Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2f256a61 by security tracker role at 2020-04-01T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2020-11461
+ RESERVED
+CVE-2020-11460
+ RESERVED
+CVE-2020-11459
+ RESERVED
+CVE-2020-11458
+ RESERVED
+CVE-2020-11457 (pfSense before 2.4.5 has stored XSS in
system_usermanager_addprivs.php ...)
+ TODO: check
+CVE-2020-11456 (LimeSurvey before 4.1.12+200324 has stored XSS in
application/views/ad ...)
+ TODO: check
+CVE-2020-11455 (LimeSurvey before 4.1.12+200324 contains a path traversal
vulnerabilit ...)
+ TODO: check
+CVE-2020-11454
+ RESERVED
+CVE-2020-11453
+ RESERVED
+CVE-2020-11452
+ RESERVED
+CVE-2020-11451
+ RESERVED
+CVE-2020-11450
+ RESERVED
+CVE-2020-11449 (An issue was discovered on Technicolor TC7337 8.89.17 devices.
An atta ...)
+ TODO: check
+CVE-2020-11448
+ RESERVED
+CVE-2020-11447
+ RESERVED
+CVE-2020-11446
+ RESERVED
CVE-2020-11445 (TP-Link cloud cameras through 2020-02-09 allow remote
attackers to byp ...)
NOT-FOR-US: TP-Link
CVE-2020-11444
@@ -6,7 +38,7 @@ CVE-2020-11443
RESERVED
CVE-2020-11442
RESERVED
-CVE-2020-11441 (phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by
%0D%0Astrin ...)
+CVE-2020-11441 (** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as
demonstrated ...)
- phpmyadmin <undetermined>
NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/16056
CVE-2020-11440
@@ -1216,24 +1248,24 @@ CVE-2020-10870 (Zim through 0.72.1 creates temporary
directories with predictabl
NOTE: Negligible security impact
CVE-2020-10869
RESERVED
-CVE-2020-10868
- RESERVED
-CVE-2020-10867
- RESERVED
-CVE-2020-10866
- RESERVED
-CVE-2020-10865
- RESERVED
-CVE-2020-10864
- RESERVED
-CVE-2020-10863
- RESERVED
-CVE-2020-10862
- RESERVED
-CVE-2020-10861
- RESERVED
-CVE-2020-10860
- RESERVED
+CVE-2020-10868 (An issue was discovered in Avast Antivirus before 20. The
aswTask RPC ...)
+ TODO: check
+CVE-2020-10867 (An issue was discovered in Avast Antivirus before 20. The
aswTask RPC ...)
+ TODO: check
+CVE-2020-10866 (An issue was discovered in Avast Antivirus before 20. The
aswTask RPC ...)
+ TODO: check
+CVE-2020-10865 (An issue was discovered in Avast Antivirus before 20. The
aswTask RPC ...)
+ TODO: check
+CVE-2020-10864 (An issue was discovered in Avast Antivirus before 20. The
aswTask RPC ...)
+ TODO: check
+CVE-2020-10863 (An issue was discovered in Avast Antivirus before 20. The
aswTask RPC ...)
+ TODO: check
+CVE-2020-10862 (An issue was discovered in Avast Antivirus before 20. The
aswTask RPC ...)
+ TODO: check
+CVE-2020-10861 (An issue was discovered in Avast Antivirus before 20. The
aswTask RPC ...)
+ TODO: check
+CVE-2020-10860 (An issue was discovered in Avast Antivirus before 20. An
Arbitrary Mem ...)
+ TODO: check
CVE-2020-10859
RESERVED
CVE-2020-10858
@@ -2069,7 +2101,7 @@ CVE-2020-10596 (OpenCart 3.0.3.2 allows remote
authenticated users to conduct XS
CVE-2018-21037 (Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF
to change ...)
NOT-FOR-US: Subrion CMS
CVE-2020-10595 (pam-krb5 before 4.9 has a buffer overflow that might cause
remote code ...)
- {DSA-4648-1}
+ {DSA-4648-1 DLA-2166-1}
- libpam-krb5 4.9-1
NOTE: https://www.openwall.com/lists/oss-security/2020/03/31/1
CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It
allows att ...)
