[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Sep 14 21:10:32 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0ad76a1d by security tracker role at 2020-09-14T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,69 @@
-CVE-2020-25540
+CVE-2020-25572
RESERVED
+CVE-2020-25571
+ RESERVED
+CVE-2020-25570
+ RESERVED
+CVE-2020-25569
+ RESERVED
+CVE-2020-25568
+ RESERVED
+CVE-2020-25567
+ RESERVED
+CVE-2020-25566
+ RESERVED
+CVE-2020-25565
+ RESERVED
+CVE-2020-25564
+ RESERVED
+CVE-2020-25563
+ RESERVED
+CVE-2020-25562
+ RESERVED
+CVE-2020-25561
+ RESERVED
+CVE-2020-25560
+ RESERVED
+CVE-2020-25559
+ RESERVED
+CVE-2020-25558
+ RESERVED
+CVE-2020-25557
+ RESERVED
+CVE-2020-25556
+ RESERVED
+CVE-2020-25555
+ RESERVED
+CVE-2020-25554
+ RESERVED
+CVE-2020-25553
+ RESERVED
+CVE-2020-25552
+ RESERVED
+CVE-2020-25551
+ RESERVED
+CVE-2020-25550
+ RESERVED
+CVE-2020-25549
+ RESERVED
+CVE-2020-25548
+ RESERVED
+CVE-2020-25547
+ RESERVED
+CVE-2020-25546
+ RESERVED
+CVE-2020-25545
+ RESERVED
+CVE-2020-25544
+ RESERVED
+CVE-2020-25543
+ RESERVED
+CVE-2020-25542
+ RESERVED
+CVE-2020-25541
+ RESERVED
+CVE-2020-25540 (ThinkAdmin v6 is affected by a directory traversal vulnerability. An u ...)
+ TODO: check
CVE-2020-25539
RESERVED
CVE-2020-25538
@@ -318,18 +382,18 @@ CVE-2020-25382
RESERVED
CVE-2020-25381
RESERVED
-CVE-2020-25380
- RESERVED
-CVE-2020-25379
- RESERVED
-CVE-2020-25378
- RESERVED
+CVE-2020-25380 (Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affe ...)
+ TODO: check
+CVE-2020-25379 (Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails t ...)
+ TODO: check
+CVE-2020-25378 (Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is ...)
+ TODO: check
CVE-2020-25377
RESERVED
CVE-2020-25376
RESERVED
-CVE-2020-25375
- RESERVED
+CVE-2020-25375 (Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affect ...)
+ TODO: check
CVE-2020-25374
RESERVED
CVE-2020-25373
@@ -713,7 +777,7 @@ CVE-2020-25204
RESERVED
CVE-2020-25203
RESERVED
-CVE-2020-25576 [RUSTSEC-2019-0035: Unaligned memory access in versions below 0.4.2]
+CVE-2020-25576 (An issue was discovered in the rand_core crate before 0.4.2 for Rust. ...)
- rust-rand-core 0.5.0-1 (bug #969911; low)
[buster] - rust-rand-core <no-dsa> (Minor issue)
- rust-rand-core-0.3 <unfixed> (bug #970186; low)
@@ -721,12 +785,12 @@ CVE-2020-25576 [RUSTSEC-2019-0035: Unaligned memory access in versions below 0.4
[buster] - rust-rand-core-0.2 <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0035.html
NOTE: https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06
-CVE-2020-25574 [RUSTSEC-2019-0033: Integer Overflow in versions below 0.1.20 can cause DoS]
+CVE-2020-25574 (An issue was discovered in the http crate before 0.1.20 for Rust. An i ...)
- rust-http <unfixed> (bug #969896; low)
[buster] - rust-http <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0033.html
NOTE: https://github.com/hyperium/http/issues/352
-CVE-2020-25575 [RUSTSEC-2020-0036: type confusion when downcasting]
+CVE-2020-25575 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure ...)
- rust-failure <unfixed> (bug #969839; low)
[buster] - rust-failure <ignored> (Minor issue; unmaintained upstream)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0036.html
@@ -1191,12 +1255,14 @@ CVE-2020-24982
RESERVED
CVE-2020-24981 (An Incorrect Access Control vulnerability exists in /ucms/chk.php in U ...)
