[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri May 1 09:10:23 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fe51da0a by security tracker role at 2020-05-01T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2020-12617
+	RESERVED
+CVE-2020-12616
+	RESERVED
+CVE-2020-12615
+	RESERVED
+CVE-2020-12614
+	RESERVED
+CVE-2020-12613
+	RESERVED
+CVE-2020-12612
+	RESERVED
+CVE-2020-12611
+	RESERVED
+CVE-2020-12610
+	RESERVED
+CVE-2020-12609
+	RESERVED
+CVE-2020-12608
+	RESERVED
+CVE-2020-12607
+	RESERVED
+CVE-2020-12606
+	RESERVED
+CVE-2020-12605
+	RESERVED
+CVE-2020-12604
+	RESERVED
+CVE-2020-12603
+	RESERVED
 CVE-2020-12602
 	RESERVED
 CVE-2020-12601
@@ -4692,8 +4722,8 @@ CVE-2020-11039
 	RESERVED
 CVE-2020-11038
 	RESERVED
-CVE-2020-11037
-	RESERVED
+CVE-2020-11037 (In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack  ...)
+	TODO: check
 CVE-2020-11036
 	RESERVED
 CVE-2020-11035
@@ -4706,18 +4736,18 @@ CVE-2020-11032
 	RESERVED
 CVE-2020-11031
 	RESERVED
-CVE-2020-11030
-	RESERVED
-CVE-2020-11029
-	RESERVED
-CVE-2020-11028
-	RESERVED
-CVE-2020-11027
-	RESERVED
-CVE-2020-11026
-	RESERVED
-CVE-2020-11025
-	RESERVED
+CVE-2020-11030 (In affected versions of WordPress, a special payload can be crafted th ...)
+	TODO: check
+CVE-2020-11029 (In affected versions of WordPress, a vulnerability in the stats() meth ...)
+	TODO: check
+CVE-2020-11028 (In affected versions of WordPress, some private posts, which were prev ...)
+	TODO: check
+CVE-2020-11027 (In affected versions of WordPress, a password reset link emailed to a  ...)
+	TODO: check
+CVE-2020-11026 (In affected versions of WordPress, files with a specially crafted name ...)
+	TODO: check
+CVE-2020-11025 (In affected versions of WordPress, a cross-site scripting (XSS) vulner ...)
+	TODO: check
 CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable  ...)
 	NOT-FOR-US: Moonlight iOS/tvOS
 CVE-2020-11023 (In jQuery before 3.5.0, passing HTML containing <option> element ...)
@@ -4737,8 +4767,8 @@ CVE-2020-11018
 	RESERVED
 CVE-2020-11017
 	RESERVED
-CVE-2020-11016
-	RESERVED
+CVE-2020-11016 (IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vuln ...)
+	TODO: check
 CVE-2020-11015
 	RESERVED
 CVE-2020-11014 (Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token  ...)
@@ -9456,8 +9486,8 @@ CVE-2020-9100
 	RESERVED
 CVE-2020-9099
 	RESERVED
-CVE-2020-9098
-	RESERVED
+CVE-2020-9098 (Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an ...)
+	TODO: check
 CVE-2020-9097
 	RESERVED
 CVE-2020-9096
@@ -13974,8 +14004,8 @@ CVE-2020-7138
 	RESERVED
 CVE-2020-7137
 	RESERVED
-CVE-2020-7136
-	RESERVED
+CVE-2020-7136 (A security vulnerability in HPE Smart Update Manager (SUM) prior to ve ...)
+	TODO: check
 CVE-2020-7135 (A potential security vulnerability has been identified in the disk dri ...)
 	TODO: check
 CVE-2020-7134 (A remote access to sensitive data vulnerability was discovered in HPE  ...)
@@ -14629,12 +14659,12 @@ CVE-2020-6869
 	RESERVED
 CVE-2020-6868
 	RESERVED
-CVE-2020-6867
-	RESERVED
-CVE-2020-6866
-	RESERVED
-CVE-2020-6865
-	RESERVED
+CVE-2020-6867 (ZTE's SDON controller is impacted by the resource management error vul ...)
+	TODO: check
+CVE-2020-6866 (A ZTE product is impacted by a resource management error vulnerability ...)
+	TODO: check
+CVE-2020-6865 (ZTE SDN controller platform is impacted by an information leakage vuln ...)
+	TODO: check
 CVE-2020-6864 (ZTE E8820V3 router product is impacted by an information leak vulnerab ...)
 	NOT-FOR-US: ZTE
 CVE-2020-6863 (ZTE E8820V3 router product is impacted by a permission and access cont ...)
@@ -16589,6 +16619,7 @@ CVE-2020-6082
 CVE-2020-6081
 	RESERVED
 CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the resource  ...)
