[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri May 15 21:10:31 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aea444b0 by security tracker role at 2020-05-15T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,416 @@
-CVE-2020-12888 [vfio: access to disabled MMIO space of some devices may lead to DoS scenario]
+CVE-2020-13094
+	RESERVED
+CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. ...)
+	TODO: check
+CVE-2020-13092 (scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute  ...)
+	TODO: check
+CVE-2020-13091 (pandas through 1.0.3 can unserialize and execute commands from an untr ...)
+	TODO: check
+CVE-2020-13090
+	RESERVED
+CVE-2020-13089
+	RESERVED
+CVE-2020-13088
+	RESERVED
+CVE-2020-13087
+	RESERVED
+CVE-2020-13086
+	RESERVED
+CVE-2020-13085
+	RESERVED
+CVE-2020-13084
+	RESERVED
+CVE-2020-13083
+	RESERVED
+CVE-2020-13082
+	RESERVED
+CVE-2020-13081
+	RESERVED
+CVE-2020-13080
+	RESERVED
+CVE-2020-13079
+	RESERVED
+CVE-2020-13078
+	RESERVED
+CVE-2020-13077
+	RESERVED
+CVE-2020-13076
+	RESERVED
+CVE-2020-13075
+	RESERVED
+CVE-2020-13074
+	RESERVED
+CVE-2020-13073
+	RESERVED
+CVE-2020-13072
+	RESERVED
+CVE-2020-13071
+	RESERVED
+CVE-2020-13070
+	RESERVED
+CVE-2020-13069
+	RESERVED
+CVE-2020-13068
+	RESERVED
+CVE-2020-13067
+	RESERVED
+CVE-2020-13066
+	RESERVED
+CVE-2020-13065
+	RESERVED
+CVE-2020-13064
+	RESERVED
+CVE-2020-13063
+	RESERVED
+CVE-2020-13062
+	RESERVED
+CVE-2020-13061
+	RESERVED
+CVE-2020-13060
+	RESERVED
+CVE-2020-13059
+	RESERVED
+CVE-2020-13058
+	RESERVED
+CVE-2020-13057
+	RESERVED
+CVE-2020-13056
+	RESERVED
+CVE-2020-13055
+	RESERVED
+CVE-2020-13054
+	RESERVED
+CVE-2020-13053
+	RESERVED
+CVE-2020-13052
+	RESERVED
+CVE-2020-13051
+	RESERVED
+CVE-2020-13050
+	RESERVED
+CVE-2020-13049
+	RESERVED
+CVE-2020-13048
+	RESERVED
+CVE-2020-13047
+	RESERVED
+CVE-2020-13046
+	RESERVED
+CVE-2020-13045
+	RESERVED
+CVE-2020-13044
+	RESERVED
+CVE-2020-13043
+	RESERVED
+CVE-2020-13042
+	RESERVED
+CVE-2020-13041
+	RESERVED
+CVE-2020-13040
+	RESERVED
+CVE-2020-13039
+	RESERVED
+CVE-2020-13038
+	RESERVED
+CVE-2020-13037
+	RESERVED
+CVE-2020-13036
+	RESERVED
+CVE-2020-13035
+	RESERVED
+CVE-2020-13034
+	RESERVED
+CVE-2020-13033
+	RESERVED
+CVE-2020-13032
+	RESERVED
+CVE-2020-13031
+	RESERVED
+CVE-2020-13030
+	RESERVED
+CVE-2020-13029
+	RESERVED
+CVE-2020-13028
+	RESERVED
+CVE-2020-13027
+	RESERVED
+CVE-2020-13026
+	RESERVED
+CVE-2020-13025
+	RESERVED
+CVE-2020-13024
+	RESERVED
+CVE-2020-13023
+	RESERVED
+CVE-2020-13022
+	RESERVED
+CVE-2020-13021
+	RESERVED
+CVE-2020-13020
+	RESERVED
+CVE-2020-13019
+	RESERVED
+CVE-2020-13018
+	RESERVED
+CVE-2020-13017
+	RESERVED
+CVE-2020-13016
