Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
548e4edc by security tracker role at 2020-03-25T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,28 @@
-CVE-2020-10942 [vhost: Check docket sk_family instead of call getname]
+CVE-2020-10951
+ RESERVED
+CVE-2020-10950
+ RESERVED
+CVE-2020-10949
+ RESERVED
+CVE-2020-10948
+ RESERVED
+CVE-2020-10947
+ RESERVED
+CVE-2020-10946
+ RESERVED
+CVE-2020-10945
+ RESERVED
+CVE-2020-10944
+ RESERVED
+CVE-2020-10943
+ RESERVED
+CVE-2019-20633 (GNU patch through 2.7.6 contains a free(p_line[p_end]) Double
Free vul ...)
+ TODO: check
+CVE-2020-10942 (In the Linux kernel before 5.5.8, get_raw_socket in
drivers/vhost/net. ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 (5.6-rc4)
-CVE-2020-10941
- RESERVED
+CVE-2020-10941 (Arm Mbed TLS before 2.6.15 allows attackers to obtain
sensitive inform ...)
+ TODO: check
CVE-2020-10940
RESERVED
CVE-2020-10939
@@ -134,7 +154,7 @@ CVE-2019-20628 (An issue was discovered in libgpac.a in
GPAC before 0.8.0, as de
TODO: check
CVE-2020-10880
RESERVED
-CVE-2020-10879 (rConfig before 3.9.5 allows injection because
lib/crud/search.crud.php ...)
+CVE-2020-10879 (rConfig before 3.9.5 allows command injection by sending a
crafted GET ...)
NOT-FOR-US: rConfig
CVE-2020-10878
RESERVED
@@ -188,7 +208,7 @@ CVE-2019-20627 (AutoUpdater.cs in AutoUpdater.NET before
1.5.8 allows XXE. ...)
NOT-FOR-US: AutoUpdater.NET
CVE-2019-20626 (The remote keyless system on Honda HR-V 2017 vehicles sends
the same R ...)
NOT-FOR-US: Honda HR-V 2017 vehicles
-CVE-2020-10931 [memcached extlen buffer overflow]
+CVE-2020-10931 (Memcached 1.6.x before 1.6.2 allows remote attackers to cause
a denial ...)
- memcached 1.6.2-1 (bug #954808)
[buster] - memcached <not-affected> (Introduced in 1.6)
[stretch] - memcached <not-affected> (Introduced in 1.6)
@@ -273,62 +293,62 @@ CVE-2020-10818 (Artica Proxy 4.26 allows remote command
execution for an authent
NOT-FOR-US: Artica Proxy
CVE-2020-10817
RESERVED
-CVE-2019-20625
- RESERVED
-CVE-2019-20624
- RESERVED
-CVE-2019-20623
- RESERVED
-CVE-2019-20622
- RESERVED
-CVE-2019-20621
- RESERVED
-CVE-2019-20620
- RESERVED
-CVE-2019-20619
- RESERVED
-CVE-2019-20618
- RESERVED
-CVE-2019-20617
- RESERVED
-CVE-2019-20616
- RESERVED
-CVE-2019-20615
- RESERVED
-CVE-2019-20614
- RESERVED
-CVE-2019-20613
- RESERVED
-CVE-2019-20612
- RESERVED
-CVE-2019-20611
- RESERVED
-CVE-2019-20610
- RESERVED
-CVE-2019-20609
- RESERVED
-CVE-2019-20608
- RESERVED
-CVE-2019-20607
- RESERVED
-CVE-2019-20606
- RESERVED
-CVE-2019-20605
- RESERVED
-CVE-2019-20604
- RESERVED
-CVE-2019-20603
- RESERVED
-CVE-2019-20602
- RESERVED
-CVE-2019-20601
- RESERVED
-CVE-2019-20600
- RESERVED
-CVE-2019-20599
- RESERVED
-CVE-2019-20598
- RESERVED
+CVE-2019-20625 (An issue was discovered on Samsung mobile devices with N(7.1)
and O(8. ...)
+ TODO: check
+CVE-2019-20624 (An issue was discovered on Samsung mobile devices with N(7.x)
and O(8. ...)
