[Git][security-tracker-team/security-tracker][master] 4 commits: Reference followup commit needed for CVE-2020-11651
Salvatore Bonaccorso
carnil at debian.org
Fri May 1 20:54:05 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
851a5e16 by Salvatore Bonaccorso at 2020-05-01T21:29:13+02:00
Reference followup commit needed for CVE-2020-11651
- - - - -
bca83560 by Salvatore Bonaccorso at 2020-05-01T21:29:59+02:00
Add prefix comment to commit
- - - - -
cd893ac6 by Salvatore Bonaccorso at 2020-05-01T21:46:11+02:00
Add CVE-2020-12050/sqliteodbc
- - - - -
3b53a67d by Salvatore Bonaccorso at 2020-05-01T21:53:34+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1268,7 +1268,10 @@ CVE-2020-12052 (Grafana version < 6.7.3 is vulnerable for annotation popup XS
CVE-2020-12051 (The CentralAuth extension through REL1_34 for MediaWiki allows remote ...)
NOT-FOR-US: MediaWiki extension
CVE-2020-12050 (SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.99 ...)
- TODO: check
+ - sqliteodbc <unfixed> (unimportant)
+ NOTE: The issue is located in the *.spec files used for rpm packaging using insecurely
+ NOTE: /tmp/sqliteodbc$$. Debian packaging maintainer scripts do not suffer from same
+ NOTE: issue.
CVE-2020-12049
RESERVED
CVE-2020-12048
@@ -3116,13 +3119,12 @@ CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x
CVE-2020-11652 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...)
- salt 3000.2+dfsg1-1
NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
- NOTE: https://github.com/saltstack/salt/commit/cce7abad9c22d9d50ccee2813acabff8deca35dd
+ NOTE: Fixed by: https://github.com/saltstack/salt/commit/cce7abad9c22d9d50ccee2813acabff8deca35dd
CVE-2020-11651 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...)
- salt 3000.2+dfsg1-1
NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
- NOTE: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7
- NOTE: There is a typo (for more info see the release notes) in the official correction.
- NOTE: This should be fixed too since this typo causes a regression.
+ NOTE: Fixed by: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7
+ NOTE: Followup needed: https://github.com/saltstack/salt/commit/78172bf647473d5c1c2720e72fc12d6f2314d583
CVE-2020-11650 (An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before ...)
NOT-FOR-US: FreeNAS
CVE-2020-11649 (An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Membe ...)
@@ -4789,7 +4791,7 @@ CVE-2020-11018
CVE-2020-11017
RESERVED
CVE-2020-11016 (IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vuln ...)
- TODO: check
+ NOT-FOR-US: IntelMQ Manager
CVE-2020-11015
RESERVED
CVE-2020-11014 (Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token ...)
@@ -5567,7 +5569,7 @@ CVE-2020-10799 (The svglib package through 0.9.3 for Python allows XXE attacks v
CVE-2020-10798
RESERVED
CVE-2020-10797 (An XSS vulnerability resides in the hostname field of the diag_ping.ph ...)
- TODO: check
+ NOT-FOR-US: pfSense
CVE-2020-10796
RESERVED
CVE-2020-10795
@@ -6041,7 +6043,7 @@ CVE-2020-10643
CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an au ...)
NOT-FOR-US: Rockwell
CVE-2020-10641 (An unprotected logging route may allow an attacker to write endless lo ...)
- TODO: check
+ NOT-FOR-US: Inductive Automation
CVE-2020-10640
RESERVED
CVE-2020-10639 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...)
@@ -9508,7 +9510,7 @@ CVE-2020-9100
CVE-2020-9099
RESERVED
CVE-2020-9098 (Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9097
RESERVED
CVE-2020-9096
@@ -10312,11 +10314,11 @@ CVE-2020-8777 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.
CVE-2020-8776 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...)
NOT-FOR-US: Alfresco
CVE-2020-8775 (Pega Platform before version 8.2.6 is affected by a Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2020-8774 (Pega Platform before version 8.2.6 is affected by a Reflected Cross-Si ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2020-8773 (The Richtext Editor in Pega Platform before 8.2.6 is affected by a Sto ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2020-8772 (The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missin ...)
NOT-FOR-US: InfiniteWP Client plugin for WordPress
CVE-2020-8771 (The Time Capsule plugin before 1.21.16 for WordPress has an authentica ...)
@@ -12590,7 +12592,7 @@ CVE-2020-7806
CVE-2020-7805
RESERVED
CVE-2020-7804 (ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, ...)
- TODO: check
+ NOT-FOR-US: Handy Groupware
CVE-2020-7803
RESERVED
CVE-2020-7802 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...)
@@ -14026,7 +14028,7 @@ CVE-2020-7138
CVE-2020-7137
RESERVED
CVE-2020-7136 (A security vulnerability in HPE Smart Update Manager (SUM) prior to ve ...)
- TODO: check
+ NOT-FOR-US: HPE Smart Update Manager (SUM)
CVE-2020-7135 (A potential security vulnerability has been identified in the disk dri ...)
TODO: check
CVE-2020-7134 (A remote access to sensitive data vulnerability was discovered in HPE ...)
@@ -14681,11 +14683,11 @@ CVE-2020-6869
CVE-2020-6868
RESERVED
CVE-2020-6867 (ZTE's SDON controller is impacted by the resource management error vul ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2020-6866 (A ZTE product is impacted by a resource management error vulnerability ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2020-6865 (ZTE SDN controller platform is impacted by an information leakage vuln ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2020-6864 (ZTE E8820V3 router product is impacted by an information leak vulnerab ...)
