Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
548e4edc by security tracker role at 2020-03-25T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,8 +1,28 @@
-CVE-2020-10942 [vhost: Check docket sk_family instead of call getname]
+CVE-2020-10951
+       RESERVED
+CVE-2020-10950
+       RESERVED
+CVE-2020-10949
+       RESERVED
+CVE-2020-10948
+       RESERVED
+CVE-2020-10947
+       RESERVED
+CVE-2020-10946
+       RESERVED
+CVE-2020-10945
+       RESERVED
+CVE-2020-10944
+       RESERVED
+CVE-2020-10943
+       RESERVED
+CVE-2019-20633 (GNU patch through 2.7.6 contains a free(p_line[p_end]) Double 
Free vul ...)
+       TODO: check
+CVE-2020-10942 (In the Linux kernel before 5.5.8, get_raw_socket in 
drivers/vhost/net. ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 (5.6-rc4)
-CVE-2020-10941
-       RESERVED
+CVE-2020-10941 (Arm Mbed TLS before 2.6.15 allows attackers to obtain 
sensitive inform ...)
+       TODO: check
 CVE-2020-10940
        RESERVED
 CVE-2020-10939
@@ -134,7 +154,7 @@ CVE-2019-20628 (An issue was discovered in libgpac.a in 
GPAC before 0.8.0, as de
        TODO: check
 CVE-2020-10880
        RESERVED
-CVE-2020-10879 (rConfig before 3.9.5 allows injection because 
lib/crud/search.crud.php ...)
+CVE-2020-10879 (rConfig before 3.9.5 allows command injection by sending a 
crafted GET ...)
        NOT-FOR-US: rConfig
 CVE-2020-10878
        RESERVED
@@ -188,7 +208,7 @@ CVE-2019-20627 (AutoUpdater.cs in AutoUpdater.NET before 
1.5.8 allows XXE. ...)
        NOT-FOR-US: AutoUpdater.NET
 CVE-2019-20626 (The remote keyless system on Honda HR-V 2017 vehicles sends 
the same R ...)
        NOT-FOR-US: Honda HR-V 2017 vehicles
-CVE-2020-10931 [memcached extlen buffer overflow]
+CVE-2020-10931 (Memcached 1.6.x before 1.6.2 allows remote attackers to cause 
a denial ...)
        - memcached 1.6.2-1 (bug #954808)
        [buster] - memcached <not-affected> (Introduced in 1.6)
        [stretch] - memcached <not-affected> (Introduced in 1.6)
@@ -273,62 +293,62 @@ CVE-2020-10818 (Artica Proxy 4.26 allows remote command 
execution for an authent
        NOT-FOR-US: Artica Proxy
 CVE-2020-10817
        RESERVED
-CVE-2019-20625
-       RESERVED
-CVE-2019-20624
-       RESERVED
-CVE-2019-20623
-       RESERVED
-CVE-2019-20622
-       RESERVED
-CVE-2019-20621
-       RESERVED
-CVE-2019-20620
-       RESERVED
-CVE-2019-20619
-       RESERVED
-CVE-2019-20618
-       RESERVED
-CVE-2019-20617
-       RESERVED
-CVE-2019-20616
-       RESERVED
-CVE-2019-20615
-       RESERVED
-CVE-2019-20614
-       RESERVED
-CVE-2019-20613
-       RESERVED
-CVE-2019-20612
-       RESERVED
-CVE-2019-20611
-       RESERVED
-CVE-2019-20610
-       RESERVED
-CVE-2019-20609
-       RESERVED
-CVE-2019-20608
-       RESERVED
-CVE-2019-20607
-       RESERVED
-CVE-2019-20606
-       RESERVED
-CVE-2019-20605
-       RESERVED
-CVE-2019-20604
-       RESERVED
-CVE-2019-20603
-       RESERVED
-CVE-2019-20602
-       RESERVED
-CVE-2019-20601
-       RESERVED
-CVE-2019-20600
-       RESERVED
-CVE-2019-20599
-       RESERVED
-CVE-2019-20598
-       RESERVED
+CVE-2019-20625 (An issue was discovered on Samsung mobile devices with N(7.1) 
and O(8. ...)
+       TODO: check
+CVE-2019-20624 (An issue was discovered on Samsung mobile devices with N(7.x) 
and O(8. ...)
+       TODO: check
+CVE-2019-20623 (An issue was discovered on Samsung mobile devices with N(7.1), 
O(8.x), ...)
