[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon May 11 21:10:28 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7217e547 by security tracker role at 2020-05-11T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,38 @@
-CVE-2020-12783 [Out-of-bound buffer read leads to Authentication Bypass in Exim SPA authentication method]
+CVE-2020-12790 (In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMet ...)
+ TODO: check
+CVE-2020-12789
+ RESERVED
+CVE-2020-12788
+ RESERVED
+CVE-2020-12787
+ RESERVED
+CVE-2020-12786
+ RESERVED
+CVE-2020-12785 (cPanel before 86.0.14 allows attackers to obtain access to the current ...)
+ TODO: check
+CVE-2020-12784 (cPanel before 86.0.14 allows remote attackers to trigger a bandwidth s ...)
+ TODO: check
+CVE-2020-12782
+ RESERVED
+CVE-2020-12781
+ RESERVED
+CVE-2020-12780
+ RESERVED
+CVE-2020-12779
+ RESERVED
+CVE-2020-12778
+ RESERVED
+CVE-2020-12777
+ RESERVED
+CVE-2020-12776
+ RESERVED
+CVE-2020-12775
+ RESERVED
+CVE-2020-12774
+ RESERVED
+CVE-2020-12773
+ RESERVED
+CVE-2020-12783 (Exim through 4.93 has an out-of-bounds read in the SPA authenticator t ...)
- exim4 4.93-16
NOTE: https://bugs.exim.org/show_bug.cgi?id=2571
NOTE: https://git.exim.org/exim.git/commitdiff/57aa14b216432be381b6295c312065b2fd034f86
@@ -55,8 +89,8 @@ CVE-2020-12761 (modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer over
[stretch] - imlib2 <not-affected> (Vulnerable code introduced later)
[jessie] - imlib2 <not-affected> (Vulnerable code introduced later)
NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c95f938ff1effaf91729c050a0f1c8684da4dd63
-CVE-2020-12760
- RESERVED
+CVE-2020-12760 (An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian ...)
+ TODO: check
CVE-2020-12759
RESERVED
CVE-2020-12758
@@ -73,30 +107,30 @@ CVE-2020-12755 (fishProtocol::establishConnection in fish/fish.cpp in KDE kio-ex
CVE-2019-20794 (An issue was discovered in the Linux kernel 4.18 through 5.6.11 when u ...)
- linux <unfixed>
NOTE: https://sourceforge.net/p/fuse/mailman/message/36598753/
-CVE-2020-12754
- RESERVED
-CVE-2020-12753
- RESERVED
-CVE-2020-12752
- RESERVED
-CVE-2020-12751
- RESERVED
-CVE-2020-12750
- RESERVED
-CVE-2020-12749
- RESERVED
-CVE-2020-12748
- RESERVED
-CVE-2020-12747
- RESERVED
-CVE-2020-12746
- RESERVED
-CVE-2020-12745
- RESERVED
+CVE-2020-12754 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...)
+ TODO: check
+CVE-2020-12753 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...)
+ TODO: check
+CVE-2020-12752 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
+ TODO: check
+CVE-2020-12751 (An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), ...)
+ TODO: check
+CVE-2020-12750 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
+ TODO: check
+CVE-2020-12749 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...)
+ TODO: check
+CVE-2020-12748 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
+ TODO: check
+CVE-2020-12747 (An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos ...)
+ TODO: check
+CVE-2020-12746 (An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), ...)
+ TODO: check
+CVE-2020-12745 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
+ TODO: check
CVE-2020-12744
RESERVED
-CVE-2020-12743
- RESERVED
+CVE-2020-12743 (An issue was discovered in Gazie 7.32. A successful installation does ...)
+ TODO: check
CVE-2020-12742
RESERVED
CVE-2020-12741
@@ -323,7 +357,7 @@ CVE-2020-12652 (The __mptctl_ioctl function in drivers/message/fusion/mptctl.c i
CVE-2020-12651
RESERVED
CVE-2020-12650
- RESERVED
+ REJECTED
CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory tr ...)
NOT-FOR-US: Gurbalib
CVE-2020-12648
@@ -2737,14 +2771,14 @@ CVE-2020-11868 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an o
NOTE: https://gitlab.com/NTPsec/ntpsec/issues/651
CVE-2020-11867
RESERVED
-CVE-2020-11866
- RESERVED
-CVE-2020-11865
- RESERVED
-CVE-2020-11864
- RESERVED
-CVE-2020-11863
- RESERVED
+CVE-2020-11866 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-aft ...)
+ TODO: check
+CVE-2020-11865 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bo ...)
+ TODO: check
+CVE-2020-11864 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of ...)
+ TODO: check
+CVE-2020-11863 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of ...)
+ TODO: check
CVE-2019-20785 (An issue was discovered on LG mobile devices with Android OS 8.0 and 8 ...)
NOT-FOR-US: LG mobile devices
CVE-2019-20784 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
@@ -5040,8 +5074,8 @@ CVE-2020-11110
RESERVED
CVE-2020-11109
RESERVED
-CVE-2020-11108
- RESERVED
+CVE-2020-11108 (The Gravity updater in Pi-hole through 4.4 allows an authenticated adv ...)
+ TODO: check
CVE-2020-11107 (An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , ...)
NOT-FOR-US: XAMPP
CVE-2020-11106 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...)