+	RESERVED
+CVE-2020-13015
+	RESERVED
+CVE-2020-13014
+	RESERVED
+CVE-2020-13013
+	RESERVED
+CVE-2020-13012
+	RESERVED
+CVE-2020-13011
+	RESERVED
+CVE-2020-13010
+	RESERVED
+CVE-2020-13009
+	RESERVED
+CVE-2020-13008
+	RESERVED
+CVE-2020-13007
+	RESERVED
+CVE-2020-13006
+	RESERVED
+CVE-2020-13005
+	RESERVED
+CVE-2020-13004
+	RESERVED
+CVE-2020-13003
+	RESERVED
+CVE-2020-13002
+	RESERVED
+CVE-2020-13001
+	RESERVED
+CVE-2020-13000
+	RESERVED
+CVE-2020-12999
+	RESERVED
+CVE-2020-12998
+	RESERVED
+CVE-2020-12997
+	RESERVED
+CVE-2020-12996
+	RESERVED
+CVE-2020-12995
+	RESERVED
+CVE-2020-12994
+	RESERVED
+CVE-2020-12993
+	RESERVED
+CVE-2020-12992
+	RESERVED
+CVE-2020-12991
+	RESERVED
+CVE-2020-12990
+	RESERVED
+CVE-2020-12989
+	RESERVED
+CVE-2020-12988
+	RESERVED
+CVE-2020-12987
+	RESERVED
+CVE-2020-12986
+	RESERVED
+CVE-2020-12985
+	RESERVED
+CVE-2020-12984
+	RESERVED
+CVE-2020-12983
+	RESERVED
+CVE-2020-12982
+	RESERVED
+CVE-2020-12981
+	RESERVED
+CVE-2020-12980
+	RESERVED
+CVE-2020-12979
+	RESERVED
+CVE-2020-12978
+	RESERVED
+CVE-2020-12977
+	RESERVED
+CVE-2020-12976
+	RESERVED
+CVE-2020-12975
+	RESERVED
+CVE-2020-12974
+	RESERVED
+CVE-2020-12973
+	RESERVED
+CVE-2020-12972
+	RESERVED
+CVE-2020-12971
+	RESERVED
+CVE-2020-12970
+	RESERVED
+CVE-2020-12969
+	RESERVED
+CVE-2020-12968
+	RESERVED
+CVE-2020-12967
+	RESERVED
+CVE-2020-12966
+	RESERVED
+CVE-2020-12965
+	RESERVED
+CVE-2020-12964
+	RESERVED
+CVE-2020-12963
+	RESERVED
+CVE-2020-12962
+	RESERVED
+CVE-2020-12961
+	RESERVED
+CVE-2020-12960
+	RESERVED
+CVE-2020-12959
+	RESERVED
+CVE-2020-12958
+	RESERVED
+CVE-2020-12957
+	RESERVED
+CVE-2020-12956
+	RESERVED
+CVE-2020-12955
+	RESERVED
+CVE-2020-12954
+	RESERVED
+CVE-2020-12953
+	RESERVED
+CVE-2020-12952
+	RESERVED
+CVE-2020-12951
+	RESERVED
+CVE-2020-12950
+	RESERVED
+CVE-2020-12949
+	RESERVED
+CVE-2020-12948
+	RESERVED
+CVE-2020-12947
+	RESERVED
+CVE-2020-12946
+	RESERVED
+CVE-2020-12945
+	RESERVED
+CVE-2020-12944
+	RESERVED
+CVE-2020-12943
+	RESERVED
+CVE-2020-12942
+	RESERVED
+CVE-2020-12941
+	RESERVED
+CVE-2020-12940
+	RESERVED
+CVE-2020-12939
+	RESERVED
+CVE-2020-12938
+	RESERVED
+CVE-2020-12937
+	RESERVED
+CVE-2020-12936
+	RESERVED
+CVE-2020-12935
+	RESERVED
+CVE-2020-12934
+	RESERVED
+CVE-2020-12933
+	RESERVED
+CVE-2020-12932
+	RESERVED
+CVE-2020-12931
+	RESERVED
+CVE-2020-12930
+	RESERVED
+CVE-2020-12929
+	RESERVED
+CVE-2020-12928
+	RESERVED
+CVE-2020-12927
+	RESERVED
+CVE-2020-12926
+	RESERVED
+CVE-2020-12925
+	RESERVED
+CVE-2020-12924
+	RESERVED
+CVE-2020-12923
+	RESERVED
+CVE-2020-12922
+	RESERVED
+CVE-2020-12921
+	RESERVED
+CVE-2020-12920
+	RESERVED
+CVE-2020-12919
+	RESERVED
+CVE-2020-12918