+       TODO: check
+CVE-2019-20622 (An issue was discovered on Samsung mobile devices with N(7.x), 
O(8.x), ...)
+       TODO: check
+CVE-2019-20621 (An issue was discovered on Samsung mobile devices with N(7.x), 
O(8.x), ...)
+       TODO: check
+CVE-2019-20620 (An issue was discovered on Samsung mobile devices with P(9.0) 
software ...)
+       TODO: check
+CVE-2019-20619 (An issue was discovered on Samsung mobile devices with P(9.0) 
software ...)
+       TODO: check
+CVE-2019-20618 (An issue was discovered on Samsung mobile devices with P(9.0) 
software ...)
+       TODO: check
+CVE-2019-20617 (An issue was discovered on Samsung mobile devices with P(9.0) 
software ...)
+       TODO: check
+CVE-2019-20616 (An issue was discovered on Samsung mobile devices with N(7.x) 
and O(8. ...)
+       TODO: check
+CVE-2019-20615 (An issue was discovered on Samsung mobile devices with N(7.x) 
and O(8. ...)
+       TODO: check
+CVE-2019-20614 (An issue was discovered on Samsung mobile devices with N(7.x), 
O(8.x), ...)
+       TODO: check
+CVE-2019-20613 (An issue was discovered on Samsung mobile devices with N(7.x) 
and O(8. ...)
+       TODO: check
+CVE-2019-20612 (An issue was discovered on Samsung mobile devices with N(7.x) 
and O(8. ...)
+       TODO: check
+CVE-2019-20611 (An issue was discovered on Samsung mobile devices with N(7.x), 
O(8.x), ...)
+       TODO: check
+CVE-2019-20610 (An issue was discovered on Samsung mobile devices with N(7.X) 
and O(8. ...)
+       TODO: check
+CVE-2019-20609 (An issue was discovered on Samsung mobile devices with P(9.0) 
software ...)
+       TODO: check
+CVE-2019-20608 (An issue was discovered on Samsung mobile devices with N(7.x), 
O(8.x), ...)
+       TODO: check
+CVE-2019-20607 (An issue was discovered on Samsung mobile devices with N(7.x), 
O(8.x), ...)
+       TODO: check
+CVE-2019-20606 (An issue was discovered on Samsung mobile devices with any 
(before May ...)
+       TODO: check
+CVE-2019-20605 (An issue was discovered on Samsung mobile devices with N(7.x), 
O(8.x), ...)
+       TODO: check
+CVE-2019-20604 (An issue was discovered on Samsung mobile devices with O(8.x) 
software ...)
+       TODO: check
+CVE-2019-20603 (An issue was discovered on Samsung mobile devices with N(7.x), 
O(8.0), ...)
+       TODO: check
+CVE-2019-20602 (An issue was discovered on Samsung mobile devices with N(7.x), 
O(8.0), ...)
+       TODO: check
+CVE-2019-20601 (An issue was discovered on Samsung mobile devices with N(7.x), 
O(8.x), ...)
+       TODO: check
+CVE-2019-20600 (An issue was discovered on Samsung mobile devices with O(8.0) 
and P(9. ...)
+       TODO: check
+CVE-2019-20599 (An issue was discovered on Samsung mobile devices with N(7.x), 
O(8.x), ...)
+       TODO: check
+CVE-2019-20598 (An issue was discovered on Samsung mobile devices with O(8.x) 
software ...)
+       TODO: check
 CVE-2019-20597 (An issue was discovered on Samsung mobile devices with N(7.1), 
O(8.x), ...)
        NOT-FOR-US: Samsung mobile devices
 CVE-2019-20596 (An issue was discovered on Samsung mobile devices with N(7.x) 
and O(8. ...)
@@ -337,8 +357,8 @@ CVE-2019-20595 (An issue was discovered on Samsung mobile 
devices with P(9.0) so
        NOT-FOR-US: Samsung mobile devices
 CVE-2019-20594 (An issue was discovered on Samsung mobile devices with O(8.1) 
and P(9. ...)
        NOT-FOR-US: Samsung mobile devices
-CVE-2019-20593
-       RESERVED
+CVE-2019-20593 (An issue was discovered on Samsung mobile devices with N(7.x) 
and O(8. ...)
+       TODO: check
 CVE-2019-20592 (An issue was discovered on Samsung mobile devices with N(7.x), 
O(8.x), ...)
