[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 27 20:10:32 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ba4eb90e by security tracker role at 2020-03-27T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2020-10995
+ RESERVED
CVE-2020-10994
RESERVED
CVE-2020-10993 (Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader. ...)
@@ -91,24 +93,19 @@ CVE-2020-10958
RESERVED
CVE-2020-10957
RESERVED
-CVE-2020-10956
- RESERVED
+CVE-2020-10956 (GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a proje ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
-CVE-2020-10955
- RESERVED
+CVE-2020-10955 (GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
-CVE-2020-10954
- RESERVED
+CVE-2020-10954 (GitLab through 12.9 is affected by a potential DoS in repository archi ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
-CVE-2020-10953
- RESERVED
+CVE-2020-10953 (In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a pat ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
-CVE-2020-10952
- RESERVED
+CVE-2020-10952 (GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push doc ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10951
@@ -406,8 +403,8 @@ CVE-2020-10819 (Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_
NOT-FOR-US: Nagios XI
CVE-2020-10818 (Artica Proxy 4.26 allows remote command execution for an authenticated ...)
NOT-FOR-US: Artica Proxy
-CVE-2020-10817
- RESERVED
+CVE-2020-10817 (The custom-searchable-data-entry-system (aka Custom Searchable Data En ...)
+ TODO: check
CVE-2019-20625 (An issue was discovered on Samsung mobile devices with N(7.1) and O(8. ...)
NOT-FOR-US: Samsung mobile devices
CVE-2019-20624 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
@@ -1109,8 +1106,8 @@ CVE-2020-10609
RESERVED
CVE-2020-10608
RESERVED
-CVE-2020-10607
- RESERVED
+CVE-2020-10607 (In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer ...)
+ TODO: check
CVE-2020-10606
RESERVED
CVE-2020-10605
@@ -1330,12 +1327,12 @@ CVE-2020-10512
RESERVED
CVE-2020-10511
RESERVED
-CVE-2020-10510
- RESERVED
-CVE-2020-10509
- RESERVED
-CVE-2020-10508
- RESERVED
+CVE-2020-10510 (Sunnet eHRD, a human training and development management system, conta ...)
+ TODO: check
+CVE-2020-10509 (Sunnet eHRD, a human training and development management system, conta ...)
+ TODO: check
+CVE-2020-10508 (Sunnet eHRD, a human training and development management system, impro ...)
+ TODO: check
CVE-2020-10507
RESERVED
CVE-2020-10506
@@ -5756,12 +5753,10 @@ CVE-2020-8554
RESERVED
CVE-2020-8553
RESERVED
-CVE-2020-8552 [se of unbounded 'client' label in apiserver_request_total allows for memory exhaustion]
- RESERVED
+CVE-2020-8552 (The Kubernetes API server component in versions prior to 1.15.9, 1.16. ...)
- kubernetes 1.17.4-1
NOTE: https://github.com/kubernetes/kubernetes/issues/89378
-CVE-2020-8551
- RESERVED
+CVE-2020-8551 (The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1. ...)
- kubernetes 1.17.4-1
NOTE: https://github.com/kubernetes/kubernetes/issues/89377
CVE-2020-8550
@@ -7264,8 +7259,8 @@ CVE-2020-7919 (Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/crypto
NOTE: https://github.com/golang/go/issues/36838 (Go 1.13)
NOTE: https://github.com/golang/go/commit/f938e06d0623d0e1de202575d16f1e126741f6e0 (go1.13.7)
TODO: check older versions than golang-1.11
-CVE-2020-7918
- RESERVED
+CVE-2020-7918 (An insecure direct object reference in webmail in totemo totemomail 7. ...)
+ TODO: check
CVE-2020-7917
RESERVED
CVE-2020-7916 (be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 ...)
@@ -11932,20 +11927,20 @@ CVE-2020-5865
RESERVED
CVE-2020-5864
RESERVED
-CVE-2020-5863
- RESERVED
-CVE-2020-5862
- RESERVED
-CVE-2020-5861
- RESERVED
-CVE-2020-5860
- RESERVED
-CVE-2020-5859
- RESERVED
-CVE-2020-5858
- RESERVED
-CVE-2020-5857
- RESERVED
+CVE-2020-5863 (In NGINX Controller versions prior to 3.2.0, an unauthenticated attack ...)
+ TODO: check
+CVE-2020-5862 (On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under ...)
+ TODO: check
+CVE-2020-5861 (On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in so ...)
+ TODO: check
+CVE-2020-5860 (On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12 ...)