@@ -2849,8 +2881,8 @@ CVE-2020-10232 (In version 4.8.0 and earlier of The
Sleuth Kit (TSK), there is a
[stretch] - sleuthkit <no-dsa> (Minor issue)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1836
NOTE:
https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1
-CVE-2020-10231
- RESERVED
+CVE-2020-10231 (TP-Link NC200 through 2.1.8_Build_171109, NC210 through
1.0.9_Build_17 ...)
+ TODO: check
CVE-2020-10230 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6
and 7) al ...)
NOT-FOR-US: CentOS-WebPanel.com
CVE-2020-10229
@@ -2907,18 +2939,18 @@ CVE-2020-10206
RESERVED
CVE-2020-10205
RESERVED
-CVE-2020-10204
- RESERVED
-CVE-2020-10203
- RESERVED
+CVE-2020-10204 (Sonatype Nexus Repository before 3.21.2 allows Remote Code
Execution. ...)
+ TODO: check
+CVE-2020-10203 (Sonatype Nexus Repository before 3.21.2 allows XSS. ...)
+ TODO: check
CVE-2020-10202
RESERVED
CVE-2020-10201
RESERVED
CVE-2020-10200
RESERVED
-CVE-2020-10199
- RESERVED
+CVE-2020-10199 (Sonatype Nexus Repository before 3.21.2 allows JavaEL
Injection (issue ...)
+ TODO: check
CVE-2020-10198
RESERVED
CVE-2020-10197
@@ -3784,42 +3816,42 @@ CVE-2020-9787
RESERVED
CVE-2020-9786
RESERVED
-CVE-2020-9785
- RESERVED
-CVE-2020-9784
- RESERVED
-CVE-2020-9783
- RESERVED
+CVE-2020-9785 (Multiple memory corruption issues were addressed with improved
state m ...)
+ TODO: check
+CVE-2020-9784 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
+CVE-2020-9783 (A use after free issue was addressed with improved memory
management. ...)
+ TODO: check
CVE-2020-9782
RESERVED
-CVE-2020-9781
- RESERVED
-CVE-2020-9780
- RESERVED
+CVE-2020-9781 (The issue was addressed by clearing website permission prompts
after n ...)
+ TODO: check
+CVE-2020-9780 (The issue was resolved by clearing application previews when
content i ...)
+ TODO: check
CVE-2020-9779
RESERVED
CVE-2020-9778
RESERVED
-CVE-2020-9777
- RESERVED
-CVE-2020-9776
- RESERVED
-CVE-2020-9775
- RESERVED
+CVE-2020-9777 (An issue existed in the selection of video file by Mail. The
issue was ...)
+ TODO: check
+CVE-2020-9776 (This issue was addressed with a new entitlement. This issue is
fixed i ...)
+ TODO: check
+CVE-2020-9775 (An issue existed in the handling of tabs displaying picture in
picture ...)
+ TODO: check
CVE-2020-9774
RESERVED
-CVE-2020-9773
- RESERVED
+CVE-2020-9773 (The issue was addressed with improved handling of icon caches.
This is ...)
+ TODO: check
CVE-2020-9772
RESERVED
CVE-2020-9771
RESERVED
-CVE-2020-9770
- RESERVED
-CVE-2020-9769
- RESERVED
-CVE-2020-9768
- RESERVED
+CVE-2020-9770 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2020-9769 (Multiple issues were addressed by updating to version 8.1.1850.
This i ...)
+ TODO: check
+CVE-2020-9768 (A use after free issue was addressed with improved memory
management. ...)
+ TODO: check
CVE-2020-9767
RESERVED
CVE-2020-10028
@@ -8086,10 +8118,10 @@ CVE-2020-7950 (meshsystem.dll in Valve Dota 2 before
7.23f allows remote attacke
NOT-FOR-US: Dota 2
CVE-2020-7949 (schemasystem.dll in Valve Dota 2 before 7.23f allows remote
attackers ...)
NOT-FOR-US: Dota 2
-CVE-2020-7948
- RESERVED
-CVE-2020-7947
- RESERVED
+CVE-2020-7948 (An issue was discovered in the Login by Auth0 plugin before
4.0.0 for ...)
