[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri May 29 21:10:32 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a89e10e7 by security tracker role at 2020-05-29T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2020-13699
+	RESERVED
+CVE-2020-13698
+	RESERVED
+CVE-2020-13697
+	RESERVED
+CVE-2020-13696
+	RESERVED
+CVE-2020-13695
+	RESERVED
+CVE-2020-13694
+	RESERVED
 CVE-2020-13693 (An unauthenticated privilege-escalation issue exists in the bbPress pl ...)
 	NOT-FOR-US: bbPress plugin for WordPress
 CVE-2020-13692
@@ -129,8 +141,8 @@ CVE-2020-13636
 	RESERVED
 CVE-2020-13635
 	RESERVED
-CVE-2020-13634
-	RESERVED
+CVE-2020-13634 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
+	TODO: check
 CVE-2020-13633 (Fork before 5.8.3 allows XSS via navigation_title or title. ...)
 	NOT-FOR-US: Fork CMS
 CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer der ...)
@@ -2252,8 +2264,8 @@ CVE-2020-12677 (An issue was discovered in Progress MOVEit Automation Web Admin.
 	NOT-FOR-US: Progress MOVEit Automation Web Admin
 CVE-2020-12676
 	RESERVED
-CVE-2020-12675
-	RESERVED
+CVE-2020-12675 (The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPr ...)
+	TODO: check
 CVE-2020-12692 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...)
 	{DSA-4679-1}
 	- keystone 2:17.0.0~rc2-1 (bug #959900)
@@ -2681,8 +2693,8 @@ CVE-2020-12495
 	RESERVED
 CVE-2020-12494
 	RESERVED
-CVE-2020-12493
-	RESERVED
+CVE-2020-12493 (An open port used for debugging in SWARCOs CPU LS4000 Series with vers ...)
+	TODO: check
 CVE-2020-12492
 	RESERVED
 CVE-2020-12491
@@ -5629,12 +5641,12 @@ CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x
 	NOTE: https://varnish-cache.org/security/VSV00005.html#vsv00005
 	NOTE: https://github.com/varnishcache/varnish-cache/commit/2d8fc1a784a1e26d78c30174923a2b14ee2ebf62
 CVE-2020-11652 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...)
-	{DSA-4676-2 DSA-4676-1}
+	{DSA-4676-2 DSA-4676-1 DLA-2223-1}
 	- salt 3000.2+dfsg1-1 (bug #959684)
 	NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
 	NOTE: Fixed by: https://github.com/saltstack/salt/commit/cce7abad9c22d9d50ccee2813acabff8deca35dd
 CVE-2020-11651 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...)
-	{DSA-4676-2 DSA-4676-1}
+	{DSA-4676-2 DSA-4676-1 DLA-2223-1}
 	- salt 3000.2+dfsg1-1 (bug #959684)
 	NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
 	NOTE: Fixed by: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7
@@ -7372,8 +7384,7 @@ CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f
 	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6010
-CVE-2020-11041 [Unchecked read of array offset in rdpsnd_recv_wave2_pdu ]
-	RESERVED
+CVE-2020-11041 (In FreeRDP less than or equal to 2.0.0, an outside controlled array in ...)
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
@@ -7386,15 +7397,13 @@ CVE-2020-11040 [out of bound access in clear_decompress_subcode_rlex]
 	- freerdp <removed>
 	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr
-CVE-2020-11039 [Out of bound read/write in usb redirection channel]
-	RESERVED
+CVE-2020-11039 (In FreeRDP less than or equal to 2.0.0, when using a manipulated serve ...)
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
 	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq
-CVE-2020-11038 [Integer overflow in VIDEO channel]
-	RESERVED
+CVE-2020-11038 (In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer  ...)
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
@@ -7494,20 +7503,17 @@ CVE-2020-11020 (Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4
 	- ruby-faye <unfixed> (bug #959392)
 	NOTE: https://github.com/faye/faye/security/advisories/GHSA-qpg4-4w7w-2mq5
 	NOTE: https://github.com/faye/faye/commit/65d297d341b607f3cb0b5fa6021a625a991cc30e
-CVE-2020-11019 [Out of bound read in update_recv]
-	RESERVED
+CVE-2020-11019 (In FreeRDP less than or equal to 2.0.0, when running with logger set t ...)
