[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue May 19 21:10:30 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
10eea197 by security tracker role at 2020-05-19T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2020-13165
+ RESERVED
+CVE-2020-13164
+ RESERVED
+CVE-2020-13163
+ RESERVED
CVE-2020-13162
RESERVED
CVE-2020-13161
@@ -851,7 +857,7 @@ CVE-2020-12769 (An issue was discovered in the Linux kernel before 5.4.17. drive
- linux 5.4.19-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/19b61392c5a852b4e8a0bf35aecb969983c5932d (5.5-rc6)
-CVE-2020-12768 (An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit ...)
+CVE-2020-12768 (** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. ...)
- linux 5.6.7-1 (unimportant)
NOTE: https://git.kernel.org/linus/d80b64ff297e40c2b6f7d7abc1b3eba70d22a068 (5.6-rc4)
CVE-2020-12766 (Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via t ...)
@@ -1092,8 +1098,7 @@ CVE-2020-12669 (core/get_menudiv.php in Dolibarr before 11.0.4 allows remote aut
- dolibarr <removed>
CVE-2020-12668
RESERVED
-CVE-2020-12667
- RESERVED
+CVE-2020-12667 (Knot Resolver before 5.1.1 allows traffic amplification via a crafted ...)
- knot-resolver <unfixed>
NOTE: https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/
CVE-2020-12666 (macaron before 1.3.7 has an open redirect in the static handler, as de ...)
@@ -1102,13 +1107,11 @@ CVE-2020-12665
RESERVED
CVE-2020-12664
RESERVED
-CVE-2020-12663
- RESERVED
+CVE-2020-12663 (Unbound before 1.10.1 has an infinite loop via malformed DNS answers r ...)
- unbound 1.10.1-1
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff
-CVE-2020-12662
- RESERVED
+CVE-2020-12662 (Unbound before 1.10.1 has Insufficient Control of Network Message Volu ...)
- unbound 1.10.1-1
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff
@@ -1603,7 +1606,7 @@ CVE-2020-12442 (Ivanti Avalanche 6.3 allows a SQL injection that is vaguely asso
NOT-FOR-US: Ivanti
CVE-2020-12441
RESERVED
-CVE-2020-12440 (NGINX through 1.18.0 allows an HTTP request smuggling attack that can ...)
+CVE-2020-12440 (** DISPUTED ** NGINX through 1.18.0 allows an HTTP request smuggling a ...)
TODO: check
CVE-2020-12439 (Grin before 3.1.0 allows attackers to adversely affect availability of ...)
NOT-FOR-US: Grin
@@ -2131,8 +2134,7 @@ CVE-2020-12246 (Beeline Smart Box 2.0.38 routers allow "Advanced settings > O
CVE-2020-12245 (Grafana before 6.7.3 allows table-panel XSS via column.title or cellLi ...)
- grafana <removed>
NOTE: https://github.com/grafana/grafana/pull/23816
-CVE-2020-12244
- RESERVED
+CVE-2020-12244 (An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where ...)
- pdns-recursor 4.3.1-1
NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html
NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3
@@ -3653,8 +3655,8 @@ CVE-2020-11847
RESERVED
CVE-2020-11846
RESERVED
-CVE-2020-11845
- RESERVED
+CVE-2020-11845 (Cross Site Scripting vulnerability in Micro Focus Service Manager prod ...)
+ TODO: check
CVE-2020-11844
RESERVED
CVE-2020-11843
@@ -3733,8 +3735,8 @@ CVE-2020-11809
RESERVED
CVE-2020-11808
RESERVED
-CVE-2020-11807
- RESERVED
+CVE-2020-11807 (Because of Unrestricted Upload of a File with a Dangerous Type, Source ...)
+ TODO: check
CVE-2020-11806 (In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through ...)
NOT-FOR-US: MailStore Outlook Add-in
CVE-2020-11805
@@ -4262,8 +4264,8 @@ CVE-2020-11717
RESERVED
CVE-2020-11716
RESERVED
-CVE-2020-11715
- RESERVED
+CVE-2020-11715 (Panasonic P99 devices through 2020-04-10 have Incorrect Access Control ...)
+ TODO: check
CVE-2020-11714 (eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Loc ...)
NOT-FOR-US: eten PSG-6528VM 1.1 devices
CVE-2020-11713 (wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does n ...)
@@ -6256,8 +6258,7 @@ CVE-2020-10997 (Percona XtraBackup before 2.4.20 unintentionally writes the comm
NOTE: https://www.percona.com/blog/2020/04/16/cve-2020-10997-percona-xtrabackup-information-disclosure-of-command-line-arguments/
CVE-2020-10996 (An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41. ...)
NOT-FOR-US: Percona XtraDB Cluster
-CVE-2020-10995
- RESERVED
+CVE-2020-10995 (PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not suffic ...)
- pdns-recursor 4.3.1-1
NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html
NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3
@@ -7178,18 +7179,15 @@ CVE-2020-10725
- dpdk 19.11.2-1 (bug #960936)
[buster] - dpdk <not-affected> (Vulnerable code not present)
[stretch] - dpdk <not-affected> (Vulnerable code not present)
-CVE-2020-10724
- RESERVED
+CVE-2020-10724 (A vulnerability was found in DPDK versions 18.11 and above. The vhost- ...)
- dpdk 19.11.2-1 (bug #960936)
[buster] - dpdk 18.11.6-1~deb10u2
[stretch] - dpdk <not-affected> (Vulnerable code not present)
-CVE-2020-10723
- RESERVED
+CVE-2020-10723 (A memory corruption issue was found in DPDK versions 17.05 and above. ...)