NOT-FOR-US: UCMS
-CVE-2020-24980 (An assertion failure was found in src/parse-gram.c in GNU bison 3.7.1. ...)
+CVE-2020-24980
+ REJECTED
- bison 2:3.7.2+dfsg-1 (unimportant)
NOTE: https://github.com/akimd/bison/commit/b801b7b670872b8a31d11b3683b4afc3e45a07f8
NOTE: https://lists.gnu.org/r/bug-bison/2020-08/msg00009.html
NOTE: Crash in CLI tool, no security impact
-CVE-2020-24979 (A Buffer Overflow vulnerability was found in src/symtab.c in GNU bison ...)
+CVE-2020-24979
+ REJECTED
- bison 2:3.7.2+dfsg-1 (unimportant)
NOTE: https://github.com/akimd/bison/commit/b7aab2dbad43aaf14eebe78d54aafa245a000988
NOTE: https://lists.gnu.org/r/bug-bison/2020-08/msg00008.html
@@ -1862,8 +1928,7 @@ CVE-2020-24661 (GNOME Geary before 3.36.3 mishandles pinned TLS certificate veri
[buster] - geary <no-dsa> (Minor issue)
[stretch] - geary <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/geary/-/issues/866
-CVE-2020-24660
- RESERVED
+CVE-2020-24660 (An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is ...)
{DSA-4762-1 DLA-2367-1}
- lemonldap-ng 2.0.9+ds-1
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2290
@@ -2310,8 +2375,8 @@ CVE-2020-24459
RESERVED
CVE-2020-24458
RESERVED
-CVE-2020-24457
- RESERVED
+CVE-2020-24457 (Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) ...)
+ TODO: check
CVE-2020-24456
RESERVED
CVE-2020-24455
@@ -6962,8 +7027,8 @@ CVE-2020-22160
RESERVED
CVE-2020-22159
RESERVED
-CVE-2020-22158
- RESERVED
+CVE-2020-22158 (Ericsson RX8200 5.13.3 devices are vulnerable to multiple reflected an ...)
+ TODO: check
CVE-2020-22157
RESERVED
CVE-2020-22156
@@ -7588,8 +7653,8 @@ CVE-2020-21847
RESERVED
CVE-2020-21846
RESERVED
-CVE-2020-21845
- RESERVED
+CVE-2020-21845 (Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage u ...)
+ TODO: check
CVE-2020-21844
RESERVED
CVE-2020-21843
@@ -7812,12 +7877,12 @@ CVE-2020-21735
RESERVED
CVE-2020-21734
RESERVED
-CVE-2020-21733
- RESERVED
-CVE-2020-21732
- RESERVED
-CVE-2020-21731
- RESERVED
+CVE-2020-21733 (Sagemcom F at ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdn ...)
+ TODO: check
+CVE-2020-21732 (Rukovoditel Project Management app 2.6 is affected by: Cross Site Scri ...)
+ TODO: check
+CVE-2020-21731 (Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.1 ...)
+ TODO: check
CVE-2020-21730
RESERVED
CVE-2020-21729
@@ -19572,7 +19637,7 @@ CVE-2020-15949
RESERVED
CVE-2020-15948
RESERVED
-CVE-2020-25573 [RUSTSEC-2020-0026]
+CVE-2020-25573 (An issue was discovered in the linked-hash-map crate before 0.5.3 for ...)
- rust-linked-hash-map <unfixed> (bug #966246)
[buster] - rust-linked-hash-map <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0026.html
@@ -26499,16 +26564,14 @@ CVE-2020-13320
RESERVED
CVE-2020-13319
RESERVED
-CVE-2020-13318
- RESERVED
+CVE-2020-13318 (A vulnerability was discovered in GitLab versions before 13.0.12, 13.1 ...)