        NOT-FOR-US: Samsung mobile devices
 CVE-2019-20591 (An issue was discovered on Samsung mobile devices with N(7.x), 
O(8.x), ...)
@@ -371,8 +391,8 @@ CVE-2019-20578 (An issue was discovered on Samsung mobile 
devices with P(9.0) (E
        NOT-FOR-US: Samsung mobile devices
 CVE-2019-20577 (An issue was discovered on Samsung mobile devices with P(9.0) 
(Exynos  ...)
        NOT-FOR-US: Samsung mobile devices
-CVE-2019-20576
-       RESERVED
+CVE-2019-20576 (An issue was discovered on Samsung mobile devices with P(9.0) 
software ...)
+       TODO: check
 CVE-2019-20575 (An issue was discovered on Samsung mobile devices with P(9.0) 
software ...)
        NOT-FOR-US: Samsung mobile devices
 CVE-2019-20574 (An issue was discovered on Samsung mobile devices with N(7.x), 
O(8.x), ...)
@@ -545,14 +565,14 @@ CVE-2020-10793 (CodeIgniter through 4.0.0 allows remote 
attackers to gain privil
        - codeigniter <itp> (bug #471583)
 CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to 
configure the s ...)
        NOT-FOR-US: openITCOCKPIT
-CVE-2020-10791
-       RESERVED
-CVE-2020-10790
-       RESERVED
-CVE-2020-10789
-       RESERVED
-CVE-2020-10788
-       RESERVED
+CVE-2020-10791 
(app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php ...)
+       TODO: check
+CVE-2020-10790 (openITCOCKPIT before 3.7.3 has unnecessary files (such as 
Lodash files ...)
+       TODO: check
+CVE-2020-10789 (openITCOCKPIT before 3.7.3 has a web-based terminal that 
allows attack ...)
+       TODO: check
+CVE-2020-10788 (openITCOCKPIT before 3.7.3 uses the 
1fea123e07f730f76e661bced33a941523 ...)
+       TODO: check
 CVE-2020-10787
        RESERVED
 CVE-2020-10786
@@ -882,8 +902,8 @@ CVE-2020-10650
        RESERVED
 CVE-2019-20510
        REJECTED
-CVE-2020-10649
-       RESERVED
+CVE-2020-10649 (DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for 
Windows 10  ...)
+       TODO: check
 CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified 
boot re ...)
        - u-boot <unfixed>
        NOTE: http://www.openwall.com/lists/oss-security/2020/03/18/5
@@ -1142,7 +1162,7 @@ CVE-2020-10533
 CVE-2020-10532 (The AD Helper component in WatchGuard Fireware before 
5.8.5.10317 allo ...)
        NOT-FOR-US: AD Helper component in WatchGuard Fireware
 CVE-2020-10531 (An issue was discovered in International Components for 
Unicode (ICU)  ...)
-       {DLA-2151-1}
+       {DSA-4646-1 DLA-2151-1}
        [experimental] - icu 66.1-2
        - icu 63.2-3 (bug #953747)
        NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 
(not public)
@@ -2821,11 +2841,13 @@ CVE-2020-9762
 CVE-2020-9761 (An issue was discovered in UNCTAD ASYCUDA World 2001 through 
2020. The ...)
        NOT-FOR-US: UNCTAD ASYCUDA World
 CVE-2020-9760 (An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 
are affe ...)
+       {DLA-2157-1}
        - weechat 2.7.1-1
        [buster] - weechat <no-dsa> (Minor issue)
        [stretch] - weechat <no-dsa> (Minor issue)
        NOTE: 
https://github.com/weechat/weechat/commit/694b5c9f874d7337cd2e03761e0de435275dd64d
 CVE-2020-9759 (An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 
are affe ...)
+       {DLA-2157-1}
        - weechat 2.7.1-1
        [buster] - weechat <no-dsa> (Minor issue)
        [stretch] - weechat <no-dsa> (Minor issue)
@@ -3242,10 +3264,10 @@ CVE-2020-9554
        RESERVED
 CVE-2020-9553
        RESERVED
-CVE-2020-9552
-       RESERVED
-CVE-2020-9551
-       RESERVED
+CVE-2020-9552 (Adobe Bridge versions 10.0 have a heap-based buffer overflow 
vulnerabi ...)
+       TODO: check
+CVE-2020-9551 (Adobe Bridge versions 10.0 have an out-of-bounds write 
vulnerability.  ...)
