[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri May 8 09:10:31 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b2a5316e by security tracker role at 2020-05-08T08:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,21 +1,69 @@
-CVE-2020-12711
+CVE-2020-12735 (reset.php in DomainMOD 4.13.0 uses insufficient entropy for password r ...)
+	TODO: check
+CVE-2020-12734
 	RESERVED
-CVE-2020-12710
+CVE-2020-12733
 	RESERVED
-CVE-2020-12709
+CVE-2020-12732
 	RESERVED
-CVE-2020-12708 (Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...)
-	NOT-FOR-US: PHP-Fusion
-CVE-2020-12707
+CVE-2020-12731
+	RESERVED
+CVE-2020-12730
+	RESERVED
+CVE-2020-12729
+	RESERVED
+CVE-2020-12728
+	RESERVED
+CVE-2020-12727
+	RESERVED
+CVE-2020-12726
+	RESERVED
+CVE-2020-12725
+	RESERVED
+CVE-2020-12724
+	RESERVED
+CVE-2020-12723
+	RESERVED
+CVE-2020-12722
+	RESERVED
+CVE-2020-12721
+	RESERVED
+CVE-2020-12720 (vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6 ...)
+	TODO: check
+CVE-2020-12719 (XXE during an EventPublisher update can occur in Management Console in ...)
+	TODO: check
+CVE-2020-12718 (In administration/comments.php in PHP-Fusion 9.03.50, an authenticated ...)
+	TODO: check
+CVE-2020-12717
 	RESERVED
-CVE-2020-12706
+CVE-2020-12716
 	RESERVED
-CVE-2020-12705
+CVE-2020-12715
 	RESERVED
-CVE-2020-12704
+CVE-2020-12714
 	RESERVED
-CVE-2020-12703
+CVE-2020-12713
 	RESERVED
+CVE-2020-12712
+	RESERVED
+CVE-2020-12711
+	RESERVED
+CVE-2020-12710
+	RESERVED
+CVE-2020-12709
+	RESERVED
+CVE-2020-12708 (Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...)
+	NOT-FOR-US: PHP-Fusion
+CVE-2020-12707 (An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4 ...)
+	TODO: check
+CVE-2020-12706 (Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...)
+	TODO: check
+CVE-2020-12705 (Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS ...)
+	TODO: check
+CVE-2020-12704 (UliCMS before 2020.2 has PageController stored XSS. ...)
+	TODO: check
+CVE-2020-12703 (UliCMS before 2020.2 has XSS during PackageController uninstall. ...)
+	TODO: check
 CVE-2020-12702
 	RESERVED
 CVE-2020-12701
@@ -1380,8 +1428,8 @@ CVE-2020-12118 (The keygen protocol implementation in Binance tss-lib before 1.2
 	NOT-FOR-US: Binance tss-lib
 CVE-2020-12117 (Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allo ...)
 	NOT-FOR-US: Moxa
-CVE-2020-12116
-	RESERVED
+CVE-2020-12116 (Zoho ManageEngine OpManager Stable build before 124196 and Released bu ...)
+	TODO: check
 CVE-2020-12115
 	RESERVED
 CVE-2020-12114 (A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4. ...)
@@ -4981,36 +5029,33 @@ CVE-2020-11058
 	RESERVED
 CVE-2020-11057
 	RESERVED
-CVE-2020-11056
-	RESERVED
-CVE-2020-11055
-	RESERVED
-CVE-2020-11054
-	RESERVED
-CVE-2020-11053
-	RESERVED
-CVE-2020-11052
-	RESERVED
+CVE-2020-11056 (In Sprout Forms before 3.9.0, there is a potential Server-Side Templat ...)
+	TODO: check
+CVE-2020-11055 (In BookStack greater than or equal to 0.18.0 and less than 0.29.2, the ...)
+	TODO: check
+CVE-2020-11054 (In qutebrowser versions less than 1.11.1, reloading a page with certif ...)
+	TODO: check
+CVE-2020-11053 (In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. ...)
+	TODO: check
+CVE-2020-11052 (In Sorcery before 0.15.0, there is a brute force vulnerability when us ...)
+	TODO: check
 CVE-2020-11051 (In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor ...)
 	NOT-FOR-US: Wiki.js
-CVE-2020-11050
-	RESERVED
-CVE-2020-11049
-	RESERVED
+CVE-2020-11050 (In Java-WebSocket less than or equal to 1.4.1, there is an Improper Va ...)
+	TODO: check
+CVE-2020-11049 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read o ...)
 	- freerdp2 <unfixed>
 	- freerdp <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr
 	NOTE: Fixed with: https://github.com/FreeRDP/FreeRDP/pull/6019
 	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6008
-CVE-2020-11048
-	RESERVED
+CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. ...)
 	- freerdp2 <unfixed>
 	- freerdp <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b
 	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6007
-CVE-2020-11047
-	RESERVED
+CVE-2020-11047 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read  ...)
