Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1e6cf800 by security tracker role at 2020-04-17T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2020-11875
+ RESERVED
+CVE-2020-11874
+ RESERVED
+CVE-2020-11873
+ RESERVED
+CVE-2020-11872 (The Cloud Functions subsystem in OpenTrace 1.0 might allow
fabrication ...)
+ TODO: check
+CVE-2020-11871
+ RESERVED
+CVE-2020-11870
+ RESERVED
+CVE-2020-11869
+ RESERVED
+CVE-2020-11868 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an
off-pat ...)
+ TODO: check
+CVE-2020-11867
+ RESERVED
+CVE-2020-11866
+ RESERVED
+CVE-2020-11865
+ RESERVED
+CVE-2020-11864
+ RESERVED
+CVE-2020-11863
+ RESERVED
+CVE-2019-20785
+ RESERVED
+CVE-2019-20784
+ RESERVED
+CVE-2019-20783
+ RESERVED
+CVE-2019-20782
+ RESERVED
+CVE-2019-20781
+ RESERVED
+CVE-2019-20780
+ RESERVED
+CVE-2019-20779
+ RESERVED
+CVE-2019-20778
+ RESERVED
+CVE-2019-20777
+ RESERVED
+CVE-2019-20776
+ RESERVED
+CVE-2019-20775
+ RESERVED
+CVE-2019-20774
+ RESERVED
+CVE-2019-20773
+ RESERVED
+CVE-2019-20772
+ RESERVED
+CVE-2019-20771
+ RESERVED
+CVE-2019-20770
+ RESERVED
+CVE-2019-20769
+ RESERVED
CVE-2020-11862
RESERVED
CVE-2020-11861
@@ -198,82 +258,82 @@ CVE-2020-11768 (Certain NETGEAR devices are affected by
Stored XSS. This affects
NOT-FOR-US: Netgear
CVE-2019-20767 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
NOT-FOR-US: Netgear
-CVE-2019-20766
- RESERVED
-CVE-2019-20765
- RESERVED
-CVE-2019-20764
- RESERVED
-CVE-2019-20763
- RESERVED
-CVE-2019-20762
- RESERVED
-CVE-2019-20761
- RESERVED
-CVE-2019-20760
- RESERVED
-CVE-2019-20759
- RESERVED
-CVE-2019-20758
- RESERVED
-CVE-2019-20757
- RESERVED
-CVE-2019-20756
- RESERVED
-CVE-2019-20755
- RESERVED
-CVE-2019-20754
- RESERVED
-CVE-2019-20753
- RESERVED
-CVE-2019-20752
- RESERVED
-CVE-2019-20751
- RESERVED
-CVE-2019-20750
- RESERVED
-CVE-2019-20749
- RESERVED
-CVE-2019-20748
- RESERVED
-CVE-2019-20747
- RESERVED
-CVE-2019-20746
- RESERVED
-CVE-2019-20745
- RESERVED
-CVE-2019-20744
- RESERVED
-CVE-2019-20743
- RESERVED
-CVE-2019-20742
- RESERVED
-CVE-2019-20741
- RESERVED
-CVE-2019-20740
- RESERVED
-CVE-2019-20739
- RESERVED
-CVE-2019-20738
- RESERVED
-CVE-2019-20737
- RESERVED
-CVE-2019-20736
- RESERVED
-CVE-2019-20735
- RESERVED
-CVE-2019-20734
- RESERVED
-CVE-2019-20733
- RESERVED
-CVE-2019-20732
- RESERVED
-CVE-2019-20731
- RESERVED
-CVE-2019-20730
- RESERVED
-CVE-2019-20729
- RESERVED
+CVE-2019-20766 (NETGEAR R7800 devices before 1.0.2.52 are affected by a
stack-based bu ...)
+ TODO: check
+CVE-2019-20765 (NETGEAR R7800 devices before 1.0.2.52 are affected by a
stack-based bu ...)
+ TODO: check
+CVE-2019-20764 (NETGEAR R7800 devices before 1.0.2.52 are affected by a
stack-based bu ...)
+ TODO: check
+CVE-2019-20763 (NETGEAR R7800 devices before 1.0.2.52 are affected by a
stack-based bu ...)
+ TODO: check
+CVE-2019-20762 (Certain NETGEAR devices are affected by a buffer overflow by
an authen ...)
+ TODO: check
+CVE-2019-20761 (NETGEAR R7800 devices before 1.0.2.62 are affected by command
injectio ...)
+ TODO: check
+CVE-2019-20760 (NETGEAR R9000 devices before 1.0.4.26 are affected by
authentication b ...)
+ TODO: check
+CVE-2019-20759 (NETGEAR R9000 devices before 1.0.4.26 are affected by stored
XSS. ...)
+ TODO: check
+CVE-2019-20758 (NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer
overflo ...)
+ TODO: check
+CVE-2019-20757 (NETGEAR R7800 devices before 1.0.2.62 are affected by command
injectio ...)
+ TODO: check
+CVE-2019-20756 (Certain NETGEAR devices are affected by reflected XSS. This
affects EX ...)
+ TODO: check
+CVE-2019-20755 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2019-20754 (Certain NETGEAR devices are affected by a buffer overflow by
an authen ...)
+ TODO: check
+CVE-2019-20753 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2019-20752 (Certain NETGEAR devices are affected by stored XSS. This
affects D3600 ...)
+ TODO: check
+CVE-2019-20751 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2019-20750 (Certain NETGEAR devices are affected by stored XSS. This
affects D7800 ...)