+ TODO: check
+CVE-2019-20623 (An issue was discovered on Samsung mobile devices with N(7.1),
O(8.x), ...)
+ TODO: check
+CVE-2019-20622 (An issue was discovered on Samsung mobile devices with N(7.x),
O(8.x), ...)
+ TODO: check
+CVE-2019-20621 (An issue was discovered on Samsung mobile devices with N(7.x),
O(8.x), ...)
+ TODO: check
+CVE-2019-20620 (An issue was discovered on Samsung mobile devices with P(9.0)
software ...)
+ TODO: check
+CVE-2019-20619 (An issue was discovered on Samsung mobile devices with P(9.0)
software ...)
+ TODO: check
+CVE-2019-20618 (An issue was discovered on Samsung mobile devices with P(9.0)
software ...)
+ TODO: check
+CVE-2019-20617 (An issue was discovered on Samsung mobile devices with P(9.0)
software ...)
+ TODO: check
+CVE-2019-20616 (An issue was discovered on Samsung mobile devices with N(7.x)
and O(8. ...)
+ TODO: check
+CVE-2019-20615 (An issue was discovered on Samsung mobile devices with N(7.x)
and O(8. ...)
+ TODO: check
+CVE-2019-20614 (An issue was discovered on Samsung mobile devices with N(7.x),
O(8.x), ...)
+ TODO: check
+CVE-2019-20613 (An issue was discovered on Samsung mobile devices with N(7.x)
and O(8. ...)
+ TODO: check
+CVE-2019-20612 (An issue was discovered on Samsung mobile devices with N(7.x)
and O(8. ...)
+ TODO: check
+CVE-2019-20611 (An issue was discovered on Samsung mobile devices with N(7.x),
O(8.x), ...)
+ TODO: check
+CVE-2019-20610 (An issue was discovered on Samsung mobile devices with N(7.X)
and O(8. ...)
+ TODO: check
+CVE-2019-20609 (An issue was discovered on Samsung mobile devices with P(9.0)
software ...)
+ TODO: check
+CVE-2019-20608 (An issue was discovered on Samsung mobile devices with N(7.x),
O(8.x), ...)
+ TODO: check
+CVE-2019-20607 (An issue was discovered on Samsung mobile devices with N(7.x),
O(8.x), ...)
+ TODO: check
+CVE-2019-20606 (An issue was discovered on Samsung mobile devices with any
(before May ...)
+ TODO: check
+CVE-2019-20605 (An issue was discovered on Samsung mobile devices with N(7.x),
O(8.x), ...)
+ TODO: check
+CVE-2019-20604 (An issue was discovered on Samsung mobile devices with O(8.x)
software ...)
+ TODO: check
+CVE-2019-20603 (An issue was discovered on Samsung mobile devices with N(7.x),
O(8.0), ...)
+ TODO: check
+CVE-2019-20602 (An issue was discovered on Samsung mobile devices with N(7.x),
O(8.0), ...)
+ TODO: check
+CVE-2019-20601 (An issue was discovered on Samsung mobile devices with N(7.x),
O(8.x), ...)
+ TODO: check
+CVE-2019-20600 (An issue was discovered on Samsung mobile devices with O(8.0)
and P(9. ...)
+ TODO: check
+CVE-2019-20599 (An issue was discovered on Samsung mobile devices with N(7.x),
O(8.x), ...)
+ TODO: check
+CVE-2019-20598 (An issue was discovered on Samsung mobile devices with O(8.x)
software ...)
+ TODO: check
CVE-2019-20597 (An issue was discovered on Samsung mobile devices with N(7.1),
O(8.x), ...)
NOT-FOR-US: Samsung mobile devices
CVE-2019-20596 (An issue was discovered on Samsung mobile devices with N(7.x)
and O(8. ...)
@@ -337,8 +357,8 @@ CVE-2019-20595 (An issue was discovered on Samsung mobile
devices with P(9.0) so
NOT-FOR-US: Samsung mobile devices
CVE-2019-20594 (An issue was discovered on Samsung mobile devices with O(8.1)
and P(9. ...)
NOT-FOR-US: Samsung mobile devices
-CVE-2019-20593
- RESERVED
+CVE-2019-20593 (An issue was discovered on Samsung mobile devices with N(7.x)
and O(8. ...)
