Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4cb5414b by security tracker role at 2020-04-03T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2020-11507
+ RESERVED
+CVE-2020-11506
+ RESERVED
+CVE-2020-11505
+ RESERVED
+CVE-2020-11504
+ RESERVED
+CVE-2020-11503
+ RESERVED
+CVE-2020-11502
+ RESERVED
+CVE-2020-11500 (Zoom Client for Meetings through 4.6.9 uses the ECB mode of
AES for vi ...)
+ TODO: check
CVE-2020-11499 (Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS
when upd ...)
NOT-FOR-US: Firmware Analysis and Comparison Tool
CVE-2020-11498 (Slack Nebula through 1.1.0 contains a relative path
vulnerability that ...)
@@ -35,7 +49,7 @@ CVE-2020-11483
RESERVED
CVE-2019-20635 (codeBeamer before 9.5.0-RC3 does not properly restrict the
ability to ...)
NOT-FOR-US: codeBeamer
-CVE-2020-11501 [DTLS client hello contains a random value of all zeroes]
+CVE-2020-11501 (GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for
DTLS. The e ...)
- gnutls28 3.6.13-2 (bug #955556)
[stretch] - gnutls28 <not-affected> (Vulnerable code introduced later)
[jessie] - gnutls28 <not-affected> (Vulnerable code introduced later)
@@ -1123,8 +1137,7 @@ CVE-2020-10962
RESERVED
CVE-2020-10961
RESERVED
-CVE-2020-10960 [mediawiki: makeCollapsible allows applying event handler to
any CSS selector]
- RESERVED
+CVE-2020-10960 (In MediaWiki before 1.34.1, users can add various Cascading
Style Shee ...)
{DSA-4651-1}
- mediawiki 1:1.31.7-1
[stretch] - mediawiki <not-affected> (Vulnerable code introduced later)
@@ -1964,8 +1977,8 @@ CVE-2020-10691
TODO: check upstream details
CVE-2020-10690
RESERVED
-CVE-2020-10689
- RESERVED
+CVE-2020-10689 (A flaw was found in the Eclipse Che up to version 7.8.x, where
it did ...)
+ TODO: check
CVE-2020-10688
RESERVED
- resteasy <undetermined>
@@ -2204,12 +2217,12 @@ CVE-2020-10603
RESERVED
CVE-2020-10602
RESERVED
-CVE-2020-10601
- RESERVED
+CVE-2020-10601 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote
Module allow ...)
+ TODO: check
CVE-2020-10600
RESERVED
-CVE-2020-10599
- RESERVED
+CVE-2020-10599 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote
Module may al ...)
+ TODO: check
CVE-2020-10598 (In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia
(PAS) ES ...)
NOT-FOR-US: Pyxis
CVE-2020-10597 (The affected insulin pump is designed to communicate using a
wireless ...)
@@ -6643,12 +6656,12 @@ CVE-2020-8647 (There is a use-after-free vulnerability
in the Linux kernel throu
NOTE:
https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56
CVE-2020-8640
RESERVED
-CVE-2020-8639
- RESERVED
-CVE-2020-8638
- RESERVED
-CVE-2020-8637
- RESERVED
+CVE-2020-8639 (An unrestricted file upload vulnerability in keywordsImport.php
in Tes ...)
+ TODO: check
+CVE-2020-8638 (A SQL injection vulnerability in TestLink 1.9.20 allows
attackers to e ...)
+ TODO: check
+CVE-2020-8637 (A SQL injection vulnerability in TestLink 1.9.20 allows
attackers to e ...)
+ TODO: check
CVE-2020-8636 (An issue was discovered in OpServices OpMon 9.3.2 that allows
Remote C ...)
NOT-FOR-US: OpServices OpMon
CVE-2020-8635 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets
insecure per ...)
@@ -10424,24 +10437,24 @@ CVE-2020-7010
RESERVED
CVE-2020-7009 (Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before
7.6.2 ...)
- elasticsearch <removed>
-CVE-2020-7008
- RESERVED
+CVE-2020-7008 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module
may al ...)
+ TODO: check
CVE-2020-7007 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the
attacker ...)
NOT-FOR-US: Moxa
CVE-2020-7006 (Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port,
RJ45), ...)