+	RESERVED
+CVE-2020-12917
+	RESERVED
+CVE-2020-12916
+	RESERVED
+CVE-2020-12915
+	RESERVED
+CVE-2020-12914
+	RESERVED
+CVE-2020-12913
+	RESERVED
+CVE-2020-12912
+	RESERVED
+CVE-2020-12911
+	RESERVED
+CVE-2020-12910
+	RESERVED
+CVE-2020-12909
+	RESERVED
+CVE-2020-12908
+	RESERVED
+CVE-2020-12907
+	RESERVED
+CVE-2020-12906
+	RESERVED
+CVE-2020-12905
+	RESERVED
+CVE-2020-12904
+	RESERVED
+CVE-2020-12903
+	RESERVED
+CVE-2020-12902
+	RESERVED
+CVE-2020-12901
+	RESERVED
+CVE-2020-12900
+	RESERVED
+CVE-2020-12899
+	RESERVED
+CVE-2020-12898
+	RESERVED
+CVE-2020-12897
+	RESERVED
+CVE-2020-12896
+	RESERVED
+CVE-2020-12895
+	RESERVED
+CVE-2020-12894
+	RESERVED
+CVE-2020-12893
+	RESERVED
+CVE-2020-12892
+	RESERVED
+CVE-2020-12891
+	RESERVED
+CVE-2020-12890
+	RESERVED
+CVE-2020-12889 (MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across us ...)
+	TODO: check
+CVE-2020-12888 (The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles atte ...)
 	- linux <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1836244
 CVE-2020-12887
@@ -31,8 +443,8 @@ CVE-2020-12874 (Veritas APTARE versions prior to 10.4 included code that bypasse
 	NOT-FOR-US: Veritas
 CVE-2020-12873
 	RESERVED
-CVE-2020-12872
-	RESERVED
+CVE-2020-12872 (yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS  ...)
+	TODO: check
 CVE-2020-12871
 	RESERVED
 CVE-2020-12870
@@ -107,8 +519,8 @@ CVE-2020-12836
 	RESERVED
 CVE-2020-12835
 	RESERVED
-CVE-2020-12834
-	RESERVED
+CVE-2020-12834 (eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 thr ...)
+	TODO: check
 CVE-2020-12833
 	RESERVED
 CVE-2020-12832 (The simple-file-list plugin before 4.2.8 for WordPress mishandles a .. ...)
@@ -193,8 +605,8 @@ CVE-2020-12800
 	RESERVED
 CVE-2020-12799
 	RESERVED
-CVE-2020-12798
-	RESERVED
+CVE-2020-12798 (Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system pol ...)
+	TODO: check
 CVE-2020-12797
 	RESERVED
 CVE-2020-12796
@@ -451,8 +863,8 @@ CVE-2020-12687 (An issue was discovered in Serpico before 1.3.3. The /admin/atta
 	NOT-FOR-US: Serpico
 CVE-2020-12686
 	RESERVED
-CVE-2020-12685
-	RESERVED
+CVE-2020-12685 (XSS in the admin help system admin/help.html and admin/quicklinks.html ...)
+	TODO: check
 CVE-2020-12684
 	RESERVED
 CVE-2020-12683 (Katyshop2 before 2.12 has multiple stored XSS issues. ...)
@@ -565,8 +977,8 @@ CVE-2020-12652 (The __mptctl_ioctl function in drivers/message/fusion/mptctl.c i
 	- linux 5.4.19-1
 	[buster] - linux 4.19.98-1
 	NOTE: https://git.kernel.org/linus/28d76df18f0ad5bcf5fa48510b225f0ed262a99b (5.5-rc7)
-CVE-2020-12651
-	RESERVED
+CVE-2020-12651 (SecureCRT before 8.7.2 allows remote attackers to execute arbitrary co ...)