+ TODO: check
CVE-2019-20592 (An issue was discovered on Samsung mobile devices with N(7.x),
O(8.x), ...)
NOT-FOR-US: Samsung mobile devices
CVE-2019-20591 (An issue was discovered on Samsung mobile devices with N(7.x),
O(8.x), ...)
@@ -371,8 +391,8 @@ CVE-2019-20578 (An issue was discovered on Samsung mobile
devices with P(9.0) (E
NOT-FOR-US: Samsung mobile devices
CVE-2019-20577 (An issue was discovered on Samsung mobile devices with P(9.0)
(Exynos ...)
NOT-FOR-US: Samsung mobile devices
-CVE-2019-20576
- RESERVED
+CVE-2019-20576 (An issue was discovered on Samsung mobile devices with P(9.0)
software ...)
+ TODO: check
CVE-2019-20575 (An issue was discovered on Samsung mobile devices with P(9.0)
software ...)
NOT-FOR-US: Samsung mobile devices
CVE-2019-20574 (An issue was discovered on Samsung mobile devices with N(7.x),
O(8.x), ...)
@@ -545,14 +565,14 @@ CVE-2020-10793 (CodeIgniter through 4.0.0 allows remote
attackers to gain privil
- codeigniter <itp> (bug #471583)
CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to
configure the s ...)
NOT-FOR-US: openITCOCKPIT
-CVE-2020-10791
- RESERVED
-CVE-2020-10790
- RESERVED
-CVE-2020-10789
- RESERVED
-CVE-2020-10788
- RESERVED
+CVE-2020-10791
(app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php ...)
+ TODO: check
+CVE-2020-10790 (openITCOCKPIT before 3.7.3 has unnecessary files (such as
Lodash files ...)
+ TODO: check
+CVE-2020-10789 (openITCOCKPIT before 3.7.3 has a web-based terminal that
allows attack ...)
+ TODO: check
+CVE-2020-10788 (openITCOCKPIT before 3.7.3 uses the
1fea123e07f730f76e661bced33a941523 ...)
+ TODO: check
CVE-2020-10787
RESERVED
CVE-2020-10786
@@ -882,8 +902,8 @@ CVE-2020-10650
RESERVED
CVE-2019-20510
REJECTED
-CVE-2020-10649
- RESERVED
+CVE-2020-10649 (DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for
Windows 10 ...)
+ TODO: check
CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified
boot re ...)
- u-boot <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2020/03/18/5
@@ -1142,7 +1162,7 @@ CVE-2020-10533
CVE-2020-10532 (The AD Helper component in WatchGuard Fireware before
5.8.5.10317 allo ...)
NOT-FOR-US: AD Helper component in WatchGuard Fireware
CVE-2020-10531 (An issue was discovered in International Components for
Unicode (ICU) ...)
- {DLA-2151-1}
+ {DSA-4646-1 DLA-2151-1}
[experimental] - icu 66.1-2
- icu 63.2-3 (bug #953747)
NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1044570
(not public)
@@ -2821,11 +2841,13 @@ CVE-2020-9762
CVE-2020-9761 (An issue was discovered in UNCTAD ASYCUDA World 2001 through
2020. The ...)
NOT-FOR-US: UNCTAD ASYCUDA World
CVE-2020-9760 (An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7
are affe ...)
+ {DLA-2157-1}
- weechat 2.7.1-1
[buster] - weechat <no-dsa> (Minor issue)
[stretch] - weechat <no-dsa> (Minor issue)
NOTE:
https://github.com/weechat/weechat/commit/694b5c9f874d7337cd2e03761e0de435275dd64d
CVE-2020-9759 (An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7
are affe ...)
+ {DLA-2157-1}
- weechat 2.7.1-1
[buster] - weechat <no-dsa> (Minor issue)
[stretch] - weechat <no-dsa> (Minor issue)
@@ -3242,10 +3264,10 @@ CVE-2020-9554
RESERVED
CVE-2020-9553
RESERVED
-CVE-2020-9552
- RESERVED
-CVE-2020-9551
- RESERVED
+CVE-2020-9552 (Adobe Bridge versions 10.0 have a heap-based buffer overflow
vulnerabi ...)