+       TODO: check
 CVE-2019-20489 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. 
The web ...)
        NOT-FOR-US: Netgear
 CVE-2019-20488 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. 
Multipl ...)
@@ -3682,8 +3704,8 @@ CVE-2020-9377
        RESERVED
 CVE-2020-9376
        RESERVED
-CVE-2020-9375
-       RESERVED
+CVE-2020-9375 (TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 
allows re ...)
+       TODO: check
 CVE-2019-20482
        RESERVED
 CVE-2020-9374 (On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command 
execution vu ...)
@@ -3741,6 +3763,7 @@ CVE-2020-9361
 CVE-2020-9360
        RESERVED
 CVE-2020-9359 (KDE Okular before 1.10.0 allows code execution via an action 
link in a ...)
+       {DLA-2159-1}
        - okular 4:19.12.3-2 (bug #954891)
        [buster] - okular <no-dsa> (Minor issue)
        [stretch] - okular <no-dsa> (Minor issue)
@@ -3791,8 +3814,7 @@ CVE-2020-9337 (In GolfBuddy Course Manager 1.1, passwords 
are sent (with base64
        NOT-FOR-US: GolfBuddy Course Manager
 CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard -&gt; 
Settings ...)
        NOT-FOR-US: fauzantrif eLection
-CVE-2020-6816 [mutation XSS vulnerability again]
-       RESERVED
+CVE-2020-6816 (In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean 
when RCD ...)
        {DSA-4643-1}
        - python-bleach 3.1.3-1 (bug #954236)
        [stretch] - python-bleach <ignored> (Requires invasive changes to 
address issue)
@@ -3800,8 +3822,7 @@ CVE-2020-6816 [mutation XSS vulnerability again]
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1621692 (not public)
        NOTE: 
https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743
        NOTE: 
https://github.com/mozilla/bleach/commit/175f67740e7951e1d80cefb7831e6c3e4efeb986
-CVE-2020-6802 [mutation XSS vulnerability]
-       RESERVED
+CVE-2020-6802 (In Mozilla Bleach before 3.11, a mutation XSS affects users 
calling bl ...)
        {DSA-4636-1}
        - python-bleach 3.1.1-1 (bug #951907)
        [stretch] - python-bleach <ignored> (Requires invasive changes to 
address issue)
@@ -4628,12 +4649,12 @@ CVE-2020-8988 (The Voatz application 2020-01-01 for 
Android allows only 100 mill
        NOT-FOR-US: Voatz application for Android
 CVE-2020-8987 (Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 
2.0.0.178 pr ...)
        NOT-FOR-US: Avast AntiTrack
-CVE-2020-8986
-       RESERVED
-CVE-2020-8985
-       RESERVED
-CVE-2020-8984
-       RESERVED
+CVE-2020-8986 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to 
properly c ...)
+       TODO: check
+CVE-2020-8985 (ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via 
the unl ...)
+       TODO: check
+CVE-2020-8984 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP 
address s ...)
+       TODO: check
 CVE-2020-8983
        RESERVED
 CVE-2020-8982
@@ -4691,6 +4712,7 @@ CVE-2020-8957
 CVE-2020-8956
        RESERVED
 CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat 
through 2 ...)
+       {DLA-2157-1}
        - weechat 2.7.1-1 (bug #951289)
        [buster] - weechat <no-dsa> (Minor issue)
        [stretch] - weechat <no-dsa> (Minor issue)
@@ -9166,40 +9188,40 @@ CVE-2020-7009
        RESERVED
 CVE-2020-7008
        RESERVED
-CVE-2020-7007
-       RESERVED
+CVE-2020-7007 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the 
attacker  ...)
+       TODO: check
 CVE-2020-7006 (Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, 
RJ45), ...)
        NOT-FOR-US: Systech Corporation
-CVE-2020-7005
-       RESERVED
+CVE-2020-7005 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the 
affected produ ...)
+       TODO: check
 CVE-2020-7004
        RESERVED
 CVE-2020-7003 (In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and 
IOxpre ...)
        NOT-FOR-US: Moxa
 CVE-2020-7002 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and 
prior.  ...)
        NOT-FOR-US: McAfee
-CVE-2020-7001
-       RESERVED
+CVE-2020-7001 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the 
affected  ...)
+       TODO: check
 CVE-2020-7000
        RESERVED
 CVE-2020-6999
        RESERVED
 CVE-2020-6998
        RESERVED
-CVE-2020-6997
-       RESERVED
+CVE-2020-6997 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, 
sensitive inf ...)