+	TODO: check
 CVE-2020-12650
 	REJECTED
 CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory tr ...)
@@ -4421,23 +4833,22 @@ CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte w
 	NOT-FOR-US: bit2spr
 CVE-2020-11527 (In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated rem ...)
 	NOT-FOR-US: Zoho
-CVE-2020-11526
-	RESERVED
+CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc ...)
 	- freerdp2 <unfixed>
 	- freerdp <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/192856cb59974ee4d7d3e72cbeafa676aa7565cf
 	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012
-CVE-2020-11525
-	RESERVED
-CVE-2020-11524
-	RESERVED
-CVE-2020-11523
-	RESERVED
-CVE-2020-11522
-	RESERVED
-CVE-2020-11521
-	RESERVED
+CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-r ...)
+	TODO: check
+CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2. ...)
+	TODO: check
+CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 ...)
+	TODO: check
+CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out- ...)
+	TODO: check
+CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc ...)
+	TODO: check
 CVE-2020-11520
 	RESERVED
 CVE-2020-11519
@@ -6487,8 +6898,7 @@ CVE-2020-10746
 	RESERVED
 CVE-2020-10745
 	RESERVED
-CVE-2020-10744 [incomplete fix for CVE-2020-1733]
-	RESERVED
+CVE-2020-10744 (An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansi ...)
 	- ansible <unfixed>
 	[buster] - ansible <not-affected> (Incomplete fix not applied)
 	[stretch] - ansible <not-affected> (Incomplete fix not applied)
@@ -10405,8 +10815,8 @@ CVE-2020-9075
 	RESERVED
 CVE-2020-9074
 	RESERVED
-CVE-2020-9073
-	RESERVED
+CVE-2020-9073 (Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1 ...)
+	TODO: check
 CVE-2020-9072 (Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a  ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9071
@@ -12529,8 +12939,8 @@ CVE-2020-8151 (There is a possible information disclosure issue in Active Resour
 	TODO: check
 CVE-2020-8150
 	RESERVED
-CVE-2020-8149
-	RESERVED
+CVE-2020-8149 (Lack of output sanitization allowed an attack to execute arbitrary she ...)
+	TODO: check
 CVE-2020-8148 (UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enab ...)
 	NOT-FOR-US: UniFi Cloud Key firmware
 CVE-2020-8147 (Flaw in input validation in npm package utils-extend version 1.0.8 and ...)
@@ -12650,8 +13060,8 @@ CVE-2020-8102
 	RESERVED
 CVE-2020-8101
 	RESERVED
-CVE-2020-8100
-	RESERVED
+CVE-2020-8100 (Improper Input Validation vulnerability in the cevakrnl.rv0 module as  ...)
+	TODO: check
 CVE-2020-8099 (A vulnerability in the improper handling of junctions in Bitdefender A ...)
 	NOT-FOR-US: Bitdefender Antivirus Free
 CVE-2020-8098
@@ -13434,8 +13844,8 @@ CVE-2020-7811
 	RESERVED
 CVE-2020-7810
 	RESERVED
-CVE-2020-7809
-	RESERVED
+CVE-2020-7809 (ALSong 3.46 and earlier version contain a Document Object Model (DOM)  ...)
+	TODO: check
 CVE-2020-7808
 	RESERVED
 CVE-2020-7807
@@ -14129,10 +14539,10 @@ CVE-2020-7473 (In certain situations, all versions of Citrix ShareFile StorageZo
 	NOT-FOR-US: Citrix
 CVE-2020-7472
 	RESERVED
-CVE-2019-20390
-	RESERVED
-CVE-2019-20389
-	RESERVED
+CVE-2019-20390 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Su ...)
+	TODO: check
+CVE-2019-20389 (An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configurat ...)
+	TODO: check
 CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaV ...)
 	- libxml2 2.9.10+dfsg-2.1 (bug #949583)
 	[buster] - libxml2 <no-dsa> (Minor issue)
@@ -23646,8 +24056,7 @@ CVE-2020-3812
 	RESERVED
 CVE-2020-3811
 	RESERVED
-CVE-2020-3810 [apt out-of-bounds read in .ar/.tar implemations]
-	RESERVED
+CVE-2020-3810 (Missing input validation in the ar/tar implementations of APT before v ...)
