[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu May 7 21:10:24 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
01b7baf1 by security tracker role at 2020-05-07T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2020-12711
+ RESERVED
+CVE-2020-12710
+ RESERVED
+CVE-2020-12709
+ RESERVED
+CVE-2020-12708 (Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...)
+ TODO: check
+CVE-2020-12707
+ RESERVED
+CVE-2020-12706
+ RESERVED
+CVE-2020-12705
+ RESERVED
+CVE-2020-12704
+ RESERVED
+CVE-2020-12703
+ RESERVED
+CVE-2020-12702
+ RESERVED
+CVE-2020-12701
+ RESERVED
+CVE-2020-12700
+ RESERVED
+CVE-2020-12699
+ RESERVED
+CVE-2020-12698
+ RESERVED
+CVE-2020-12697
+ RESERVED
CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a URL. ...)
NOT-FOR-US: iframe plugin for WordPress
CVE-2020-12695
@@ -8,27 +38,26 @@ CVE-2020-12693
RESERVED
CVE-2020-12688
RESERVED
-CVE-2020-12687
- RESERVED
+CVE-2020-12687 (An issue was discovered in Serpico before 1.3.3. The /admin/attacments ...)
+ TODO: check
CVE-2020-12686
RESERVED
CVE-2020-12685
RESERVED
CVE-2020-12684
RESERVED
-CVE-2020-12683
- RESERVED
+CVE-2020-12683 (Katyshop2 before 2.12 has multiple stored XSS issues. ...)
+ TODO: check
CVE-2020-12682
RESERVED
CVE-2020-12681
RESERVED
CVE-2020-12680
RESERVED
-CVE-2020-12679
- RESERVED
+CVE-2020-12679 (A reflected cross-site scripting (XSS) vulnerability in the Mitel Shor ...)
+ TODO: check
CVE-2020-12678
REJECTED
- TODO: check
CVE-2020-12677
RESERVED
CVE-2020-12676
@@ -209,8 +238,8 @@ CVE-2020-12610
RESERVED
CVE-2020-12609
RESERVED
-CVE-2020-12608
- RESERVED
+CVE-2020-12608 (An issue was discovered in SolarWinds MSP PME (Patch Management Engine ...)
+ TODO: check
CVE-2020-12607
RESERVED
CVE-2020-12606
@@ -551,8 +580,8 @@ CVE-2020-12450
RESERVED
CVE-2020-12449
RESERVED
-CVE-2020-12448
- RESERVED
+CVE-2020-12448 (GitLab EE 12.8 and later allows Exposure of Sensitive Information to a ...)
+ TODO: check
CVE-2020-12447 (A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-000 ...)
NOT-FOR-US: Onkyo
CVE-2020-12446 (The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00. ...)
@@ -1367,6 +1396,7 @@ CVE-2020-12110 (Certain TP-Link devices have a Hardcoded Encryption Key. This af
CVE-2020-12109 (Certain TP-Link devices allow Command Injection. This affects NC200 2. ...)
NOT-FOR-US: TP-Link
CVE-2020-12108 (/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content ...)
+ {DLA-2204-1}
- mailman <removed>
NOTE: https://bugs.launchpad.net/mailman/+bug/1873722
CVE-2020-12107
@@ -3362,12 +3392,12 @@ CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x
NOTE: https://varnish-cache.org/security/VSV00005.html#vsv00005
NOTE: https://github.com/varnishcache/varnish-cache/commit/2d8fc1a784a1e26d78c30174923a2b14ee2ebf62
CVE-2020-11652 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...)
- {DSA-4676-1}
+ {DSA-4676-2 DSA-4676-1}
- salt 3000.2+dfsg1-1 (bug #959684)
NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
NOTE: Fixed by: https://github.com/saltstack/salt/commit/cce7abad9c22d9d50ccee2813acabff8deca35dd
CVE-2020-11651 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...)
