[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon May 18 21:10:28 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab4e6615 by security tracker role at 2020-05-18T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,39 @@
-CVE-2020-13143 [USB: gadget: fix illegal array access in binding with UDC]
+CVE-2020-13146 (Studio in Open edX Ironwood 2.5 allows CSV injection because an added  ...)
+	TODO: check
+CVE-2020-13145 (Studio in Open edX Ironwood 2.5 allows users to upload SVG files via t ...)
+	TODO: check
+CVE-2020-13144 (Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a u ...)
+	TODO: check
+CVE-2020-13142
+	RESERVED
+CVE-2020-13141
+	RESERVED
+CVE-2020-13140
+	RESERVED
+CVE-2020-13139
+	RESERVED
+CVE-2020-13138
+	RESERVED
+CVE-2020-13137
+	RESERVED
+CVE-2020-13136 (D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be re ...)
+	TODO: check
+CVE-2020-13135 (D-Link DSP-W215 1.26b03 devices allow information disclosure by interc ...)
+	TODO: check
+CVE-2020-13134
+	RESERVED
+CVE-2020-13133
+	RESERVED
+CVE-2020-13132
+	RESERVED
+CVE-2020-13131
+	RESERVED
+CVE-2020-13143 (gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linu ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/15753588bcd4bbffae1cca33c8ced5722477fe1f
 CVE-2020-13130
 	RESERVED
-CVE-2020-13129 (An issue was discovered in the stashcat app through 3.9.1 for macOS. T ...)
+CVE-2020-13129 (An issue was discovered in the stashcat app through 3.9.1 for macOS, W ...)
 	NOT-FOR-US: stashcat app for MacOS
 CVE-2020-13128 (An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServle ...)
 	NOT-FOR-US: Manolo GWTUpload
@@ -92,9 +122,9 @@ CVE-2020-13094
 	RESERVED
 CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. ...)
 	NOT-FOR-US: iSpyConnect.com Agent DVR
-CVE-2020-13092 (scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute  ...)
+CVE-2020-13092 (** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unseriali ...)
 	- scikit-learn <unfixed> (unimportant)
-CVE-2020-13091 (pandas through 1.0.3 can unserialize and execute commands from an untr ...)
+CVE-2020-13091 (** DISPUTED ** pandas through 1.0.3 can unserialize and execute comman ...)
 	- pandas <unfixed> (unimportant)
 CVE-2020-13090
 	RESERVED
@@ -693,8 +723,8 @@ CVE-2020-12803
 	RESERVED
 CVE-2020-12802
 	RESERVED
-CVE-2020-12801
-	RESERVED
+CVE-2020-12801 (If LibreOffice has an encrypted document open and crashes, that docume ...)
+	TODO: check
 CVE-2020-12800
 	RESERVED
 CVE-2020-12799
@@ -2024,16 +2054,16 @@ CVE-2020-12261 (Open-AudIT 3.3.0 allows an XSS attack after login. ...)
 	NOT-FOR-US: Open-AudIT
 CVE-2020-12260
 	RESERVED
-CVE-2020-12259
-	RESERVED
-CVE-2020-12258
-	RESERVED
-CVE-2020-12257
-	RESERVED
-CVE-2020-12256
-	RESERVED
-CVE-2020-12255
-	RESERVED
+CVE-2020-12259 (rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php fil ...)
+	TODO: check
+CVE-2020-12258 (rConfig 3.9.4 is vulnerable to session fixation because session expiry ...)
+	TODO: check
+CVE-2020-12257 (rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) becau ...)
+	TODO: check
+CVE-2020-12256 (rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file ...)
+	TODO: check
+CVE-2020-12255 (rConfig 3.9.4 is vulnerable to remote code execution due to improper v ...)
+	TODO: check
 CVE-2020-12254 (Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escal ...)
 	NOT-FOR-US: Avira Antivirus
 CVE-2019-20789 (Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or a ...)
@@ -4885,12 +4915,12 @@ CVE-2020-11553 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 bef
 	NOT-FOR-US: Castle Rock SNMPc
 CVE-2020-11552
 	RESERVED
-CVE-2020-11551
-	RESERVED
-CVE-2020-11550
-	RESERVED
-CVE-2020-11549
-	RESERVED
+CVE-2020-11551 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on  ...)
+	TODO: check
+CVE-2020-11550 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on  ...)
+	TODO: check
+CVE-2020-11549 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on  ...)
+	TODO: check
 CVE-2020-11548 (The Search Meter plugin through 2.13.2 for WordPress allows user input ...)
 	NOT-FOR-US: Search Meter plugin for WordPress
 CVE-2020-11547 (PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated ...)
@@ -6261,8 +6291,7 @@ CVE-2020-10968 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the in
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2662
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
-CVE-2020-10967
-	RESERVED
+CVE-2020-10967 (In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash ...)
 	- dovecot <unfixed> (bug #960963)
 	[stretch] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
 	[jessie] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
@@ -6294,14 +6323,12 @@ CVE-2020-10959 [mediawiki: User content can redirect the logout button to differ
 	- mediawiki <not-affected> (Vulnerable code introduced later)
 	NOTE: https://phabricator.wikimedia.org/T232932
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html
-CVE-2020-10958
-	RESERVED
+CVE-2020-10958 (In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an un ...)