+ TODO: check
+CVE-2020-9551 (Adobe Bridge versions 10.0 have an out-of-bounds write
vulnerability. ...)
+ TODO: check
CVE-2019-20489 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices.
The web ...)
NOT-FOR-US: Netgear
CVE-2019-20488 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices.
Multipl ...)
@@ -3682,8 +3704,8 @@ CVE-2020-9377
RESERVED
CVE-2020-9376
RESERVED
-CVE-2020-9375
- RESERVED
+CVE-2020-9375 (TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209
allows re ...)
+ TODO: check
CVE-2019-20482
RESERVED
CVE-2020-9374 (On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command
execution vu ...)
@@ -3741,6 +3763,7 @@ CVE-2020-9361
CVE-2020-9360
RESERVED
CVE-2020-9359 (KDE Okular before 1.10.0 allows code execution via an action
link in a ...)
+ {DLA-2159-1}
- okular 4:19.12.3-2 (bug #954891)
[buster] - okular <no-dsa> (Minor issue)
[stretch] - okular <no-dsa> (Minor issue)
@@ -3791,8 +3814,7 @@ CVE-2020-9337 (In GolfBuddy Course Manager 1.1, passwords
are sent (with base64
NOT-FOR-US: GolfBuddy Course Manager
CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard ->
Settings ...)
NOT-FOR-US: fauzantrif eLection
-CVE-2020-6816 [mutation XSS vulnerability again]
- RESERVED
+CVE-2020-6816 (In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean
when RCD ...)
{DSA-4643-1}
- python-bleach 3.1.3-1 (bug #954236)
[stretch] - python-bleach <ignored> (Requires invasive changes to
address issue)
@@ -3800,8 +3822,7 @@ CVE-2020-6816 [mutation XSS vulnerability again]
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1621692 (not public)
NOTE:
https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743
NOTE:
https://github.com/mozilla/bleach/commit/175f67740e7951e1d80cefb7831e6c3e4efeb986
-CVE-2020-6802 [mutation XSS vulnerability]
- RESERVED
+CVE-2020-6802 (In Mozilla Bleach before 3.11, a mutation XSS affects users
calling bl ...)
{DSA-4636-1}
- python-bleach 3.1.1-1 (bug #951907)
[stretch] - python-bleach <ignored> (Requires invasive changes to
address issue)
@@ -4628,12 +4649,12 @@ CVE-2020-8988 (The Voatz application 2020-01-01 for
Android allows only 100 mill
NOT-FOR-US: Voatz application for Android
CVE-2020-8987 (Avast AntiTrack before 1.5.1.172 and AVG Antitrack before
2.0.0.178 pr ...)
NOT-FOR-US: Avast AntiTrack
-CVE-2020-8986
- RESERVED
-CVE-2020-8985
- RESERVED
-CVE-2020-8984
- RESERVED
+CVE-2020-8986 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to
properly c ...)
+ TODO: check
+CVE-2020-8985 (ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via
the unl ...)
+ TODO: check
+CVE-2020-8984 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP
address s ...)
+ TODO: check
CVE-2020-8983
RESERVED
CVE-2020-8982
@@ -4691,6 +4712,7 @@ CVE-2020-8957
CVE-2020-8956
RESERVED
CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat
through 2 ...)
+ {DLA-2157-1}
- weechat 2.7.1-1 (bug #951289)
[buster] - weechat <no-dsa> (Minor issue)
[stretch] - weechat <no-dsa> (Minor issue)
@@ -9166,40 +9188,40 @@ CVE-2020-7009
RESERVED
CVE-2020-7008
RESERVED
-CVE-2020-7007
- RESERVED
+CVE-2020-7007 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the
attacker ...)
+ TODO: check
CVE-2020-7006 (Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port,
RJ45), ...)
NOT-FOR-US: Systech Corporation
-CVE-2020-7005
- RESERVED
+CVE-2020-7005 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the
affected produ ...)
+ TODO: check
CVE-2020-7004
RESERVED
CVE-2020-7003 (In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and
IOxpre ...)
NOT-FOR-US: Moxa
CVE-2020-7002 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and
prior. ...)
