[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri May 1 09:10:23 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fe51da0a by security tracker role at 2020-05-01T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2020-12617
+ RESERVED
+CVE-2020-12616
+ RESERVED
+CVE-2020-12615
+ RESERVED
+CVE-2020-12614
+ RESERVED
+CVE-2020-12613
+ RESERVED
+CVE-2020-12612
+ RESERVED
+CVE-2020-12611
+ RESERVED
+CVE-2020-12610
+ RESERVED
+CVE-2020-12609
+ RESERVED
+CVE-2020-12608
+ RESERVED
+CVE-2020-12607
+ RESERVED
+CVE-2020-12606
+ RESERVED
+CVE-2020-12605
+ RESERVED
+CVE-2020-12604
+ RESERVED
+CVE-2020-12603
+ RESERVED
CVE-2020-12602
RESERVED
CVE-2020-12601
@@ -4692,8 +4722,8 @@ CVE-2020-11039
RESERVED
CVE-2020-11038
RESERVED
-CVE-2020-11037
- RESERVED
+CVE-2020-11037 (In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack ...)
+ TODO: check
CVE-2020-11036
RESERVED
CVE-2020-11035
@@ -4706,18 +4736,18 @@ CVE-2020-11032
RESERVED
CVE-2020-11031
RESERVED
-CVE-2020-11030
- RESERVED
-CVE-2020-11029
- RESERVED
-CVE-2020-11028
- RESERVED
-CVE-2020-11027
- RESERVED
-CVE-2020-11026
- RESERVED
-CVE-2020-11025
- RESERVED
+CVE-2020-11030 (In affected versions of WordPress, a special payload can be crafted th ...)
+ TODO: check
+CVE-2020-11029 (In affected versions of WordPress, a vulnerability in the stats() meth ...)
+ TODO: check
+CVE-2020-11028 (In affected versions of WordPress, some private posts, which were prev ...)
+ TODO: check
+CVE-2020-11027 (In affected versions of WordPress, a password reset link emailed to a ...)
+ TODO: check
+CVE-2020-11026 (In affected versions of WordPress, files with a specially crafted name ...)
+ TODO: check
+CVE-2020-11025 (In affected versions of WordPress, a cross-site scripting (XSS) vulner ...)
+ TODO: check
CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable ...)
NOT-FOR-US: Moonlight iOS/tvOS
CVE-2020-11023 (In jQuery before 3.5.0, passing HTML containing <option> element ...)
@@ -4737,8 +4767,8 @@ CVE-2020-11018
RESERVED
CVE-2020-11017
RESERVED
-CVE-2020-11016
- RESERVED
+CVE-2020-11016 (IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vuln ...)
+ TODO: check
CVE-2020-11015
RESERVED
CVE-2020-11014 (Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token ...)
@@ -9456,8 +9486,8 @@ CVE-2020-9100
RESERVED
CVE-2020-9099
RESERVED
-CVE-2020-9098
- RESERVED
+CVE-2020-9098 (Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an ...)
+ TODO: check
CVE-2020-9097
RESERVED
CVE-2020-9096
@@ -13974,8 +14004,8 @@ CVE-2020-7138
RESERVED
CVE-2020-7137
RESERVED
-CVE-2020-7136
- RESERVED
+CVE-2020-7136 (A security vulnerability in HPE Smart Update Manager (SUM) prior to ve ...)
+ TODO: check
CVE-2020-7135 (A potential security vulnerability has been identified in the disk dri ...)
TODO: check
CVE-2020-7134 (A remote access to sensitive data vulnerability was discovered in HPE ...)
@@ -14629,12 +14659,12 @@ CVE-2020-6869
RESERVED
CVE-2020-6868
RESERVED
-CVE-2020-6867
- RESERVED
-CVE-2020-6866
- RESERVED
-CVE-2020-6865
- RESERVED
+CVE-2020-6867 (ZTE's SDON controller is impacted by the resource management error vul ...)
+ TODO: check
+CVE-2020-6866 (A ZTE product is impacted by a resource management error vulnerability ...)
+ TODO: check
+CVE-2020-6865 (ZTE SDN controller platform is impacted by an information leakage vuln ...)
+ TODO: check
CVE-2020-6864 (ZTE E8820V3 router product is impacted by an information leak vulnerab ...)
NOT-FOR-US: ZTE
CVE-2020-6863 (ZTE E8820V3 router product is impacted by a permission and access cont ...)
@@ -16589,6 +16619,7 @@ CVE-2020-6082
CVE-2020-6081
RESERVED
CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the resource ...)