+       TODO: check
 CVE-2020-6996
        RESERVED
-CVE-2020-6995
-       RESERVED
+CVE-2020-6995 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and 
PT-7828 ser ...)
+       TODO: check
 CVE-2020-6994
        RESERVED
-CVE-2020-6993
-       RESERVED
+CVE-2020-6993 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and 
PT-7828 ser ...)
+       TODO: check
 CVE-2020-6992
        RESERVED
-CVE-2020-6991
-       RESERVED
+CVE-2020-6991 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak 
password ...)
+       TODO: check
 CVE-2020-6990 (Rockwell Automation MicroLogix 1400 Controllers Series B 
v21.001 and p ...)
        NOT-FOR-US: Rockwell
 CVE-2020-6989 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and 
PT-7828 ser ...)
@@ -9210,22 +9232,22 @@ CVE-2020-6987 (In Moxa PT-7528 series firmware, Version 
4.0 or lower, and PT-782
        NOT-FOR-US: Moxa
 CVE-2020-6986 (In all versions of Omron PLC CJ Series, an attacker can send a 
series  ...)
        NOT-FOR-US: Omron
-CVE-2020-6985
-       RESERVED
+CVE-2020-6985 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and 
PT-7828 ser ...)
+       TODO: check
 CVE-2020-6984 (Rockwell Automation MicroLogix 1400 Controllers Series B 
v21.001 and p ...)
        NOT-FOR-US: Rockwell
 CVE-2020-6983 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and 
PT-7828 ser ...)
        NOT-FOR-US: Moxa
-CVE-2020-6982
-       RESERVED
-CVE-2020-6981
-       RESERVED
+CVE-2020-6982 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header 
injecti ...)
+       TODO: check
+CVE-2020-6981 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an 
attacker m ...)
+       TODO: check
 CVE-2020-6980 (Rockwell Automation MicroLogix 1400 Controllers Series B 
v21.001 and p ...)
        NOT-FOR-US: Rockwell
-CVE-2020-6979
-       RESERVED
-CVE-2020-6978
-       RESERVED
+CVE-2020-6979 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the 
affected  ...)
+       TODO: check
+CVE-2020-6978 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the 
affected produ ...)
+       TODO: check
 CVE-2020-6977 (A restricted desktop environment escape vulnerability exists in 
the Ki ...)
        NOT-FOR-US: GE
 CVE-2020-6976 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and 
prior.  ...)
@@ -11333,26 +11355,26 @@ CVE-2020-6082
        RESERVED
 CVE-2020-6081
        RESERVED
-CVE-2020-6080
-       RESERVED
-CVE-2020-6079
-       RESERVED
-CVE-2020-6078
-       RESERVED
-CVE-2020-6077
-       RESERVED
+CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the 
resource  ...)
+       TODO: check
+CVE-2020-6079 (An exploitable denial-of-service vulnerability exists in the 
resource  ...)
+       TODO: check
+CVE-2020-6078 (An exploitable denial-of-service vulnerability exists in the 
message-p ...)
+       TODO: check
+CVE-2020-6077 (An exploitable denial-of-service vulnerability exists in the 
message-p ...)
+       TODO: check
 CVE-2020-6076
        RESERVED
 CVE-2020-6075
        RESERVED
 CVE-2020-6074
        RESERVED
-CVE-2020-6073
-       RESERVED
-CVE-2020-6072
-       RESERVED
-CVE-2020-6071
-       RESERVED
+CVE-2020-6073 (An exploitable denial-of-service vulnerability exists in the 
TXT recor ...)
+       TODO: check
+CVE-2020-6072 (An exploitable code execution vulnerability exists in the 
label-parsin ...)
+       TODO: check
+CVE-2020-6071 (An exploitable denial-of-service vulnerability exists in the 
resource  ...)
+       TODO: check
 CVE-2020-6070
        RESERVED
 CVE-2020-6069 (An exploitable out-of-bounds write vulnerability exists in the 
igcore1 ...)
