[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed May 13 21:10:30 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
41d852c7 by security tracker role at 2020-05-13T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2020-12833
+ RESERVED
+CVE-2020-12832 (The simple-file-list plugin before 4.2.8 for WordPress mishandles a .. ...)
+ TODO: check
+CVE-2020-12831 (** DISPUTED ** An issue was discovered in FRRouting FRR (aka Free Rang ...)
+ TODO: check
+CVE-2020-12830
+ RESERVED
+CVE-2020-12829
+ RESERVED
+CVE-2020-12828
+ RESERVED
+CVE-2020-12827
+ RESERVED
+CVE-2019-20796
+ RESERVED
CVE-2020-12826 (A signal access-control issue was discovered in the Linux kernel befor ...)
- linux 5.6.7-1
[buster] - linux 4.19.118-1
@@ -153,8 +169,8 @@ CVE-2020-12765 (Solis Miolo 2.0 allows index.php?module=install&action=view&
NOT-FOR-US: Solis Miolo
CVE-2020-12764 (Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. ...)
NOT-FOR-US: Gnuteca
-CVE-2020-12763
- RESERVED
+CVE-2020-12763 (TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable t ...)
+ TODO: check
CVE-2020-12762 (json-c through 0.14 has an integer overflow and out-of-bounds write vi ...)
- json-c <unfixed> (bug #960326)
NOTE: https://github.com/json-c/json-c/pull/592
@@ -209,8 +225,8 @@ CVE-2020-12744
RESERVED
CVE-2020-12743 (An issue was discovered in Gazie 7.32. A successful installation does ...)
NOT-FOR-US: Gazie
-CVE-2020-12742
- RESERVED
+CVE-2020-12742 (The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does ...)
+ TODO: check
CVE-2020-12741
RESERVED
CVE-2020-12740 (tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-rea ...)
@@ -296,14 +312,14 @@ CVE-2020-12702
RESERVED
CVE-2020-12701
RESERVED
-CVE-2020-12700
- RESERVED
-CVE-2020-12699
- RESERVED
-CVE-2020-12698
- RESERVED
-CVE-2020-12697
- RESERVED
+CVE-2020-12700 (The direct_mail extension through 5.2.3 for TYPO3 allows Information D ...)
+ TODO: check
+CVE-2020-12699 (The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect ...)
+ TODO: check
+CVE-2020-12698 (The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Co ...)
+ TODO: check
+CVE-2020-12697 (The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Ser ...)
+ TODO: check
CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a URL. ...)
NOT-FOR-US: iframe plugin for WordPress
CVE-2020-12695
@@ -413,7 +429,7 @@ CVE-2020-12657 (An issue was discovered in the Linux kernel before 5.6.5. There
- linux 5.6.7-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9 (5.7-rc1)
-CVE-2020-12656 (gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_g ...)
+CVE-2020-12656 (** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c ...)
- linux <unfixed> (unimportant)
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=206651
NOTE: Issue is triggered only at module reloading / rebinding
@@ -919,8 +935,8 @@ CVE-2020-12429 (Online Course Registration 2.0 has multiple SQL injections that
NOT-FOR-US: Online Course Registration
CVE-2020-12428
RESERVED
-CVE-2020-12427
- RESERVED
+CVE-2020-12427 (The Western Digital WD Discovery application before 3.8.229 for MyClou ...)
+ TODO: check
CVE-2020-12426
RESERVED
CVE-2020-12425
@@ -4252,7 +4268,7 @@ CVE-2020-11543 (OpsRamp Gateway before 5.5.0 has a backdoor account vadmin with
NOT-FOR-US: OpsRamp Gateway
CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...)
NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices
-CVE-2020-11541 (In TechSmith SnagIt before 20.1.1, an XML External Entity (XXE) inject ...)
+CVE-2020-11541 (In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE ...)
