[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu May 7 21:10:24 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
01b7baf1 by security tracker role at 2020-05-07T20:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2020-12711
+	RESERVED
+CVE-2020-12710
+	RESERVED
+CVE-2020-12709
+	RESERVED
+CVE-2020-12708 (Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...)
+	TODO: check
+CVE-2020-12707
+	RESERVED
+CVE-2020-12706
+	RESERVED
+CVE-2020-12705
+	RESERVED
+CVE-2020-12704
+	RESERVED
+CVE-2020-12703
+	RESERVED
+CVE-2020-12702
+	RESERVED
+CVE-2020-12701
+	RESERVED
+CVE-2020-12700
+	RESERVED
+CVE-2020-12699
+	RESERVED
+CVE-2020-12698
+	RESERVED
+CVE-2020-12697
+	RESERVED
 CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a URL. ...)
 	NOT-FOR-US: iframe plugin for WordPress
 CVE-2020-12695
@@ -8,27 +38,26 @@ CVE-2020-12693
 	RESERVED
 CVE-2020-12688
 	RESERVED
-CVE-2020-12687
-	RESERVED
+CVE-2020-12687 (An issue was discovered in Serpico before 1.3.3. The /admin/attacments ...)
+	TODO: check
 CVE-2020-12686
 	RESERVED
 CVE-2020-12685
 	RESERVED
 CVE-2020-12684
 	RESERVED
-CVE-2020-12683
-	RESERVED
+CVE-2020-12683 (Katyshop2 before 2.12 has multiple stored XSS issues. ...)
+	TODO: check
 CVE-2020-12682
 	RESERVED
 CVE-2020-12681
 	RESERVED
 CVE-2020-12680
 	RESERVED
-CVE-2020-12679
-	RESERVED
+CVE-2020-12679 (A reflected cross-site scripting (XSS) vulnerability in the Mitel Shor ...)
+	TODO: check
 CVE-2020-12678
 	REJECTED
-	TODO: check
 CVE-2020-12677
 	RESERVED
 CVE-2020-12676
@@ -209,8 +238,8 @@ CVE-2020-12610
 	RESERVED
 CVE-2020-12609
 	RESERVED
-CVE-2020-12608
-	RESERVED
+CVE-2020-12608 (An issue was discovered in SolarWinds MSP PME (Patch Management Engine ...)
+	TODO: check
 CVE-2020-12607
 	RESERVED
 CVE-2020-12606
@@ -551,8 +580,8 @@ CVE-2020-12450
 	RESERVED
 CVE-2020-12449
 	RESERVED
-CVE-2020-12448
-	RESERVED
+CVE-2020-12448 (GitLab EE 12.8 and later allows Exposure of Sensitive Information to a ...)
+	TODO: check
 CVE-2020-12447 (A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-000 ...)
 	NOT-FOR-US: Onkyo
 CVE-2020-12446 (The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00. ...)
@@ -1367,6 +1396,7 @@ CVE-2020-12110 (Certain TP-Link devices have a Hardcoded Encryption Key. This af
 CVE-2020-12109 (Certain TP-Link devices allow Command Injection. This affects NC200 2. ...)
 	NOT-FOR-US: TP-Link
 CVE-2020-12108 (/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content ...)
+	{DLA-2204-1}
 	- mailman <removed>
 	NOTE: https://bugs.launchpad.net/mailman/+bug/1873722
 CVE-2020-12107
@@ -3362,12 +3392,12 @@ CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x
 	NOTE: https://varnish-cache.org/security/VSV00005.html#vsv00005
 	NOTE: https://github.com/varnishcache/varnish-cache/commit/2d8fc1a784a1e26d78c30174923a2b14ee2ebf62
 CVE-2020-11652 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...)
-	{DSA-4676-1}
+	{DSA-4676-2 DSA-4676-1}
 	- salt 3000.2+dfsg1-1 (bug #959684)
 	NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
 	NOTE: Fixed by: https://github.com/saltstack/salt/commit/cce7abad9c22d9d50ccee2813acabff8deca35dd
 CVE-2020-11651 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...)
-	{DSA-4676-1}
+	{DSA-4676-2 DSA-4676-1}
 	- salt 3000.2+dfsg1-1 (bug #959684)
 	NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
 	NOTE: Fixed by: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7
@@ -4154,8 +4184,8 @@ CVE-2020-11433
 	RESERVED
 CVE-2020-11432
 	RESERVED
-CVE-2020-11431
-	RESERVED
+CVE-2020-11431 (The documentation component in i-net Clear Reports 16.0 to 19.2, HelpD ...)