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
 	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh
-CVE-2020-11018 [Out of bound read in cliprdr_server_receive_capabilities]
-	RESERVED
+CVE-2020-11018 (In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion ...)
 	- freerdp2 2.1.1+dfsg1-1
 	- freerdp <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw
-CVE-2020-11017 [Double free in cliprdr_server_receive_capabilities]
-	RESERVED
+CVE-2020-11017 (In FreeRDP less than or equal to 2.0.0, by providing manipulated input ...)
 	- freerdp2 2.1.1+dfsg1-1
 	- freerdp <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c
@@ -13010,8 +13016,8 @@ CVE-2020-8818 (An issue was discovered in the CardGate Payments plugin through 2
 	NOT-FOR-US: CardGate Payments plugin for Magento
 CVE-2020-8817
 	RESERVED
-CVE-2020-8816
-	RESERVED
+CVE-2020-8816 (Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by priv ...)
+	TODO: check
 CVE-2020-8815 (Improper connection handling in the base connection handler in IKTeam  ...)
 	NOT-FOR-US: BearFTP
 CVE-2020-8814
@@ -20593,10 +20599,10 @@ CVE-2020-5575 (Cross-site scripting vulnerability in Movable Type series (Movabl
 	- movabletype-opensource <removed>
 CVE-2020-5574 (HTML attribute value injection vulnerability in Movable Type series (M ...)
 	- movabletype-opensource <removed>
-CVE-2020-5573
-	RESERVED
-CVE-2020-5572
-	RESERVED
+CVE-2020-5573 (Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attack ...)
+	TODO: check
+CVE-2020-5572 (Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker t ...)
+	TODO: check
 CVE-2020-5571 (SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQ ...)
 	NOT-FOR-US: SHARP AQUOS
 CVE-2020-5570 (Cross-site scripting vulnerability in Sales Force Assistant version 11 ...)
@@ -23434,8 +23440,8 @@ CVE-2020-4492
 	RESERVED
 CVE-2020-4491
 	RESERVED
-CVE-2020-4490
-	RESERVED
+CVE-2020-4490 (IBM Business Automation Workflow 18 and 19, and IBM Business Process M ...)
+	TODO: check
 CVE-2020-4489
 	RESERVED
 CVE-2020-4488
@@ -23710,8 +23716,8 @@ CVE-2020-4354
 	RESERVED
 CVE-2020-4353 (IBM MaaS360 6.82 could allow a user with pysical access to the device  ...)
 	NOT-FOR-US: IBM
-CVE-2020-4352
-	RESERVED
+CVE-2020-4352 (IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege esc ...)
+	TODO: check
 CVE-2020-4351
 	RESERVED
 CVE-2020-4350 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...)
@@ -23802,8 +23808,8 @@ CVE-2020-4308
 	RESERVED
 CVE-2020-4307
 	RESERVED
-CVE-2020-4306
-	RESERVED
+CVE-2020-4306 (IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cros ...)
+	TODO: check
 CVE-2020-4305
 	RESERVED
 CVE-2020-4304 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 i ...)
@@ -31070,8 +31076,8 @@ CVE-2020-1834
 	RESERVED
 CVE-2020-1833
 	RESERVED
-CVE-2020-1832
-	RESERVED
+CVE-2020-1832 (E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3. ...)
+	TODO: check
 CVE-2020-1831
 	RESERVED
 CVE-2020-1830 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
@@ -31138,8 +31144,8 @@ CVE-2020-1800 (HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E
 	NOT-FOR-US: Huawei
 CVE-2020-1799 (E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00 ...)
 	NOT-FOR-US: Huawei
-CVE-2020-1798
-	RESERVED
+CVE-2020-1798 (HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2 ...)
+	TODO: check
 CVE-2020-1797
 	RESERVED
 CVE-2020-1796 (There is an improper authorization vulnerability in several smartphone ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a89e10e73a826c3824bd1f26718b8c3521b1a21a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a89e10e73a826c3824bd1f26718b8c3521b1a21a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200529/b92b3a3f/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list