4.16, a race condition in tty->disc_da ...)
- linux 5.4.19-1
[buster] - linux 4.19.118-1
[stretch] - linux 4.9.210-1+deb9u1
@@ -1205,8 +1267,8 @@ CVE-2020-13884 (Citrix Workspace App before 1912 on Windows has Insecure Permiss
NOT-FOR-US: Citrix
CVE-2020-13883 (In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, an ...)
NOT-FOR-US: WSO2 API Manager
-CVE-2020-13882
- RESERVED
+CVE-2020-13882 (CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TO ...)
+ TODO: check
CVE-2020-13881 (In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared se ...)
{DLA-2239-1}
- libpam-tacplus <unfixed> (low; bug #962830)
@@ -1882,8 +1944,8 @@ CVE-2020-13642 (An issue was discovered in the SiteOrigin Page Builder plugin be
NOT-FOR-US: SiteOrigin Page Builder plugin for WordPress
CVE-2020-13641 (An issue was discovered in the Real-Time Find and Replace plugin befor ...)
NOT-FOR-US: Real-Time Find and Replace plugin for WordPress
-CVE-2020-13640
- RESERVED
+CVE-2020-13640 (A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlie ...)
+ TODO: check
CVE-2020-13639
RESERVED
CVE-2020-13638
@@ -1985,7 +2047,7 @@ CVE-2020-13598
CVE-2020-13597 (Clusters using Calico (version 3.14.0 and below), Calico Enterprise (v ...)
NOT-FOR-US: Calico
CVE-2020-13596 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...)
- {DLA-2233-1}
+ {DSA-4705-1 DLA-2233-1}
- python-django 2:2.2.13-1 (bug #962323)
NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1
NOTE: https://github.com/django/django/commit/2dd4d110c159d0c81dff42eaead2c378a0998735 (master)
@@ -2736,7 +2798,7 @@ CVE-2020-13256
CVE-2020-13255
RESERVED
CVE-2020-13254 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...)
- {DLA-2233-1}
+ {DSA-4705-1 DLA-2233-1}
- python-django 2:2.2.13-1 (bug #962323)
NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1
NOTE: https://github.com/django/django/commit/2c82414914ae6476be5a166be9ff49c24d0d9069 (master)
@@ -3533,16 +3595,16 @@ CVE-2020-12889 (MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection acr
CVE-2020-12888 (The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles atte ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1836244
-CVE-2020-12887
- RESERVED
-CVE-2020-12886
- RESERVED
-CVE-2020-12885
- RESERVED
-CVE-2020-12884
- RESERVED
-CVE-2020-12883
- RESERVED
+CVE-2020-12887 (Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 ...)
+ TODO: check
+CVE-2020-12886 (A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5 ...)
+ TODO: check
+CVE-2020-12885 (An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.1 ...)
+ TODO: check
+CVE-2020-12884 (A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5 ...)
+ TODO: check
+CVE-2020-12883 (Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5 ...)
+ TODO: check
CVE-2020-12882 (Submitty through 20.04.01 allows XSS via upload of an SVG document, as ...)
NOT-FOR-US: Submitty
CVE-2020-12881
@@ -8226,8 +8288,8 @@ CVE-2020-11505 (An issue was discovered in GitLab Community Edition (CE) and Ent
NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/
CVE-2020-11504
RESERVED
-CVE-2020-11503
- RESERVED
+CVE-2020-11503 (A heap-based buffer overflow in the awarrensmtp component of Sophos XG ...)
+ TODO: check
CVE-2020-11502
RESERVED
CVE-2020-11500 (Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for vi ...)
@@ -10277,8 +10339,8 @@ CVE-2020-10784
RESERVED
CVE-2020-10783
RESERVED
-CVE-2020-10782
- RESERVED
+CVE-2020-10782 (An exposure of sensitive information flaw was found in Ansible Tower b ...)
+ TODO: check
CVE-2020-10781 [zram sysfs resource consumption]
RESERVED
- linux <unfixed>
@@ -14059,8 +14121,8 @@ CVE-2020-9227
RESERVED
CVE-2020-9226
RESERVED
-CVE-2020-9225
- RESERVED
+CVE-2020-9225 (FusionSphere OpenStack 6.5.1 have an improper permissions management v ...)
+ TODO: check
CVE-2020-9224
RESERVED
CVE-2020-9223
@@ -33120,10 +33182,10 @@ CVE-2020-1837
RESERVED
CVE-2020-1836
RESERVED
-CVE-2020-1835
- RESERVED
-CVE-2020-1834
- RESERVED
+CVE-2020-1835 (HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have ...)
+ TODO: check
+CVE-2020-1834 (HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C0 ...)
+ TODO: check
CVE-2020-1833 (Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) ...)