- dpdk 19.11.2-1 (bug #960936)
[buster] - dpdk 18.11.6-1~deb10u2
[stretch] - dpdk <not-affected> (Vulnerable code not present)
-CVE-2020-10722
- RESERVED
+CVE-2020-10722 (A vulnerability was found in DPDK versions 18.05 and above. A missing ...)
{DSA-4688-1}
- dpdk 19.11.2-1 (bug #960936)
CVE-2020-10721
@@ -8629,10 +8627,10 @@ CVE-2020-10137
RESERVED
CVE-2020-10136
RESERVED
-CVE-2020-10135
- RESERVED
-CVE-2020-10134
- RESERVED
+CVE-2020-10135 (Legacy pairing and secure-connections pairing authentication in Blueto ...)
+ TODO: check
+CVE-2020-10134 (Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthe ...)
+ TODO: check
CVE-2020-10133
RESERVED
CVE-2020-10132
@@ -8902,8 +8900,7 @@ CVE-2020-10032
RESERVED
CVE-2020-10031
RESERVED
-CVE-2020-10030
- RESERVED
+CVE-2020-10030 (An issue has been found in PowerDNS Recursor 4.1.0 up to and including ...)
- pdns-recursor 4.3.1-1
NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-03.html
NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3
@@ -12142,13 +12139,13 @@ CVE-2020-8619
RESERVED
CVE-2020-8618
RESERVED
-CVE-2020-8617
- RESERVED
+CVE-2020-8617 (Using a specially-crafted message, an attacker may potentially cause a ...)
+ {DSA-4689-1}
- bind9 <unfixed>
NOTE: https://kb.isc.org/docs/cve-2020-8617
NOTE: https://kb.isc.org/docs/cve-2020-8617-faq-and-supplemental-information
-CVE-2020-8616
- RESERVED
+CVE-2020-8616 (A malicious actor who intentionally exploits this lack of effective li ...)
+ {DSA-4689-1}
- bind9 <unfixed>
NOTE: https://kb.isc.org/docs/cve-2020-8616
CVE-2020-8615 (A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPres ...)
@@ -12581,8 +12578,8 @@ CVE-2020-8436 (XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for Wo
NOT-FOR-US: RegistrationMagic plugin for WordPress
CVE-2020-8435 (An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for Wo ...)
NOT-FOR-US: RegistrationMagic plugin for WordPress
-CVE-2020-8434
- RESERVED
+CVE-2020-8434 (Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 ...)
+ TODO: check
CVE-2020-8433
RESERVED
CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length ...)
@@ -13478,8 +13475,8 @@ CVE-2020-8023
RESERVED
CVE-2020-8022
RESERVED
-CVE-2020-8021
- RESERVED
+CVE-2020-8021 (a Improper Access Control vulnerability in of Open Build Service allow ...)
+ TODO: check
CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation vulnerab ...)
TODO: check
CVE-2020-8019
@@ -16008,8 +16005,8 @@ CVE-2020-6958 (An XXE vulnerability in JnlpSupport in Yet Another Java Service W
NOT-FOR-US: Yet Another Java Service Wrapper (YAJSW)
CVE-2020-6957
RESERVED
-CVE-2020-6956
- RESERVED
+CVE-2020-6956 (PCS DEXICON 3.4.1 allows XSS via the loginName parameter in login_acti ...)
+ TODO: check
CVE-2020-6955 (An issue was discovered on Cayin SMP-PRO4 devices. They allow image_pr ...)
NOT-FOR-US: Cayin SMP-PRO4 devices
CVE-2020-6954 (An issue was discovered on Cayin SMP-PRO4 devices. A user can discover ...)
@@ -22221,10 +22218,10 @@ CVE-2020-4414
RESERVED
CVE-2020-4413
RESERVED
-CVE-2020-4412
- RESERVED
-CVE-2020-4411
- RESERVED
+CVE-2020-4412 (The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4. ...)
+ TODO: check
+CVE-2020-4411 (The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4. ...)
+ TODO: check
CVE-2020-4410
RESERVED
CVE-2020-4409
@@ -22449,8 +22446,8 @@ CVE-2020-4300
RESERVED
CVE-2020-4299 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 c ...)
NOT-FOR-US: IBM
-CVE-2020-4298
- RESERVED
+CVE-2020-4298 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
+ TODO: check
CVE-2020-4297
RESERVED
CVE-2020-4296
@@ -22473,8 +22470,8 @@ CVE-2020-4288 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote at
NOT-FOR-US: IBM
CVE-2020-4287 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...)
NOT-FOR-US: IBM
-CVE-2020-4286
- RESERVED
+CVE-2020-4286 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
+ TODO: check
CVE-2020-4285 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...)
NOT-FOR-US: IBM
CVE-2020-4284 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...)
@@ -30389,8 +30386,7 @@ CVE-2020-1697 (It was found in all keycloak versions before 9.0.0 that links to
CVE-2020-1696 (A flaw was found in the all pki-core 10.x.x versions, where Token Proc ...)
- dogtag-pki <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780707
-CVE-2020-1695
- RESERVED
+CVE-2020-1695 (A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final ...)
- resteasy <undetermined>
- resteasy3.0 <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1730462
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10eea1975800bb8aab8ebf3d314b4d234d380c24
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10eea1975800bb8aab8ebf3d314b4d234d380c24
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200519/26c8555f/attachment.html>
More information about the debian-security-tracker-commits
mailing list