[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Jun 23 21:10:32 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
855ea9a9 by security tracker role at 2020-06-23T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-15001
+	RESERVED
+CVE-2020-15000
+	RESERVED
+CVE-2020-14999
+	RESERVED
+CVE-2020-14998
+	RESERVED
+CVE-2020-14997
+	RESERVED
+CVE-2020-14996
+	RESERVED
+CVE-2020-14995
+	RESERVED
+CVE-2020-14994
+	RESERVED
+CVE-2020-14993 (A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vig ...)
+	TODO: check
 CVE-2020-14992
 	RESERVED
 CVE-2020-14991
@@ -26,22 +44,22 @@ CVE-2020-14980 (The Sophos Secure Email application through 3.9.4 for Android ha
 	NOT-FOR-US: Sophos Secure Email application for Android
 CVE-2020-14979
 	RESERVED
-CVE-2020-14978
-	RESERVED
-CVE-2020-14977
-	RESERVED
-CVE-2020-14976
-	RESERVED
-CVE-2020-14975
-	RESERVED
-CVE-2020-14974
-	RESERVED
+CVE-2020-14978 (An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorre ...)
+	TODO: check
+CVE-2020-14977 (An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC servic ...)
+	TODO: check
+CVE-2020-14976 (GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2. ...)
+	TODO: check
+CVE-2020-14975 (The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to del ...)
+	TODO: check
+CVE-2020-14974 (The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unl ...)
+	TODO: check
 CVE-2020-14973 (The loginForm within the general/login.php webpage in webTareas 2.0p8  ...)
 	NOT-FOR-US: webTareas
 CVE-2020-14972 (Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online  ...)
 	NOT-FOR-US: Sourcecodester Pisay Online E-Learning System
-CVE-2020-14971
-	RESERVED
+CVE-2020-14971 (Pi-hole through 5.0 allows code injection in piholedhcp (the Static DH ...)
+	TODO: check
 CVE-2020-14970
 	RESERVED
 CVE-2020-14969 (app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribu ...)
@@ -52,8 +70,8 @@ CVE-2020-14967 (An issue was discovered in the jsrsasign package before 8.0.18 f
 	NOT-FOR-US: jsrsasign
 CVE-2020-14966 (An issue was discovered in the jsrsasign package through 8.0.18 for No ...)
 	NOT-FOR-US: jsrsasign
-CVE-2020-14965
-	RESERVED
+CVE-2020-14965 (On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with ac ...)
+	TODO: check
 CVE-2020-14964
 	RESERVED
 CVE-2020-14963
@@ -100,12 +118,12 @@ CVE-2020-14942 (Tendenci 12.0.10 allows unrestricted deserialization in apps\hel
 	NOT-FOR-US: Tendenci
 CVE-2020-14941
 	RESERVED
-CVE-2020-14940
-	RESERVED
-CVE-2020-14939
-	RESERVED
-CVE-2020-14938
-	RESERVED
+CVE-2020-14940 (An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar  ...)
+	TODO: check
+CVE-2020-14939 (An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc ...)
+	TODO: check
+CVE-2020-14938 (An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes le ...)
+	TODO: check
 CVE-2020-14937
 	RESERVED
 CVE-2020-14936
@@ -2330,25 +2348,30 @@ CVE-2020-XXXX [Editor: Ensure latest comments can only be viewed from public pos
 	[buster] - wordpress 5.0.10+dfsg1-0+deb10u1
 	NOTE: https://core.trac.wordpress.org/changeset/47984
 CVE-2020-4050 (In affected versions of WordPress, misuse of the `set-screen-option` f ...)
+	{DSA-4709-1}
 	- wordpress 5.4.2+dfsg1-1 (bug #962685)
 	NOTE: https://core.trac.wordpress.org/changeset/47951
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc
 	NOTE: https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920
 CVE-2020-4049 (In affected versions of WordPress, when uploading themes, the name of  ...)
+	{DSA-4709-1}
 	- wordpress 5.4.2+dfsg1-1 (bug #962685)
 	NOTE: https://core.trac.wordpress.org/changeset/47950
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-87h4-phjv-rm6p
 	NOTE: https://github.com/WordPress/wordpress-develop/commit/404f397b4012fd9d382e55bf7d206c1317f01148
 CVE-2020-4048 (In affected versions of WordPress, due to an issue in wp_validate_redi ...)