- {DSA-4676-1}
+ {DSA-4676-2 DSA-4676-1}
- salt 3000.2+dfsg1-1 (bug #959684)
NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
NOTE: Fixed by: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7
@@ -4154,8 +4184,8 @@ CVE-2020-11433
RESERVED
CVE-2020-11432
RESERVED
-CVE-2020-11431
- RESERVED
+CVE-2020-11431 (The documentation component in i-net Clear Reports 16.0 to 19.2, HelpD ...)
+ TODO: check
CVE-2020-11430
RESERVED
CVE-2020-11429
@@ -4964,16 +4994,16 @@ CVE-2020-11048
RESERVED
CVE-2020-11047
RESERVED
-CVE-2020-11046
- RESERVED
-CVE-2020-11045
- RESERVED
-CVE-2020-11044
- RESERVED
+CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds ...)
+ TODO: check
+CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read i ...)
+ TODO: check
+CVE-2020-11044 (In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_ ...)
+ TODO: check
CVE-2020-11043
RESERVED
-CVE-2020-11042
- RESERVED
+CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bound ...)
+ TODO: check
CVE-2020-11041
RESERVED
CVE-2020-11040
@@ -5179,14 +5209,14 @@ CVE-2020-10975 (GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vu
[experimental] - gitlab 12.8.8-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
-CVE-2020-10974
- RESERVED
-CVE-2020-10973
- RESERVED
-CVE-2020-10972
- RESERVED
-CVE-2020-10971
- RESERVED
+CVE-2020-10974 (An issue was discovered on Wavlink WL-WN579G3 - M79X3.V5030.180719 and ...)
+ TODO: check
+CVE-2020-10973 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...)
+ TODO: check
+CVE-2020-10972 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...)
+ TODO: check
+CVE-2020-10971 (An issue was discovered on Wavlink WL-WN579G3 M79X3.V5030.180719, WL-W ...)
+ TODO: check
CVE-2020-10970
RESERVED
CVE-2020-10969 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
@@ -10093,10 +10123,10 @@ CVE-2020-8985 (ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via th
NOT-FOR-US: ZendTo
CVE-2020-8984 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address s ...)
NOT-FOR-US: ZendTo
-CVE-2020-8983
- RESERVED
-CVE-2020-8982
- RESERVED
+CVE-2020-8983 (In certain situations, all versions of Citrix ShareFile StorageZones ( ...)
+ TODO: check
+CVE-2020-8982 (In certain situations, all versions of Citrix ShareFile StorageZones ( ...)
+ TODO: check
CVE-2020-8981 (A cross-site scripting (XSS) vulnerability was discovered in the Sourc ...)
NOT-FOR-US: Source Integration plugin for MantisBT
CVE-2020-8980
@@ -12880,12 +12910,12 @@ CVE-2020-7807
RESERVED
CVE-2020-7806 (Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary cod ...)
NOT-FOR-US: Tobesoft Xplatform
-CVE-2020-7805
- RESERVED
+CVE-2020-7805 (An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) an ...)
+ TODO: check
CVE-2020-7804 (ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, ...)
NOT-FOR-US: Handy Groupware
-CVE-2020-7803
- RESERVED
+CVE-2020-7803 (IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, versio ...)
+ TODO: check
CVE-2020-7802 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...)
NOT-FOR-US: Synergy Systems & Solutions (SSS)
CVE-2020-7801 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...)
@@ -13198,8 +13228,8 @@ CVE-2020-7648
RESERVED
CVE-2020-7647
RESERVED
-CVE-2020-7646
- RESERVED
+CVE-2020-7646 (curlrequest through 1.0.1 allows execution of arbitrary commands.It is ...)
+ TODO: check
CVE-2020-7645 (All versions of chrome-launcher allow execution of arbitrary commands, ...)
NOT-FOR-US: Node chrome-launcher
CVE-2020-7644 (fun-map through 3.3.1 is vulnerable to Prototype Pollution. The functi ...)
@@ -13563,8 +13593,8 @@ CVE-2020-7475 (A CWE-74: Improper Neutralization of Special Elements in Output U
NOT-FOR-US: EcoStruxure Control Expert
CVE-2020-7474 (A CWE-427: Uncontrolled Search Path Element vulnerability exists in Pr ...)