NOT-FOR-US: Systech Corporation
CVE-2020-7005 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the
affected produ ...)
NOT-FOR-US: Honeywell
-CVE-2020-7004
- RESERVED
+CVE-2020-7004 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module
may al ...)
+ TODO: check
CVE-2020-7003 (In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and
IOxpre ...)
NOT-FOR-US: Moxa
CVE-2020-7002 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and
prior. ...)
NOT-FOR-US: McAfee
CVE-2020-7001 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the
affected ...)
NOT-FOR-US: Moxa
-CVE-2020-7000
- RESERVED
+CVE-2020-7000 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module
may al ...)
+ TODO: check
CVE-2020-6999 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some
of the p ...)
NOT-FOR-US: Moxa
CVE-2020-6998
@@ -10452,8 +10465,8 @@ CVE-2020-6996
RESERVED
CVE-2020-6995 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and
PT-7828 ser ...)
NOT-FOR-US: Moxa
-CVE-2020-6994
- RESERVED
+CVE-2020-6994 (A buffer overflow vulnerability was found in some devices of
Hirschman ...)
+ TODO: check
CVE-2020-6993 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and
PT-7828 ser ...)
NOT-FOR-US: Moxa
CVE-2020-6992
@@ -16890,8 +16903,8 @@ CVE-2020-4275
RESERVED
CVE-2020-4274
RESERVED
-CVE-2020-4273
- RESERVED
+CVE-2020-4273 (IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged
attack ...)
+ TODO: check
CVE-2020-4272
RESERVED
CVE-2020-4271
@@ -20322,7 +20335,7 @@ CVE-2020-3111 (A vulnerability in the Cisco Discovery
Protocol implementation fo
NOT-FOR-US: Cisco
CVE-2020-3110 (A vulnerability in the Cisco Discovery Protocol implementation
for the ...)
NOT-FOR-US: Cisco
-CVE-2019-19770 (In the Linux kernel 4.19.83, there is a use-after-free (read)
in the d ...)
+CVE-2019-19770 (** DISPUTED ** In the Linux kernel 4.19.83, there is a
use-after-free ...)
- linux <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205713
CVE-2019-19769 (In the Linux kernel 5.3.10, there is a use-after-free (read)
in the pe ...)
@@ -25781,10 +25794,10 @@ CVE-2019-18907
RESERVED
CVE-2019-18906
RESERVED
-CVE-2019-18905
- RESERVED
-CVE-2019-18904
- RESERVED
+CVE-2019-18905 (A Insufficient Verification of Data Authenticity vulnerability
in auto ...)
+ TODO: check
+CVE-2019-18904 (A Uncontrolled Resource Consumption vulnerability in rmt of
SUSE Linux ...)
+ TODO: check
CVE-2019-18903 (A Use After Free vulnerability in wicked of SUSE Linux
Enterprise Serv ...)
NOT-FOR-US: openSUSE wicked
CVE-2019-18902 (A Use After Free vulnerability in wicked of SUSE Linux
Enterprise Serv ...)
@@ -33354,10 +33367,10 @@ CVE-2019-17233 (Functions/EWD_UFAQ_Import.php in the
ultimate-faqs plugin throug
NOT-FOR-US: Wordpress plugin
CVE-2019-17232 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin
through 1.8. ...)
NOT-FOR-US: Wordpress plugin
-CVE-2019-17231
- RESERVED
-CVE-2019-17230
- RESERVED
+CVE-2019-17231 (includes/theme-functions.php in the OneTone theme through
3.0.6 for Wo ...)
+ TODO: check
+CVE-2019-17230 (includes/theme-functions.php in the OneTone theme through
3.0.6 for Wo ...)
+ TODO: check
CVE-2019-17229 (includes/options.php in the
motors-car-dealership-classified-listings ...)
NOT-FOR-US: motors-car-dealership-classified-listings (aka Motors - Car
Dealer & Classified Ads) plugin for WordPress
CVE-2019-17228 (includes/options.php in the
motors-car-dealership-classified-listings ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cb5414bd690e6119abbe27426831c8950e3531f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cb5414bd690e6119abbe27426831c8950e3531f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