NOT-FOR-US: McAfee
-CVE-2020-7001
- RESERVED
+CVE-2020-7001 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the
affected ...)
+ TODO: check
CVE-2020-7000
RESERVED
CVE-2020-6999
RESERVED
CVE-2020-6998
RESERVED
-CVE-2020-6997
- RESERVED
+CVE-2020-6997 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower,
sensitive inf ...)
+ TODO: check
CVE-2020-6996
RESERVED
-CVE-2020-6995
- RESERVED
+CVE-2020-6995 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and
PT-7828 ser ...)
+ TODO: check
CVE-2020-6994
RESERVED
-CVE-2020-6993
- RESERVED
+CVE-2020-6993 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and
PT-7828 ser ...)
+ TODO: check
CVE-2020-6992
RESERVED
-CVE-2020-6991
- RESERVED
+CVE-2020-6991 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak
password ...)
+ TODO: check
CVE-2020-6990 (Rockwell Automation MicroLogix 1400 Controllers Series B
v21.001 and p ...)
NOT-FOR-US: Rockwell
CVE-2020-6989 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and
PT-7828 ser ...)
@@ -9210,22 +9232,22 @@ CVE-2020-6987 (In Moxa PT-7528 series firmware, Version
4.0 or lower, and PT-782
NOT-FOR-US: Moxa
CVE-2020-6986 (In all versions of Omron PLC CJ Series, an attacker can send a
series ...)
NOT-FOR-US: Omron
-CVE-2020-6985
- RESERVED
+CVE-2020-6985 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and
PT-7828 ser ...)
+ TODO: check
CVE-2020-6984 (Rockwell Automation MicroLogix 1400 Controllers Series B
v21.001 and p ...)
NOT-FOR-US: Rockwell
CVE-2020-6983 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and
PT-7828 ser ...)
NOT-FOR-US: Moxa
-CVE-2020-6982
- RESERVED
-CVE-2020-6981
- RESERVED
+CVE-2020-6982 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header
injecti ...)
+ TODO: check
+CVE-2020-6981 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an
attacker m ...)
+ TODO: check
CVE-2020-6980 (Rockwell Automation MicroLogix 1400 Controllers Series B
v21.001 and p ...)
NOT-FOR-US: Rockwell
-CVE-2020-6979
- RESERVED
-CVE-2020-6978
- RESERVED
+CVE-2020-6979 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the
affected ...)
+ TODO: check
+CVE-2020-6978 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the
affected produ ...)
+ TODO: check
CVE-2020-6977 (A restricted desktop environment escape vulnerability exists in
the Ki ...)
NOT-FOR-US: GE
CVE-2020-6976 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and
prior. ...)
@@ -11333,26 +11355,26 @@ CVE-2020-6082
RESERVED
CVE-2020-6081
RESERVED
-CVE-2020-6080
- RESERVED
-CVE-2020-6079
- RESERVED
-CVE-2020-6078
- RESERVED
-CVE-2020-6077
- RESERVED
+CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the
resource ...)
+ TODO: check
+CVE-2020-6079 (An exploitable denial-of-service vulnerability exists in the
resource ...)
+ TODO: check
+CVE-2020-6078 (An exploitable denial-of-service vulnerability exists in the
message-p ...)
+ TODO: check
+CVE-2020-6077 (An exploitable denial-of-service vulnerability exists in the
message-p ...)
+ TODO: check
CVE-2020-6076
RESERVED
CVE-2020-6075
RESERVED
CVE-2020-6074
RESERVED
-CVE-2020-6073
- RESERVED
-CVE-2020-6072
- RESERVED
-CVE-2020-6071
- RESERVED
+CVE-2020-6073 (An exploitable denial-of-service vulnerability exists in the
TXT recor ...)
+ TODO: check
+CVE-2020-6072 (An exploitable code execution vulnerability exists in the
label-parsin ...)
+ TODO: check
+CVE-2020-6071 (An exploitable denial-of-service vulnerability exists in the
resource ...)
+ TODO: check
CVE-2020-6070
RESERVED
CVE-2020-6069 (An exploitable out-of-bounds write vulnerability exists in the
igcore1 ...)
