[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri May 8 09:10:31 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b2a5316e by security tracker role at 2020-05-08T08:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,21 +1,69 @@
-CVE-2020-12711
+CVE-2020-12735 (reset.php in DomainMOD 4.13.0 uses insufficient entropy for password r ...)
+ TODO: check
+CVE-2020-12734
RESERVED
-CVE-2020-12710
+CVE-2020-12733
RESERVED
-CVE-2020-12709
+CVE-2020-12732
RESERVED
-CVE-2020-12708 (Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...)
- NOT-FOR-US: PHP-Fusion
-CVE-2020-12707
+CVE-2020-12731
+ RESERVED
+CVE-2020-12730
+ RESERVED
+CVE-2020-12729
+ RESERVED
+CVE-2020-12728
+ RESERVED
+CVE-2020-12727
+ RESERVED
+CVE-2020-12726
+ RESERVED
+CVE-2020-12725
+ RESERVED
+CVE-2020-12724
+ RESERVED
+CVE-2020-12723
+ RESERVED
+CVE-2020-12722
+ RESERVED
+CVE-2020-12721
+ RESERVED
+CVE-2020-12720 (vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6 ...)
+ TODO: check
+CVE-2020-12719 (XXE during an EventPublisher update can occur in Management Console in ...)
+ TODO: check
+CVE-2020-12718 (In administration/comments.php in PHP-Fusion 9.03.50, an authenticated ...)
+ TODO: check
+CVE-2020-12717
RESERVED
-CVE-2020-12706
+CVE-2020-12716
RESERVED
-CVE-2020-12705
+CVE-2020-12715
RESERVED
-CVE-2020-12704
+CVE-2020-12714
RESERVED
-CVE-2020-12703
+CVE-2020-12713
RESERVED
+CVE-2020-12712
+ RESERVED
+CVE-2020-12711
+ RESERVED
+CVE-2020-12710
+ RESERVED
+CVE-2020-12709
+ RESERVED
+CVE-2020-12708 (Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2020-12707 (An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4 ...)
+ TODO: check
+CVE-2020-12706 (Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...)
+ TODO: check
+CVE-2020-12705 (Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS ...)
+ TODO: check
+CVE-2020-12704 (UliCMS before 2020.2 has PageController stored XSS. ...)
+ TODO: check
+CVE-2020-12703 (UliCMS before 2020.2 has XSS during PackageController uninstall. ...)
+ TODO: check
CVE-2020-12702
RESERVED
CVE-2020-12701
@@ -1380,8 +1428,8 @@ CVE-2020-12118 (The keygen protocol implementation in Binance tss-lib before 1.2
NOT-FOR-US: Binance tss-lib
CVE-2020-12117 (Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allo ...)
NOT-FOR-US: Moxa
-CVE-2020-12116
- RESERVED
+CVE-2020-12116 (Zoho ManageEngine OpManager Stable build before 124196 and Released bu ...)
+ TODO: check
CVE-2020-12115
RESERVED
CVE-2020-12114 (A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4. ...)
@@ -4981,36 +5029,33 @@ CVE-2020-11058
RESERVED
CVE-2020-11057
RESERVED
-CVE-2020-11056
- RESERVED
-CVE-2020-11055
- RESERVED
-CVE-2020-11054
- RESERVED
-CVE-2020-11053
- RESERVED
-CVE-2020-11052
- RESERVED
+CVE-2020-11056 (In Sprout Forms before 3.9.0, there is a potential Server-Side Templat ...)
+ TODO: check
+CVE-2020-11055 (In BookStack greater than or equal to 0.18.0 and less than 0.29.2, the ...)
+ TODO: check
+CVE-2020-11054 (In qutebrowser versions less than 1.11.1, reloading a page with certif ...)
+ TODO: check
+CVE-2020-11053 (In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. ...)
+ TODO: check
+CVE-2020-11052 (In Sorcery before 0.15.0, there is a brute force vulnerability when us ...)
+ TODO: check
CVE-2020-11051 (In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor ...)
NOT-FOR-US: Wiki.js
-CVE-2020-11050
- RESERVED
-CVE-2020-11049
- RESERVED
+CVE-2020-11050 (In Java-WebSocket less than or equal to 1.4.1, there is an Improper Va ...)
+ TODO: check
+CVE-2020-11049 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read o ...)
- freerdp2 <unfixed>
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr
NOTE: Fixed with: https://github.com/FreeRDP/FreeRDP/pull/6019
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6008
-CVE-2020-11048
- RESERVED
+CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. ...)
- freerdp2 <unfixed>
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6007
-CVE-2020-11047
- RESERVED
+CVE-2020-11047 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read ...)
