[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri May 15 21:10:31 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aea444b0 by security tracker role at 2020-05-15T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,416 @@
-CVE-2020-12888 [vfio: access to disabled MMIO space of some devices may lead to DoS scenario]
+CVE-2020-13094
+ RESERVED
+CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. ...)
+ TODO: check
+CVE-2020-13092 (scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute ...)
+ TODO: check
+CVE-2020-13091 (pandas through 1.0.3 can unserialize and execute commands from an untr ...)
+ TODO: check
+CVE-2020-13090
+ RESERVED
+CVE-2020-13089
+ RESERVED
+CVE-2020-13088
+ RESERVED
+CVE-2020-13087
+ RESERVED
+CVE-2020-13086
+ RESERVED
+CVE-2020-13085
+ RESERVED
+CVE-2020-13084
+ RESERVED
+CVE-2020-13083
+ RESERVED
+CVE-2020-13082
+ RESERVED
+CVE-2020-13081
+ RESERVED
+CVE-2020-13080
+ RESERVED
+CVE-2020-13079
+ RESERVED
+CVE-2020-13078
+ RESERVED
+CVE-2020-13077
+ RESERVED
+CVE-2020-13076
+ RESERVED
+CVE-2020-13075
+ RESERVED
+CVE-2020-13074
+ RESERVED
+CVE-2020-13073
+ RESERVED
+CVE-2020-13072
+ RESERVED
+CVE-2020-13071
+ RESERVED
+CVE-2020-13070
+ RESERVED
+CVE-2020-13069
+ RESERVED
+CVE-2020-13068
+ RESERVED
+CVE-2020-13067
+ RESERVED
+CVE-2020-13066
+ RESERVED
+CVE-2020-13065
+ RESERVED
+CVE-2020-13064
+ RESERVED
+CVE-2020-13063
+ RESERVED
+CVE-2020-13062
+ RESERVED
+CVE-2020-13061
+ RESERVED
+CVE-2020-13060
+ RESERVED
+CVE-2020-13059
+ RESERVED
+CVE-2020-13058
+ RESERVED
+CVE-2020-13057
+ RESERVED
+CVE-2020-13056
+ RESERVED
+CVE-2020-13055
+ RESERVED
+CVE-2020-13054
+ RESERVED
+CVE-2020-13053
+ RESERVED
+CVE-2020-13052
+ RESERVED
+CVE-2020-13051
+ RESERVED
+CVE-2020-13050
+ RESERVED
+CVE-2020-13049
+ RESERVED
+CVE-2020-13048
+ RESERVED
+CVE-2020-13047
+ RESERVED
+CVE-2020-13046
+ RESERVED
+CVE-2020-13045
+ RESERVED
+CVE-2020-13044
+ RESERVED
+CVE-2020-13043
+ RESERVED
+CVE-2020-13042
+ RESERVED
+CVE-2020-13041
+ RESERVED
+CVE-2020-13040
+ RESERVED
+CVE-2020-13039
+ RESERVED
+CVE-2020-13038
+ RESERVED
+CVE-2020-13037
+ RESERVED
+CVE-2020-13036
+ RESERVED
+CVE-2020-13035
+ RESERVED
+CVE-2020-13034
+ RESERVED
+CVE-2020-13033
+ RESERVED
+CVE-2020-13032
+ RESERVED
+CVE-2020-13031
+ RESERVED
+CVE-2020-13030
+ RESERVED
+CVE-2020-13029
+ RESERVED
+CVE-2020-13028
+ RESERVED
+CVE-2020-13027
+ RESERVED
+CVE-2020-13026
+ RESERVED
+CVE-2020-13025
+ RESERVED
+CVE-2020-13024
+ RESERVED
+CVE-2020-13023
+ RESERVED
+CVE-2020-13022
+ RESERVED
+CVE-2020-13021
+ RESERVED
+CVE-2020-13020
+ RESERVED
+CVE-2020-13019
+ RESERVED
+CVE-2020-13018
+ RESERVED
+CVE-2020-13017
+ RESERVED