- gitlab 13.2.8-1
NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
CVE-2020-13317
RESERVED
- gitlab 13.2.8-1
NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
-CVE-2020-13316
- RESERVED
+CVE-2020-13316 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
- gitlab 13.2.8-1
NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
CVE-2020-13315
@@ -26569,12 +26632,10 @@ CVE-2020-13301
RESERVED
- gitlab 13.2.8-1
NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
-CVE-2020-13300
- RESERVED
+CVE-2020-13300 (GitLab before version 13.3.4 was vulnerable to an OAuth authorization ...)
- gitlab 13.2.8-1
NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
-CVE-2020-13299
- RESERVED
+CVE-2020-13299 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
- gitlab 13.2.8-1
NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
CVE-2020-13298
@@ -26609,15 +26670,13 @@ CVE-2020-13290 (In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access co
[experimental] - gitlab 13.1.6-1
- gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
-CVE-2020-13289
- RESERVED
+CVE-2020-13289 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
- gitlab 13.2.8-1
NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
CVE-2020-13288 (In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerabili ...)
- gitlab <not-affected> (Only affects GitLab 13.0 and later)
NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
-CVE-2020-13287
- RESERVED
+CVE-2020-13287 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
- gitlab 13.2.8-1
NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
CVE-2020-13286 (For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configur ...)
@@ -26626,8 +26685,7 @@ CVE-2020-13286 (For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git co
CVE-2020-13285 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulne ...)
- gitlab <not-affected> (Only affects GitLab 12.9 and later)
NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
-CVE-2020-13284
- RESERVED
+CVE-2020-13284 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
- gitlab 13.2.8-1
NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
CVE-2020-13283 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulne ...)
@@ -27821,12 +27879,12 @@ CVE-2020-12791
RESERVED
CVE-2020-12790 (In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMet ...)
NOT-FOR-US: SEOmatic plugin for Craft CMS
-CVE-2020-12789
- RESERVED
-CVE-2020-12788
- RESERVED
-CVE-2020-12787
- RESERVED
+CVE-2020-12789 (The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded ...)
+ TODO: check
+CVE-2020-12788 (CMAC verification functionality in Microchip Atmel ATSAMA5 products is ...)
+ TODO: check
+CVE-2020-12787 (Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to b ...)
+ TODO: check
CVE-2020-12786
RESERVED
CVE-2020-12785 (cPanel before 86.0.14 allows attackers to obtain access to the current ...)
@@ -29740,6 +29798,7 @@ CVE-2020-12068 (An issue was discovered in CODESYS Development System before 3.5
CVE-2020-12067
RESERVED
CVE-2020-12066 (CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before ...)
+ {DSA-4763-1}
- teeworlds 0.7.5-1
[jessie] - teeworlds <end-of-life> (Not supported in jessie LTS)
NOTE: https://github.com/teeworlds/teeworlds/commit/c68402fa7e279d42886d5951d1ea8ac2facc1ea5
@@ -31632,10 +31691,10 @@ CVE-2015-9547 (An issue was discovered on Samsung mobile devices with JBP(4.3) a
NOT-FOR-US: Samsung mobile devices
CVE-2015-9546 (An issue was discovered on Samsung mobile devices with KK(4.4) and lat ...)
NOT-FOR-US: Samsung mobile devices
-CVE-2020-11684
- RESERVED
-CVE-2020-11683
- RESERVED
+CVE-2020-11684 (AT91bootstrap before 3.9.2 does not properly wipe encryption and authe ...)
+ TODO: check
+CVE-2020-11683 (A timing side channel was discovered in AT91bootstrap before 3.9.2. It ...)
+ TODO: check
CVE-2020-11682 (Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing ...)
NOT-FOR-US: Castel NextGen DVR
CVE-2020-11681 (Castel NextGen DVR v1.0.0 stores and displays credentials for the asso ...)
@@ -39386,8 +39445,8 @@ CVE-2020-8819 (An issue was discovered in the CardGate Payments plugin through 3
NOT-FOR-US: CardGate Payments plugin for WooCommerce
CVE-2020-8818 (An issue was discovered in the CardGate Payments plugin through 2.0.30 ...)
NOT-FOR-US: CardGate Payments plugin for Magento
-CVE-2020-8817
- RESERVED
+CVE-2020-8817 (Dataiku DSS before 6.0.5 allows attackers write access to the project ...)
