[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 25 20:10:33 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
548e4edc by security tracker role at 2020-03-25T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,28 @@
-CVE-2020-10942 [vhost: Check docket sk_family instead of call getname]
+CVE-2020-10951
+ RESERVED
+CVE-2020-10950
+ RESERVED
+CVE-2020-10949
+ RESERVED
+CVE-2020-10948
+ RESERVED
+CVE-2020-10947
+ RESERVED
+CVE-2020-10946
+ RESERVED
+CVE-2020-10945
+ RESERVED
+CVE-2020-10944
+ RESERVED
+CVE-2020-10943
+ RESERVED
+CVE-2019-20633 (GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vul ...)
+ TODO: check
+CVE-2020-10942 (In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net. ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 (5.6-rc4)
-CVE-2020-10941
- RESERVED
+CVE-2020-10941 (Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive inform ...)
+ TODO: check
CVE-2020-10940
RESERVED
CVE-2020-10939
@@ -134,7 +154,7 @@ CVE-2019-20628 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as de
TODO: check
CVE-2020-10880
RESERVED
-CVE-2020-10879 (rConfig before 3.9.5 allows injection because lib/crud/search.crud.php ...)
+CVE-2020-10879 (rConfig before 3.9.5 allows command injection by sending a crafted GET ...)
NOT-FOR-US: rConfig
CVE-2020-10878
RESERVED
@@ -188,7 +208,7 @@ CVE-2019-20627 (AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. ...)
NOT-FOR-US: AutoUpdater.NET
CVE-2019-20626 (The remote keyless system on Honda HR-V 2017 vehicles sends the same R ...)
NOT-FOR-US: Honda HR-V 2017 vehicles
-CVE-2020-10931 [memcached extlen buffer overflow]
+CVE-2020-10931 (Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial ...)
- memcached 1.6.2-1 (bug #954808)
[buster] - memcached <not-affected> (Introduced in 1.6)
[stretch] - memcached <not-affected> (Introduced in 1.6)
@@ -273,62 +293,62 @@ CVE-2020-10818 (Artica Proxy 4.26 allows remote command execution for an authent
NOT-FOR-US: Artica Proxy
CVE-2020-10817
RESERVED
-CVE-2019-20625
- RESERVED
-CVE-2019-20624
- RESERVED
-CVE-2019-20623
- RESERVED
-CVE-2019-20622
- RESERVED
-CVE-2019-20621
- RESERVED
-CVE-2019-20620
- RESERVED
-CVE-2019-20619
- RESERVED
-CVE-2019-20618
- RESERVED
-CVE-2019-20617
- RESERVED
-CVE-2019-20616
- RESERVED
-CVE-2019-20615
- RESERVED
-CVE-2019-20614
- RESERVED
-CVE-2019-20613
- RESERVED
-CVE-2019-20612
- RESERVED
-CVE-2019-20611
- RESERVED
-CVE-2019-20610
- RESERVED
-CVE-2019-20609
- RESERVED
-CVE-2019-20608
- RESERVED
-CVE-2019-20607
- RESERVED
-CVE-2019-20606
- RESERVED
-CVE-2019-20605
- RESERVED
-CVE-2019-20604
- RESERVED
-CVE-2019-20603
- RESERVED
-CVE-2019-20602
- RESERVED
-CVE-2019-20601
- RESERVED
-CVE-2019-20600
- RESERVED
-CVE-2019-20599
- RESERVED
-CVE-2019-20598
- RESERVED
+CVE-2019-20625 (An issue was discovered on Samsung mobile devices with N(7.1) and O(8. ...)
+ TODO: check
+CVE-2019-20624 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
+ TODO: check
+CVE-2019-20623 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...)