NOT-FOR-US: ZTE
CVE-2020-6863 (ZTE E8820V3 router product is impacted by a permission and access cont ...)
@@ -15471,7 +15473,7 @@ CVE-2020-6581 (Nagios NRPE 3.2.1 has Insufficient Filtering because, for example
CVE-2020-6580
RESERVED
CVE-2020-6579 (Cross-site scripting (XSS) vulnerability in mailhive/cloudbeez/cloudlo ...)
- TODO: check
+ NOT-FOR-US: MailBeez plugin for ZenCart
CVE-2020-6578
RESERVED
CVE-2020-6577
@@ -28141,7 +28143,7 @@ CVE-2020-1819
CVE-2020-1818
RESERVED
CVE-2020-1817 (Huawei PCManager with versions earlier than 10.0.1.36 has a privilege ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-1816 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
NOT-FOR-US: Huawei
CVE-2020-1815 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
@@ -39299,9 +39301,9 @@ CVE-2019-16655 (joyplus-cms 1.6.0 allows reinstallation if the install/ URI rema
CVE-2019-16654
RESERVED
CVE-2019-16653 (An application plugin in Genius Bytes Genius Server (Genius CDDS) 3.2. ...)
- TODO: check
+ NOT-FOR-US: Genius Bytes Genius Server (Genius CDDS)
CVE-2019-16652 (The BPM component in Genius Bytes Genius Server (Genius CDDS) 3.2.2 al ...)
- TODO: check
+ NOT-FOR-US: Genius Bytes Genius Server (Genius CDDS)
CVE-2019-16651
RESERVED
CVE-2019-16650 (On Supermicro X10 and X11 products, a client's access privileges may b ...)
@@ -41125,7 +41127,7 @@ CVE-2019-16013
CVE-2019-16012 (A vulnerability in the web UI of Cisco SD-WAN Solution vManage softwar ...)
NOT-FOR-US: Cisco
CVE-2019-16011 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-16010 (A vulnerability in the web UI of the Cisco SD-WAN vManage software cou ...)
NOT-FOR-US: Cisco
CVE-2019-16009
@@ -53368,7 +53370,7 @@ CVE-2019-12427 (Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a no
CVE-2019-12426 (an unauthenticated user could get access to information of some backen ...)
NOT-FOR-US: Apache OFBiz
CVE-2019-12425 (Apache OFBiz 17.12.01 is vulnerable to Host header injection by accept ...)
- TODO: check
+ NOT-FOR-US: Apache OFBiz
CVE-2019-12424
REJECTED
CVE-2019-12423 (Apache CXF ships with a OpenId Connect JWK Keys service, which allows ...)
@@ -67556,7 +67558,7 @@ CVE-2018-20764 (A buffer overflow exists in HelpSystems tcpcrypt on Linux, used
NOTE: https://community.helpsystems.com/knowledge-base/fox-technologies/hotfix/515/
NOTE: No specific information is provided, but seems caused by BoKS shipping tcpcrypt setuid
CVE-2019-7634 (SUAP V2 allows XSS during the update of user information. ...)
- TODO: check
+ NOT-FOR-US: SUAP
CVE-2019-7633
RESERVED
CVE-2019-7632 (LifeSize Team, Room, Passport, and Networker 220 devices allow Authent ...)
@@ -72848,15 +72850,15 @@ CVE-2019-5625 (The Android mobile application Halo Home before 1.11.0 stores OAu
CVE-2019-5624 (Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improp ...)
NOT-FOR-US: Rapid7 Metasploit Framework
CVE-2019-5623 (Accellion File Transfer Appliance version FTA_8_0_540 suffers from an ...)
- TODO: check
+ NOT-FOR-US: Accellion File Transfer Appliance
CVE-2019-5622 (Accellion File Transfer Appliance version FTA_8_0_540 suffers from an ...)
- TODO: check
+ NOT-FOR-US: Accellion File Transfer Appliance
CVE-2019-5621 (ABBS Software Audio Media Player version 3.1 suffers from an instance ...)
- TODO: check
+ NOT-FOR-US: ABBS Software Audio Media Player
CVE-2019-5620 (ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE- ...)
- TODO: check
+ NOT-FOR-US: ABB MicroSCADA Pro SYS600
CVE-2019-5619 (AASync.com AASync version 2.2.1.0 suffers from an instance of CWE-121: ...)
- TODO: check
+ NOT-FOR-US: AASync.com AASync
CVE-2019-5618 (A-PDF WAV to MP3 version 1.0.0 suffers from an instance of CWE-121: St ...)
TODO: check
CVE-2019-5617 (Computing For Good's Basic Laboratory Information System (also known a ...)
@@ -75705,7 +75707,7 @@ CVE-2019-4329 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses inc
CVE-2019-4328
RESERVED
CVE-2019-4327 ("HCL AppScan Enterprise uses hard-coded credentials which can be explo ...)
- TODO: check
+ NOT-FOR-US: HCL AppScan Enterprise
CVE-2019-4326
RESERVED
CVE-2019-4325
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e28c97660d0485bc16410f653cbc73c5ad860d3e...3b53a67da1409b04b5bd289508e32fcf2e1cb64f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e28c97660d0485bc16410f653cbc73c5ad860d3e...3b53a67da1409b04b5bd289508e32fcf2e1cb64f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200501/508dd7b4/attachment.html>
More information about the debian-security-tracker-commits
mailing list