@@ -12385,26 +12407,26 @@ CVE-2020-5563
RESERVED
CVE-2020-5562
RESERVED
-CVE-2020-5561
- RESERVED
-CVE-2020-5560
- RESERVED
-CVE-2020-5559
- RESERVED
-CVE-2020-5558
- RESERVED
-CVE-2020-5557
- RESERVED
-CVE-2020-5556
- RESERVED
-CVE-2020-5555
- RESERVED
-CVE-2020-5554
- RESERVED
-CVE-2020-5553
- RESERVED
-CVE-2020-5552
- RESERVED
+CVE-2020-5561 (Keijiban Tsumiki v1.15 allows remote attackers to execute
arbitrary OS ...)
+ TODO: check
+CVE-2020-5560 (WL-Enq 1.11 and 1.12 allows remote attackers to execute
arbitrary OS c ...)
+ TODO: check
+CVE-2020-5559 (Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12
allows remo ...)
+ TODO: check
+CVE-2020-5558 (CuteNews 2.0.1 allows remote authenticated attackers to execute
arbitr ...)
+ TODO: check
+CVE-2020-5557 (Cross-site scripting vulnerability in CuteNews 2.0.1 allows
remote att ...)
+ TODO: check
+CVE-2020-5556 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote
attackers ...)
+ TODO: check
+CVE-2020-5555 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote
attackers ...)
+ TODO: check
+CVE-2020-5554 (Directory traversal vulnerability in Shihonkanri Plus GOOUT
Ver1.5.8 a ...)
+ TODO: check
+CVE-2020-5553 (mailform version 1.04 allows remote attackers to execute
arbitrary PHP ...)
+ TODO: check
+CVE-2020-5552 (Cross-site scripting vulnerability in mailform version 1.04
allows rem ...)
+ TODO: check
CVE-2020-5551
RESERVED
CVE-2020-5550
@@ -13046,18 +13068,18 @@ CVE-2020-5284
RESERVED
CVE-2020-5283
RESERVED
-CVE-2020-5282
- RESERVED
-CVE-2020-5281
- RESERVED
-CVE-2020-5280
- RESERVED
+CVE-2020-5282 (In Nick Chan Bot before version 1.0.0-beta there is a
vulnerability in ...)
+ TODO: check
+CVE-2020-5281 (In Perun before version 3.9.1, VO or group manager can modify
configur ...)
+ TODO: check
+CVE-2020-5280 (http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local
file i ...)
+ TODO: check
CVE-2020-5279
RESERVED
CVE-2020-5278
RESERVED
-CVE-2020-5277
- RESERVED
+CVE-2020-5277 (PrestaShop module ps_facetedsearch versions before 3.5.0 has a
reflect ...)
+ TODO: check
CVE-2020-5276
RESERVED
CVE-2020-5275
@@ -13093,8 +13115,8 @@ CVE-2020-5263
RESERVED
CVE-2020-5262 (In EasyBuild before version 4.1.2, the GitHub Personal Access
Token (P ...)
NOT-FOR-US: EasyBuild
-CVE-2020-5261
- RESERVED
+CVE-2020-5261 (Saml2 Authentication services for ASP.NET (NuGet package
Sustainsys.Sa ...)
+ TODO: check
CVE-2020-5260
RESERVED
CVE-2020-5259 (In affected versions of dojox (NPM package), the jqMix method
is vulne ...)
@@ -17350,38 +17372,38 @@ CVE-2020-3809
RESERVED
CVE-2020-3808
RESERVED
-CVE-2020-3807
- RESERVED
-CVE-2020-3806
- RESERVED
-CVE-2020-3805
- RESERVED
-CVE-2020-3804
- RESERVED
-CVE-2020-3803
- RESERVED
-CVE-2020-3802
- RESERVED
-CVE-2020-3801
- RESERVED
-CVE-2020-3800
- RESERVED
-CVE-2020-3799
- RESERVED
+CVE-2020-3807 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3806 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3805 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3804 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3803 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3802 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3801 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3800 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3799 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier,
2017.011 ...)
+ TODO: check
CVE-2020-3798
RESERVED
-CVE-2020-3797
- RESERVED
+CVE-2020-3797 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier,
2017.011 ...)
