[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Mar 6 20:10:33 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
84a1ef86 by security tracker role at 2020-03-06T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2020-10192
+	RESERVED
+CVE-2020-10191
+	RESERVED
+CVE-2020-10190
+	RESERVED
+CVE-2020-10189 (Zoho ManageEngine Desktop Central 10 allows remote code execution beca ...)
+	TODO: check
+CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote attac ...)
+	TODO: check
+CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_address ...)
+	TODO: check
 CVE-2020-10187
 	RESERVED
 CVE-2020-10186
@@ -898,8 +910,8 @@ CVE-2020-9758
 	RESERVED
 CVE-2020-9757 (The Seomatic component before 3.2.46 for Craft CMS allows Server-Side  ...)
 	NOT-FOR-US: Seomatic component for Craft CMS
-CVE-2020-9756
-	RESERVED
+CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insuff ...)
+	TODO: check
 CVE-2020-9755
 	RESERVED
 CVE-2020-9754
@@ -1371,10 +1383,10 @@ CVE-2020-9533
 	RESERVED
 CVE-2020-9532
 	RESERVED
-CVE-2020-9531
-	RESERVED
-CVE-2020-9530
-	RESERVED
+CVE-2020-9531 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In t ...)
+	TODO: check
+CVE-2020-9530 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The  ...)
+	TODO: check
 CVE-2020-9529
 	RESERVED
 CVE-2020-9528
@@ -1525,16 +1537,16 @@ CVE-2020-9460
 	RESERVED
 CVE-2020-9459 (Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webn ...)
 	NOT-FOR-US: Webnus Modern Events Calendar Lite plugin for WordPress
-CVE-2020-9458
-	RESERVED
-CVE-2020-9457
-	RESERVED
-CVE-2020-9456
-	RESERVED
-CVE-2020-9455
-	RESERVED
-CVE-2020-9454
-	RESERVED
+CVE-2020-9458 (In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the exp ...)
+	TODO: check
+CVE-2020-9457 (The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remo ...)
+	TODO: check
+CVE-2020-9456 (In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the use ...)
+	TODO: check
+CVE-2020-9455 (The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remo ...)
+	TODO: check
+CVE-2020-9454 (A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 f ...)
+	TODO: check
 CVE-2020-9453
 	RESERVED
 CVE-2020-9452
@@ -2654,7 +2666,7 @@ CVE-2020-8993
 CVE-2020-8992 (ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux k ...)
 	- linux <unfixed>
 	NOTE: https://patchwork.ozlabs.org/patch/1236118/
-CVE-2020-8991 (vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages me ...)
+CVE-2020-8991 (** DISPUTED ** vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.0 ...)
 	- lvm2 2.03.01-2
 	[stretch] - lvm2 <no-dsa> (Minor issue)
 	[jessie] - lvm2 <no-dsa> (Minor issue)
@@ -4588,8 +4600,7 @@ CVE-2020-8115 (A reflected XSS vulnerability has been discovered in the publicly
 CVE-2020-8114 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission ...)
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
-CVE-2020-8113
-	RESERVED
+CVE-2020-8113 (GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. ...)
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through ...)
@@ -4941,7 +4952,7 @@ CVE-2020-7976 (GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Cont
 	- gitlab <not-affected> (Only affects Gitlab EE 12.4 and later)
 	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
 CVE-2020-7975
-	RESERVED
+	REJECTED
 CVE-2020-7974 (GitLab EE 10.1 through 12.7.2 allows Information Disclosure. ...)
 	- gitlab <not-affected> (Only affects Gitlab EE 10.1 and later)
 	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84a1ef86eada2111c5a7c1ab16fa5a3fa278ab8b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84a1ef86eada2111c5a7c1ab16fa5a3fa278ab8b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200306/d9b7da50/attachment.html>

More information about the debian-security-tracker-commits mailing list