@@ -12385,26 +12407,26 @@ CVE-2020-5563
        RESERVED
 CVE-2020-5562
        RESERVED
-CVE-2020-5561
-       RESERVED
-CVE-2020-5560
-       RESERVED
-CVE-2020-5559
-       RESERVED
-CVE-2020-5558
-       RESERVED
-CVE-2020-5557
-       RESERVED
-CVE-2020-5556
-       RESERVED
-CVE-2020-5555
-       RESERVED
-CVE-2020-5554
-       RESERVED
-CVE-2020-5553
-       RESERVED
-CVE-2020-5552
-       RESERVED
+CVE-2020-5561 (Keijiban Tsumiki v1.15 allows remote attackers to execute 
arbitrary OS ...)
+       TODO: check
+CVE-2020-5560 (WL-Enq 1.11 and 1.12 allows remote attackers to execute 
arbitrary OS c ...)
+       TODO: check
+CVE-2020-5559 (Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 
allows remo ...)
+       TODO: check
+CVE-2020-5558 (CuteNews 2.0.1 allows remote authenticated attackers to execute 
arbitr ...)
+       TODO: check
+CVE-2020-5557 (Cross-site scripting vulnerability in CuteNews 2.0.1 allows 
remote att ...)
+       TODO: check
+CVE-2020-5556 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote 
attackers  ...)
+       TODO: check
+CVE-2020-5555 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote 
attackers  ...)
+       TODO: check
+CVE-2020-5554 (Directory traversal vulnerability in Shihonkanri Plus GOOUT 
Ver1.5.8 a ...)
+       TODO: check
+CVE-2020-5553 (mailform version 1.04 allows remote attackers to execute 
arbitrary PHP ...)
+       TODO: check
+CVE-2020-5552 (Cross-site scripting vulnerability in mailform version 1.04 
allows rem ...)
+       TODO: check
 CVE-2020-5551
        RESERVED
 CVE-2020-5550
@@ -13046,18 +13068,18 @@ CVE-2020-5284
        RESERVED
 CVE-2020-5283
        RESERVED
-CVE-2020-5282
-       RESERVED
-CVE-2020-5281
-       RESERVED
-CVE-2020-5280
-       RESERVED
+CVE-2020-5282 (In Nick Chan Bot before version 1.0.0-beta there is a 
vulnerability in ...)
+       TODO: check
+CVE-2020-5281 (In Perun before version 3.9.1, VO or group manager can modify 
configur ...)
+       TODO: check
+CVE-2020-5280 (http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local 
file i ...)
+       TODO: check
 CVE-2020-5279
        RESERVED
 CVE-2020-5278
        RESERVED
-CVE-2020-5277
-       RESERVED
+CVE-2020-5277 (PrestaShop module ps_facetedsearch versions before 3.5.0 has a 
reflect ...)
+       TODO: check
 CVE-2020-5276
        RESERVED
 CVE-2020-5275
@@ -13093,8 +13115,8 @@ CVE-2020-5263
        RESERVED
 CVE-2020-5262 (In EasyBuild before version 4.1.2, the GitHub Personal Access 
Token (P ...)
        NOT-FOR-US: EasyBuild
-CVE-2020-5261
-       RESERVED
+CVE-2020-5261 (Saml2 Authentication services for ASP.NET (NuGet package 
Sustainsys.Sa ...)
+       TODO: check
 CVE-2020-5260
        RESERVED
 CVE-2020-5259 (In affected versions of dojox (NPM package), the jqMix method 
is vulne ...)
@@ -17350,38 +17372,38 @@ CVE-2020-3809
        RESERVED
 CVE-2020-3808
        RESERVED
-CVE-2020-3807
-       RESERVED
-CVE-2020-3806
-       RESERVED
-CVE-2020-3805
-       RESERVED
-CVE-2020-3804
-       RESERVED
-CVE-2020-3803
-       RESERVED
-CVE-2020-3802
-       RESERVED
-CVE-2020-3801
-       RESERVED
-CVE-2020-3800
-       RESERVED
-CVE-2020-3799
-       RESERVED
+CVE-2020-3807 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 
2017.011 ...)
+       TODO: check
+CVE-2020-3806 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 
2017.011 ...)
+       TODO: check
+CVE-2020-3805 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 
2017.011 ...)
+       TODO: check
+CVE-2020-3804 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 
2017.011 ...)
+       TODO: check
+CVE-2020-3803 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 
2017.011 ...)
+       TODO: check
+CVE-2020-3802 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 
2017.011 ...)
+       TODO: check
+CVE-2020-3801 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 
2017.011 ...)
+       TODO: check
+CVE-2020-3800 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 
2017.011 ...)
+       TODO: check
+CVE-2020-3799 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 
2017.011 ...)
