[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed May 20 21:10:31 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
01271c2a by security tracker role at 2020-05-20T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2020-13250
+ RESERVED
+CVE-2020-13249 (libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not ...)
+ TODO: check
+CVE-2020-13248
+ RESERVED
+CVE-2020-13247
+ RESERVED
+CVE-2020-13246 (An issue was discovered in Gitea through 1.11.5. An attacker can trigg ...)
+ TODO: check
+CVE-2020-13245
+ RESERVED
+CVE-2020-13244
+ RESERVED
+CVE-2020-13243
+ RESERVED
+CVE-2020-13242
+ RESERVED
+CVE-2020-13241 (Microweber 1.1.18 allows Unrestricted File Upload because admin/view:m ...)
+ TODO: check
+CVE-2020-13240 (The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup doc ...)
+ TODO: check
+CVE-2020-13239 (The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html file ...)
+ TODO: check
+CVE-2020-13238
+ RESERVED
+CVE-2020-13237
+ RESERVED
+CVE-2020-13236
+ RESERVED
+CVE-2020-13235
+ RESERVED
+CVE-2020-13234
+ RESERVED
+CVE-2020-13233
+ RESERVED
+CVE-2020-13232
+ RESERVED
+CVE-2020-13231 (In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for a ...)
+ TODO: check
+CVE-2020-13230 (In Cacti before 1.2.11, disabling a user account does not immediately ...)
+ TODO: check
+CVE-2020-13229
+ RESERVED
+CVE-2020-13228
+ RESERVED
+CVE-2020-13227
+ RESERVED
+CVE-2020-13226 (WSO2 API Manager 3.0.0 does not properly restrict outbound network acc ...)
+ TODO: check
CVE-2020-13225 (phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability ...)
- phpipam <itp> (bug #731713)
NOTE: https://github.com/phpipam/phpipam/issues/3025
@@ -150,8 +200,8 @@ CVE-2020-13154 (Zoho ManageEngine Service Plus before 11.1 build 11112 allows lo
NOT-FOR-US: Zoho
CVE-2020-13153 (app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS ...)
NOT-FOR-US: MISP
-CVE-2020-13152
- RESERVED
+CVE-2020-13152 (A remote user can create a specially crafted M3U file, media playlist ...)
+ TODO: check
CVE-2020-13151
RESERVED
CVE-2020-13150
@@ -808,8 +858,8 @@ CVE-2020-12837
RESERVED
CVE-2020-12836
RESERVED
-CVE-2020-12835
- RESERVED
+CVE-2020-12835 (An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to ...)
+ TODO: check
CVE-2020-12834 (eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 thr ...)
NOT-FOR-US: eQ-3 Homematic Central Control Unit
CVE-2020-12833
@@ -1740,7 +1790,8 @@ CVE-2020-12442 (Ivanti Avalanche 6.3 allows a SQL injection that is vaguely asso
NOT-FOR-US: Ivanti
CVE-2020-12441
RESERVED
-CVE-2020-12440 (** DISPUTED ** NGINX through 1.18.0 allows an HTTP request smuggling a ...)
+CVE-2020-12440
+ REJECTED
NOTE: Nginx non issue
CVE-2020-12439 (Grin before 3.1.0 allows attackers to adversely affect availability of ...)
NOT-FOR-US: Grin
@@ -4404,8 +4455,8 @@ CVE-2020-11718
RESERVED
CVE-2020-11717
RESERVED
-CVE-2020-11716
- RESERVED
+CVE-2020-11716 (Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices throu ...)
+ TODO: check
CVE-2020-11715 (Panasonic P99 devices through 2020-04-10 have Incorrect Access Control ...)
NOT-FOR-US: Panasonic
CVE-2020-11714 (eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Loc ...)
@@ -6126,8 +6177,8 @@ CVE-2020-11080
RESERVED
CVE-2020-11079
RESERVED
-CVE-2020-11078
- RESERVED
+CVE-2020-11078 (In httplib2 before version 0.18.0, an attacker controlling unescaped p ...)
+ TODO: check
CVE-2020-11077
RESERVED
CVE-2020-11076
@@ -6485,6 +6536,7 @@ CVE-2020-10968 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the in
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-10967 (In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash ...)
+ {DSA-4690-1}
- dovecot <unfixed> (bug #960963)
[stretch] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
[jessie] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
@@ -6517,11 +6569,13 @@ CVE-2020-10959 [mediawiki: User content can redirect the logout button to differ
NOTE: https://phabricator.wikimedia.org/T232932
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html
CVE-2020-10958 (In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an un ...)
+ {DSA-4690-1}
- dovecot <unfixed> (bug #960963)
[stretch] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
[jessie] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1
CVE-2020-10957 (In Dovecot before 2.3.10.1, unauthenticated sending of malformed param ...)