 	- dovecot <unfixed> (bug #960963)
 	[stretch] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
 	[jessie] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1
-CVE-2020-10957
-	RESERVED
+CVE-2020-10957 (In Dovecot before 2.3.10.1, unauthenticated sending of malformed param ...)
 	- dovecot <unfixed> (bug #960963)
 	[stretch] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
 	[jessie] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
@@ -7109,6 +7136,7 @@ CVE-2020-10723
 	[stretch] - dpdk <not-affected> (Vulnerable code not present)
 CVE-2020-10722
 	RESERVED
+	{DSA-4688-1}
 	- dpdk 19.11.2-1 (bug #960936)
 CVE-2020-10721
 	RESERVED
@@ -9884,8 +9912,8 @@ CVE-2020-9526
 	RESERVED
 CVE-2020-9525
 	RESERVED
-CVE-2020-9524
-	RESERVED
+CVE-2020-9524 (Cross Site scripting vulnerability on Micro Focus Enterprise Server an ...)
+	TODO: check
 CVE-2020-9523 (Insufficiently protected credentials vulnerability on Micro Focus ente ...)
 	NOT-FOR-US: Micro Focus
 CVE-2020-9522
@@ -13360,10 +13388,10 @@ CVE-2020-8037
 	RESERVED
 CVE-2020-8036
 	RESERVED
-CVE-2020-8035
-	RESERVED
-CVE-2020-8034
-	RESERVED
+CVE-2020-8035 (The image view functionality in Horde Groupware Webmail Edition before ...)
+	TODO: check
+CVE-2020-8034 (Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.2 ...)
+	TODO: check
 CVE-2020-8033 (Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Nam ...)
 	NOT-FOR-US: Ruckus
 CVE-2020-8032
@@ -18042,10 +18070,10 @@ CVE-2020-6095 (An exploitable denial of service vulnerability exists in the GstR
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a
 CVE-2020-6094 (An exploitable code execution vulnerability exists in the TIFF fillinr ...)
 	NOT-FOR-US: Accusoft ImageGear
-CVE-2020-6093
-	RESERVED
-CVE-2020-6092
-	RESERVED
+CVE-2020-6093 (An exploitable information disclosure vulnerability exists in the way  ...)
+	TODO: check
+CVE-2020-6092 (An exploitable code execution vulnerability exists in the way Nitro Pr ...)
+	TODO: check
 CVE-2020-6091
 	RESERVED
 CVE-2020-6090
@@ -18104,8 +18132,8 @@ CVE-2020-6076 (An exploitable out-of-bounds write vulnerability exists in the ig
 	NOT-FOR-US: Accusoft
 CVE-2020-6075 (An exploitable out-of-bounds write vulnerability exists in the store_d ...)
 	NOT-FOR-US: Accusoft
-CVE-2020-6074
-	RESERVED
+CVE-2020-6074 (An exploitable code execution vulnerability exists in the PDF parser o ...)
+	TODO: check
 CVE-2020-6073 (An exploitable denial-of-service vulnerability exists in the TXT recor ...)
 	{DSA-4671-1}
 	- libmicrodns <removed>
@@ -29708,12 +29736,12 @@ CVE-2019-19458 (SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the
 	NOT-FOR-US: SALTO ProAccess SPACE
 CVE-2019-19457 (SALTO ProAccess SPACE 5.4.3.0 allows XSS. ...)
 	NOT-FOR-US: SALTO ProAccess SPACE
-CVE-2019-19456
-	RESERVED
+CVE-2019-19456 (A Reflected XSS was found in the server selection box inside the login ...)
+	TODO: check
 CVE-2019-19455
 	RESERVED
-CVE-2019-19454
-	RESERVED
+CVE-2019-19454 (An arbitrary file download was found in the "Download Log" functionali ...)
+	TODO: check
 CVE-2019-19453
 	RESERVED
 CVE-2019-19452 (A buffer overflow was found in Patriot Viper RGB through 1.1 when proc ...)
@@ -70246,10 +70274,10 @@ CVE-2019-7282 (In NetKit through 0.17, rcp.c in the rcp client allows remote rsh
 	[jessie] - netkit-rsh <no-dsa> (Minor issue)
 CVE-2019-7248
 	RESERVED
-CVE-2019-7247
-	RESERVED
-CVE-2019-7246
-	RESERVED
+CVE-2019-7247 (An issue was discovered in AODDriver2.sys in AMD OverDrive. The vulner ...)
+	TODO: check
+CVE-2019-7246 (An issue was discovered in atillk64.sys in AMD ATI Diagnostics Hardwar ...)
+	TODO: check
 CVE-2019-7245 (An issue was discovered in GPU-Z.sys in TechPowerUp GPU-Z before 2.23. ...)
 	NOT-FOR-US: TechPowerUp GPU-Z
 CVE-2019-7244 (An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vuln ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab4e6615ef881060abd06ee458d97a47a6242e44

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab4e6615ef881060abd06ee458d97a47a6242e44
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200518/647bd5c1/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list