+ TODO: check
+CVE-2019-20622 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
+ TODO: check
+CVE-2019-20621 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
+ TODO: check
+CVE-2019-20620 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
+ TODO: check
+CVE-2019-20619 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
+ TODO: check
+CVE-2019-20618 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
+ TODO: check
+CVE-2019-20617 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
+ TODO: check
+CVE-2019-20616 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
+ TODO: check
+CVE-2019-20615 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
+ TODO: check
+CVE-2019-20614 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
+ TODO: check
+CVE-2019-20613 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
+ TODO: check
+CVE-2019-20612 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
+ TODO: check
+CVE-2019-20611 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
+ TODO: check
+CVE-2019-20610 (An issue was discovered on Samsung mobile devices with N(7.X) and O(8. ...)
+ TODO: check
+CVE-2019-20609 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
+ TODO: check
+CVE-2019-20608 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
+ TODO: check
+CVE-2019-20607 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
+ TODO: check
+CVE-2019-20606 (An issue was discovered on Samsung mobile devices with any (before May ...)
+ TODO: check
+CVE-2019-20605 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
+ TODO: check
+CVE-2019-20604 (An issue was discovered on Samsung mobile devices with O(8.x) software ...)
+ TODO: check
+CVE-2019-20603 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), ...)
+ TODO: check
+CVE-2019-20602 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), ...)
+ TODO: check
+CVE-2019-20601 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
+ TODO: check
+CVE-2019-20600 (An issue was discovered on Samsung mobile devices with O(8.0) and P(9. ...)
+ TODO: check
+CVE-2019-20599 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
+ TODO: check
+CVE-2019-20598 (An issue was discovered on Samsung mobile devices with O(8.x) software ...)
+ TODO: check
CVE-2019-20597 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...)
NOT-FOR-US: Samsung mobile devices
CVE-2019-20596 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
@@ -337,8 +357,8 @@ CVE-2019-20595 (An issue was discovered on Samsung mobile devices with P(9.0) so
NOT-FOR-US: Samsung mobile devices
CVE-2019-20594 (An issue was discovered on Samsung mobile devices with O(8.1) and P(9. ...)
NOT-FOR-US: Samsung mobile devices
-CVE-2019-20593
- RESERVED
+CVE-2019-20593 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
+ TODO: check
CVE-2019-20592 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
NOT-FOR-US: Samsung mobile devices
CVE-2019-20591 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
@@ -371,8 +391,8 @@ CVE-2019-20578 (An issue was discovered on Samsung mobile devices with P(9.0) (E
NOT-FOR-US: Samsung mobile devices
CVE-2019-20577 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...)
NOT-FOR-US: Samsung mobile devices
-CVE-2019-20576
- RESERVED
+CVE-2019-20576 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
+ TODO: check
CVE-2019-20575 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
NOT-FOR-US: Samsung mobile devices
CVE-2019-20574 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
@@ -545,14 +565,14 @@ CVE-2020-10793 (CodeIgniter through 4.0.0 allows remote attackers to gain privil
- codeigniter <itp> (bug #471583)
CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to configure the s ...)
NOT-FOR-US: openITCOCKPIT
-CVE-2020-10791
- RESERVED
-CVE-2020-10790
- RESERVED
-CVE-2020-10789
- RESERVED
-CVE-2020-10788
- RESERVED
+CVE-2020-10791 (app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php ...)
+ TODO: check
+CVE-2020-10790 (openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files ...)
+ TODO: check
+CVE-2020-10789 (openITCOCKPIT before 3.7.3 has a web-based terminal that allows attack ...)
+ TODO: check
+CVE-2020-10788 (openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a941523 ...)
+ TODO: check
CVE-2020-10787
RESERVED
CVE-2020-10786
@@ -882,8 +902,8 @@ CVE-2020-10650
RESERVED
CVE-2019-20510
REJECTED
-CVE-2020-10649
- RESERVED
+CVE-2020-10649 (DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 ...)
+ TODO: check
CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified boot re ...)
- u-boot <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2020/03/18/5
@@ -1142,7 +1162,7 @@ CVE-2020-10533
CVE-2020-10532 (The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allo ...)
NOT-FOR-US: AD Helper component in WatchGuard Fireware
CVE-2020-10531 (An issue was discovered in International Components for Unicode (ICU) ...)