NOT-FOR-US: ProSoft Configurator
-CVE-2020-7473
- RESERVED
+CVE-2020-7473 (In certain situations, all versions of Citrix ShareFile StorageZones ( ...)
+ TODO: check
CVE-2020-7472
RESERVED
CVE-2019-20390
@@ -15579,10 +15609,10 @@ CVE-2020-6654
RESERVED
CVE-2020-6653
RESERVED
-CVE-2020-6652
- RESERVED
-CVE-2020-6651
- RESERVED
+CVE-2020-6652 (Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Po ...)
+ TODO: check
+CVE-2020-6651 (Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v ...)
+ TODO: check
CVE-2020-6650 (UPS companion software v1.05 & Prior is affected by ‘Eval In ...)
NOT-FOR-US: UPS companion software
CVE-2020-6649
@@ -16943,8 +16973,8 @@ CVE-2020-6083
RESERVED
CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the ico_rea ...)
NOT-FOR-US: Accusoft
-CVE-2020-6081
- RESERVED
+CVE-2020-6081 (An exploitable code execution vulnerability exists in the PLC_Task fun ...)
+ TODO: check
CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the resource ...)
{DSA-4671-1}
- libmicrodns <removed>
@@ -17378,10 +17408,10 @@ CVE-2020-5897
RESERVED
CVE-2020-5896
RESERVED
-CVE-2020-5895
- RESERVED
-CVE-2020-5894
- RESERVED
+CVE-2020-5895 (On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and ...)
+ TODO: check
+CVE-2020-5894 (On versions 3.0.0-3.3.0, the NGINX Controller webserver does not inval ...)
+ TODO: check
CVE-2020-5893 (In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Ed ...)
NOT-FOR-US: F5 BIG-IP
CVE-2020-5892 (In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP A ...)
@@ -17666,24 +17696,24 @@ CVE-2020-5753
RESERVED
CVE-2020-5752
RESERVED
-CVE-2020-5751
- RESERVED
-CVE-2020-5750
- RESERVED
-CVE-2020-5749
- RESERVED
-CVE-2020-5748
- RESERVED
-CVE-2020-5747
- RESERVED
-CVE-2020-5746
- RESERVED
-CVE-2020-5745
- RESERVED
-CVE-2020-5744
- RESERVED
-CVE-2020-5743
- RESERVED
+CVE-2020-5751 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
+ TODO: check
+CVE-2020-5750 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, una ...)
+ TODO: check
+CVE-2020-5749 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
+ TODO: check
+CVE-2020-5748 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, una ...)
+ TODO: check
+CVE-2020-5747 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
+ TODO: check
+CVE-2020-5746 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
+ TODO: check
+CVE-2020-5745 (Cross-site request forgery in TCExam 14.2.2 allows a remote attacker t ...)
+ TODO: check
+CVE-2020-5744 (Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticate ...)
+ TODO: check
+CVE-2020-5743 (Improper Control of Resource Identifiers in TCExam 14.2.2 allows a rem ...)
+ TODO: check
CVE-2020-5742
RESERVED
CVE-2020-5741
@@ -22757,24 +22787,28 @@ CVE-2020-3904 (Multiple memory corruption issues were addressed with improved st
CVE-2020-3903 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2020-3902 (An input validation issue was addressed with improved input validation ...)
+ {DSA-4681-1}
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.0-1
NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3901 (A type confusion issue was addressed with improved memory handling. Th ...)
+ {DSA-4681-1}
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.0-1
NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3900 (A memory corruption issue was addressed with improved memory handling. ...)
+ {DSA-4681-1}
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.0-1
NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3899 (A memory consumption issue was addressed with improved memory handling ...)
+ {DSA-4681-1}
- webkit2gtk 2.28.2-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -22790,6 +22824,7 @@ CVE-2020-3898 [heap based buffer overflow in libcups's ppdFindOption() in ppd-ma
NOTE: https://src.fedoraproject.org/rpms/cups/blob/c1920d09b842bd2d0611559d00d595abd8aa2424/f/cups-ppdopen-heap-overflow.patch
NOTE: https://github.com/apple/cups/commit/82e3ee0e3230287b76a76fb8f16b92ca6e50b444 (cups/ppd.c, ppdc/ppdc-source.cxx)
CVE-2020-3897 (A type confusion issue was addressed with improved memory handling. Th ...)