NOT-FOR-US: TechSmith SnagIt
CVE-2020-11540
RESERVED
@@ -5248,14 +5264,14 @@ CVE-2020-11075
RESERVED
CVE-2020-11074
RESERVED
-CVE-2020-11073
- RESERVED
+CVE-2020-11073 (In Autoswitch Python Virtualenv before version 0.16.0, a user who ente ...)
+ TODO: check
CVE-2020-11072 (In SLP Validate (npm package slp-validate) before version 1.2.1, users ...)
TODO: check
CVE-2020-11071 (SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability w ...)
TODO: check
-CVE-2020-11070
- RESERVED
+CVE-2020-11070 (The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulne ...)
+ TODO: check
CVE-2020-11069
RESERVED
CVE-2020-11068
@@ -6700,8 +6716,8 @@ CVE-2020-10656
RESERVED
CVE-2020-10655
RESERVED
-CVE-2020-10654
- RESERVED
+CVE-2020-10654 (Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow ...)
+ TODO: check
CVE-2020-10653
RESERVED
CVE-2020-10652
@@ -9225,10 +9241,10 @@ CVE-2020-9504
RESERVED
CVE-2020-9503
RESERVED
-CVE-2020-9502
- RESERVED
-CVE-2020-9501
- RESERVED
+CVE-2020-9502 (Some Dahua products with Build time before December 2019 have Session ...)
+ TODO: check
+CVE-2020-9501 (Attackers can obtain Cloud Key information from the Dahua Web P2P cont ...)
+ TODO: check
CVE-2020-9500 (Some products of Dahua have Denial of Service vulnerabilities. After t ...)
NOT-FOR-US: Dahua
CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After the su ...)
@@ -12685,8 +12701,8 @@ CVE-2020-8022
RESERVED
CVE-2020-8021
RESERVED
-CVE-2020-8020
- RESERVED
+CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation vulnerab ...)
+ TODO: check
CVE-2020-8019
RESERVED
CVE-2020-8018 (A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST- ...)
@@ -14036,10 +14052,10 @@ CVE-2020-7457
RESERVED
CVE-2020-7456
RESERVED
-CVE-2020-7455
- RESERVED
-CVE-2020-7454
- RESERVED
+CVE-2020-7455 (In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-ST ...)
+ TODO: check
+CVE-2020-7454 (In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-ST ...)
+ TODO: check
CVE-2020-7453 (In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEAS ...)
- kfreebsd-10 <unfixed> (unimportant)
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:08.jail.asc
@@ -17903,8 +17919,8 @@ CVE-2020-5840 (An issue was discovered in HashBrown CMS before 1.3.2. Server/Ent
NOT-FOR-US: HashBrown CMS
CVE-2020-5839
RESERVED
-CVE-2020-5838
- RESERVED
+CVE-2020-5838 (Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-s ...)
+ TODO: check
CVE-2020-5837 (Symantec Endpoint Protection, prior to 14.3, may not respect file perm ...)
TODO: check
CVE-2020-5836 (Symantec Endpoint Protection, prior to 14.3, can potentially reset the ...)
@@ -18824,8 +18840,8 @@ CVE-2020-5409
RESERVED
CVE-2020-5408
RESERVED
-CVE-2020-5407
- RESERVED
+CVE-2020-5407 (Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 ...)
+ TODO: check
CVE-2020-5406 (VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6. ...)
NOT-FOR-US: VMware
CVE-2020-5405 (Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x pri ...)
@@ -21621,8 +21637,8 @@ CVE-2020-4314
RESERVED
CVE-2020-4313
RESERVED
-CVE-2020-4312
- RESERVED
+CVE-2020-4312 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 co ...)
+ TODO: check
CVE-2020-4311 (IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute ar ...)