+	TODO: check
 CVE-2020-11430
 	RESERVED
 CVE-2020-11429
@@ -4964,16 +4994,16 @@ CVE-2020-11048
 	RESERVED
 CVE-2020-11047
 	RESERVED
-CVE-2020-11046
-	RESERVED
-CVE-2020-11045
-	RESERVED
-CVE-2020-11044
-	RESERVED
+CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds ...)
+	TODO: check
+CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read i ...)
+	TODO: check
+CVE-2020-11044 (In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_ ...)
+	TODO: check
 CVE-2020-11043
 	RESERVED
-CVE-2020-11042
-	RESERVED
+CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bound ...)
+	TODO: check
 CVE-2020-11041
 	RESERVED
 CVE-2020-11040
@@ -5179,14 +5209,14 @@ CVE-2020-10975 (GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vu
 	[experimental] - gitlab 12.8.8-1
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
-CVE-2020-10974
-	RESERVED
-CVE-2020-10973
-	RESERVED
-CVE-2020-10972
-	RESERVED
-CVE-2020-10971
-	RESERVED
+CVE-2020-10974 (An issue was discovered on Wavlink WL-WN579G3 - M79X3.V5030.180719 and ...)
+	TODO: check
+CVE-2020-10973 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...)
+	TODO: check
+CVE-2020-10972 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...)
+	TODO: check
+CVE-2020-10971 (An issue was discovered on Wavlink WL-WN579G3 M79X3.V5030.180719, WL-W ...)
+	TODO: check
 CVE-2020-10970
 	RESERVED
 CVE-2020-10969 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
@@ -10093,10 +10123,10 @@ CVE-2020-8985 (ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via th
 	NOT-FOR-US: ZendTo
 CVE-2020-8984 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address s ...)
 	NOT-FOR-US: ZendTo
-CVE-2020-8983
-	RESERVED
-CVE-2020-8982
-	RESERVED
+CVE-2020-8983 (In certain situations, all versions of Citrix ShareFile StorageZones ( ...)
+	TODO: check
+CVE-2020-8982 (In certain situations, all versions of Citrix ShareFile StorageZones ( ...)
+	TODO: check
 CVE-2020-8981 (A cross-site scripting (XSS) vulnerability was discovered in the Sourc ...)
 	NOT-FOR-US: Source Integration plugin for MantisBT
 CVE-2020-8980
@@ -12880,12 +12910,12 @@ CVE-2020-7807
 	RESERVED
 CVE-2020-7806 (Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary cod ...)
 	NOT-FOR-US: Tobesoft Xplatform
-CVE-2020-7805
-	RESERVED
+CVE-2020-7805 (An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) an ...)
+	TODO: check
 CVE-2020-7804 (ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7,  ...)
 	NOT-FOR-US: Handy Groupware
-CVE-2020-7803
-	RESERVED
+CVE-2020-7803 (IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, versio ...)
+	TODO: check
 CVE-2020-7802 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...)
 	NOT-FOR-US: Synergy Systems & Solutions (SSS)
 CVE-2020-7801 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...)
@@ -13198,8 +13228,8 @@ CVE-2020-7648
 	RESERVED
 CVE-2020-7647
 	RESERVED
-CVE-2020-7646
-	RESERVED
+CVE-2020-7646 (curlrequest through 1.0.1 allows execution of arbitrary commands.It is ...)
+	TODO: check
 CVE-2020-7645 (All versions of chrome-launcher allow execution of arbitrary commands, ...)
 	NOT-FOR-US: Node chrome-launcher
 CVE-2020-7644 (fun-map through 3.3.1 is vulnerable to Prototype Pollution. The functi ...)
@@ -13563,8 +13593,8 @@ CVE-2020-7475 (A CWE-74: Improper Neutralization of Special Elements in Output U
 	NOT-FOR-US: EcoStruxure Control Expert
 CVE-2020-7474 (A CWE-427: Uncontrolled Search Path Element vulnerability exists in Pr ...)
 	NOT-FOR-US: ProSoft Configurator
-CVE-2020-7473
-	RESERVED
+CVE-2020-7473 (In certain situations, all versions of Citrix ShareFile StorageZones ( ...)