+ {DSA-4681-1}
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -22798,12 +22833,14 @@ CVE-2020-3897 (A type confusion issue was addressed with improved memory handlin
CVE-2020-3896
RESERVED
CVE-2020-3895 (A memory corruption issue was addressed with improved memory handling. ...)
+ {DSA-4681-1}
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.0-1
NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3894 (A race condition was addressed with additional validation. This issue ...)
+ {DSA-4681-1}
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -22826,6 +22863,7 @@ CVE-2020-3887 (A logic issue was addressed with improved restrictions. This issu
CVE-2020-3886
RESERVED
CVE-2020-3885 (A logic issue was addressed with improved restrictions. This issue is ...)
+ {DSA-4681-1}
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -29706,8 +29744,8 @@ CVE-2019-19166 (Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerabi
TODO: check
CVE-2019-19165 (AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability ...)
NOT-FOR-US: Inogard Ebiz4u
-CVE-2019-19164
- RESERVED
+CVE-2019-19164 (dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versio ...)
+ TODO: check
CVE-2019-19163
RESERVED
CVE-2019-19162
@@ -30517,24 +30555,24 @@ CVE-2019-18874 (psutil (aka python-psutil) through 5.6.5 can have a double free.
NOTE: https://github.com/giampaolo/psutil/pull/1616
CVE-2019-18873 (FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP hea ...)
NOT-FOR-US: FUDForum
-CVE-2019-18872
- RESERVED
-CVE-2019-18871
- RESERVED
-CVE-2019-18870
- RESERVED
-CVE-2019-18869
- RESERVED
-CVE-2019-18868
- RESERVED
-CVE-2019-18867
- RESERVED
-CVE-2019-18866
- RESERVED
-CVE-2019-18865
- RESERVED
-CVE-2019-18864
- RESERVED
+CVE-2019-18872 (Weak password requirements in Blaauw Remote Kiln Control through v3.00 ...)
+ TODO: check
+CVE-2019-18871 (A path traversal in debug.php accessed via default.php in Blaauw Remot ...)
+ TODO: check
+CVE-2019-18870 (A path traversal via the iniFile parameter in excel.php in Blaauw Remo ...)
+ TODO: check
+CVE-2019-18869 (Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allo ...)
+ TODO: check
+CVE-2019-18868 (Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated a ...)
+ TODO: check
+CVE-2019-18867 (Browsable directories in Blaauw Remote Kiln Control through v3.00r4 al ...)
+ TODO: check
+CVE-2019-18866 (Unauthenticated SQL injection via the username in the login mechanism ...)
+ TODO: check
+CVE-2019-18865 (Information disclosure via error message discrepancies in authenticati ...)
+ TODO: check
+CVE-2019-18864 (/server-info and /server-status in Blaauw Remote Kiln Control through ...)
+ TODO: check
CVE-2019-18863 (A key length vulnerability in the implementation of the SRTP 128-bit k ...)
NOT-FOR-US: Mitel
CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and allows loca ...)
@@ -127615,8 +127653,8 @@ CVE-2018-5495 (All StorageGRID Webscale versions are susceptible to a vulnerabil
NOT-FOR-US: NetApp
CVE-2018-5494
RESERVED
-CVE-2018-5493
- RESERVED
+CVE-2018-5493 (ATTO FibreBridge 7500N firmware versions prior to 2.90 are susceptible ...)
+ TODO: check
CVE-2018-5492 (NetApp E-Series SANtricity OS Controller Software 11.30 and later vers ...)
NOT-FOR-US: NetApp
CVE-2018-5491
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01b7baf17a12756d3ed341030f3c8a332920faa9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01b7baf17a12756d3ed341030f3c8a332920faa9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200507/808553ff/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list