+ TODO: check
+CVE-2020-7947 (An issue was discovered in the Login by Auth0 plugin before
4.0.0 for ...)
+ TODO: check
CVE-2020-7946
RESERVED
CVE-2020-7945
@@ -10691,6 +10723,7 @@ CVE-2020-6818
RESERVED
CVE-2020-6817 [Regular expression denial of service]
RESERVED
+ {DLA-2167-1}
- python-bleach 3.1.4-1 (bug #955388)
NOTE:
https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1623633
@@ -10892,8 +10925,8 @@ CVE-2020-6755
RESERVED
CVE-2020-6754 (dotCMS before 5.2.4 is vulnerable to directory traversal,
leading to i ...)
NOT-FOR-US: dotCMS
-CVE-2020-6753
- RESERVED
+CVE-2020-6753 (The Login by Auth0 plugin before 4.0.0 for WordPress allows
stored XSS ...)
+ TODO: check
CVE-2020-6752
RESERVED
CVE-2020-6751
@@ -13527,8 +13560,8 @@ CVE-2020-5550
RESERVED
CVE-2020-5549
RESERVED
-CVE-2020-5548
- RESERVED
+CVE-2020-5548 (Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and
earlier), Yam ...)
+ TODO: check
CVE-2020-5547 (Resource Management Errors vulnerability in TCP function
included in t ...)
NOT-FOR-US: Mitsubishi
CVE-2020-5546 (Improper Neutralization of Argument Delimiters in a Command
('Argument ...)
@@ -13920,10 +13953,10 @@ CVE-2020-5394
RESERVED
CVE-2020-5393 (In Appspace On-Prem through 7.1.3, an adversary can steal a
session to ...)
NOT-FOR-US: Appspace On-Prem
-CVE-2020-5392
- RESERVED
-CVE-2020-5391
- RESERVED
+CVE-2020-5392 (A stored cross-site scripting (XSS) vulnerability exists in the
Auth0 ...)
+ TODO: check
+CVE-2020-5391 (Cross-site request forgery (CSRF) vulnerabilities exist in the
Auth0 p ...)
+ TODO: check
CVE-2020-5390 (PySAML2 before 5.0.0 does not check that the signature in a
SAML docum ...)
{DSA-4630-1 DLA-2119-1}
- python-pysaml2 4.5.0-7 (bug #949322)
@@ -18159,84 +18192,84 @@ CVE-2019-19905 (NetHack 3.6.x before 3.6.4 is prone
to a buffer overflow vulnera
NOTE:
https://github.com/NetHack/NetHack/commit/f4a840a48f4bcf11757b3d859e9d53cc9d5ef226
NOTE:
https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47
NOTE: Negligible security impact
-CVE-2020-3919
- RESERVED
+CVE-2020-3919 (A memory initialization issue was addressed with improved
memory handl ...)
+ TODO: check
CVE-2020-3918
RESERVED
-CVE-2020-3917
- RESERVED
-CVE-2020-3916
- RESERVED
+CVE-2020-3917 (This issue was addressed with a new entitlement. This issue is
fixed i ...)
+ TODO: check
+CVE-2020-3916 (An access issue was addressed with additional sandbox
restrictions. Th ...)
+ TODO: check
CVE-2020-3915
RESERVED
-CVE-2020-3914
- RESERVED
-CVE-2020-3913
- RESERVED
-CVE-2020-3912
- RESERVED
-CVE-2020-3911
- RESERVED
-CVE-2020-3910
- RESERVED
-CVE-2020-3909
- RESERVED
-CVE-2020-3908
- RESERVED
-CVE-2020-3907
- RESERVED
-CVE-2020-3906
- RESERVED
-CVE-2020-3905
- RESERVED
-CVE-2020-3904
- RESERVED
-CVE-2020-3903
- RESERVED
-CVE-2020-3902
- RESERVED
-CVE-2020-3901
- RESERVED
-CVE-2020-3900
- RESERVED
-CVE-2020-3899
- RESERVED
+CVE-2020-3914 (A memory initialization issue was addressed with improved
memory handl ...)