+ {DSA-4671-1}
- libmicrodns <removed>
[buster] - libmicrodns <ignored> (Will be removed in next point release)
[stretch] - libmicrodns <ignored> (Will be removed in next point release)
@@ -16596,6 +16627,7 @@ CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the reso
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002
NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
CVE-2020-6079 (An exploitable denial-of-service vulnerability exists in the resource ...)
+ {DSA-4671-1}
- libmicrodns <removed>
[buster] - libmicrodns <ignored> (Will be removed in next point release)
[stretch] - libmicrodns <ignored> (Will be removed in next point release)
@@ -16603,6 +16635,7 @@ CVE-2020-6079 (An exploitable denial-of-service vulnerability exists in the reso
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002
NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
CVE-2020-6078 (An exploitable denial-of-service vulnerability exists in the message-p ...)
+ {DSA-4671-1}
- libmicrodns <removed>
[buster] - libmicrodns <ignored> (Will be removed in next point release)
[stretch] - libmicrodns <ignored> (Will be removed in next point release)
@@ -16610,6 +16643,7 @@ CVE-2020-6078 (An exploitable denial-of-service vulnerability exists in the mess
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001
NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
CVE-2020-6077 (An exploitable denial-of-service vulnerability exists in the message-p ...)
+ {DSA-4671-1}
- libmicrodns <removed>
[buster] - libmicrodns <ignored> (Will be removed in next point release)
[stretch] - libmicrodns <ignored> (Will be removed in next point release)
@@ -16623,6 +16657,7 @@ CVE-2020-6075
CVE-2020-6074
RESERVED
CVE-2020-6073 (An exploitable denial-of-service vulnerability exists in the TXT recor ...)
+ {DSA-4671-1}
- libmicrodns <removed>
[buster] - libmicrodns <ignored> (Will be removed in next point release)
[stretch] - libmicrodns <ignored> (Will be removed in next point release)
@@ -16630,6 +16665,7 @@ CVE-2020-6073 (An exploitable denial-of-service vulnerability exists in the TXT
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996
NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
CVE-2020-6072 (An exploitable code execution vulnerability exists in the label-parsin ...)
+ {DSA-4671-1}
- libmicrodns <removed>
[buster] - libmicrodns <ignored> (Will be removed in next point release)
[stretch] - libmicrodns <ignored> (Will be removed in next point release)
@@ -16637,6 +16673,7 @@ CVE-2020-6072 (An exploitable code execution vulnerability exists in the label-p
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995
NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
CVE-2020-6071 (An exploitable denial-of-service vulnerability exists in the resource ...)
+ {DSA-4671-1}
- libmicrodns <removed>
[buster] - libmicrodns <ignored> (Will be removed in next point release)
[stretch] - libmicrodns <ignored> (Will be removed in next point release)
@@ -17011,52 +17048,52 @@ CVE-2020-5895
RESERVED
CVE-2020-5894
RESERVED
-CVE-2020-5893
- RESERVED
-CVE-2020-5892
- RESERVED
-CVE-2020-5891
- RESERVED
-CVE-2020-5890
- RESERVED
-CVE-2020-5889
- RESERVED
-CVE-2020-5888
- RESERVED
-CVE-2020-5887
- RESERVED
-CVE-2020-5886
- RESERVED
-CVE-2020-5885
- RESERVED
-CVE-2020-5884
- RESERVED
-CVE-2020-5883
- RESERVED
-CVE-2020-5882
- RESERVED
-CVE-2020-5881
- RESERVED
-CVE-2020-5880
- RESERVED
-CVE-2020-5879
- RESERVED
-CVE-2020-5878
- RESERVED
-CVE-2020-5877
- RESERVED
-CVE-2020-5876
- RESERVED
-CVE-2020-5875
- RESERVED
-CVE-2020-5874
- RESERVED
-CVE-2020-5873
- RESERVED
-CVE-2020-5872
- RESERVED
-CVE-2020-5871
- RESERVED
+CVE-2020-5893 (In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Ed ...)
+ TODO: check
+CVE-2020-5892 (In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP A ...)
+ TODO: check
+CVE-2020-5891 (On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undis ...)
+ TODO: check
+CVE-2020-5890 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0- ...)
+ TODO: check
+CVE-2020-5889 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in ...)
+ TODO: check
+CVE-2020-5888 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG ...)
+ TODO: check
+CVE-2020-5887 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG ...)
+ TODO: check
+CVE-2020-5886 (On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12. ...)