+ TODO: check
+CVE-2020-5859 (On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM ...)
+ TODO: check
+CVE-2020-5858 (On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12 ...)
+ TODO: check
+CVE-2020-5857 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1 ...)
+ TODO: check
CVE-2020-5856 (On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specif ...)
NOT-FOR-US: F5 BIG-IP
CVE-2020-5855 (When the Windows Logon Integration feature is configured for all versi ...)
@@ -22981,16 +22976,16 @@ CVE-2020-1775
RESERVED
CVE-2020-1774
RESERVED
-CVE-2020-1773
- RESERVED
-CVE-2020-1772
- RESERVED
-CVE-2020-1771
- RESERVED
-CVE-2020-1770
- RESERVED
-CVE-2020-1769
- RESERVED
+CVE-2020-1773 (It's possible that an authenticated user guess other session IDs based ...)
+ TODO: check
+CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in the To ...)
+ TODO: check
+CVE-2020-1771 (Attacker is able craft an article with a link to the customer address ...)
+ TODO: check
+CVE-2020-1770 (Support bundle generated files could contain sensitive information tha ...)
+ TODO: check
+CVE-2020-1769 (In the login screens (in agent and customer interface), Username and P ...)
+ TODO: check
CVE-2020-1768 (The external frontend system uses numerous background calls to the bac ...)
- otrs2 <not-affected> (Only affects 7.0.x series)
NOTE: https://community.otrs.com/security-advisory-2020-04/
@@ -218741,12 +218736,12 @@ CVE-2016-0402 (Unspecified vulnerability in the Java SE and Java SE Embedded com
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298957#c2
CVE-2016-0401 (Unspecified vulnerability in the Oracle BI Publisher component in Orac ...)
NOT-FOR-US: Oracle
-CVE-2015-8536
- RESERVED
-CVE-2015-8535
- RESERVED
-CVE-2015-8534
- RESERVED
+CVE-2015-8536 (MITRE is populating this ID because it was assigned prior to Lenovo be ...)
+ TODO: check
+CVE-2015-8535 (MITRE is populating this ID because it was assigned prior to Lenovo be ...)
+ TODO: check
+CVE-2015-8534 (MITRE is populating this ID because it was assigned prior to Lenovo be ...)
+ TODO: check
CVE-2015-8540 (Integer underflow in the png_check_keyword function in pngwutil.c in l ...)
{DSA-3443-1 DLA-375-1}
- libpng <removed> (bug #807694)
@@ -223194,14 +223189,14 @@ CVE-2015-7339 (JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload
NOT-FOR-US: Joomla addon
CVE-2015-7338 (SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via e ...)
NOT-FOR-US: Joomla addon
-CVE-2015-7336
- RESERVED
-CVE-2015-7335
- RESERVED
-CVE-2015-7334
- RESERVED
-CVE-2015-7333
- RESERVED
+CVE-2015-7336 (MITRE is populating this ID because it was assigned prior to Lenovo be ...)
+ TODO: check
+CVE-2015-7335 (MITRE is populating this ID because it was assigned prior to Lenovo be ...)
+ TODO: check
+CVE-2015-7334 (MITRE is populating this ID because it was assigned prior to Lenovo be ...)
+ TODO: check
+CVE-2015-7333 (MITRE is populating this ID because it was assigned prior to Lenovo be ...)
+ TODO: check
CVE-2015-7332
RESERVED
CVE-2015-7331 (The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows re ...)
@@ -227553,8 +227548,8 @@ CVE-2015-5685 (The lazy_bdecode function in BitTorrent DHT bootstrap server (boo
[wheezy] - libtorrent-rasterbar <no-dsa> (Minor issue)
NOTE: Even though the CVE mentions BitTorrent DHT Bootstrap server, the vulnerable lazy_bdecode() function is effectively also available in libtorrent-rasterbar in all Debian releases.
NOTE: Patch on libtorrent-rasterbar that has been applied in 1.0.6: https://github.com/arvidn/libtorrent/commit/d9945f6f50a8c967888cd9c2ebe65ffbe462056e
-CVE-2015-5684
- RESERVED
+CVE-2015-5684 (MITRE is populating this ID because it was assigned prior to Lenovo be ...)
+ TODO: check
CVE-2015-5683
RESERVED
CVE-2015-5682 (upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows re ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba4eb90e23943eaa554eefb7972f1bbe526ef0f9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba4eb90e23943eaa554eefb7972f1bbe526ef0f9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200327/ebf420f7/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list