+	TODO: check
 CVE-2020-7472
 	RESERVED
 CVE-2019-20390
@@ -15579,10 +15609,10 @@ CVE-2020-6654
 	RESERVED
 CVE-2020-6653
 	RESERVED
-CVE-2020-6652
-	RESERVED
-CVE-2020-6651
-	RESERVED
+CVE-2020-6652 (Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Po ...)
+	TODO: check
+CVE-2020-6651 (Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v ...)
+	TODO: check
 CVE-2020-6650 (UPS companion software v1.05 & Prior is affected by ‘Eval In ...)
 	NOT-FOR-US: UPS companion software
 CVE-2020-6649
@@ -16943,8 +16973,8 @@ CVE-2020-6083
 	RESERVED
 CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the ico_rea ...)
 	NOT-FOR-US: Accusoft
-CVE-2020-6081
-	RESERVED
+CVE-2020-6081 (An exploitable code execution vulnerability exists in the PLC_Task fun ...)
+	TODO: check
 CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the resource  ...)
 	{DSA-4671-1}
 	- libmicrodns <removed>
@@ -17378,10 +17408,10 @@ CVE-2020-5897
 	RESERVED
 CVE-2020-5896
 	RESERVED
-CVE-2020-5895
-	RESERVED
-CVE-2020-5894
-	RESERVED
+CVE-2020-5895 (On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and ...)
+	TODO: check
+CVE-2020-5894 (On versions 3.0.0-3.3.0, the NGINX Controller webserver does not inval ...)
+	TODO: check
 CVE-2020-5893 (In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Ed ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2020-5892 (In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP A ...)
@@ -17666,24 +17696,24 @@ CVE-2020-5753
 	RESERVED
 CVE-2020-5752
 	RESERVED
-CVE-2020-5751
-	RESERVED
-CVE-2020-5750
-	RESERVED
-CVE-2020-5749
-	RESERVED
-CVE-2020-5748
-	RESERVED
-CVE-2020-5747
-	RESERVED
-CVE-2020-5746
-	RESERVED
-CVE-2020-5745
-	RESERVED
-CVE-2020-5744
-	RESERVED
-CVE-2020-5743
-	RESERVED
+CVE-2020-5751 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
+	TODO: check
+CVE-2020-5750 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, una ...)
+	TODO: check
+CVE-2020-5749 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
+	TODO: check
+CVE-2020-5748 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, una ...)
+	TODO: check
+CVE-2020-5747 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
+	TODO: check
+CVE-2020-5746 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
+	TODO: check
+CVE-2020-5745 (Cross-site request forgery in TCExam 14.2.2 allows a remote attacker t ...)
+	TODO: check
+CVE-2020-5744 (Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticate ...)
+	TODO: check
+CVE-2020-5743 (Improper Control of Resource Identifiers in TCExam 14.2.2 allows a rem ...)
+	TODO: check
 CVE-2020-5742
 	RESERVED
 CVE-2020-5741
@@ -22757,24 +22787,28 @@ CVE-2020-3904 (Multiple memory corruption issues were addressed with improved st
 CVE-2020-3903 (A memory corruption issue was addressed with improved memory handling. ...)
 	NOT-FOR-US: Apple
 CVE-2020-3902 (An input validation issue was addressed with improved input validation ...)
+	{DSA-4681-1}
 	- webkit2gtk 2.28.0-2
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
 	- wpewebkit 2.28.0-1
 	NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
 CVE-2020-3901 (A type confusion issue was addressed with improved memory handling. Th ...)
+	{DSA-4681-1}
 	- webkit2gtk 2.28.0-2
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
 	- wpewebkit 2.28.0-1
 	NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
 CVE-2020-3900 (A memory corruption issue was addressed with improved memory handling. ...)
+	{DSA-4681-1}
 	- webkit2gtk 2.28.0-2
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
 	- wpewebkit 2.28.0-1
 	NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
 CVE-2020-3899 (A memory consumption issue was addressed with improved memory handling ...)
+	{DSA-4681-1}
 	- webkit2gtk 2.28.2-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -22790,6 +22824,7 @@ CVE-2020-3898 [heap based buffer overflow in libcups's ppdFindOption() in ppd-ma
 	NOTE: https://src.fedoraproject.org/rpms/cups/blob/c1920d09b842bd2d0611559d00d595abd8aa2424/f/cups-ppdopen-heap-overflow.patch
 	NOTE: https://github.com/apple/cups/commit/82e3ee0e3230287b76a76fb8f16b92ca6e50b444 (cups/ppd.c, ppdc/ppdc-source.cxx)
 CVE-2020-3897 (A type confusion issue was addressed with improved memory handling. Th ...)