- {DLA-2151-1}
+ {DSA-4646-1 DLA-2151-1}
[experimental] - icu 66.1-2
- icu 63.2-3 (bug #953747)
NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 (not public)
@@ -2821,11 +2841,13 @@ CVE-2020-9762
CVE-2020-9761 (An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The ...)
NOT-FOR-US: UNCTAD ASYCUDA World
CVE-2020-9760 (An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affe ...)
+ {DLA-2157-1}
- weechat 2.7.1-1
[buster] - weechat <no-dsa> (Minor issue)
[stretch] - weechat <no-dsa> (Minor issue)
NOTE: https://github.com/weechat/weechat/commit/694b5c9f874d7337cd2e03761e0de435275dd64d
CVE-2020-9759 (An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affe ...)
+ {DLA-2157-1}
- weechat 2.7.1-1
[buster] - weechat <no-dsa> (Minor issue)
[stretch] - weechat <no-dsa> (Minor issue)
@@ -3242,10 +3264,10 @@ CVE-2020-9554
RESERVED
CVE-2020-9553
RESERVED
-CVE-2020-9552
- RESERVED
-CVE-2020-9551
- RESERVED
+CVE-2020-9552 (Adobe Bridge versions 10.0 have a heap-based buffer overflow vulnerabi ...)
+ TODO: check
+CVE-2020-9551 (Adobe Bridge versions 10.0 have an out-of-bounds write vulnerability. ...)
+ TODO: check
CVE-2019-20489 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web ...)
NOT-FOR-US: Netgear
CVE-2019-20488 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multipl ...)
@@ -3682,8 +3704,8 @@ CVE-2020-9377
RESERVED
CVE-2020-9376
RESERVED
-CVE-2020-9375
- RESERVED
+CVE-2020-9375 (TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows re ...)
+ TODO: check
CVE-2019-20482
RESERVED
CVE-2020-9374 (On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vu ...)
@@ -3741,6 +3763,7 @@ CVE-2020-9361
CVE-2020-9360
RESERVED
CVE-2020-9359 (KDE Okular before 1.10.0 allows code execution via an action link in a ...)
+ {DLA-2159-1}
- okular 4:19.12.3-2 (bug #954891)
[buster] - okular <no-dsa> (Minor issue)
[stretch] - okular <no-dsa> (Minor issue)
@@ -3791,8 +3814,7 @@ CVE-2020-9337 (In GolfBuddy Course Manager 1.1, passwords are sent (with base64
NOT-FOR-US: GolfBuddy Course Manager
CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings ...)
NOT-FOR-US: fauzantrif eLection
-CVE-2020-6816 [mutation XSS vulnerability again]
- RESERVED
+CVE-2020-6816 (In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCD ...)
{DSA-4643-1}
- python-bleach 3.1.3-1 (bug #954236)
[stretch] - python-bleach <ignored> (Requires invasive changes to address issue)
@@ -3800,8 +3822,7 @@ CVE-2020-6816 [mutation XSS vulnerability again]
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1621692 (not public)
NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743
NOTE: https://github.com/mozilla/bleach/commit/175f67740e7951e1d80cefb7831e6c3e4efeb986
-CVE-2020-6802 [mutation XSS vulnerability]
- RESERVED
+CVE-2020-6802 (In Mozilla Bleach before 3.11, a mutation XSS affects users calling bl ...)
{DSA-4636-1}
- python-bleach 3.1.1-1 (bug #951907)
[stretch] - python-bleach <ignored> (Requires invasive changes to address issue)
@@ -4628,12 +4649,12 @@ CVE-2020-8988 (The Voatz application 2020-01-01 for Android allows only 100 mill
NOT-FOR-US: Voatz application for Android
CVE-2020-8987 (Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 pr ...)
NOT-FOR-US: Avast AntiTrack
-CVE-2020-8986
- RESERVED
-CVE-2020-8985
- RESERVED
-CVE-2020-8984
- RESERVED
+CVE-2020-8986 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly c ...)