NOT-FOR-US: Huawei
CVE-2020-1832 (E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3. ...)
@@ -33140,7 +33202,7 @@ CVE-2020-1827 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R
NOT-FOR-US: Huawei
CVE-2020-1826 (Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.17 ...)
NOT-FOR-US: Huawei
-CVE-2020-1825 (Huawei FusionAccess products with versions earlier than 6.5.1.SPC002 h ...)
+CVE-2020-1825 (FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of ...)
NOT-FOR-US: Huawei
CVE-2020-1824
RESERVED
@@ -56817,8 +56879,8 @@ CVE-2019-13045 (Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1,
NOTE: https://github.com/irssi/irssi/pull/1058
NOTE: https://github.com/irssi/irssi/commit/5a67b983dc97caeb5df1139aabd0bc4f260a47d8
NOTE: Fixed in 1.0.8, 1.1.3, 1.2.1
-CVE-2019-13033
- RESERVED
+CVE-2019-13033 (In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by ...)
+ TODO: check
CVE-2019-13032 (An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL point ...)
- flightcrew 0.7.2+dfsg-14 (unimportant; bug #931246)
[buster] - flightcrew 0.7.2+dfsg-13+deb10u1
@@ -72577,11 +72639,11 @@ CVE-2019-7658
RESERVED
CVE-2019-7657
RESERVED
-CVE-2019-7656 (A privilege escalation vulnerability in Wowza Streaming Engine 4.7.7 a ...)
+CVE-2019-7656 (A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 a ...)
NOT-FOR-US: Wowza Streaming Engine
-CVE-2019-7655 (Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple authentic ...)
+CVE-2019-7655 (Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated X ...)
NOT-FOR-US: Wowza Streaming Engine
-CVE-2019-7654 (Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple CSRF vuln ...)
+CVE-2019-7654 (Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vu ...)
NOT-FOR-US: Wowza Streaming Engine
CVE-2019-7652 (TheHive Project UnshortenLink analyzer before 1.1, included in Cortex- ...)
NOT-FOR-US: TheHive Project UnshortenLink analyzer
@@ -172809,38 +172871,31 @@ CVE-2017-9110 (In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode func
[jessie] - openexr <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
-CVE-2017-9109
- RESERVED
+CVE-2017-9109 (An issue was discovered in adns before 1.5.2. It fails to ignore appar ...)
- adns <unfixed> (unimportant)
NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=fcf2b4e1faf22accb6184cca595aaee602839868
NOTE: Stub resolver that should only be used with trusted recursors
-CVE-2017-9108
- RESERVED
+CVE-2017-9108 (An issue was discovered in adns before 1.5.2. adnshost mishandles a mi ...)
- adns <unfixed> (unimportant)
NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=72c6bfd77dfdb34457a792874fd1c3030fca90ac
NOTE: Stub resolver that should only be used with trusted recursors
-CVE-2017-9107
- RESERVED
+CVE-2017-9107 (An issue was discovered in adns before 1.5.2. It overruns reading a bu ...)
- adns <unfixed> (unimportant)
NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=278f8eee581c4c4a0ddd0f98c4dc8c2974cf6b90
NOTE: Stub resolver that should only be used with trusted recursors
-CVE-2017-9106
- RESERVED
+CVE-2017-9106 (An issue was discovered in adns before 1.5.2. adns_rr_info mishandles ...)
- adns <unfixed> (unimportant)
NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=37792aacaf7abbcdac6a02715a5ef794b5147f13
NOTE: Stub resolver that should only be used with trusted recursors
-CVE-2017-9105
- RESERVED
+CVE-2017-9105 (An issue was discovered in adns before 1.5.2. It corrupts a pointer wh ...)
- adns <unfixed> (unimportant)
NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=17afb298d90c5aafed76bd3855a5fe7dcd58594c
NOTE: Stub resolver that should only be used with trusted recursors
-CVE-2017-9104
- RESERVED
+CVE-2017-9104 (An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if ...)
- adns <unfixed> (unimportant)
NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=7ba7a232de0516d2cce934bdc91627b33b46ef47
NOTE: Stub resolver that should only be used with trusted recursors
-CVE-2017-9103
- RESERVED
+CVE-2017-9103 (An issue was discovered in adns before 1.5.2. pap_mailbox822 does not ...)
- adns <unfixed> (unimportant)
NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=020d86e2eccc2dbdfa9dcca08ddb327cc7ca3ae2
NOTE: Stub resolver that should only be used with trusted recursors
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b82dbd0dff889578cfb55becd4dcaf2ae79dc28
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b82dbd0dff889578cfb55becd4dcaf2ae79dc28
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200618/1a51f042/attachment.html>
More information about the debian-security-tracker-commits
mailing list