- freerdp2 <unfixed>
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw
@@ -5422,8 +5467,8 @@ CVE-2020-10918
RESERVED
CVE-2020-10917
RESERVED
-CVE-2020-10916
- RESERVED
+CVE-2020-10916 (This vulnerability allows network-adjacent attackers to escalate privi ...)
+ TODO: check
CVE-2020-10915 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: VEEAM One Agent
CVE-2020-10914 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -5935,10 +5980,10 @@ CVE-2020-10797 (An XSS vulnerability resides in the hostname field of the diag_p
NOT-FOR-US: pfSense
CVE-2020-10796
RESERVED
-CVE-2020-10795
- RESERVED
-CVE-2020-10794
- RESERVED
+CVE-2020-10795 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code ...)
+ TODO: check
+CVE-2020-10794 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path trav ...)
+ TODO: check
CVE-2020-10793 (** DISPUTED ** CodeIgniter through 4.0.0 allows remote attackers to ga ...)
- codeigniter <itp> (bug #471583)
CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to configure the s ...)
@@ -7442,8 +7487,8 @@ CVE-2020-10178
REJECTED
CVE-2020-10177
RESERVED
-CVE-2020-10176
- RESERVED
+CVE-2020-10176 (ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow E ...)
+ TODO: check
CVE-2020-10175
REJECTED
CVE-2020-10174 (init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely ...)
@@ -8979,10 +9024,10 @@ CVE-2020-9477 (An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices.
NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices
CVE-2020-9476 (ARRIS TG1692A devices allow remote attackers to discover the administr ...)
NOT-FOR-US: ARRIS TG1692A devices
-CVE-2020-9475
- RESERVED
-CVE-2020-9474
- RESERVED
+CVE-2020-9475 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows ...)
+ TODO: check
+CVE-2020-9474 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows ...)
+ TODO: check
CVE-2020-9473
REJECTED
CVE-2020-9472 (Umbraco CMS 8.5.3 allows an authenticated file upload (and consequentl ...)
@@ -21063,14 +21108,14 @@ CVE-2020-4432
RESERVED
CVE-2020-4431
RESERVED
-CVE-2020-4430
- RESERVED
-CVE-2020-4429
- RESERVED
-CVE-2020-4428
- RESERVED
-CVE-2020-4427
- RESERVED
+CVE-2020-4430 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 cou ...)
+ TODO: check
+CVE-2020-4429 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 con ...)
+ TODO: check
+CVE-2020-4428 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 cou ...)
+ TODO: check
+CVE-2020-4427 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 cou ...)
+ TODO: check
CVE-2020-4426
RESERVED
CVE-2020-4425
@@ -227366,8 +227411,8 @@ CVE-2015-7948
REJECTED
CVE-2015-7947
REJECTED
-CVE-2015-7946
- RESERVED
+CVE-2015-7946 (Information Exposure vulnerability in Unity8 as used on the Ubuntu pho ...)
+ TODO: check
CVE-2015-7945 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti befo ...)
{DSA-3431-1}
- ganeti 2.15.2-1 (bug #809538)
@@ -272543,8 +272588,8 @@ CVE-2014-1424 (apparmor_parser in the apparmor package before 2.8.95~2430-0ubunt
NOTE: of AppArmor 2.9.0) is not affected. The closest version to the
NOTE: affected one that we ever had in Debian (2.8.96~2652) did not
NOTE: include the faulty patch.
-CVE-2014-1423
- RESERVED
+CVE-2014-1423 (signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch ...)
+ TODO: check
CVE-2014-1422
RESERVED
CVE-2014-1421 (mountall 1.54, as used in Ubuntu 14.10, does not properly handle the u ...)
@@ -309855,10 +309900,10 @@ CVE-2012-0955
CVE-2012-0954 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-ke ...)
- apt 0.7.25 (unimportant)
NOTE: net-update is not enabled by default in Debian
-CVE-2012-0953
- RESERVED
-CVE-2012-0952
- RESERVED
+CVE-2012-0953 (A race condition was discovered in the Linux drivers for Nvidia graphi ...)
+ TODO: check
+CVE-2012-0952 (A heap buffer overflow was discovered in the device control ioctl in t ...)
+ TODO: check
CVE-2012-0951 (A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29 ...)
- nvidia-graphics-drivers 295.53-1
CVE-2012-0950 (The Apport hook (DistUpgradeApport.py) in Update Manager, as used by U ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2a5316ec5d1cdb28c5200a900bb6b7ebd1753c2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2a5316ec5d1cdb28c5200a900bb6b7ebd1753c2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200508/f64a9df1/attachment.html>
More information about the debian-security-tracker-commits
mailing list