+ TODO: check
+CVE-2020-8985 (ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unl ...)
+ TODO: check
+CVE-2020-8984 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address s ...)
+ TODO: check
CVE-2020-8983
RESERVED
CVE-2020-8982
@@ -4691,6 +4712,7 @@ CVE-2020-8957
CVE-2020-8956
RESERVED
CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2 ...)
+ {DLA-2157-1}
- weechat 2.7.1-1 (bug #951289)
[buster] - weechat <no-dsa> (Minor issue)
[stretch] - weechat <no-dsa> (Minor issue)
@@ -9166,40 +9188,40 @@ CVE-2020-7009
RESERVED
CVE-2020-7008
RESERVED
-CVE-2020-7007
- RESERVED
+CVE-2020-7007 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker ...)
+ TODO: check
CVE-2020-7006 (Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), ...)
NOT-FOR-US: Systech Corporation
-CVE-2020-7005
- RESERVED
+CVE-2020-7005 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected produ ...)
+ TODO: check
CVE-2020-7004
RESERVED
CVE-2020-7003 (In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpre ...)
NOT-FOR-US: Moxa
CVE-2020-7002 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. ...)
NOT-FOR-US: McAfee
-CVE-2020-7001
- RESERVED
+CVE-2020-7001 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected ...)
+ TODO: check
CVE-2020-7000
RESERVED
CVE-2020-6999
RESERVED
CVE-2020-6998
RESERVED
-CVE-2020-6997
- RESERVED
+CVE-2020-6997 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive inf ...)
+ TODO: check
CVE-2020-6996
RESERVED
-CVE-2020-6995
- RESERVED
+CVE-2020-6995 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...)
+ TODO: check
CVE-2020-6994
RESERVED
-CVE-2020-6993
- RESERVED
+CVE-2020-6993 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...)
+ TODO: check
CVE-2020-6992
RESERVED
-CVE-2020-6991
- RESERVED
+CVE-2020-6991 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password ...)
+ TODO: check
CVE-2020-6990 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
NOT-FOR-US: Rockwell
CVE-2020-6989 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...)
@@ -9210,22 +9232,22 @@ CVE-2020-6987 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-782
NOT-FOR-US: Moxa
CVE-2020-6986 (In all versions of Omron PLC CJ Series, an attacker can send a series ...)
NOT-FOR-US: Omron
-CVE-2020-6985
- RESERVED
+CVE-2020-6985 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...)
+ TODO: check
CVE-2020-6984 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
NOT-FOR-US: Rockwell
CVE-2020-6983 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...)
NOT-FOR-US: Moxa
-CVE-2020-6982
- RESERVED
-CVE-2020-6981
- RESERVED
+CVE-2020-6982 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injecti ...)
+ TODO: check
+CVE-2020-6981 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker m ...)
+ TODO: check
CVE-2020-6980 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
NOT-FOR-US: Rockwell
-CVE-2020-6979
- RESERVED
-CVE-2020-6978
- RESERVED
+CVE-2020-6979 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected ...)
+ TODO: check
+CVE-2020-6978 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected produ ...)
+ TODO: check
CVE-2020-6977 (A restricted desktop environment escape vulnerability exists in the Ki ...)
NOT-FOR-US: GE
CVE-2020-6976 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. ...)
@@ -11333,26 +11355,26 @@ CVE-2020-6082
RESERVED
CVE-2020-6081
RESERVED
-CVE-2020-6080
- RESERVED
-CVE-2020-6079
- RESERVED
-CVE-2020-6078
- RESERVED
-CVE-2020-6077
- RESERVED
+CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the resource ...)
+ TODO: check
+CVE-2020-6079 (An exploitable denial-of-service vulnerability exists in the resource ...)
+ TODO: check
+CVE-2020-6078 (An exploitable denial-of-service vulnerability exists in the message-p ...)
+ TODO: check
+CVE-2020-6077 (An exploitable denial-of-service vulnerability exists in the message-p ...)