+ TODO: check
CVE-2020-3796
RESERVED
-CVE-2020-3795
- RESERVED
+CVE-2020-3795 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier,
2017.011 ...)
+ TODO: check
CVE-2020-3794
RESERVED
-CVE-2020-3793
- RESERVED
-CVE-2020-3792
- RESERVED
+CVE-2020-3793 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier,
2017.011 ...)
+ TODO: check
+CVE-2020-3792 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier,
2017.011 ...)
+ TODO: check
CVE-2020-3791
RESERVED
CVE-2020-3790
@@ -17426,14 +17448,14 @@ CVE-2020-3771
RESERVED
CVE-2020-3770
RESERVED
-CVE-2020-3769
- RESERVED
+CVE-2020-3769 (Adobe Experience Manager versions 6.5 and earlier have a
server-side r ...)
+ TODO: check
CVE-2020-3768
RESERVED
CVE-2020-3767
RESERVED
-CVE-2020-3766
- RESERVED
+CVE-2020-3766 (Adobe Genuine Integrity Service versions Version 6.4 and
earlier have ...)
+ TODO: check
CVE-2020-3765 (Adobe After Effects versions 16.1.2 and earlier have an
out-of-bounds ...)
NOT-FOR-US: Adobe
CVE-2020-3764 (Adobe Media Encoder versions 14.0 and earlier have an
out-of-bounds wr ...)
@@ -21446,41 +21468,29 @@ CVE-2020-2173
RESERVED
CVE-2020-2172
RESERVED
-CVE-2020-2171
- RESERVED
+CVE-2020-2171 (Jenkins RapidDeploy Plugin 4.2 and earlier does not configure
its XML ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2170
- RESERVED
+CVE-2020-2170 (Jenkins RapidDeploy Plugin 4.2 and earlier does not escape
package nam ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2169
- RESERVED
+CVE-2020-2169 (A form validation endpoint in Jenkins Queue cleanup Plugin 1.3
and ear ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2168
- RESERVED
+CVE-2020-2168 (Jenkins Azure Container Service Plugin 1.0.1 and earlier does
not conf ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2167
- RESERVED
+CVE-2020-2167 (Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not
configur ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2166
- RESERVED
+CVE-2020-2166 (Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not
configure ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2165
- RESERVED
+CVE-2020-2165 (Jenkins Artifactory Plugin 3.6.0 and earlier transmits
configured pass ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2164
- RESERVED
+CVE-2020-2164 (Jenkins Artifactory Plugin 3.5.0 and earlier stores its
Artifactory se ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2163
- RESERVED
+CVE-2020-2163 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly
processe ...)
NOT-FOR-US: Jenkins
-CVE-2020-2162
- RESERVED
+CVE-2020-2162 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set
Conten ...)
NOT-FOR-US: Jenkins
-CVE-2020-2161
- RESERVED
+CVE-2020-2161 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not
properly e ...)
NOT-FOR-US: Jenkins
-CVE-2020-2160
- RESERVED
+CVE-2020-2160 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses
different repr ...)
NOT-FOR-US: Jenkins
CVE-2020-2159 (Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers
with Job ...)
NOT-FOR-US: Jenkins CryptoMove Plugin
@@ -22145,8 +22155,7 @@ CVE-2020-1959
RESERVED
CVE-2020-1958
RESERVED
-CVE-2020-1957
- RESERVED
+CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring
dynamic ...)
- shiro <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2
CVE-2020-1956
@@ -23231,7 +23240,7 @@ CVE-2019-19348
RESERVED
NOT-FOR-US: openshift
CVE-2019-19347
- RESERVED
+ REJECTED
NOT-FOR-US: openshift
CVE-2019-19346
RESERVED
@@ -23822,8 +23831,8 @@ CVE-2019-19129 (Afterlogic WebMail Pro 8.3.11, and
WebMail in Afterlogic Aurora
NOT-FOR-US: Afterlogic
CVE-2019-19128
RESERVED
-CVE-2019-19127
- RESERVED
+CVE-2019-19127 (An authentication bypass vulnerability is present in the
standalone SI ...)