 	- freerdp2 <unfixed>
 	- freerdp <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw
@@ -5422,8 +5467,8 @@ CVE-2020-10918
 	RESERVED
 CVE-2020-10917
 	RESERVED
-CVE-2020-10916
-	RESERVED
+CVE-2020-10916 (This vulnerability allows network-adjacent attackers to escalate privi ...)
+	TODO: check
 CVE-2020-10915 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: VEEAM One Agent
 CVE-2020-10914 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -5935,10 +5980,10 @@ CVE-2020-10797 (An XSS vulnerability resides in the hostname field of the diag_p
 	NOT-FOR-US: pfSense
 CVE-2020-10796
 	RESERVED
-CVE-2020-10795
-	RESERVED
-CVE-2020-10794
-	RESERVED
+CVE-2020-10795 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code ...)
+	TODO: check
+CVE-2020-10794 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path trav ...)
+	TODO: check
 CVE-2020-10793 (** DISPUTED ** CodeIgniter through 4.0.0 allows remote attackers to ga ...)
 	- codeigniter <itp> (bug #471583)
 CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to configure the s ...)
@@ -7442,8 +7487,8 @@ CVE-2020-10178
 	REJECTED
 CVE-2020-10177
 	RESERVED
-CVE-2020-10176
-	RESERVED
+CVE-2020-10176 (ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow E ...)
+	TODO: check
 CVE-2020-10175
 	REJECTED
 CVE-2020-10174 (init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely  ...)
@@ -8979,10 +9024,10 @@ CVE-2020-9477 (An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices.
 	NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices
 CVE-2020-9476 (ARRIS TG1692A devices allow remote attackers to discover the administr ...)
 	NOT-FOR-US: ARRIS TG1692A devices
-CVE-2020-9475
-	RESERVED
-CVE-2020-9474
-	RESERVED
+CVE-2020-9475 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows  ...)
+	TODO: check
+CVE-2020-9474 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows  ...)
+	TODO: check
 CVE-2020-9473
 	REJECTED
 CVE-2020-9472 (Umbraco CMS 8.5.3 allows an authenticated file upload (and consequentl ...)
@@ -21063,14 +21108,14 @@ CVE-2020-4432
 	RESERVED
 CVE-2020-4431
 	RESERVED
-CVE-2020-4430
-	RESERVED
-CVE-2020-4429
-	RESERVED
-CVE-2020-4428
-	RESERVED
-CVE-2020-4427
-	RESERVED
+CVE-2020-4430 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 cou ...)
+	TODO: check
+CVE-2020-4429 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 con ...)
+	TODO: check
+CVE-2020-4428 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 cou ...)
+	TODO: check
+CVE-2020-4427 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 cou ...)
+	TODO: check
 CVE-2020-4426
 	RESERVED
 CVE-2020-4425
@@ -227366,8 +227411,8 @@ CVE-2015-7948
 	REJECTED
 CVE-2015-7947
 	REJECTED
-CVE-2015-7946
-	RESERVED
+CVE-2015-7946 (Information Exposure vulnerability in Unity8 as used on the Ubuntu pho ...)
+	TODO: check
 CVE-2015-7945 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti befo ...)
 	{DSA-3431-1}
 	- ganeti 2.15.2-1 (bug #809538)
@@ -272543,8 +272588,8 @@ CVE-2014-1424 (apparmor_parser in the apparmor package before 2.8.95~2430-0ubunt
 	NOTE: of AppArmor 2.9.0) is not affected. The closest version to the
 	NOTE: affected one that we ever had in Debian (2.8.96~2652) did not
 	NOTE: include the faulty patch.
-CVE-2014-1423
-	RESERVED
+CVE-2014-1423 (signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch ...)
+	TODO: check
 CVE-2014-1422
 	RESERVED
 CVE-2014-1421 (mountall 1.54, as used in Ubuntu 14.10, does not properly handle the u ...)
@@ -309855,10 +309900,10 @@ CVE-2012-0955
 CVE-2012-0954 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-ke ...)
 	- apt 0.7.25 (unimportant)
 	NOTE: net-update is not enabled by default in Debian
-CVE-2012-0953
-	RESERVED
-CVE-2012-0952
-	RESERVED
+CVE-2012-0953 (A race condition was discovered in the Linux drivers for Nvidia graphi ...)
+	TODO: check
+CVE-2012-0952 (A heap buffer overflow was discovered in the device control ioctl in t ...)
+	TODO: check
 CVE-2012-0951 (A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29 ...)
 	- nvidia-graphics-drivers 295.53-1
 CVE-2012-0950 (The Apport hook (DistUpgradeApport.py) in Update Manager, as used by U ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2a5316ec5d1cdb28c5200a900bb6b7ebd1753c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2a5316ec5d1cdb28c5200a900bb6b7ebd1753c2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200508/f64a9df1/attachment.html>


More information about the debian-security-tracker-commits mailing list