+ TODO: check
CVE-2020-8816 (Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by priv ...)
NOT-FOR-US: Pi-hole
CVE-2020-8815 (Improper connection handling in the base connection handler in IKTeam ...)
@@ -40740,7 +40799,7 @@ CVE-2020-8246
RESERVED
CVE-2020-8245
RESERVED
-CVE-2020-8244 (A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1 and ...)
+CVE-2020-8244 (A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, &l ...)
- node-bl 4.0.3-1 (bug #969309)
[buster] - node-bl <no-dsa> (Minor issue)
[stretch] - node-bl <no-dsa> (Minor issue)
@@ -41957,8 +42016,8 @@ CVE-2020-7809 (ALSong 3.46 and earlier version contain a Document Object Model (
NOT-FOR-US: ALSong
CVE-2020-7808 (In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processin ...)
NOT-FOR-US: RAONWIZ K Upload
-CVE-2020-7807
- RESERVED
+CVE-2020-7807 (A vulnerability that can hijack a DLL file that is loaded during produ ...)
+ TODO: check
CVE-2020-7806 (Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary cod ...)
NOT-FOR-US: Tobesoft Xplatform
CVE-2020-7805 (An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) an ...)
@@ -63095,8 +63154,7 @@ CVE-2020-0572
RESERVED
CVE-2020-0571
RESERVED
-CVE-2020-0570
- RESERVED
+CVE-2020-0570 (Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5 ...)
- qtbase-opensource-src 5.12.5+dfsg-8
[buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u3
[stretch] - qtbase-opensource-src <not-affected> (Only affects 5.12.0 through 5.14.0)
@@ -75345,10 +75403,10 @@ CVE-2019-14759
RESERVED
CVE-2019-14758
RESERVED
-CVE-2019-14757
- RESERVED
-CVE-2019-14756
- RESERVED
+CVE-2019-14757 (An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Cont ...)
+ TODO: check
+CVE-2019-14756 (An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-insta ...)
+ TODO: check
CVE-2019-14755 (The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows U ...)
NOT-FOR-US: Leaf Admin
CVE-2019-14754 (Open-School 3.0, and Community Edition 2.3, allows SQL Injection via t ...)
@@ -108794,8 +108852,8 @@ CVE-2018-20433 (c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in co
- c3p0 0.9.1.2-10 (bug #917257)
[stretch] - c3p0 0.9.1.2-9+deb9u1
NOTE: https://github.com/swaldman/c3p0/commit/7dfdda63f42759a5ec9b63d725b7412f74adb3e1
-CVE-2018-20432
- RESERVED
+CVE-2018-20432 (D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded ...)
+ TODO: check
CVE-2018-20431 (GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerabil ...)
{DSA-4361-1 DLA-1616-1}
- libextractor 1:1.8-2 (bug #917213)
@@ -119063,8 +119121,7 @@ CVE-2019-0235 (Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks. ...)
NOT-FOR-US: Apache OFBiz
CVE-2019-0234 (A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache ...)
NOT-FOR-US: Apache Roller
-CVE-2019-0233
- RESERVED
+CVE-2019-0233 (An access permission override in Apache Struts 2.0.0 to 2.5.20 may cau ...)
- libstruts1.2-java <removed>
CVE-2019-0232 (When running on Windows with enableCmdLineArguments enabled, the CGI S ...)
- tomcat9 <not-affected> (Windows-specific)
@@ -119072,8 +119129,7 @@ CVE-2019-0232 (When running on Windows with enableCmdLineArguments enabled, the
NOTE: https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html
CVE-2019-0231 (Handling of the close_notify SSL/TLS message does not lead to a connec ...)
NOT-FOR-US: Apache MINA
-CVE-2019-0230
- RESERVED
+CVE-2019-0230 (Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when eval ...)
- libstruts1.2-java <removed>
CVE-2019-0229 (A number of HTTP endpoints in the Airflow webserver (both RBAC and cla ...)
- airflow <itp> (bug #819700)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ad76a1dbe3120b3060a97ff877aa610c66312c5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ad76a1dbe3120b3060a97ff877aa610c66312c5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200914/4e4c078a/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list