 	{DSA-4685-1 DLA-2210-1}
 	- apt 2.1.2
 	NOTE: https://github.com/Debian/apt/issues/111
@@ -25494,8 +25903,8 @@ CVE-2019-19722 (In Dovecot before 2.3.9.2, an attacker can crash a push-notifica
 	NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/2
 	NOTE: https://github.com/dovecot/core/commit/1307766b6f5d97341a47376657d342bcefd10f1b
 	NOTE: https://github.com/dovecot/core/commit/393a8cabf4dad893bf2ec60bf96cfde7a0c58432
-CVE-2019-19721
-	RESERVED
+CVE-2019-19721 (An off-by-one error in the DecodeBlock function in codec/sdl_image.c i ...)
+	TODO: check
 CVE-2020-3109
 	RESERVED
 CVE-2020-3108
@@ -29078,8 +29487,8 @@ CVE-2020-1810 (There is a weak algorithm vulnerability in some Huawei products.
 	NOT-FOR-US: Huawei
 CVE-2020-1809
 	RESERVED
-CVE-2020-1808
-	RESERVED
+CVE-2020-1808 (Huawei smartphones Honor View 20;Honor 20;Honor 20 PRO;Honor Magic2 wi ...)
+	TODO: check
 CVE-2020-1807 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E7 ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1806 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...)
@@ -29477,8 +29886,7 @@ CVE-2020-1759 (A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat O
 	NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/84d2e215969cde830b086d11544aeb3666614211
 	NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/659ec7dc6e30fe961832f813da007f49e603a33d
 	NOTE: https://www.openwall.com/lists/oss-security/2020/04/07/2
-CVE-2020-1758
-	RESERVED
+CVE-2020-1758 (A flaw was found in Keycloak in versions before 10.0.0, where it does  ...)
 	NOT-FOR-US: Keycloak
 CVE-2020-1757 (A flaw was found in all undertow-2.x.x SP1 versions prior to undertow- ...)
 	- undertow <unfixed>
@@ -33825,8 +34233,8 @@ CVE-2019-18668 (An issue was discovered in the Currency Switcher addon before 2.
 	NOT-FOR-US: Currency Switcher addon for WooCommerce
 CVE-2019-18667 (/usr/local/www/freeradius_view_config.php in the freeradius3 package b ...)
 	NOT-FOR-US: FreeBSD specific freeradius_view_config.php in the freeradius3 package
-CVE-2019-18666
-	RESERVED
+CVE-2019-18666 (An issue was discovered on D-Link DAP-1360 revision F devices. Remote  ...)
+	TODO: check
 CVE-2019-18665 (The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion ...)
 	NOT-FOR-US: SECUDOS DOMOS
 CVE-2019-18664 (The Log module in SECUDOS DOMOS before 5.6 allows XSS. ...)
@@ -113230,8 +113638,8 @@ CVE-2018-10758 (The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete a
 	NOT-FOR-US: Datenstrom Yellow
 CVE-2018-10757 (CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authe ...)
 	NOT-FOR-US: CSP MySQL User Manager
-CVE-2018-10756
-	RESERVED
+CVE-2018-10756 (Use-after-free in libtransmission/variant.c in Transmission before 3.0 ...)
+	TODO: check
 CVE-2018-10755
 	REJECTED
 CVE-2018-10754
@@ -140169,6 +140577,7 @@ CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only (R
 CVE-2018-1286 (In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged us ...)
 	NOT-FOR-US: Apache OpenMeetings
 CVE-2018-1285 (Apache log4net before 2.0.8 does not disable XML external entities whe ...)
+	{DLA-2211-1}
 	- log4net <unfixed>
 	NOTE: https://issues.apache.org/jira/browse/LOG4NET-575
 	NOTE: https://github.com/apache/logging-log4net/commit/d0b4b0157d4af36b23c24a23739c47925c3bd8d7



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aea444b03e97e78ba39908c436609dd3e8af3cf5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aea444b03e97e78ba39908c436609dd3e8af3cf5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200515/dd25bfdb/attachment.html>


More information about the debian-security-tracker-commits mailing list