+CVE-2020-13016
+ RESERVED
+CVE-2020-13015
+ RESERVED
+CVE-2020-13014
+ RESERVED
+CVE-2020-13013
+ RESERVED
+CVE-2020-13012
+ RESERVED
+CVE-2020-13011
+ RESERVED
+CVE-2020-13010
+ RESERVED
+CVE-2020-13009
+ RESERVED
+CVE-2020-13008
+ RESERVED
+CVE-2020-13007
+ RESERVED
+CVE-2020-13006
+ RESERVED
+CVE-2020-13005
+ RESERVED
+CVE-2020-13004
+ RESERVED
+CVE-2020-13003
+ RESERVED
+CVE-2020-13002
+ RESERVED
+CVE-2020-13001
+ RESERVED
+CVE-2020-13000
+ RESERVED
+CVE-2020-12999
+ RESERVED
+CVE-2020-12998
+ RESERVED
+CVE-2020-12997
+ RESERVED
+CVE-2020-12996
+ RESERVED
+CVE-2020-12995
+ RESERVED
+CVE-2020-12994
+ RESERVED
+CVE-2020-12993
+ RESERVED
+CVE-2020-12992
+ RESERVED
+CVE-2020-12991
+ RESERVED
+CVE-2020-12990
+ RESERVED
+CVE-2020-12989
+ RESERVED
+CVE-2020-12988
+ RESERVED
+CVE-2020-12987
+ RESERVED
+CVE-2020-12986
+ RESERVED
+CVE-2020-12985
+ RESERVED
+CVE-2020-12984
+ RESERVED
+CVE-2020-12983
+ RESERVED
+CVE-2020-12982
+ RESERVED
+CVE-2020-12981
+ RESERVED
+CVE-2020-12980
+ RESERVED
+CVE-2020-12979
+ RESERVED
+CVE-2020-12978
+ RESERVED
+CVE-2020-12977
+ RESERVED
+CVE-2020-12976
+ RESERVED
+CVE-2020-12975
+ RESERVED
+CVE-2020-12974
+ RESERVED
+CVE-2020-12973
+ RESERVED
+CVE-2020-12972
+ RESERVED
+CVE-2020-12971
+ RESERVED
+CVE-2020-12970
+ RESERVED
+CVE-2020-12969
+ RESERVED
+CVE-2020-12968
+ RESERVED
+CVE-2020-12967
+ RESERVED
+CVE-2020-12966
+ RESERVED
+CVE-2020-12965
+ RESERVED
+CVE-2020-12964
+ RESERVED
+CVE-2020-12963
+ RESERVED
+CVE-2020-12962
+ RESERVED
+CVE-2020-12961
+ RESERVED
+CVE-2020-12960
+ RESERVED
+CVE-2020-12959
+ RESERVED
+CVE-2020-12958
+ RESERVED
+CVE-2020-12957
+ RESERVED
+CVE-2020-12956
+ RESERVED
+CVE-2020-12955
+ RESERVED
+CVE-2020-12954
+ RESERVED
+CVE-2020-12953
+ RESERVED
+CVE-2020-12952
+ RESERVED
+CVE-2020-12951
+ RESERVED
+CVE-2020-12950
+ RESERVED
+CVE-2020-12949
+ RESERVED
+CVE-2020-12948
+ RESERVED
+CVE-2020-12947
+ RESERVED
+CVE-2020-12946
+ RESERVED
+CVE-2020-12945
+ RESERVED
+CVE-2020-12944
+ RESERVED
+CVE-2020-12943
+ RESERVED
+CVE-2020-12942
+ RESERVED
+CVE-2020-12941
+ RESERVED
+CVE-2020-12940
+ RESERVED
+CVE-2020-12939
+ RESERVED
+CVE-2020-12938
+ RESERVED
+CVE-2020-12937
+ RESERVED
+CVE-2020-12936
+ RESERVED
+CVE-2020-12935
+ RESERVED
+CVE-2020-12934
+ RESERVED
+CVE-2020-12933
+ RESERVED
+CVE-2020-12932
+ RESERVED
+CVE-2020-12931
+ RESERVED
+CVE-2020-12930
+ RESERVED
+CVE-2020-12929
+ RESERVED
+CVE-2020-12928
+ RESERVED
+CVE-2020-12927
+ RESERVED
+CVE-2020-12926
+ RESERVED
+CVE-2020-12925
+ RESERVED
+CVE-2020-12924
+ RESERVED
+CVE-2020-12923
+ RESERVED
+CVE-2020-12922
+ RESERVED
+CVE-2020-12921
+ RESERVED
+CVE-2020-12920
+ RESERVED