+ TODO: check
+CVE-2020-3913 (A permissions issue existed. This issue was addressed with
improved pe ...)
+ TODO: check
+CVE-2020-3912 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
+CVE-2020-3911 (A buffer overflow was addressed with improved bounds checking.
This is ...)
+ TODO: check
+CVE-2020-3910 (A buffer overflow was addressed with improved size validation.
This is ...)
+ TODO: check
+CVE-2020-3909 (A buffer overflow was addressed with improved bounds checking.
This is ...)
+ TODO: check
+CVE-2020-3908 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
+CVE-2020-3907 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
+CVE-2020-3906 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
+CVE-2020-3905 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2020-3904 (Multiple memory corruption issues were addressed with improved
state m ...)
+ TODO: check
+CVE-2020-3903 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2020-3902 (An input validation issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2020-3901 (A type confusion issue was addressed with improved memory
handling. Th ...)
+ TODO: check
+CVE-2020-3900 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2020-3899 (A memory consumption issue was addressed with improved memory
handling ...)
+ TODO: check
CVE-2020-3898
RESERVED
-CVE-2020-3897
- RESERVED
+CVE-2020-3897 (A type confusion issue was addressed with improved memory
handling. Th ...)
+ TODO: check
CVE-2020-3896
RESERVED
-CVE-2020-3895
- RESERVED
-CVE-2020-3894
- RESERVED
-CVE-2020-3893
- RESERVED
-CVE-2020-3892
- RESERVED
-CVE-2020-3891
- RESERVED
-CVE-2020-3890
- RESERVED
-CVE-2020-3889
- RESERVED
-CVE-2020-3888
- RESERVED
-CVE-2020-3887
- RESERVED
+CVE-2020-3895 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2020-3894 (A race condition was addressed with additional validation. This
issue ...)
+ TODO: check
+CVE-2020-3893 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2020-3892 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2020-3891 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2020-3890 (The issue was addressed with improved deletion. This issue is
fixed in ...)
+ TODO: check
+CVE-2020-3889 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2020-3888 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
+CVE-2020-3887 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
CVE-2020-3886
RESERVED
-CVE-2020-3885
- RESERVED
-CVE-2020-3884
- RESERVED
-CVE-2020-3883
- RESERVED
+CVE-2020-3885 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
+CVE-2020-3884 (An injection issue was addressed with improved validation. This
issue ...)
+ TODO: check
+CVE-2020-3883 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
CVE-2020-3882
RESERVED
-CVE-2020-3881
- RESERVED
+CVE-2020-3881 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
CVE-2020-3880
RESERVED
CVE-2020-3879
@@ -18323,14 +18356,14 @@ CVE-2020-3852
RESERVED
CVE-2020-3851
RESERVED
-CVE-2020-3850
- RESERVED
-CVE-2020-3849
- RESERVED
-CVE-2020-3848
- RESERVED
-CVE-2020-3847
- RESERVED
+CVE-2020-3850 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2020-3849 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2020-3848 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2020-3847 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
CVE-2020-3846 (A buffer overflow was addressed with improved size validation.
This is ...)
NOT-FOR-US: Apple
CVE-2020-3845 (A memory corruption issue was addressed with improved memory
handling. ...)
@@ -21899,9 +21932,9 @@ CVE-2019-19608 (A SQL injection vulnerability in in the
web conferencing compone
NOT-FOR-US: Mitel
CVE-2019-19607 (A SQL injection vulnerability in the web conferencing
component of Mit ...)
NOT-FOR-US: Mitel
-CVE-2019-19606 (X-Plane 11.41 and earlier has multiple improper path
validations that ...)
+CVE-2019-19606 (X-Plane before 11.41 has multiple improper path validations
that could ...)
NOT-FOR-US: X-Plane
-CVE-2019-19605 (X-Plane 11.41 and earlier allows Arbitrary Memory Write via
crafted ne ...)
+CVE-2019-19605 (X-Plane before 11.41 allows Arbitrary Memory Write via crafted
network ...)
NOT-FOR-US: X-Plane
CVE-2019-19604 (Arbitrary command execution is possible in Git before 2.20.2,
2.21.x b ...)