+ TODO: check
+CVE-2020-5885 (On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12. ...)
+ TODO: check
+CVE-2020-5884 (On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0- ...)
+ TODO: check
+CVE-2020-5883 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13 ...)
+ TODO: check
+CVE-2020-5882 (On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12 ...)
+ TODO: check
+CVE-2020-5881 (On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, whe ...)
+ TODO: check
+CVE-2020-5880 (Om BIG-IP 15.0.0-15.0.1.3 and 14.1.0-14.1.2.3, the restjavad process m ...)
+ TODO: check
+CVE-2020-5879 (On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-I ...)
+ TODO: check
+CVE-2020-5878 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.3, Tra ...)
+ TODO: check
+CVE-2020-5877 (On BIG-IP 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12 ...)
+ TODO: check
+CVE-2020-5876 (On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12 ...)
+ TODO: check
+CVE-2020-5875 (On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, ...)
+ TODO: check
+CVE-2020-5874 (On BIG-IP APM 15.0.0-15.0.1.2, 14.1.0-14.1.2.3, and 14.0.0-14.0.1, in ...)
+ TODO: check
+CVE-2020-5873 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1 ...)
+ TODO: check
+CVE-2020-5872 (On BIG-IP 14.1.0-14.1.2.3, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0- ...)
+ TODO: check
+CVE-2020-5871 (On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial o ...)
+ TODO: check
CVE-2020-5870 (In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanis ...)
NOT-FOR-US: F5
CVE-2020-5869 (In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not s ...)
@@ -28082,8 +28119,8 @@ CVE-2020-1819
RESERVED
CVE-2020-1818
RESERVED
-CVE-2020-1817
- RESERVED
+CVE-2020-1817 (Huawei PCManager with versions earlier than 10.0.1.36 has a privilege ...)
+ TODO: check
CVE-2020-1816 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
NOT-FOR-US: Huawei
CVE-2020-1815 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
@@ -28330,6 +28367,7 @@ CVE-2020-1776
CVE-2020-1775
RESERVED
CVE-2020-1774 (When user downloads PGP or S/MIME keys/certificates, exported file has ...)
+ {DLA-2198-1}
- otrs2 <unfixed>
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-11/
NOTE: Fixed in 7.0.17, 6.0.28
@@ -28344,6 +28382,7 @@ CVE-2020-1773 (An attacker with the ability to generate session IDs or password
NOTE: OTRS6: https://github.com/OTRS/otrs/commit/ab253734bc211541309b9f8ea2b8b70389c4a64e
NOTE: OTRS5: https://github.com/OTRS/otrs/commit/4955521af50238046847bce51ad9865950324f77
CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in the To ...)
+ {DLA-2198-1}
- otrs2 6.0.27-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
@@ -28360,6 +28399,7 @@ CVE-2020-1771 (Attacker is able craft an article with a link to the customer add
NOTE: Fixed in 7.0.16, 6.0.27
NOTE: https://github.com/OTRS/otrs/commit/2576830053f70a3a9251558e55f34843dec61aa2
CVE-2020-1770 (Support bundle generated files could contain sensitive information tha ...)
+ {DLA-2198-1}
- otrs2 6.0.27-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
@@ -53302,8 +53342,8 @@ CVE-2019-12427 (Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a no
NOT-FOR-US: Zimbra Collaboration
CVE-2019-12426 (an unauthenticated user could get access to information of some backen ...)
NOT-FOR-US: Apache OFBiz
-CVE-2019-12425
- RESERVED
+CVE-2019-12425 (Apache OFBiz 17.12.01 is vulnerable to Host header injection by accept ...)
+ TODO: check
CVE-2019-12424
REJECTED
CVE-2019-12423 (Apache CXF ships with a OpenId Connect JWK Keys service, which allows ...)
@@ -88803,8 +88843,7 @@ CVE-2015-9274 (HarfBuzz before 1.0.4 allows remote attackers to cause a denial o
- harfbuzz 1.2.6-1
[jessie] - harfbuzz <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/harfbuzz/harfbuzz/commit/c917965b9e6fe2b21ed6c51559673288fa3af4b7
-CVE-2019-0235
- RESERVED
+CVE-2019-0235 (Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks. ...)
NOT-FOR-US: Apache OFBiz
CVE-2019-0234 (A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache ...)
NOT-FOR-US: Apache Roller
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe51da0ac6c3adaf31b668d25841a7495b724161
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe51da0ac6c3adaf31b668d25841a7495b724161
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200501/71b494e0/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list