+ {DSA-4690-1}
- dovecot <unfixed> (bug #960963)
[stretch] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
[jessie] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
@@ -7312,13 +7366,11 @@ CVE-2020-10728
NOT-FOR-US: automationbroker/apb
CVE-2020-10727
RESERVED
-CVE-2020-10726
- RESERVED
+CVE-2020-10726 (A vulnerability was found in DPDK versions 19.11 and above. A maliciou ...)
- dpdk 19.11.2-1 (bug #960936)
[buster] - dpdk <not-affected> (Vulnerable code not present)
[stretch] - dpdk <not-affected> (Vulnerable code not present)
-CVE-2020-10725
- RESERVED
+CVE-2020-10725 (A flaw was found in DPDK version 19.11 and above that allows a malicio ...)
- dpdk 19.11.2-1 (bug #960936)
[buster] - dpdk <not-affected> (Vulnerable code not present)
[stretch] - dpdk <not-affected> (Vulnerable code not present)
@@ -10198,8 +10250,8 @@ CVE-2020-9486
RESERVED
CVE-2020-9485
RESERVED
-CVE-2020-9484
- RESERVED
+CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to ...)
+ TODO: check
CVE-2020-9483
RESERVED
CVE-2020-9482 (If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other ...)
@@ -10395,10 +10447,10 @@ CVE-2020-9412
RESERVED
CVE-2020-9411
RESERVED
-CVE-2020-9410
- RESERVED
-CVE-2020-9409
- RESERVED
+CVE-2020-9410 (The report generator component of TIBCO Software Inc.'s TIBCO JasperRe ...)
+ TODO: check
+CVE-2020-9409 (The administrative UI component of TIBCO Software Inc.'s TIBCO JasperR ...)
+ TODO: check
CVE-2020-9408 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...)
NOT-FOR-US: TIBCO
CVE-2020-9407 (IBL Online Weather before 4.3.5a allows attackers to obtain sensitive ...)
@@ -19012,8 +19064,8 @@ CVE-2020-5755
RESERVED
CVE-2020-5754
RESERVED
-CVE-2020-5753
- RESERVED
+CVE-2020-5753 (Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and u ...)
+ TODO: check
CVE-2020-5752
RESERVED
CVE-2020-5751 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
@@ -19360,8 +19412,8 @@ CVE-2020-5581
RESERVED
CVE-2020-5580
RESERVED
-CVE-2020-5579
- RESERVED
+CVE-2020-5579 (SQL injection vulnerability in the Paid Memberships versions prior to ...)
+ TODO: check
CVE-2020-5578
RESERVED
CVE-2020-5577 (Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movabl ...)
@@ -22271,8 +22323,8 @@ CVE-2020-4463
RESERVED
CVE-2020-4462
RESERVED
-CVE-2020-4461
- RESERVED
+CVE-2020-4461 (IBM Security Access Manager Appliance 9.0.7.1 could allow an authentic ...)
+ TODO: check
CVE-2020-4460
RESERVED
CVE-2020-4459
@@ -23281,8 +23333,8 @@ CVE-2020-3958
RESERVED
CVE-2020-3957
RESERVED
-CVE-2020-3956
- RESERVED
+CVE-2020-3956 (VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, ...)
+ TODO: check
CVE-2020-3955 (ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ...)
NOT-FOR-US: VMware
CVE-2020-3954 (Open Redirect vulnerability exists in VMware vRealize Log Insight prio ...)
@@ -29399,8 +29451,8 @@ CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring dy
CVE-2020-1956
RESERVED
NOT-FOR-US: Apache Kylin
-CVE-2020-1955
- RESERVED
+CVE-2020-1955 (CouchDB version 3.0.0 shipped with a new configuration setting that go ...)
+ TODO: check
CVE-2020-1954 (Apache CXF has the ability to integrate with JMX by registering an Ins ...)
NOT-FOR-US: Apache CXF
CVE-2020-1953 (Apache Commons Configuration uses a third-party library to parse YAML ...)
@@ -59053,8 +59105,8 @@ CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when su
- php5 <not-affected> (Windows specific issue)
NOTE: Fixed in PHP 7.4.1, 7.3.13
NOTE: PHP Bug: http://bugs.php.net/78943
-CVE-2019-11048
- RESERVED
+CVE-2019-11048 (In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below ...)
+ TODO: check
CVE-2019-11047 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
{DSA-4628-1 DSA-4626-1 DLA-2050-1}
- php7.3 7.3.15-1
@@ -73577,8 +73629,8 @@ CVE-2019-5999 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series
NOT-FOR-US: Canon
CVE-2019-5998 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...)
NOT-FOR-US: Canon
-CVE-2019-5997
- RESERVED
+CVE-2019-5997 (Video Insight VMS 7.5 and earlier allows remote attackers to conduct c ...)
+ TODO: check
CVE-2019-5996 (SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earli ...)
NOT-FOR-US: Video Insight VMS
CVE-2019-5995 (Missing authorization vulnerability exists in EOS series digital camer ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01271c2a26c6ad5a322e31153a82cc89c7f11183
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01271c2a26c6ad5a322e31153a82cc89c7f11183
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200520/8b5a7d75/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list