+CVE-2020-12919
+ RESERVED
+CVE-2020-12918
+ RESERVED
+CVE-2020-12917
+ RESERVED
+CVE-2020-12916
+ RESERVED
+CVE-2020-12915
+ RESERVED
+CVE-2020-12914
+ RESERVED
+CVE-2020-12913
+ RESERVED
+CVE-2020-12912
+ RESERVED
+CVE-2020-12911
+ RESERVED
+CVE-2020-12910
+ RESERVED
+CVE-2020-12909
+ RESERVED
+CVE-2020-12908
+ RESERVED
+CVE-2020-12907
+ RESERVED
+CVE-2020-12906
+ RESERVED
+CVE-2020-12905
+ RESERVED
+CVE-2020-12904
+ RESERVED
+CVE-2020-12903
+ RESERVED
+CVE-2020-12902
+ RESERVED
+CVE-2020-12901
+ RESERVED
+CVE-2020-12900
+ RESERVED
+CVE-2020-12899
+ RESERVED
+CVE-2020-12898
+ RESERVED
+CVE-2020-12897
+ RESERVED
+CVE-2020-12896
+ RESERVED
+CVE-2020-12895
+ RESERVED
+CVE-2020-12894
+ RESERVED
+CVE-2020-12893
+ RESERVED
+CVE-2020-12892
+ RESERVED
+CVE-2020-12891
+ RESERVED
+CVE-2020-12890
+ RESERVED
+CVE-2020-12889 (MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across us ...)
+ TODO: check
+CVE-2020-12888 (The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles atte ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1836244
CVE-2020-12887
@@ -31,8 +443,8 @@ CVE-2020-12874 (Veritas APTARE versions prior to 10.4 included code that bypasse
NOT-FOR-US: Veritas
CVE-2020-12873
RESERVED
-CVE-2020-12872
- RESERVED
+CVE-2020-12872 (yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ...)
+ TODO: check
CVE-2020-12871
RESERVED
CVE-2020-12870
@@ -107,8 +519,8 @@ CVE-2020-12836
RESERVED
CVE-2020-12835
RESERVED
-CVE-2020-12834
- RESERVED
+CVE-2020-12834 (eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 thr ...)
+ TODO: check
CVE-2020-12833
RESERVED
CVE-2020-12832 (The simple-file-list plugin before 4.2.8 for WordPress mishandles a .. ...)
@@ -193,8 +605,8 @@ CVE-2020-12800
RESERVED
CVE-2020-12799
RESERVED
-CVE-2020-12798
- RESERVED
+CVE-2020-12798 (Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system pol ...)
+ TODO: check
CVE-2020-12797
RESERVED
CVE-2020-12796
@@ -451,8 +863,8 @@ CVE-2020-12687 (An issue was discovered in Serpico before 1.3.3. The /admin/atta
NOT-FOR-US: Serpico
CVE-2020-12686
RESERVED
-CVE-2020-12685
- RESERVED
+CVE-2020-12685 (XSS in the admin help system admin/help.html and admin/quicklinks.html ...)
+ TODO: check
CVE-2020-12684
RESERVED
CVE-2020-12683 (Katyshop2 before 2.12 has multiple stored XSS issues. ...)
@@ -565,8 +977,8 @@ CVE-2020-12652 (The __mptctl_ioctl function in drivers/message/fusion/mptctl.c i
- linux 5.4.19-1
[buster] - linux 4.19.98-1
NOTE: https://git.kernel.org/linus/28d76df18f0ad5bcf5fa48510b225f0ed262a99b (5.5-rc7)
-CVE-2020-12651
- RESERVED
+CVE-2020-12651 (SecureCRT before 8.7.2 allows remote attackers to execute arbitrary co ...)