+	{DSA-4671-1}
 	- libmicrodns <removed>
 	[buster] - libmicrodns <ignored> (Will be removed in next point release)
 	[stretch] - libmicrodns <ignored> (Will be removed in next point release)
@@ -16596,6 +16627,7 @@ CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the reso
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002
 	NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
 CVE-2020-6079 (An exploitable denial-of-service vulnerability exists in the resource  ...)
+	{DSA-4671-1}
 	- libmicrodns <removed>
 	[buster] - libmicrodns <ignored> (Will be removed in next point release)
 	[stretch] - libmicrodns <ignored> (Will be removed in next point release)
@@ -16603,6 +16635,7 @@ CVE-2020-6079 (An exploitable denial-of-service vulnerability exists in the reso
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002
 	NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
 CVE-2020-6078 (An exploitable denial-of-service vulnerability exists in the message-p ...)
+	{DSA-4671-1}
 	- libmicrodns <removed>
 	[buster] - libmicrodns <ignored> (Will be removed in next point release)
 	[stretch] - libmicrodns <ignored> (Will be removed in next point release)
@@ -16610,6 +16643,7 @@ CVE-2020-6078 (An exploitable denial-of-service vulnerability exists in the mess
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001
 	NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
 CVE-2020-6077 (An exploitable denial-of-service vulnerability exists in the message-p ...)
+	{DSA-4671-1}
 	- libmicrodns <removed>
 	[buster] - libmicrodns <ignored> (Will be removed in next point release)
 	[stretch] - libmicrodns <ignored> (Will be removed in next point release)
@@ -16623,6 +16657,7 @@ CVE-2020-6075
 CVE-2020-6074
 	RESERVED
 CVE-2020-6073 (An exploitable denial-of-service vulnerability exists in the TXT recor ...)
+	{DSA-4671-1}
 	- libmicrodns <removed>
 	[buster] - libmicrodns <ignored> (Will be removed in next point release)
 	[stretch] - libmicrodns <ignored> (Will be removed in next point release)
@@ -16630,6 +16665,7 @@ CVE-2020-6073 (An exploitable denial-of-service vulnerability exists in the TXT
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996
 	NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
 CVE-2020-6072 (An exploitable code execution vulnerability exists in the label-parsin ...)
+	{DSA-4671-1}
 	- libmicrodns <removed>
 	[buster] - libmicrodns <ignored> (Will be removed in next point release)
 	[stretch] - libmicrodns <ignored> (Will be removed in next point release)
@@ -16637,6 +16673,7 @@ CVE-2020-6072 (An exploitable code execution vulnerability exists in the label-p
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995
 	NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
 CVE-2020-6071 (An exploitable denial-of-service vulnerability exists in the resource  ...)
+	{DSA-4671-1}
 	- libmicrodns <removed>
 	[buster] - libmicrodns <ignored> (Will be removed in next point release)
 	[stretch] - libmicrodns <ignored> (Will be removed in next point release)
@@ -17011,52 +17048,52 @@ CVE-2020-5895
 	RESERVED
 CVE-2020-5894
 	RESERVED
-CVE-2020-5893
-	RESERVED
-CVE-2020-5892
-	RESERVED
-CVE-2020-5891
-	RESERVED
-CVE-2020-5890
-	RESERVED
-CVE-2020-5889
-	RESERVED
-CVE-2020-5888
-	RESERVED
-CVE-2020-5887
-	RESERVED
-CVE-2020-5886
-	RESERVED
-CVE-2020-5885
-	RESERVED
-CVE-2020-5884
-	RESERVED
-CVE-2020-5883
-	RESERVED
-CVE-2020-5882
-	RESERVED
-CVE-2020-5881
-	RESERVED
-CVE-2020-5880
-	RESERVED
-CVE-2020-5879
-	RESERVED
-CVE-2020-5878
-	RESERVED
-CVE-2020-5877
-	RESERVED
-CVE-2020-5876
-	RESERVED
-CVE-2020-5875
-	RESERVED
-CVE-2020-5874
-	RESERVED
-CVE-2020-5873
-	RESERVED
-CVE-2020-5872
-	RESERVED
-CVE-2020-5871
-	RESERVED
+CVE-2020-5893 (In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Ed ...)
+	TODO: check
+CVE-2020-5892 (In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP A ...)
+	TODO: check
+CVE-2020-5891 (On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undis ...)
+	TODO: check
+CVE-2020-5890 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0- ...)
+	TODO: check
+CVE-2020-5889 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in  ...)
+	TODO: check
+CVE-2020-5888 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG ...)
+	TODO: check
+CVE-2020-5887 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG ...)
+	TODO: check
+CVE-2020-5886 (On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12. ...)
+	TODO: check
+CVE-2020-5885 (On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12. ...)
+	TODO: check
+CVE-2020-5884 (On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0- ...)