+       TODO: check
 CVE-2020-3798
        RESERVED
-CVE-2020-3797
-       RESERVED
+CVE-2020-3797 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 
2017.011 ...)
+       TODO: check
 CVE-2020-3796
        RESERVED
-CVE-2020-3795
-       RESERVED
+CVE-2020-3795 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 
2017.011 ...)
+       TODO: check
 CVE-2020-3794
        RESERVED
-CVE-2020-3793
-       RESERVED
-CVE-2020-3792
-       RESERVED
+CVE-2020-3793 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 
2017.011 ...)
+       TODO: check
+CVE-2020-3792 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 
2017.011 ...)
+       TODO: check
 CVE-2020-3791
        RESERVED
 CVE-2020-3790
@@ -17426,14 +17448,14 @@ CVE-2020-3771
        RESERVED
 CVE-2020-3770
        RESERVED
-CVE-2020-3769
-       RESERVED
+CVE-2020-3769 (Adobe Experience Manager versions 6.5 and earlier have a 
server-side r ...)
+       TODO: check
 CVE-2020-3768
        RESERVED
 CVE-2020-3767
        RESERVED
-CVE-2020-3766
-       RESERVED
+CVE-2020-3766 (Adobe Genuine Integrity Service versions Version 6.4 and 
earlier have  ...)
+       TODO: check
 CVE-2020-3765 (Adobe After Effects versions 16.1.2 and earlier have an 
out-of-bounds  ...)
        NOT-FOR-US: Adobe
 CVE-2020-3764 (Adobe Media Encoder versions 14.0 and earlier have an 
out-of-bounds wr ...)
@@ -21446,41 +21468,29 @@ CVE-2020-2173
        RESERVED
 CVE-2020-2172
        RESERVED
-CVE-2020-2171
-       RESERVED
+CVE-2020-2171 (Jenkins RapidDeploy Plugin 4.2 and earlier does not configure 
its XML  ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2170
-       RESERVED
+CVE-2020-2170 (Jenkins RapidDeploy Plugin 4.2 and earlier does not escape 
package nam ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2169
-       RESERVED
+CVE-2020-2169 (A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 
and ear ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2168
-       RESERVED
+CVE-2020-2168 (Jenkins Azure Container Service Plugin 1.0.1 and earlier does 
not conf ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2167
-       RESERVED
+CVE-2020-2167 (Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not 
configur ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2166
-       RESERVED
+CVE-2020-2166 (Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not 
configure ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2165
-       RESERVED
+CVE-2020-2165 (Jenkins Artifactory Plugin 3.6.0 and earlier transmits 
configured pass ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2164
-       RESERVED
+CVE-2020-2164 (Jenkins Artifactory Plugin 3.5.0 and earlier stores its 
Artifactory se ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2163
-       RESERVED
+CVE-2020-2163 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly 
processe ...)
        NOT-FOR-US: Jenkins
-CVE-2020-2162
-       RESERVED
+CVE-2020-2162 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set 
Conten ...)
        NOT-FOR-US: Jenkins
-CVE-2020-2161
-       RESERVED
+CVE-2020-2161 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not 
properly e ...)
        NOT-FOR-US: Jenkins
-CVE-2020-2160
-       RESERVED
+CVE-2020-2160 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses 
different repr ...)
        NOT-FOR-US: Jenkins
 CVE-2020-2159 (Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers 
with Job ...)
        NOT-FOR-US: Jenkins CryptoMove Plugin
@@ -22145,8 +22155,7 @@ CVE-2020-1959
        RESERVED
 CVE-2020-1958
        RESERVED
-CVE-2020-1957
-       RESERVED
+CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring 
dynamic ...)
        - shiro <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2
 CVE-2020-1956
@@ -23231,7 +23240,7 @@ CVE-2019-19348
        RESERVED
        NOT-FOR-US: openshift
 CVE-2019-19347
-       RESERVED
+       REJECTED
        NOT-FOR-US: openshift
 CVE-2019-19346
        RESERVED
@@ -23822,8 +23831,8 @@ CVE-2019-19129 (Afterlogic WebMail Pro 8.3.11, and 
WebMail in Afterlogic Aurora
        NOT-FOR-US: Afterlogic
 CVE-2019-19128
        RESERVED
-CVE-2019-19127
-       RESERVED
+CVE-2019-19127 (An authentication bypass vulnerability is present in the 
standalone SI ...)
