[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon May 18 21:10:28 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ab4e6615 by security tracker role at 2020-05-18T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,39 @@
-CVE-2020-13143 [USB: gadget: fix illegal array access in binding with UDC]
+CVE-2020-13146 (Studio in Open edX Ironwood 2.5 allows CSV injection because an added ...)
+ TODO: check
+CVE-2020-13145 (Studio in Open edX Ironwood 2.5 allows users to upload SVG files via t ...)
+ TODO: check
+CVE-2020-13144 (Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a u ...)
+ TODO: check
+CVE-2020-13142
+ RESERVED
+CVE-2020-13141
+ RESERVED
+CVE-2020-13140
+ RESERVED
+CVE-2020-13139
+ RESERVED
+CVE-2020-13138
+ RESERVED
+CVE-2020-13137
+ RESERVED
+CVE-2020-13136 (D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be re ...)
+ TODO: check
+CVE-2020-13135 (D-Link DSP-W215 1.26b03 devices allow information disclosure by interc ...)
+ TODO: check
+CVE-2020-13134
+ RESERVED
+CVE-2020-13133
+ RESERVED
+CVE-2020-13132
+ RESERVED
+CVE-2020-13131
+ RESERVED
+CVE-2020-13143 (gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linu ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/15753588bcd4bbffae1cca33c8ced5722477fe1f
CVE-2020-13130
RESERVED
-CVE-2020-13129 (An issue was discovered in the stashcat app through 3.9.1 for macOS. T ...)
+CVE-2020-13129 (An issue was discovered in the stashcat app through 3.9.1 for macOS, W ...)
NOT-FOR-US: stashcat app for MacOS
CVE-2020-13128 (An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServle ...)
NOT-FOR-US: Manolo GWTUpload
@@ -92,9 +122,9 @@ CVE-2020-13094
RESERVED
CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. ...)
NOT-FOR-US: iSpyConnect.com Agent DVR
-CVE-2020-13092 (scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute ...)
+CVE-2020-13092 (** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unseriali ...)
- scikit-learn <unfixed> (unimportant)
-CVE-2020-13091 (pandas through 1.0.3 can unserialize and execute commands from an untr ...)
+CVE-2020-13091 (** DISPUTED ** pandas through 1.0.3 can unserialize and execute comman ...)
- pandas <unfixed> (unimportant)
CVE-2020-13090
RESERVED
@@ -693,8 +723,8 @@ CVE-2020-12803
RESERVED
CVE-2020-12802
RESERVED
-CVE-2020-12801
- RESERVED
+CVE-2020-12801 (If LibreOffice has an encrypted document open and crashes, that docume ...)
+ TODO: check
CVE-2020-12800
RESERVED
CVE-2020-12799
@@ -2024,16 +2054,16 @@ CVE-2020-12261 (Open-AudIT 3.3.0 allows an XSS attack after login. ...)
NOT-FOR-US: Open-AudIT
CVE-2020-12260
RESERVED
-CVE-2020-12259
- RESERVED
-CVE-2020-12258
- RESERVED
-CVE-2020-12257
- RESERVED
-CVE-2020-12256
- RESERVED
-CVE-2020-12255
- RESERVED
+CVE-2020-12259 (rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php fil ...)
+ TODO: check
+CVE-2020-12258 (rConfig 3.9.4 is vulnerable to session fixation because session expiry ...)
+ TODO: check
+CVE-2020-12257 (rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) becau ...)
+ TODO: check
+CVE-2020-12256 (rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file ...)
+ TODO: check
+CVE-2020-12255 (rConfig 3.9.4 is vulnerable to remote code execution due to improper v ...)
+ TODO: check
CVE-2020-12254 (Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escal ...)
NOT-FOR-US: Avira Antivirus
CVE-2019-20789 (Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or a ...)
@@ -4885,12 +4915,12 @@ CVE-2020-11553 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 bef
NOT-FOR-US: Castle Rock SNMPc
CVE-2020-11552
RESERVED
-CVE-2020-11551
- RESERVED
-CVE-2020-11550
- RESERVED
-CVE-2020-11549
- RESERVED
+CVE-2020-11551 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...)
+ TODO: check
+CVE-2020-11550 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...)
+ TODO: check
+CVE-2020-11549 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...)
+ TODO: check
CVE-2020-11548 (The Search Meter plugin through 2.13.2 for WordPress allows user input ...)
NOT-FOR-US: Search Meter plugin for WordPress
CVE-2020-11547 (PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated ...)
@@ -6261,8 +6291,7 @@ CVE-2020-10968 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the in
NOTE: https://github.com/FasterXML/jackson-databind/issues/2662
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
-CVE-2020-10967
- RESERVED
+CVE-2020-10967 (In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash ...)
- dovecot <unfixed> (bug #960963)
[stretch] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
[jessie] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
@@ -6294,14 +6323,12 @@ CVE-2020-10959 [mediawiki: User content can redirect the logout button to differ
- mediawiki <not-affected> (Vulnerable code introduced later)
NOTE: https://phabricator.wikimedia.org/T232932
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html
-CVE-2020-10958
- RESERVED
+CVE-2020-10958 (In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an un ...)