NOT-FOR-US: IBM
CVE-2020-4310
@@ -28027,58 +28043,58 @@ CVE-2020-2020
RESERVED
CVE-2020-2019
RESERVED
-CVE-2020-2018
- RESERVED
-CVE-2020-2017
- RESERVED
-CVE-2020-2016
- RESERVED
-CVE-2020-2015
- RESERVED
-CVE-2020-2014
- RESERVED
-CVE-2020-2013
- RESERVED
-CVE-2020-2012
- RESERVED
-CVE-2020-2011
- RESERVED
-CVE-2020-2010
- RESERVED
-CVE-2020-2009
- RESERVED
-CVE-2020-2008
- RESERVED
-CVE-2020-2007
- RESERVED
-CVE-2020-2006
- RESERVED
-CVE-2020-2005
- RESERVED
-CVE-2020-2004
- RESERVED
-CVE-2020-2003
- RESERVED
-CVE-2020-2002
- RESERVED
-CVE-2020-2001
- RESERVED
+CVE-2020-2018 (An authentication bypass vulnerability in Palo Alto Networks PAN-OS Pa ...)
+ TODO: check
+CVE-2020-2017 (A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Pa ...)
+ TODO: check
+CVE-2020-2016 (A race condition due to insecure creation of a file in a temporary dir ...)
+ TODO: check
+CVE-2020-2015 (A buffer overflow vulnerability in the PAN-OS management server allows ...)
+ TODO: check
+CVE-2020-2014 (An OS Command Injection vulnerability in PAN-OS management server allo ...)
+ TODO: check
+CVE-2020-2013 (A cleartext transmission of sensitive information vulnerability in Pal ...)
+ TODO: check
+CVE-2020-2012 (Improper restriction of XML external entity reference ('XXE') vulnerab ...)
+ TODO: check
+CVE-2020-2011 (An improper input validation vulnerability in the configuration daemon ...)
+ TODO: check
+CVE-2020-2010 (An OS command injection vulnerability in PAN-OS management interface a ...)
+ TODO: check
+CVE-2020-2009 (An external control of filename vulnerability in the SD WAN component ...)
+ TODO: check
+CVE-2020-2008 (An OS command injection and external control of filename vulnerability ...)
+ TODO: check
+CVE-2020-2007 (An OS command injection vulnerability in the management server compone ...)
+ TODO: check
+CVE-2020-2006 (A stack-based buffer overflow vulnerability in the management server c ...)
+ TODO: check
+CVE-2020-2005 (A cross-site scripting (XSS) vulnerability exists when visiting malici ...)
+ TODO: check
+CVE-2020-2004 (Under certain circumstances a user's password may be logged in clearte ...)
+ TODO: check
+CVE-2020-2003 (An external control of filename vulnerability in the command processin ...)
+ TODO: check
+CVE-2020-2002 (An authentication bypass by spoofing vulnerability exists in the authe ...)
+ TODO: check
+CVE-2020-2001 (An external control of path and data vulnerability in the Palo Alto Ne ...)
+ TODO: check
CVE-2020-2000
RESERVED
CVE-2020-1999
RESERVED
-CVE-2020-1998
- RESERVED
-CVE-2020-1997
- RESERVED
-CVE-2020-1996
- RESERVED
-CVE-2020-1995
- RESERVED
-CVE-2020-1994
- RESERVED
-CVE-2020-1993
- RESERVED
+CVE-2020-1998 (An improper authorization vulnerability in PAN-OS that mistakenly uses ...)
+ TODO: check
+CVE-2020-1997 (An open redirection vulnerability in the GlobalProtect component of Pa ...)
+ TODO: check
+CVE-2020-1996 (A missing authorization vulnerability in the management server compone ...)
+ TODO: check
+CVE-2020-1995 (A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS ...)
+ TODO: check
+CVE-2020-1994 (A predictable temporary file vulnerability in PAN-OS allows a local au ...)
+ TODO: check
+CVE-2020-1993 (The GlobalProtect Portal feature in PAN-OS does not set a new session ...)
+ TODO: check
CVE-2020-1992 (A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-70 ...)
NOT-FOR-US: Palo Alto Networks
CVE-2020-1991 (An insecure temporary file vulnerability in Palo Alto Networks Traps a ...)
@@ -29279,6 +29295,7 @@ CVE-2019-19365
CVE-2020-1764 (A hard-coded cryptographic key vulnerability in the default configurat ...)