+	TODO: check
+CVE-2020-5883 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13 ...)
+	TODO: check
+CVE-2020-5882 (On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12 ...)
+	TODO: check
+CVE-2020-5881 (On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, whe ...)
+	TODO: check
+CVE-2020-5880 (Om BIG-IP 15.0.0-15.0.1.3 and 14.1.0-14.1.2.3, the restjavad process m ...)
+	TODO: check
+CVE-2020-5879 (On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-I ...)
+	TODO: check
+CVE-2020-5878 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.3, Tra ...)
+	TODO: check
+CVE-2020-5877 (On BIG-IP 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12 ...)
+	TODO: check
+CVE-2020-5876 (On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12 ...)
+	TODO: check
+CVE-2020-5875 (On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, ...)
+	TODO: check
+CVE-2020-5874 (On BIG-IP APM 15.0.0-15.0.1.2, 14.1.0-14.1.2.3, and 14.0.0-14.0.1, in  ...)
+	TODO: check
+CVE-2020-5873 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1 ...)
+	TODO: check
+CVE-2020-5872 (On BIG-IP 14.1.0-14.1.2.3, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0- ...)
+	TODO: check
+CVE-2020-5871 (On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial o ...)
+	TODO: check
 CVE-2020-5870 (In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanis ...)
 	NOT-FOR-US: F5
 CVE-2020-5869 (In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not s ...)
@@ -28082,8 +28119,8 @@ CVE-2020-1819
 	RESERVED
 CVE-2020-1818
 	RESERVED
-CVE-2020-1817
-	RESERVED
+CVE-2020-1817 (Huawei PCManager with versions earlier than 10.0.1.36 has a privilege  ...)
+	TODO: check
 CVE-2020-1816 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1815 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
@@ -28330,6 +28367,7 @@ CVE-2020-1776
 CVE-2020-1775
 	RESERVED
 CVE-2020-1774 (When user downloads PGP or S/MIME keys/certificates, exported file has ...)
+	{DLA-2198-1}
 	- otrs2 <unfixed>
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-11/
 	NOTE: Fixed in 7.0.17, 6.0.28
@@ -28344,6 +28382,7 @@ CVE-2020-1773 (An attacker with the ability to generate session IDs or password
 	NOTE: OTRS6: https://github.com/OTRS/otrs/commit/ab253734bc211541309b9f8ea2b8b70389c4a64e
 	NOTE: OTRS5: https://github.com/OTRS/otrs/commit/4955521af50238046847bce51ad9865950324f77
 CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in the To ...)
+	{DLA-2198-1}
 	- otrs2 6.0.27-1
 	[buster] - otrs2 <no-dsa> (Non-free not supported)
 	[stretch] - otrs2 <no-dsa> (Non-free not supported)
@@ -28360,6 +28399,7 @@ CVE-2020-1771 (Attacker is able craft an article with a link to the customer add
 	NOTE: Fixed in 7.0.16, 6.0.27
 	NOTE: https://github.com/OTRS/otrs/commit/2576830053f70a3a9251558e55f34843dec61aa2
 CVE-2020-1770 (Support bundle generated files could contain sensitive information tha ...)
+	{DLA-2198-1}
 	- otrs2 6.0.27-1
 	[buster] - otrs2 <no-dsa> (Non-free not supported)
 	[stretch] - otrs2 <no-dsa> (Non-free not supported)
@@ -53302,8 +53342,8 @@ CVE-2019-12427 (Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a no
 	NOT-FOR-US: Zimbra Collaboration
 CVE-2019-12426 (an unauthenticated user could get access to information of some backen ...)
 	NOT-FOR-US: Apache OFBiz
-CVE-2019-12425
-	RESERVED
+CVE-2019-12425 (Apache OFBiz 17.12.01 is vulnerable to Host header injection by accept ...)
+	TODO: check
 CVE-2019-12424
 	REJECTED
 CVE-2019-12423 (Apache CXF ships with a OpenId Connect JWK Keys service, which allows  ...)
@@ -88803,8 +88843,7 @@ CVE-2015-9274 (HarfBuzz before 1.0.4 allows remote attackers to cause a denial o
 	- harfbuzz 1.2.6-1
 	[jessie] - harfbuzz <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/harfbuzz/harfbuzz/commit/c917965b9e6fe2b21ed6c51559673288fa3af4b7
-CVE-2019-0235
-	RESERVED
+CVE-2019-0235 (Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks. ...)
 	NOT-FOR-US: Apache OFBiz
 CVE-2019-0234 (A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache  ...)
 	NOT-FOR-US: Apache Roller



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe51da0ac6c3adaf31b668d25841a7495b724161

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe51da0ac6c3adaf31b668d25841a7495b724161
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200501/71b494e0/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list