[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue May 5 21:10:27 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1f55169c by security tracker role at 2020-05-05T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2017-18867 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ TODO: check
+CVE-2017-18866 (Certain NETGEAR devices are affected by stored XSS. This affects R9000 ...)
+ TODO: check
+CVE-2017-18865 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2017-18864 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+ TODO: check
CVE-2020-12661
RESERVED
CVE-2020-12660
@@ -400,12 +408,14 @@ CVE-2019-20793
CVE-2016-11061 (Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 7 ...)
NOT-FOR-US: Xerox
CVE-2020-12626 (An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF atta ...)
+ {DSA-4674-1}
- roundcube 1.4.4+dfsg.1-1 (bug #959142)
NOTE: https://github.com/roundcube/roundcubemail/pull/7302
NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/9bbda422ff0b782b81de59c86994f1a5fd93f8e6
NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/1e7bec9cb868fa32b05acf6b0a557a6311350c56
NOTE: 1.2.x: https://github.com/roundcube/roundcubemail/commit/cceeff2472c00acb2c6b96c9df7a289f1db77713
CVE-2020-12625 (An issue was discovered in Roundcube Webmail before 1.4.4. There is a ...)
+ {DSA-4674-1}
- roundcube 1.4.4+dfsg.1-1 (bug #959140)
NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0
NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/23c06159ae8c6f500336e3075820e648aa6f40a4
@@ -1232,8 +1242,8 @@ CVE-2020-12105 (OpenConnect through 8.08 mishandles negative return values from
NOTE: https://gitlab.com/openconnect/openconnect/-/merge_requests/96
NOTE: Only an issue if building with OpenSSL, where Debian binary packages use
NOTE: GnuTLS.
-CVE-2020-12104
- RESERVED
+CVE-2020-12104 (The Import feature in the wp-advanced-search plugin 3.3.6 for WordPres ...)
+ TODO: check
CVE-2020-12103 (In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file b ...)
NOT-FOR-US: Tiny File Manager
CVE-2020-12102 (In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in ...)
@@ -2065,13 +2075,15 @@ CVE-2017-18776 (Certain NETGEAR devices are affected by authentication bypass. T
NOT-FOR-US: Netgear
CVE-2017-18775 (Certain NETGEAR devices are affected by CSRF. This affects R6100 befor ...)
NOT-FOR-US: Netgear
-CVE-2017-18774 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+CVE-2017-18774
+ REJECTED
NOT-FOR-US: Netgear
CVE-2017-18773 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
CVE-2017-18772 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
NOT-FOR-US: Netgear
-CVE-2017-18771 (Certain NETGEAR devices are affected by stored XSS. This affects R9000 ...)
+CVE-2017-18771
+ REJECTED
NOT-FOR-US: Netgear
CVE-2017-18770 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
NOT-FOR-US: Netgear
@@ -2093,7 +2105,8 @@ CVE-2017-18762 (Certain NETGEAR devices are affected by command injection by an
NOT-FOR-US: Netgear
CVE-2017-18761 (NETGEAR R8000 devices before 1.0.4.2 are affected by a stack-based buf ...)
NOT-FOR-US: Netgear
-CVE-2017-18760 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+CVE-2017-18760
+ REJECTED
NOT-FOR-US: Netgear
CVE-2017-18759 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
NOT-FOR-US: Netgear
@@ -2107,7 +2120,8 @@ CVE-2017-18755 (Certain NETGEAR devices are affected by CSRF. This affects R6300
NOT-FOR-US: Netgear
CVE-2017-18754 (Certain NETGEAR devices are affected by command injection by an authen ...)
NOT-FOR-US: Netgear
-CVE-2017-18753 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+CVE-2017-18753
+ REJECTED
NOT-FOR-US: Netgear
CVE-2017-18752 (Certain NETGEAR devices are affected by an attacker's ability to read ...)
NOT-FOR-US: Netgear
@@ -2371,6 +2385,7 @@ CVE-2020-11869 (An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the
NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ac2071c3791b67fc7af78b8ceb320c01ca1b5df7
NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/2
CVE-2020-11868 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-pat ...)
+ {DLA-2201-1}
- ntp 1:4.2.8p14+dfsg-1
[buster] - ntp <no-dsa> (Minor issue)
[stretch] - ntp <no-dsa> (Minor issue)
@@ -3000,8 +3015,8 @@ CVE-2020-11739 (An issue was discovered in Xen through 4.13.x, allowing guest OS
NOTE: https://xenbits.xen.org/xsa/advisory-314.html
CVE-2020-11738 (The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Dupl ...)
NOT-FOR-US: Snap Creek Duplicator plugin for WordPress
-CVE-2020-11737
- RESERVED
+CVE-2020-11737 (A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 ...)
+ TODO: check
CVE-2020-11735
RESERVED
CVE-2020-11736 (fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Dir ...)
@@ -3867,7 +3882,7 @@ CVE-2020-11497
CVE-2020-11496
RESERVED
CVE-2020-11495
- RESERVED
+ REJECTED
CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c in the ...)