+ TODO: check
CVE-2020-6076
RESERVED
CVE-2020-6075
RESERVED
CVE-2020-6074
RESERVED
-CVE-2020-6073
- RESERVED
-CVE-2020-6072
- RESERVED
-CVE-2020-6071
- RESERVED
+CVE-2020-6073 (An exploitable denial-of-service vulnerability exists in the TXT recor ...)
+ TODO: check
+CVE-2020-6072 (An exploitable code execution vulnerability exists in the label-parsin ...)
+ TODO: check
+CVE-2020-6071 (An exploitable denial-of-service vulnerability exists in the resource ...)
+ TODO: check
CVE-2020-6070
RESERVED
CVE-2020-6069 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
@@ -12385,26 +12407,26 @@ CVE-2020-5563
RESERVED
CVE-2020-5562
RESERVED
-CVE-2020-5561
- RESERVED
-CVE-2020-5560
- RESERVED
-CVE-2020-5559
- RESERVED
-CVE-2020-5558
- RESERVED
-CVE-2020-5557
- RESERVED
-CVE-2020-5556
- RESERVED
-CVE-2020-5555
- RESERVED
-CVE-2020-5554
- RESERVED
-CVE-2020-5553
- RESERVED
-CVE-2020-5552
- RESERVED
+CVE-2020-5561 (Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS ...)
+ TODO: check
+CVE-2020-5560 (WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS c ...)
+ TODO: check
+CVE-2020-5559 (Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remo ...)
+ TODO: check
+CVE-2020-5558 (CuteNews 2.0.1 allows remote authenticated attackers to execute arbitr ...)
+ TODO: check
+CVE-2020-5557 (Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote att ...)
+ TODO: check
+CVE-2020-5556 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers ...)
+ TODO: check
+CVE-2020-5555 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers ...)
+ TODO: check
+CVE-2020-5554 (Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 a ...)
+ TODO: check
+CVE-2020-5553 (mailform version 1.04 allows remote attackers to execute arbitrary PHP ...)
+ TODO: check
+CVE-2020-5552 (Cross-site scripting vulnerability in mailform version 1.04 allows rem ...)
+ TODO: check
CVE-2020-5551
RESERVED
CVE-2020-5550
@@ -13046,18 +13068,18 @@ CVE-2020-5284
RESERVED
CVE-2020-5283
RESERVED
-CVE-2020-5282
- RESERVED
-CVE-2020-5281
- RESERVED
-CVE-2020-5280
- RESERVED
+CVE-2020-5282 (In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in ...)
+ TODO: check
+CVE-2020-5281 (In Perun before version 3.9.1, VO or group manager can modify configur ...)
+ TODO: check
+CVE-2020-5280 (http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file i ...)
+ TODO: check
CVE-2020-5279
RESERVED
CVE-2020-5278
RESERVED
-CVE-2020-5277
- RESERVED
+CVE-2020-5277 (PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflect ...)
+ TODO: check
CVE-2020-5276
RESERVED
CVE-2020-5275
@@ -13093,8 +13115,8 @@ CVE-2020-5263
RESERVED
CVE-2020-5262 (In EasyBuild before version 4.1.2, the GitHub Personal Access Token (P ...)
NOT-FOR-US: EasyBuild
-CVE-2020-5261
- RESERVED
+CVE-2020-5261 (Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Sa ...)
+ TODO: check
CVE-2020-5260
RESERVED
CVE-2020-5259 (In affected versions of dojox (NPM package), the jqMix method is vulne ...)