+ TODO: check
CVE-2020-12650
REJECTED
CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory tr ...)
@@ -4421,23 +4833,22 @@ CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte w
NOT-FOR-US: bit2spr
CVE-2020-11527 (In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated rem ...)
NOT-FOR-US: Zoho
-CVE-2020-11526
- RESERVED
+CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc ...)
- freerdp2 <unfixed>
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/192856cb59974ee4d7d3e72cbeafa676aa7565cf
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012
-CVE-2020-11525
- RESERVED
-CVE-2020-11524
- RESERVED
-CVE-2020-11523
- RESERVED
-CVE-2020-11522
- RESERVED
-CVE-2020-11521
- RESERVED
+CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-r ...)
+ TODO: check
+CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2. ...)
+ TODO: check
+CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 ...)
+ TODO: check
+CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out- ...)
+ TODO: check
+CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc ...)
+ TODO: check
CVE-2020-11520
RESERVED
CVE-2020-11519
@@ -6487,8 +6898,7 @@ CVE-2020-10746
RESERVED
CVE-2020-10745
RESERVED
-CVE-2020-10744 [incomplete fix for CVE-2020-1733]
- RESERVED
+CVE-2020-10744 (An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansi ...)
- ansible <unfixed>
[buster] - ansible <not-affected> (Incomplete fix not applied)
[stretch] - ansible <not-affected> (Incomplete fix not applied)
@@ -10405,8 +10815,8 @@ CVE-2020-9075
RESERVED
CVE-2020-9074
RESERVED
-CVE-2020-9073
- RESERVED
+CVE-2020-9073 (Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1 ...)
+ TODO: check
CVE-2020-9072 (Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a ...)
NOT-FOR-US: Huawei
CVE-2020-9071
@@ -12529,8 +12939,8 @@ CVE-2020-8151 (There is a possible information disclosure issue in Active Resour
TODO: check
CVE-2020-8150
RESERVED
-CVE-2020-8149
- RESERVED
+CVE-2020-8149 (Lack of output sanitization allowed an attack to execute arbitrary she ...)
+ TODO: check
CVE-2020-8148 (UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enab ...)
NOT-FOR-US: UniFi Cloud Key firmware
CVE-2020-8147 (Flaw in input validation in npm package utils-extend version 1.0.8 and ...)
@@ -12650,8 +13060,8 @@ CVE-2020-8102
RESERVED
CVE-2020-8101
RESERVED
-CVE-2020-8100
- RESERVED
+CVE-2020-8100 (Improper Input Validation vulnerability in the cevakrnl.rv0 module as ...)
+ TODO: check
CVE-2020-8099 (A vulnerability in the improper handling of junctions in Bitdefender A ...)
NOT-FOR-US: Bitdefender Antivirus Free
CVE-2020-8098
@@ -13434,8 +13844,8 @@ CVE-2020-7811
RESERVED
CVE-2020-7810
RESERVED
-CVE-2020-7809
- RESERVED
+CVE-2020-7809 (ALSong 3.46 and earlier version contain a Document Object Model (DOM) ...)
+ TODO: check
CVE-2020-7808
RESERVED
CVE-2020-7807
@@ -14129,10 +14539,10 @@ CVE-2020-7473 (In certain situations, all versions of Citrix ShareFile StorageZo
NOT-FOR-US: Citrix
CVE-2020-7472
RESERVED
-CVE-2019-20390
- RESERVED
-CVE-2019-20389
- RESERVED
+CVE-2019-20390 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Su ...)
+ TODO: check
+CVE-2019-20389 (An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configurat ...)
+ TODO: check
CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaV ...)
- libxml2 2.9.10+dfsg-2.1 (bug #949583)
[buster] - libxml2 <no-dsa> (Minor issue)
@@ -23646,8 +24056,7 @@ CVE-2020-3812
RESERVED
CVE-2020-3811
RESERVED
-CVE-2020-3810 [apt out-of-bounds read in .ar/.tar implemations]
- RESERVED
+CVE-2020-3810 (Missing input validation in the ar/tar implementations of APT before v ...)