NOT-FOR-US: Kiali
CVE-2020-1763 (An out-of-bounds buffer read flaw was found in the pluto daemon of lib ...)
+ {DSA-4684-1}
- libreswan <unfixed> (bug #960458)
NOTE: Introduced by: https://github.com/libreswan/libreswan/commit/fa004e7d4b83fbeaa8d0f6d8430a96aed97a97b9 (v3.27)
NOTE: Fixed by: https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8
@@ -29483,8 +29500,7 @@ CVE-2020-1716
NOT-FOR-US: ceph-ansible
CVE-2020-1715
RESERVED
-CVE-2020-1714
- RESERVED
+CVE-2020-1714 (A flaw was found in Keycloak before version 11.0.0, where the code bas ...)
NOT-FOR-US: Keycloak
CVE-2020-1713
RESERVED
@@ -41668,8 +41684,8 @@ CVE-2019-16114 (In ATutor 2.2.4, an unauthenticated attacker can change the appl
NOT-FOR-US: ATutor
CVE-2019-16113 (Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-im ...)
NOT-FOR-US: Bludit
-CVE-2019-16112
- RESERVED
+CVE-2019-16112 (TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting ...)
+ TODO: check
CVE-2019-16111
RESERVED
CVE-2019-16110 (The network protocol of Blade Shadow though 2.13.3 allows remote attac ...)
@@ -42281,12 +42297,12 @@ CVE-2019-15882
RESERVED
CVE-2019-15881
RESERVED
-CVE-2019-15880
- RESERVED
-CVE-2019-15879
- RESERVED
-CVE-2019-15878
- RESERVED
+CVE-2019-15880 (In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, ins ...)
+ TODO: check
+CVE-2019-15879 (In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-ST ...)
+ TODO: check
+CVE-2019-15878 (In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and ...)
+ TODO: check
CVE-2019-15877 (In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-REL ...)
TODO: check
CVE-2019-15876 (In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEAS ...)
@@ -62895,8 +62911,8 @@ CVE-2019-9684
RESERVED
CVE-2019-9683
RESERVED
-CVE-2019-9682
- RESERVED
+CVE-2019-9682 (Dahua devices with Build time before December 2019 use strong security ...)
+ TODO: check
CVE-2019-9681 (Online upgrade information in some firmware packages of Dahua products ...)
NOT-FOR-US: Dahua
CVE-2019-9680 (Some Dahua products have information leakage issues. Attackers can obt ...)
@@ -83041,8 +83057,8 @@ CVE-2019-2389 (Incorrect scoping of kill operations in MongoDB Server's packaged
- mongodb <removed> (low)
[stretch] - mongodb <ignored> (Minor issue)
[jessie] - mongodb <ignored> (Minor issue)
-CVE-2019-2388
- RESERVED
+CVE-2019-2388 (In affected Ops Manager versions there is an exposed http route was th ...)
+ TODO: check
CVE-2019-2387
RESERVED
CVE-2019-2386 (After user deletion in MongoDB Server the improper invalidation of aut ...)
@@ -331753,7 +331769,7 @@ CVE-2010-3134 (Untrusted search path vulnerability in Google Earth 5.1.3535.3218
NOT-FOR-US: Google Earth
CVE-2010-3132 (Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 buil ...)
NOT-FOR-US: Adobe Dreamweaver
-CVE-2010-3130 (Untrusted search path vulnerability in TechSmith Snagit 10 (Build 788) ...)
+CVE-2010-3130 (Untrusted search path vulnerability in TechSmith Snagit all versions 1 ...)
NOT-FOR-US: TechSmith Snagit
CVE-2010-3129 (Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allo ...)
NOT-FOR-US: uTorrent
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41d852c78c7d291d3f185e7d0d3a2f2db302efb0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41d852c78c7d291d3f185e7d0d3a2f2db302efb0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200513/30f2e03c/attachment.html>
More information about the debian-security-tracker-commits
mailing list