- git 1:2.24.0-2
@@ -23296,8 +23329,7 @@ CVE-2020-1950 (A carefully crafted or corrupt PSD file
can cause excessive memor
- tika <unfixed> (bug #954303)
[buster] - tika <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/3
-CVE-2020-1949
- RESERVED
+CVE-2020-1949 (Scripts in Sling CMS before 0.16.0 do not property escape the
Sling Se ...)
NOT-FOR-US: Apache Sling
CVE-2020-1948
RESERVED
@@ -23310,8 +23342,7 @@ CVE-2020-1945
CVE-2020-1944 (There is a vulnerability in Apache Traffic Server 6.0.0 to
6.2.3, 7.0. ...)
- trafficserver 8.0.6+ds-1
NOTE:
https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E
-CVE-2020-1943
- RESERVED
+CVE-2020-1943 (Data sent with contentId to /control/stream is not sanitized,
allowing ...)
NOT-FOR-US: Apache OFBiz
CVE-2020-1942 (In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory
generated ...)
NOT-FOR-US: Apache NiFi
@@ -40318,7 +40349,7 @@ CVE-2019-14883 (A vulnerability was found in Moodle 3.6
before 3.6.7 and 3.7 bef
- moodle <removed>
CVE-2019-14882 (A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to
3.6.7, 3.5 to ...)
- moodle <removed>
-CVE-2019-14881 (A vulnerability was found in moodle 3.7 to 3.7.2 and before
3.7.3, whe ...)
+CVE-2019-14881 (A vulnerability was found in moodle 3.7 before 3.7.3, where
there is b ...)
- moodle <removed>
CVE-2019-14880 (A vulnerability was found in Moodle versions 3.7 before 3.7.3,
3.6 bef ...)
- moodle <removed>
@@ -71960,14 +71991,14 @@ CVE-2019-3947 (Fuji Electric V-Server before 6.0.33.0
stores database credential
NOT-FOR-US: Fuji Electric V-Server
CVE-2019-3946 (Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial
of serv ...)
NOT-FOR-US: Fuji Electric V-Server
-CVE-2019-3945
- RESERVED
-CVE-2019-3944
- RESERVED
+CVE-2019-3945 (Web server running on Parrot ANAFI can be crashed due to the
SDK comma ...)
+ TODO: check
+CVE-2019-3944 (Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack,
allowing ...)
+ TODO: check
CVE-2019-3943 (MikroTik RouterOS versions Stable 6.43.12 and below, Long-term
6.42.12 ...)
NOT-FOR-US: MikroTik
-CVE-2019-3942
- RESERVED
+CVE-2019-3942 (Advantech WebAccess 8.3.4 does not properly restrict an RPC
call that ...)
+ TODO: check
CVE-2019-3941 (Advantech WebAccess 8.3.4 allows unauthenticated, remote
attackers to ...)
NOT-FOR-US: Advantech WebAccess
CVE-2019-3940 (Advantech WebAccess 8.3.4 is vulnerable to file upload attacks
via una ...)
@@ -80552,8 +80583,8 @@ CVE-2018-19660 (An exploitable authenticated
command-injection vulnerability exi
NOT-FOR-US: Moxa
CVE-2018-19659 (An exploitable authenticated command-injection vulnerability
exists in ...)
NOT-FOR-US: Moxa
-CVE-2018-19658
- REJECTED
+CVE-2018-19658 (The Markdown editor in YXBJ before 8.3.2 on macOS has stored
XSS. This ...)
+ TODO: check
CVE-2018-19657
RESERVED
CVE-2018-19656
@@ -106556,8 +106587,8 @@ CVE-2018-11108
RESERVED
CVE-2018-11107
RESERVED
-CVE-2018-11106
- RESERVED
+CVE-2018-11106 (NETGEAR has released fixes for a pre-authentication command
injection ...)
+ TODO: check
CVE-2018-11105 (There is stored cross site scripting in the
wp-live-chat-support plugi ...)
NOT-FOR-US: Wordpress plugin
CVE-2018-11104
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f256a619a2d375d0f153d5cfa1fd27e9b8d3fc4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f256a619a2d375d0f153d5cfa1fd27e9b8d3fc4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