@@ -6420,8 +6454,7 @@ CVE-2020-10687
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1785049
CVE-2020-10686 (A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in ...)
NOT-FOR-US: Keycloak
-CVE-2020-10685 [modules which use files encrypted with vault are not properly cleaned up]
- RESERVED
+CVE-2020-10685 (A flaw was found in Ansible Engine affecting Ansible Engine versions 2 ...)
- ansible <unfixed>
[jessie] - ansible <not-affected> (Vulnerable code introduced later, all decryption in-memory, no transparent file decryption)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814627
@@ -28279,7 +28312,7 @@ CVE-2020-1964 (It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.
CVE-2020-1963
RESERVED
CVE-2020-1962
- RESERVED
+ REJECTED
CVE-2020-1961 (Vulnerability to Server-Side Template Injection on Mail templates for ...)
NOT-FOR-US: Apache Syncope
CVE-2020-1960
@@ -28341,7 +28374,7 @@ CVE-2020-1940 (The optional initial password change and password expiration feat
CVE-2020-1939
RESERVED
CVE-2020-1938 (When using the Apache JServ Protocol (AJP), care must be taken when tr ...)
- {DSA-4680-1 DSA-4673-1 DLA-2133-1}
+ {DSA-4680-1 DSA-4673-1 DLA-2209-1 DLA-2133-1}
- tomcat9 9.0.31-1 (bug #952437)
- tomcat8 <removed> (bug #952438)
- tomcat7 <removed> (bug #952436)
@@ -28367,7 +28400,7 @@ CVE-2020-1937 (Kylin has some restful apis which will concatenate SQLs with the
CVE-2020-1936
RESERVED
CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0. ...)
- {DSA-4680-1 DSA-4673-1 DLA-2133-1}
+ {DSA-4680-1 DSA-4673-1 DLA-2209-1 DLA-2133-1}
- tomcat9 9.0.31-1
- tomcat8 <removed>
- tomcat7 <removed>
@@ -29409,8 +29442,7 @@ CVE-2020-1699 (A path traversal flaw was found in the Ceph dashboard implemented
[jessie] - ceph <not-affected> (Vulnerable code introduced later)
NOTE: https://tracker.ceph.com/issues/41320
NOTE: https://github.com/ceph/ceph/commit/0443e40c11280ba3b7efcba61522afa70c4f8158
-CVE-2020-1698
- RESERVED
+CVE-2020-1698 (A flaw was found in keycloak in versions before 9.0.0. A logged except ...)
NOT-FOR-US: Keycloak
CVE-2020-1697 (It was found in all keycloak versions before 9.0.0 that links to exter ...)
NOT-FOR-US: Keycloak
@@ -29993,8 +30025,8 @@ CVE-2019-19164 (dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier
TODO: check
CVE-2019-19163
RESERVED
-CVE-2019-19162
- RESERVED
+CVE-2019-19162 (A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 ...)
+ TODO: check
CVE-2019-19161
RESERVED
CVE-2019-19160
@@ -37323,7 +37355,7 @@ CVE-2019-17565 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3
CVE-2019-17564 (Unsafe deserialization occurs within a Dubbo application which has HTT ...)
NOT-FOR-US: Dubbo
CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, ...)
- {DSA-4680-1 DSA-4596-1 DLA-2077-1}
+ {DSA-4680-1 DSA-4596-1 DLA-2209-1 DLA-2077-1}
- tomcat9 9.0.31-1
- tomcat8 <removed>
- tomcat7 <removed>
@@ -73783,8 +73815,8 @@ CVE-2019-5502 (SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 h
NOT-FOR-US: Data ONTAP
CVE-2019-5501 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose ...)
NOT-FOR-US: Data ONTAP
-CVE-2019-5500
- RESERVED
+CVE-2019-5500 (Certain versions of the NetApp Service Processor and Baseboard Managem ...)
+ TODO: check
CVE-2019-5499
REJECTED
CVE-2019-5498 (OnCommand Insight versions through 7.3.6 may disclose sensitive accoun ...)
@@ -75693,8 +75725,8 @@ CVE-2019-4669 (IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6
NOT-FOR-US: IBM
CVE-2019-4668 (IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in ...)
NOT-FOR-US: IBM
-CVE-2019-4667
- RESERVED
+CVE-2019-4667 (IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to ob ...)
+ TODO: check
CVE-2019-4666 (IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could a ...)
NOT-FOR-US: IBM
CVE-2019-4665 (IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. ...)
@@ -139857,8 +139889,7 @@ CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only (R
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
CVE-2018-1286 (In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged us ...)
NOT-FOR-US: Apache OpenMeetings
-CVE-2018-1285
- RESERVED
+CVE-2018-1285 (Apache log4net before 2.0.8 does not disable XML external entities whe ...)
- log4net <unfixed>
NOTE: https://issues.apache.org/jira/browse/LOG4NET-575
NOTE: https://github.com/apache/logging-log4net/commit/d0b4b0157d4af36b23c24a23739c47925c3bd8d7
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7217e5475c5022c1415bb71a83e6dbf054a781e2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7217e5475c5022c1415bb71a83e6dbf054a781e2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200511/9acdcac4/attachment.html>
More information about the debian-security-tracker-commits
mailing list