+       TODO: check
 CVE-2019-19126 (On the x86-64 architecture, the GNU C Library (aka glibc) 
before 2.31  ...)
        - glibc 2.29-8 (bug #945250)
        [buster] - glibc <no-dsa> (Minor issue)
@@ -27358,8 +27367,8 @@ CVE-2019-18628
        RESERVED
 CVE-2019-18627
        RESERVED
-CVE-2019-18626
-       RESERVED
+CVE-2019-18626 (Harris Ormed Self Service before 2019.1.4 allows an 
authenticated user ...)
+       TODO: check
 CVE-2018-21029 (** DISPUTED ** systemd 239 through 244 accepts any certificate 
signed  ...)
        - systemd 244-1 (low)
        [buster] - systemd <not-affected> (Only affected v243)
@@ -61869,8 +61878,8 @@ CVE-2019-7632 (LifeSize Team, Room, Passport, and 
Networker 220 devices allow Au
        NOT-FOR-US: LifeSize devices
 CVE-2019-7631
        RESERVED
-CVE-2019-7630
-       RESERVED
+CVE-2019-7630 (An issue was discovered in gdrv.sys in Gigabyte APP Center 
before 19.0 ...)
+       TODO: check
 CVE-2019-7629 (Stack-based buffer overflow in the strip_vt102_codes function 
in TinTi ...)
        - tintin++ 2.01.5-2 (low; bug #924348)
        [stretch] - tintin++ <no-dsa> (Minor issue)
@@ -63009,18 +63018,18 @@ CVE-2019-7247
        RESERVED
 CVE-2019-7246
        RESERVED
-CVE-2019-7245
-       RESERVED
-CVE-2019-7244
-       RESERVED
+CVE-2019-7245 (An issue was discovered in GPU-Z.sys in TechPowerUp GPU-Z 
before 2.23. ...)
+       TODO: check
+CVE-2019-7244 (An issue was discovered in kerneld.sys in AIDA64 before 5.99. 
The vuln ...)
+       TODO: check
 CVE-2019-7243
        RESERVED
 CVE-2019-7242
        RESERVED
 CVE-2019-7241
        RESERVED
-CVE-2019-7240
-       RESERVED
+CVE-2019-7240 (An issue was discovered in WinRing0x64.sys in Moo0 System 
Monitor 1.83 ...)
+       TODO: check
 CVE-2019-7239
        RESERVED
 CVE-2019-7238 (Sonatype Nexus Repository Manager before 3.15.0 has Incorrect 
Access C ...)
@@ -68137,6 +68146,7 @@ CVE-2019-5190
 CVE-2019-5189
        RESERVED
 CVE-2019-5188 (A code execution vulnerability exists in the directory 
rehashing funct ...)
+       {DLA-2156-1}
        - e2fsprogs 1.45.5-1 (bug #948508)
        [buster] - e2fsprogs 1.44.5-1+deb10u3
        [stretch] - e2fsprogs <no-dsa> (Minor issue)
@@ -70663,8 +70673,8 @@ CVE-2019-4003
        RESERVED
 CVE-2019-4002
        RESERVED
-CVE-2019-4001
-       RESERVED
+CVE-2019-4001 (Improper input validation in Druva inSync Client 6.5.0 allows a 
local, ...)
+       TODO: check
 CVE-2019-4000 (Improper neutralization of directives in dynamically evaluated 
code in ...)
        NOT-FOR-US: Druva inSync Mac OS Client
 CVE-2019-3999 (Improper neutralization of special elements used in an OS 
command in D ...)
@@ -211389,6 +211399,7 @@ CVE-2016-2339 (An exploitable heap overflow 
vulnerability exists in the Fiddle::
        NOTE: Fixed by: 
https://github.com/ruby/ruby/commit/de577357e80fa15f5cf13a81aa3decc783ea929e
        NOTE: Fixed by: 
https://github.com/ruby/ruby/commit/4977af3c3d54d27167bfc237f1b2802c40bddc10
 CVE-2016-2338 (An exploitable heap overflow vulnerability exists in the 
Psych::Emitte ...)
+       {DLA-2158-1}
        - ruby2.3 2.3.0-1
        - ruby2.1 <removed>
        NOTE: https://talosintelligence.com/reports/TALOS-2016-0032



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/548e4edccedf5e6218a94c0754f80d1636627c63

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/548e4edccedf5e6218a94c0754f80d1636627c63
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to