+	{DSA-4681-1}
 	- webkit2gtk 2.28.0-2
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -22798,12 +22833,14 @@ CVE-2020-3897 (A type confusion issue was addressed with improved memory handlin
 CVE-2020-3896
 	RESERVED
 CVE-2020-3895 (A memory corruption issue was addressed with improved memory handling. ...)
+	{DSA-4681-1}
 	- webkit2gtk 2.28.0-2
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
 	- wpewebkit 2.28.0-1
 	NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
 CVE-2020-3894 (A race condition was addressed with additional validation. This issue  ...)
+	{DSA-4681-1}
 	- webkit2gtk 2.28.0-2
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -22826,6 +22863,7 @@ CVE-2020-3887 (A logic issue was addressed with improved restrictions. This issu
 CVE-2020-3886
 	RESERVED
 CVE-2020-3885 (A logic issue was addressed with improved restrictions. This issue is  ...)
+	{DSA-4681-1}
 	- webkit2gtk 2.28.0-2
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -29706,8 +29744,8 @@ CVE-2019-19166 (Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerabi
 	TODO: check
 CVE-2019-19165 (AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability  ...)
 	NOT-FOR-US: Inogard Ebiz4u
-CVE-2019-19164
-	RESERVED
+CVE-2019-19164 (dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versio ...)
+	TODO: check
 CVE-2019-19163
 	RESERVED
 CVE-2019-19162
@@ -30517,24 +30555,24 @@ CVE-2019-18874 (psutil (aka python-psutil) through 5.6.5 can have a double free.
 	NOTE: https://github.com/giampaolo/psutil/pull/1616
 CVE-2019-18873 (FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP hea ...)
 	NOT-FOR-US: FUDForum
-CVE-2019-18872
-	RESERVED
-CVE-2019-18871
-	RESERVED
-CVE-2019-18870
-	RESERVED
-CVE-2019-18869
-	RESERVED
-CVE-2019-18868
-	RESERVED
-CVE-2019-18867
-	RESERVED
-CVE-2019-18866
-	RESERVED
-CVE-2019-18865
-	RESERVED
-CVE-2019-18864
-	RESERVED
+CVE-2019-18872 (Weak password requirements in Blaauw Remote Kiln Control through v3.00 ...)
+	TODO: check
+CVE-2019-18871 (A path traversal in debug.php accessed via default.php in Blaauw Remot ...)
+	TODO: check
+CVE-2019-18870 (A path traversal via the iniFile parameter in excel.php in Blaauw Remo ...)
+	TODO: check
+CVE-2019-18869 (Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allo ...)
+	TODO: check
+CVE-2019-18868 (Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated a ...)
+	TODO: check
+CVE-2019-18867 (Browsable directories in Blaauw Remote Kiln Control through v3.00r4 al ...)
+	TODO: check
+CVE-2019-18866 (Unauthenticated SQL injection via the username in the login mechanism  ...)
+	TODO: check
+CVE-2019-18865 (Information disclosure via error message discrepancies in authenticati ...)
+	TODO: check
+CVE-2019-18864 (/server-info and /server-status in Blaauw Remote Kiln Control through  ...)
+	TODO: check
 CVE-2019-18863 (A key length vulnerability in the implementation of the SRTP 128-bit k ...)
 	NOT-FOR-US: Mitel
 CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and allows loca ...)
@@ -127615,8 +127653,8 @@ CVE-2018-5495 (All StorageGRID Webscale versions are susceptible to a vulnerabil
 	NOT-FOR-US: NetApp
 CVE-2018-5494
 	RESERVED
-CVE-2018-5493
-	RESERVED
+CVE-2018-5493 (ATTO FibreBridge 7500N firmware versions prior to 2.90 are susceptible ...)
+	TODO: check
 CVE-2018-5492 (NetApp E-Series SANtricity OS Controller Software 11.30 and later vers ...)
 	NOT-FOR-US: NetApp
 CVE-2018-5491



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01b7baf17a12756d3ed341030f3c8a332920faa9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01b7baf17a12756d3ed341030f3c8a332920faa9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200507/808553ff/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list