@@ -17350,38 +17372,38 @@ CVE-2020-3809
RESERVED
CVE-2020-3808
RESERVED
-CVE-2020-3807
- RESERVED
-CVE-2020-3806
- RESERVED
-CVE-2020-3805
- RESERVED
-CVE-2020-3804
- RESERVED
-CVE-2020-3803
- RESERVED
-CVE-2020-3802
- RESERVED
-CVE-2020-3801
- RESERVED
-CVE-2020-3800
- RESERVED
-CVE-2020-3799
- RESERVED
+CVE-2020-3807 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
+ TODO: check
+CVE-2020-3806 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
+ TODO: check
+CVE-2020-3805 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
+ TODO: check
+CVE-2020-3804 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
+ TODO: check
+CVE-2020-3803 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
+ TODO: check
+CVE-2020-3802 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
+ TODO: check
+CVE-2020-3801 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
+ TODO: check
+CVE-2020-3800 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
+ TODO: check
+CVE-2020-3799 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
+ TODO: check
CVE-2020-3798
RESERVED
-CVE-2020-3797
- RESERVED
+CVE-2020-3797 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
+ TODO: check
CVE-2020-3796
RESERVED
-CVE-2020-3795
- RESERVED
+CVE-2020-3795 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
+ TODO: check
CVE-2020-3794
RESERVED
-CVE-2020-3793
- RESERVED
-CVE-2020-3792
- RESERVED
+CVE-2020-3793 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
+ TODO: check
+CVE-2020-3792 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
+ TODO: check
CVE-2020-3791
RESERVED
CVE-2020-3790
@@ -17426,14 +17448,14 @@ CVE-2020-3771
RESERVED
CVE-2020-3770
RESERVED
-CVE-2020-3769
- RESERVED
+CVE-2020-3769 (Adobe Experience Manager versions 6.5 and earlier have a server-side r ...)
+ TODO: check
CVE-2020-3768
RESERVED
CVE-2020-3767
RESERVED
-CVE-2020-3766
- RESERVED
+CVE-2020-3766 (Adobe Genuine Integrity Service versions Version 6.4 and earlier have ...)
+ TODO: check
CVE-2020-3765 (Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds ...)
NOT-FOR-US: Adobe
CVE-2020-3764 (Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds wr ...)
@@ -21446,41 +21468,29 @@ CVE-2020-2173
RESERVED
CVE-2020-2172
RESERVED
-CVE-2020-2171
- RESERVED
+CVE-2020-2171 (Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2170
- RESERVED
+CVE-2020-2170 (Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package nam ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2169
- RESERVED
+CVE-2020-2169 (A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and ear ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2168
- RESERVED
+CVE-2020-2168 (Jenkins Azure Container Service Plugin 1.0.1 and earlier does not conf ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2167
- RESERVED
+CVE-2020-2167 (Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configur ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2166
- RESERVED
+CVE-2020-2166 (Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2165
- RESERVED
+CVE-2020-2165 (Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured pass ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2164
- RESERVED
+CVE-2020-2164 (Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory se ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2163
- RESERVED
+CVE-2020-2163 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processe ...)
NOT-FOR-US: Jenkins
-CVE-2020-2162
- RESERVED
+CVE-2020-2162 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Conten ...)
NOT-FOR-US: Jenkins
-CVE-2020-2161
- RESERVED
+CVE-2020-2161 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly e ...)
NOT-FOR-US: Jenkins
-CVE-2020-2160
- RESERVED
+CVE-2020-2160 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different repr ...)
NOT-FOR-US: Jenkins
CVE-2020-2159 (Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job ...)
NOT-FOR-US: Jenkins CryptoMove Plugin
@@ -22145,8 +22155,7 @@ CVE-2020-1959
RESERVED
CVE-2020-1958
RESERVED
-CVE-2020-1957
- RESERVED
+CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic ...)
- shiro <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2
CVE-2020-1956
@@ -23231,7 +23240,7 @@ CVE-2019-19348
RESERVED
NOT-FOR-US: openshift
CVE-2019-19347
- RESERVED
+ REJECTED
NOT-FOR-US: openshift
CVE-2019-19346
RESERVED
@@ -23822,8 +23831,8 @@ CVE-2019-19129 (Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora
NOT-FOR-US: Afterlogic
CVE-2019-19128
RESERVED
-CVE-2019-19127
- RESERVED
+CVE-2019-19127 (An authentication bypass vulnerability is present in the standalone SI ...)