+ TODO: check
CVE-2019-19126 (On the x86-64 architecture, the GNU C Library (aka glibc)
before 2.31 ...)
- glibc 2.29-8 (bug #945250)
[buster] - glibc <no-dsa> (Minor issue)
@@ -27358,8 +27367,8 @@ CVE-2019-18628
RESERVED
CVE-2019-18627
RESERVED
-CVE-2019-18626
- RESERVED
+CVE-2019-18626 (Harris Ormed Self Service before 2019.1.4 allows an
authenticated user ...)
+ TODO: check
CVE-2018-21029 (** DISPUTED ** systemd 239 through 244 accepts any certificate
signed ...)
- systemd 244-1 (low)
[buster] - systemd <not-affected> (Only affected v243)
@@ -61869,8 +61878,8 @@ CVE-2019-7632 (LifeSize Team, Room, Passport, and
Networker 220 devices allow Au
NOT-FOR-US: LifeSize devices
CVE-2019-7631
RESERVED
-CVE-2019-7630
- RESERVED
+CVE-2019-7630 (An issue was discovered in gdrv.sys in Gigabyte APP Center
before 19.0 ...)
+ TODO: check
CVE-2019-7629 (Stack-based buffer overflow in the strip_vt102_codes function
in TinTi ...)
- tintin++ 2.01.5-2 (low; bug #924348)
[stretch] - tintin++ <no-dsa> (Minor issue)
@@ -63009,18 +63018,18 @@ CVE-2019-7247
RESERVED
CVE-2019-7246
RESERVED
-CVE-2019-7245
- RESERVED
-CVE-2019-7244
- RESERVED
+CVE-2019-7245 (An issue was discovered in GPU-Z.sys in TechPowerUp GPU-Z
before 2.23. ...)
+ TODO: check
+CVE-2019-7244 (An issue was discovered in kerneld.sys in AIDA64 before 5.99.
The vuln ...)
+ TODO: check
CVE-2019-7243
RESERVED
CVE-2019-7242
RESERVED
CVE-2019-7241
RESERVED
-CVE-2019-7240
- RESERVED
+CVE-2019-7240 (An issue was discovered in WinRing0x64.sys in Moo0 System
Monitor 1.83 ...)
+ TODO: check
CVE-2019-7239
RESERVED
CVE-2019-7238 (Sonatype Nexus Repository Manager before 3.15.0 has Incorrect
Access C ...)
@@ -68137,6 +68146,7 @@ CVE-2019-5190
CVE-2019-5189
RESERVED
CVE-2019-5188 (A code execution vulnerability exists in the directory
rehashing funct ...)
+ {DLA-2156-1}
- e2fsprogs 1.45.5-1 (bug #948508)
[buster] - e2fsprogs 1.44.5-1+deb10u3
[stretch] - e2fsprogs <no-dsa> (Minor issue)
@@ -70663,8 +70673,8 @@ CVE-2019-4003
RESERVED
CVE-2019-4002
RESERVED
-CVE-2019-4001
- RESERVED
+CVE-2019-4001 (Improper input validation in Druva inSync Client 6.5.0 allows a
local, ...)
+ TODO: check
CVE-2019-4000 (Improper neutralization of directives in dynamically evaluated
code in ...)
NOT-FOR-US: Druva inSync Mac OS Client
CVE-2019-3999 (Improper neutralization of special elements used in an OS
command in D ...)
@@ -211389,6 +211399,7 @@ CVE-2016-2339 (An exploitable heap overflow
vulnerability exists in the Fiddle::
NOTE: Fixed by:
https://github.com/ruby/ruby/commit/de577357e80fa15f5cf13a81aa3decc783ea929e
NOTE: Fixed by:
https://github.com/ruby/ruby/commit/4977af3c3d54d27167bfc237f1b2802c40bddc10
CVE-2016-2338 (An exploitable heap overflow vulnerability exists in the
Psych::Emitte ...)
+ {DLA-2158-1}
- ruby2.3 2.3.0-1
- ruby2.1 <removed>
NOTE: https://talosintelligence.com/reports/TALOS-2016-0032
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/548e4edccedf5e6218a94c0754f80d1636627c63
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/548e4edccedf5e6218a94c0754f80d1636627c63
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