- linux 5.5.17-1
NOTE: https://lore.kernel.org/netdev/20200401100639.20199-1-rpalethorpe@suse.com/
@@ -10305,10 +10320,10 @@ CVE-2019-20451 (The HTTP API in Prismview System 9 11.10.17.00 and Prismview Pla
NOT-FOR-US: Prismview
CVE-2017-18642 (Syska Smart Bulb devices through 2017-08-06 receive RGB parameters ove ...)
NOT-FOR-US: Syska Smart Bulb devices
-CVE-2020-8830
- RESERVED
-CVE-2020-8829
- RESERVED
+CVE-2020-8830 (CSRF in login.asp on Ruckus devices allows an attacker to access the p ...)
+ TODO: check
+CVE-2020-8829 (CSRF on Intelbras CIP 92200 devices allows an attacker to access the p ...)
+ TODO: check
CVE-2020-8828 (As of v1.5.0, the default admin password is set to the argocd-server p ...)
NOT-FOR-US: Argo
CVE-2020-8827 (As of v1.5.0, the Argo API does not implement anti-automation measures ...)
@@ -10384,8 +10399,8 @@ CVE-2020-8801 (SuiteCRM through 7.11.11 allows PHAR Deserialization. ...)
NOT-FOR-US: SuiteCRM
CVE-2020-8800 (SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PH ...)
NOT-FOR-US: SuiteCRM
-CVE-2020-8799
- RESERVED
+CVE-2020-8799 (A Stored XSS vulnerability has been found in the administration page o ...)
+ TODO: check
CVE-2020-8798 (httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to cha ...)
NOT-FOR-US: Juplink
CVE-2020-8797 (Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to ...)
@@ -12090,8 +12105,8 @@ CVE-2020-8035
RESERVED
CVE-2020-8034
RESERVED
-CVE-2020-8033
- RESERVED
+CVE-2020-8033 (Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Nam ...)
+ TODO: check
CVE-2020-8032
RESERVED
CVE-2020-8031
@@ -12202,8 +12217,8 @@ CVE-2020-7985
RESERVED
CVE-2020-7984 (SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allow ...)
NOT-FOR-US: SolarWinds
-CVE-2020-7983
- RESERVED
+CVE-2020-7983 (A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows re ...)
+ TODO: check
CVE-2019-20432 (In the Lustre file system before 2.12.3, the mdt module has an out-of- ...)
- lustre <removed>
CVE-2019-20431 (In the Lustre file system before 2.12.3, the ptlrpc module has an osd_ ...)
@@ -17972,8 +17987,8 @@ CVE-2016-11017 (The application login page in AKIPS Network Monitor 15.37 throug
NOT-FOR-US: AKIPS Network Monitor
CVE-2020-5518
RESERVED
-CVE-2020-5517
- RESERVED
+CVE-2020-5517 (CSRF in the /login URI in BlueOnyx 5209R allows an attacker to access ...)
+ TODO: check
CVE-2020-5516
RESERVED
CVE-2020-5515 (Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. ...)
@@ -27950,14 +27965,14 @@ CVE-2020-1926
RESERVED
CVE-2020-1925 (Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperI ...)
NOT-FOR-US: Olingo
-CVE-2019-19517
- RESERVED
+CVE-2019-19517 (Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html for ...)
+ TODO: check
CVE-2019-19516 (Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp ...)
NOT-FOR-US: Intelbras WRN
-CVE-2019-19515
- RESERVED
-CVE-2019-19514
- RESERVED
+CVE-2019-19515 (Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in wireles ...)
+ TODO: check
+CVE-2019-19514 (Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in basic r ...)
+ TODO: check
CVE-2019-19513
RESERVED
CVE-2020-1924
@@ -28772,11 +28787,13 @@ CVE-2020-1742
CVE-2020-1741 (A flaw was found in openshift-ansible. OpenShift Container Platform (O ...)
NOT-FOR-US: openshift-ansible
CVE-2020-1740 (A flaw was found in Ansible Engine when using Ansible Vault for editin ...)
+ {DLA-2202-1}
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802193
NOTE: https://github.com/ansible/ansible/issues/67798
NOTE: https://github.com/ansible/ansible/pull/68644
CVE-2020-1739 (A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9 ...)
+ {DLA-2202-1}
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802178
NOTE: https://github.com/ansible/ansible/issues/67797
@@ -28813,6 +28830,7 @@ CVE-2020-1734 (A flaw was found in the pipe lookup plugin of ansible. Arbitrary
NOTE: Upstream considers this intended functionality and delegates it up to the
NOTE: playbook author to ensure they use the quote filter.
CVE-2020-1733 (A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2. ...)
+ {DLA-2202-1}
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801735
NOTE: https://github.com/ansible/ansible/issues/67791
@@ -45180,6 +45198,7 @@ CVE-2019-14847 (A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.
[jessie] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-14847.html
CVE-2019-14846 (Ansible, all ansible_engine-2.x versions and ansible_engine-3.x up to ...)
+ {DLA-2202-1}
- ansible 2.8.6+dfsg-1 (low; bug #942188)
[buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f55169c034a6da2d0ef0155bc4f86b8bd512d33
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f55169c034a6da2d0ef0155bc4f86b8bd512d33
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200505/6e6e62c8/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list