- dovecot <unfixed> (bug #960963)
[stretch] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
[jessie] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1
-CVE-2020-10957
- RESERVED
+CVE-2020-10957 (In Dovecot before 2.3.10.1, unauthenticated sending of malformed param ...)
- dovecot <unfixed> (bug #960963)
[stretch] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
[jessie] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
@@ -7109,6 +7136,7 @@ CVE-2020-10723
[stretch] - dpdk <not-affected> (Vulnerable code not present)
CVE-2020-10722
RESERVED
+ {DSA-4688-1}
- dpdk 19.11.2-1 (bug #960936)
CVE-2020-10721
RESERVED
@@ -9884,8 +9912,8 @@ CVE-2020-9526
RESERVED
CVE-2020-9525
RESERVED
-CVE-2020-9524
- RESERVED
+CVE-2020-9524 (Cross Site scripting vulnerability on Micro Focus Enterprise Server an ...)
+ TODO: check
CVE-2020-9523 (Insufficiently protected credentials vulnerability on Micro Focus ente ...)
NOT-FOR-US: Micro Focus
CVE-2020-9522
@@ -13360,10 +13388,10 @@ CVE-2020-8037
RESERVED
CVE-2020-8036
RESERVED
-CVE-2020-8035
- RESERVED
-CVE-2020-8034
- RESERVED
+CVE-2020-8035 (The image view functionality in Horde Groupware Webmail Edition before ...)
+ TODO: check
+CVE-2020-8034 (Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.2 ...)
+ TODO: check
CVE-2020-8033 (Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Nam ...)
NOT-FOR-US: Ruckus
CVE-2020-8032
@@ -18042,10 +18070,10 @@ CVE-2020-6095 (An exploitable denial of service vulnerability exists in the GstR
NOTE: https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a
CVE-2020-6094 (An exploitable code execution vulnerability exists in the TIFF fillinr ...)
NOT-FOR-US: Accusoft ImageGear
-CVE-2020-6093
- RESERVED
-CVE-2020-6092
- RESERVED
+CVE-2020-6093 (An exploitable information disclosure vulnerability exists in the way ...)
+ TODO: check
+CVE-2020-6092 (An exploitable code execution vulnerability exists in the way Nitro Pr ...)
+ TODO: check
CVE-2020-6091
RESERVED
CVE-2020-6090
@@ -18104,8 +18132,8 @@ CVE-2020-6076 (An exploitable out-of-bounds write vulnerability exists in the ig
NOT-FOR-US: Accusoft
CVE-2020-6075 (An exploitable out-of-bounds write vulnerability exists in the store_d ...)
NOT-FOR-US: Accusoft
-CVE-2020-6074
- RESERVED
+CVE-2020-6074 (An exploitable code execution vulnerability exists in the PDF parser o ...)
+ TODO: check
CVE-2020-6073 (An exploitable denial-of-service vulnerability exists in the TXT recor ...)
{DSA-4671-1}
- libmicrodns <removed>
@@ -29708,12 +29736,12 @@ CVE-2019-19458 (SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the
NOT-FOR-US: SALTO ProAccess SPACE
CVE-2019-19457 (SALTO ProAccess SPACE 5.4.3.0 allows XSS. ...)
NOT-FOR-US: SALTO ProAccess SPACE
-CVE-2019-19456
- RESERVED
+CVE-2019-19456 (A Reflected XSS was found in the server selection box inside the login ...)
+ TODO: check
CVE-2019-19455
RESERVED
-CVE-2019-19454
- RESERVED
+CVE-2019-19454 (An arbitrary file download was found in the "Download Log" functionali ...)
+ TODO: check
CVE-2019-19453
RESERVED
CVE-2019-19452 (A buffer overflow was found in Patriot Viper RGB through 1.1 when proc ...)
@@ -70246,10 +70274,10 @@ CVE-2019-7282 (In NetKit through 0.17, rcp.c in the rcp client allows remote rsh
[jessie] - netkit-rsh <no-dsa> (Minor issue)
CVE-2019-7248
RESERVED
-CVE-2019-7247
- RESERVED
-CVE-2019-7246
- RESERVED
+CVE-2019-7247 (An issue was discovered in AODDriver2.sys in AMD OverDrive. The vulner ...)
+ TODO: check
+CVE-2019-7246 (An issue was discovered in atillk64.sys in AMD ATI Diagnostics Hardwar ...)
+ TODO: check
CVE-2019-7245 (An issue was discovered in GPU-Z.sys in TechPowerUp GPU-Z before 2.23. ...)
NOT-FOR-US: TechPowerUp GPU-Z
CVE-2019-7244 (An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vuln ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab4e6615ef881060abd06ee458d97a47a6242e44
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab4e6615ef881060abd06ee458d97a47a6242e44
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200518/647bd5c1/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list