[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Mar 24 08:10:36 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1e5d6e0e by security tracker role at 2020-03-24T08:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2020-10880
+	RESERVED
+CVE-2020-10879 (rConfig before 3.9.5 allows injection because lib/crud/search.crud.php ...)
+	TODO: check
+CVE-2020-10878
+	RESERVED
+CVE-2020-10877
+	RESERVED
+CVE-2020-10876
+	RESERVED
+CVE-2020-10875 (Motorola FX9500 devices allow remote attackers to conduct absolute pat ...)
+	TODO: check
+CVE-2020-10874 (Motorola FX9500 devices allow remote attackers to read database files. ...)
+	TODO: check
+CVE-2020-10873
+	RESERVED
+CVE-2020-10872
+	RESERVED
+CVE-2020-10871 (** DISPUTED ** In OpenWrt LuCI git-20.x, remote unauthenticated attack ...)
+	TODO: check
 CVE-2020-10870 (Zim through 0.72.1 creates temporary directories with predictable name ...)
 	- zim <unfixed> (unimportant; bug #954810)
 	NOTE: https://github.com/zim-desktop-wiki/zim-desktop-wiki/issues/1028
@@ -4713,26 +4733,26 @@ CVE-2020-8870
 	RESERVED
 CVE-2020-8869
 	RESERVED
-CVE-2020-8868
-	RESERVED
+CVE-2020-8868 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2020-8867
 	RESERVED
-CVE-2020-8866
-	RESERVED
-CVE-2020-8865
-	RESERVED
-CVE-2020-8864
-	RESERVED
-CVE-2020-8863
-	RESERVED
+CVE-2020-8866 (This vulnerability allows remote attackers to create arbitrary files o ...)
+	TODO: check
+CVE-2020-8865 (This vulnerability allows remote attackers to execute local PHP files  ...)
+	TODO: check
+CVE-2020-8864 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+	TODO: check
+CVE-2020-8863 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+	TODO: check
 CVE-2020-8862 (This vulnerability allows network-adjacent attackers to bypass authent ...)
 	NOT-FOR-US: D-Link
 CVE-2020-8861 (This vulnerability allows network-adjacent attackers to bypass authent ...)
 	NOT-FOR-US: D-Link
 CVE-2020-8860 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Samsung Galaxy S10 Firmware
-CVE-2020-8859
-	RESERVED
+CVE-2020-8859 (This vulnerability allows remote attackers to create a denial-of-servi ...)
+	TODO: check
 CVE-2020-8858 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Moxa
 CVE-2020-8857 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -7868,18 +7888,18 @@ CVE-2020-7484
 	RESERVED
 CVE-2020-7483
 	RESERVED
-CVE-2020-7482
-	RESERVED
-CVE-2020-7481
-	RESERVED
-CVE-2020-7480
-	RESERVED
-CVE-2020-7479
-	RESERVED
-CVE-2020-7478
-	RESERVED
-CVE-2020-7477
-	RESERVED
+CVE-2020-7482 (A CWE-79:Improper Neutralization of Input During Web Page Generation ( ...)
+	TODO: check
+CVE-2020-7481 (A CWE-79:Improper Neutralization of Input During Web Page Generation ( ...)
+	TODO: check
+CVE-2020-7480 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...)
+	TODO: check
+CVE-2020-7479 (A CWE-306: Missing Authentication for Critical Function vulnerability  ...)
+	TODO: check
+CVE-2020-7478 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
+	TODO: check
+CVE-2020-7477 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+	TODO: check
 CVE-2020-7476 (A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Instal ...)
 	NOT-FOR-US: ZigBee Installation Kit
 CVE-2020-7475 (A CWE-74: Improper Neutralization of Special Elements in Output Used b ...)
@@ -9068,8 +9088,8 @@ CVE-2020-6969 (It is possible to unmask credentials and other sensitive informat
 	NOT-FOR-US: AutomationDirect
 CVE-2020-6968 (Honeywell INNCOM INNControl 3 allows workstation users to escalate app ...)
 	NOT-FOR-US: Honeywell
-CVE-2020-6967
-	RESERVED
+CVE-2020-6967 (In Rockwell Automation all versions of FactoryTalk Diagnostics softwar ...)
+	TODO: check
 CVE-2020-6966 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...)
 	NOT-FOR-US: ApexPro Telemetry Server
 CVE-2020-6965 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...)
@@ -11880,8 +11900,8 @@ CVE-2020-5724
 	RESERVED
 CVE-2020-5723
 	RESERVED
-CVE-2020-5722
-	RESERVED
+CVE-2020-5722 (The HTTP interface of the Grandstream UCM6200 series is vulnerable to  ...)
+	TODO: check
 CVE-2020-5721
 	RESERVED
 CVE-2020-5720 (MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerab ...)
@@ -12946,8 +12966,8 @@ CVE-2020-5253 (NetHack before version 3.6.0 allowed malicious use of escaping of
 	[jessie] - nethack <end-of-life> (Not supported in jessie LTS)
 	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m
 	NOTE: https://github.com/NetHack/NetHack/commit/612755bfb5c412079795c68ba392df5d93874ed8
-CVE-2020-5252
-	RESERVED
+CVE-2020-5252 (The command-line "safety" package for Python has a potential security  ...)
+	TODO: check
 CVE-2020-5251 (In parser-server before version 4.1.0, you can fetch all the users obj ...)
 	NOT-FOR-US: parser-server
 CVE-2020-5250 (In PrestaShop before version 1.7.6.4, when a customer edits their addr ...)
@@ -21983,8 +22003,8 @@ CVE-2020-1946
 	RESERVED
 CVE-2020-1945
 	RESERVED
-CVE-2020-1944
-	RESERVED
+CVE-2020-1944 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...)
+	TODO: check
 CVE-2020-1943
 	RESERVED
 	NOT-FOR-US: Apache OFBiz
@@ -30824,8 +30844,8 @@ CVE-2019-17567
 	RESERVED
 CVE-2019-17566
 	RESERVED
-CVE-2019-17565
-	RESERVED
+CVE-2019-17565 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...)
+	TODO: check
 CVE-2019-17564
 	RESERVED
 CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29,  ...)
@@ -30843,8 +30863,8 @@ CVE-2019-17561
 	RESERVED
 CVE-2019-17560
 	RESERVED
-CVE-2019-17559
-	RESERVED
+CVE-2019-17559 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...)
+	TODO: check
 CVE-2019-17558 (Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code ...)
 	- lucene-solr <unfixed> (unimportant)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/12/30/1
@@ -64366,12 +64386,12 @@ CVE-2019-6562 (In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the s
 	NOT-FOR-US: Philips
 CVE-2019-6561 (Cross-site request forgery has been identified in Moxa IKS and EDS, wh ...)
 	NOT-FOR-US: Moxa
-CVE-2019-6560
-	RESERVED
+CVE-2019-6560 (In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and ...)
+	TODO: check
 CVE-2019-6559 (Moxa IKS and EDS allow remote authenticated users to cause a denial of ...)
 	NOT-FOR-US: Moxa
-CVE-2019-6558
-	RESERVED
+CVE-2019-6558 (In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and ...)
+	TODO: check
 CVE-2019-6557 (Several buffer overflow vulnerabilities have been identified in Moxa I ...)
 	NOT-FOR-US: Moxa
 CVE-2019-6556 (When processing project files, the application (Omron CX-Programmer v9 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e5d6e0e7ab648ab2601514baa36e629cbddf0fb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e5d6e0e7ab648ab2601514baa36e629cbddf0fb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200324/a465d4dc/attachment.html>


More information about the debian-security-tracker-commits mailing list