+ TODO: check
CVE-2019-19126 (On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 ...)
- glibc 2.29-8 (bug #945250)
[buster] - glibc <no-dsa> (Minor issue)
@@ -27358,8 +27367,8 @@ CVE-2019-18628
RESERVED
CVE-2019-18627
RESERVED
-CVE-2019-18626
- RESERVED
+CVE-2019-18626 (Harris Ormed Self Service before 2019.1.4 allows an authenticated user ...)
+ TODO: check
CVE-2018-21029 (** DISPUTED ** systemd 239 through 244 accepts any certificate signed ...)
- systemd 244-1 (low)
[buster] - systemd <not-affected> (Only affected v243)
@@ -61869,8 +61878,8 @@ CVE-2019-7632 (LifeSize Team, Room, Passport, and Networker 220 devices allow Au
NOT-FOR-US: LifeSize devices
CVE-2019-7631
RESERVED
-CVE-2019-7630
- RESERVED
+CVE-2019-7630 (An issue was discovered in gdrv.sys in Gigabyte APP Center before 19.0 ...)
+ TODO: check
CVE-2019-7629 (Stack-based buffer overflow in the strip_vt102_codes function in TinTi ...)
- tintin++ 2.01.5-2 (low; bug #924348)
[stretch] - tintin++ <no-dsa> (Minor issue)
@@ -63009,18 +63018,18 @@ CVE-2019-7247
RESERVED
CVE-2019-7246
RESERVED
-CVE-2019-7245
- RESERVED
-CVE-2019-7244
- RESERVED
+CVE-2019-7245 (An issue was discovered in GPU-Z.sys in TechPowerUp GPU-Z before 2.23. ...)
+ TODO: check
+CVE-2019-7244 (An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vuln ...)
+ TODO: check
CVE-2019-7243
RESERVED
CVE-2019-7242
RESERVED
CVE-2019-7241
RESERVED
-CVE-2019-7240
- RESERVED
+CVE-2019-7240 (An issue was discovered in WinRing0x64.sys in Moo0 System Monitor 1.83 ...)
+ TODO: check
CVE-2019-7239
RESERVED
CVE-2019-7238 (Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access C ...)
@@ -68137,6 +68146,7 @@ CVE-2019-5190
CVE-2019-5189
RESERVED
CVE-2019-5188 (A code execution vulnerability exists in the directory rehashing funct ...)
+ {DLA-2156-1}
- e2fsprogs 1.45.5-1 (bug #948508)
[buster] - e2fsprogs 1.44.5-1+deb10u3
[stretch] - e2fsprogs <no-dsa> (Minor issue)
@@ -70663,8 +70673,8 @@ CVE-2019-4003
RESERVED
CVE-2019-4002
RESERVED
-CVE-2019-4001
- RESERVED
+CVE-2019-4001 (Improper input validation in Druva inSync Client 6.5.0 allows a local, ...)
+ TODO: check
CVE-2019-4000 (Improper neutralization of directives in dynamically evaluated code in ...)
NOT-FOR-US: Druva inSync Mac OS Client
CVE-2019-3999 (Improper neutralization of special elements used in an OS command in D ...)
@@ -211389,6 +211399,7 @@ CVE-2016-2339 (An exploitable heap overflow vulnerability exists in the Fiddle::
NOTE: Fixed by: https://github.com/ruby/ruby/commit/de577357e80fa15f5cf13a81aa3decc783ea929e
NOTE: Fixed by: https://github.com/ruby/ruby/commit/4977af3c3d54d27167bfc237f1b2802c40bddc10
CVE-2016-2338 (An exploitable heap overflow vulnerability exists in the Psych::Emitte ...)
+ {DLA-2158-1}
- ruby2.3 2.3.0-1
- ruby2.1 <removed>
NOTE: https://talosintelligence.com/reports/TALOS-2016-0032
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/548e4edccedf5e6218a94c0754f80d1636627c63
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/548e4edccedf5e6218a94c0754f80d1636627c63
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200325/1a60b85b/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list