+	{DSA-4709-1}
 	- wordpress 5.4.2+dfsg1-1 (bug #962685)
 	NOTE: https://core.trac.wordpress.org/changeset/47949
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5
 	NOTE: https://github.com/WordPress/wordpress-develop/commit/6ef777e9a022bee2a80fa671118e7e2657e52693
 CVE-2020-4046 (In affected versions of WordPress, users with low privileges (like con ...)
+	{DSA-4709-1}
 	- wordpress 5.4.2+dfsg1-1 (bug #962685)
 	NOTE: https://core.trac.wordpress.org/changeset/47947
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rpwf-hrh2-39jf
 CVE-2020-4047 (In affected versions of WordPress, authenticated users with upload per ...)
+	{DSA-4709-1}
 	- wordpress 5.4.2+dfsg1-1 (bug #962685)
 	NOTE: https://core.trac.wordpress.org/changeset/47948
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27
@@ -10705,8 +10728,8 @@ CVE-2020-11070 (The SVG Sanitizer extension for TYPO3 has a cross-site scripting
 	NOT-FOR-US: TYPO3
 CVE-2020-11069 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has be ...)
 	NOT-FOR-US: TYPO3
-CVE-2020-11068
-	RESERVED
+CVE-2020-11068 (In LoRaMac-node before 4.4.4, a reception buffer overflow can happen d ...)
+	TODO: check
 CVE-2020-11067 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has be ...)
 	NOT-FOR-US: TYPO3
 CVE-2020-11066 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and g ...)
@@ -15013,8 +15036,8 @@ CVE-2020-9440 (A cross-site scripting (XSS) vulnerability in the WSC plugin thro
 	NOT-FOR-US: CKEditor plugin
 CVE-2020-9439
 	RESERVED
-CVE-2020-9438
-	RESERVED
+CVE-2020-9438 (Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a d ...)
+	TODO: check
 CVE-2020-9437
 	RESERVED
 CVE-2020-9436 (PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G  ...)
@@ -24178,8 +24201,8 @@ CVE-2020-5596
 	RESERVED
 CVE-2020-5595
 	RESERVED
-CVE-2020-5594
-	RESERVED
+CVE-2020-5594 (Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules ...)
+	TODO: check
 CVE-2020-5593 (Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP cod ...)
 	NOT-FOR-US: Zenphoto
 CVE-2020-5592 (Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 ...)
@@ -24188,7 +24211,7 @@ CVE-2020-5591 (XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7
 	NOT-FOR-US: XACK DNS
 CVE-2020-5590 (Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 ...)
 	TODO: check
-CVE-2020-5589 (Multiple SONY Wireless Headphones have vulnerability that someone with ...)
+CVE-2020-5589 (SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3,  ...)
 	NOT-FOR-US: SONY
 CVE-2020-5588
 	RESERVED
@@ -27665,8 +27688,8 @@ CVE-2020-4190 (IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded cr
 	NOT-FOR-US: IBM
 CVE-2020-4189
 	RESERVED
-CVE-2020-4188
-	RESERVED
+CVE-2020-4188 (IBM Security Guardium 10.6 and 11.1 may use insufficiently random numb ...)
+	TODO: check
 CVE-2020-4187 (IBM Security Guardium 11.1 could disclose sensitive information on the ...)
 	NOT-FOR-US: IBM
 CVE-2020-4186
@@ -27987,8 +28010,8 @@ CVE-2020-4030 (In FreeRDP before version 2.1.2, there is an out of bounds read i
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
 CVE-2020-4029
 	RESERVED
-CVE-2020-4028
-	RESERVED
+CVE-2020-4028 (Versions before 8.9.1, Various resources in Jira responded with a 404  ...)
+	TODO: check
 CVE-2020-4027
 	RESERVED
 CVE-2020-4026 (The CustomAppsRestResource list resource in Atlassian Navigator Links  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/855ea9a939a4acd3fbdeda9d03dd832b7a4e9cb1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/855ea9a939a4acd3fbdeda9d03dd832b7a4e9cb1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200623/cef82eb2/attachment.html>

More information about the debian-security-tracker-commits mailing list