{DSA-4685-1 DLA-2210-1}
- apt 2.1.2
NOTE: https://github.com/Debian/apt/issues/111
@@ -25494,8 +25903,8 @@ CVE-2019-19722 (In Dovecot before 2.3.9.2, an attacker can crash a push-notifica
NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/2
NOTE: https://github.com/dovecot/core/commit/1307766b6f5d97341a47376657d342bcefd10f1b
NOTE: https://github.com/dovecot/core/commit/393a8cabf4dad893bf2ec60bf96cfde7a0c58432
-CVE-2019-19721
- RESERVED
+CVE-2019-19721 (An off-by-one error in the DecodeBlock function in codec/sdl_image.c i ...)
+ TODO: check
CVE-2020-3109
RESERVED
CVE-2020-3108
@@ -29078,8 +29487,8 @@ CVE-2020-1810 (There is a weak algorithm vulnerability in some Huawei products.
NOT-FOR-US: Huawei
CVE-2020-1809
RESERVED
-CVE-2020-1808
- RESERVED
+CVE-2020-1808 (Huawei smartphones Honor View 20;Honor 20;Honor 20 PRO;Honor Magic2 wi ...)
+ TODO: check
CVE-2020-1807 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E7 ...)
NOT-FOR-US: Huawei
CVE-2020-1806 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...)
@@ -29477,8 +29886,7 @@ CVE-2020-1759 (A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat O
NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/84d2e215969cde830b086d11544aeb3666614211
NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/659ec7dc6e30fe961832f813da007f49e603a33d
NOTE: https://www.openwall.com/lists/oss-security/2020/04/07/2
-CVE-2020-1758
- RESERVED
+CVE-2020-1758 (A flaw was found in Keycloak in versions before 10.0.0, where it does ...)
NOT-FOR-US: Keycloak
CVE-2020-1757 (A flaw was found in all undertow-2.x.x SP1 versions prior to undertow- ...)
- undertow <unfixed>
@@ -33825,8 +34233,8 @@ CVE-2019-18668 (An issue was discovered in the Currency Switcher addon before 2.
NOT-FOR-US: Currency Switcher addon for WooCommerce
CVE-2019-18667 (/usr/local/www/freeradius_view_config.php in the freeradius3 package b ...)
NOT-FOR-US: FreeBSD specific freeradius_view_config.php in the freeradius3 package
-CVE-2019-18666
- RESERVED
+CVE-2019-18666 (An issue was discovered on D-Link DAP-1360 revision F devices. Remote ...)
+ TODO: check
CVE-2019-18665 (The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion ...)
NOT-FOR-US: SECUDOS DOMOS
CVE-2019-18664 (The Log module in SECUDOS DOMOS before 5.6 allows XSS. ...)
@@ -113230,8 +113638,8 @@ CVE-2018-10758 (The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete a
NOT-FOR-US: Datenstrom Yellow
CVE-2018-10757 (CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authe ...)
NOT-FOR-US: CSP MySQL User Manager
-CVE-2018-10756
- RESERVED
+CVE-2018-10756 (Use-after-free in libtransmission/variant.c in Transmission before 3.0 ...)
+ TODO: check
CVE-2018-10755
REJECTED
CVE-2018-10754
@@ -140169,6 +140577,7 @@ CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only (R
CVE-2018-1286 (In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged us ...)
NOT-FOR-US: Apache OpenMeetings
CVE-2018-1285 (Apache log4net before 2.0.8 does not disable XML external entities whe ...)
+ {DLA-2211-1}
- log4net <unfixed>
NOTE: https://issues.apache.org/jira/browse/LOG4NET-575
NOTE: https://github.com/apache/logging-log4net/commit/d0b4b0157d4af36b23c24a23739c47925c3bd8d7
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aea444b03e97e78ba39908c436609dd3e8af3cf5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aea444b03e97e78ba39908c436609dd3e8af3cf5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200515/dd25bfdb/attachment.html>
More information about the debian-security-tracker-commits
mailing list