+ TODO: check
+CVE-2019-20749 (Certain NETGEAR devices are affected by stored XSS. This
affects D7800 ...)
+ TODO: check
+CVE-2019-20748 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2019-20747 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2019-20746 (Certain NETGEAR devices are affected by reflected XSS. This
affects D3 ...)
+ TODO: check
+CVE-2019-20745 (Certain NETGEAR devices are affected by command injection by
an authen ...)
+ TODO: check
+CVE-2019-20744 (NETGEAR WAC510 devices before 5.0.10.2 are affected by
disclosure of s ...)
+ TODO: check
+CVE-2019-20743 (NETGEAR WAC510 devices before 8.0.1.3 are affected by stored
XSS. ...)
+ TODO: check
+CVE-2019-20742 (NETGEAR WAC510 devices before 8.0.1.3 are affected by stored
XSS. ...)
+ TODO: check
+CVE-2019-20741 (NETGEAR WAC510 devices before 5.0.10.2 are affected by
disclosure of s ...)
+ TODO: check
+CVE-2019-20740 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2019-20739 (NETGEAR R8500 devices before v1.0.2.128 are affected by a
buffer overf ...)
+ TODO: check
+CVE-2019-20738 (Certain NETGEAR devices are affected by stored XSS. This
affects D6100 ...)
+ TODO: check
+CVE-2019-20737 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2019-20736 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2019-20735 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2019-20734 (Certain NETGEAR devices are affected by a buffer overflow by
an unauth ...)
+ TODO: check
+CVE-2019-20733 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2019-20732 (Certain NETGEAR devices are affected by command injection by
an authen ...)
+ TODO: check
+CVE-2019-20731 (Certain NETGEAR devices are affected by a buffer overflow by
an authen ...)
+ TODO: check
+CVE-2019-20730 (Certain NETGEAR devices are affected by SQL injection. This
affects D3 ...)
+ TODO: check
+CVE-2019-20729 (Certain NETGEAR devices are affected by incorrect
configuration of sec ...)
+ TODO: check
CVE-2019-20728 (Certain NETGEAR devices are affected by a buffer overflow by
an authen ...)
NOT-FOR-US: Netgear
CVE-2019-20727 (Certain NETGEAR devices are affected by command injection by
an authen ...)
@@ -15816,8 +15876,8 @@ CVE-2020-5296
RESERVED
CVE-2020-5295
RESERVED
-CVE-2020-5294
- RESERVED
+CVE-2020-5294 (PrestaShop module ps_facetedsearch versions before 2.1.0 has a
reflect ...)
+ TODO: check
CVE-2020-5293
RESERVED
CVE-2020-5292 (Leantime before versions 2.0.15 and 2.1-beta3 has a SQL
Injection vuln ...)
@@ -15873,8 +15933,8 @@ CVE-2020-5274 (In Symfony before versions 5.0.5 and
4.4.5, some properties of th
NOTE:
https://symfony.com/blog/cve-2020-5274-fix-exception-message-escaping-rendered-by-errorhandler
NOTE:
https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad
NOTE:
https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db
-CVE-2020-5273
- RESERVED
+CVE-2020-5273 (In PrestaShop module ps_linklist versions before 3.1.0, there
is a sto ...)
+ TODO: check
CVE-2020-5272
RESERVED
CVE-2020-5271
@@ -15892,8 +15952,8 @@ CVE-2020-5267 (In ActionView before versions 6.0.2.2
and 5.2.4.2, there is a pos
[stretch] - rails <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/03/19/1
NOTE:
https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a
(master)
-CVE-2020-5266
- RESERVED
+CVE-2020-5266 (In the ps_link module for PrestaShop before version 3.1.0,
there is a ...)
+ TODO: check
CVE-2020-5265
RESERVED
CVE-2020-5264
@@ -39746,7 +39806,8 @@ CVE-2019-15603 (The seefl package v0.1.1 is vulnerable
to a stored Cross-Site Sc
NOT-FOR-US: seefl
CVE-2019-15602 (The fileview package v0.1.6 has inadequate output encoding and
escapin ...)
NOT-FOR-US: fileview
-CVE-2019-15601 (CURL before 7.68.0 lacks proper input validation, which allows
users t ...)
+CVE-2019-15601
+ REJECTED
- curl <not-affected> (Windows only)
CVE-2019-15600 (A Path traversal exists in http_server which allows an
attacker to rea ...)
NOT-FOR-US: Node module http_server
@@ -53981,7 +54042,7 @@ CVE-2019-11287 (Pivotal RabbitMQ, versions 3.7.x prior
to 3.7.21 and 3.8.x prior
CVE-2019-11286
RESERVED
CVE-2019-11285
- RESERVED
+ REJECTED
CVE-2019-11284 (Pivotal Reactor Netty, versions prior to 0.8.11, passes
headers throug ...)
NOT-FOR-US: Pivotal
CVE-2019-11283 (Cloud Foundry SMB Volume, versions prior to v2.0.3,
accidentally outpu ...)
@@ -65881,8 +65942,7 @@ CVE-2019-7308 (kernel/bpf/verifier.c in the Linux
kernel before 4.20.6 performs
NOTE: Fixed by:
https://git.kernel.org/linus/d3bd7413e0ca40b60cf60d4003246d067cafdeda
CVE-2019-7307 (Apport before versions 2.14.1-0ubuntu3.29+esm1,
2.20.1-0ubuntu2.19, 2. ...)
NOT-FOR-US: Apport
-CVE-2019-7306 [Apport hook may expose sensitive information]
- RESERVED
+CVE-2019-7306 (Byobu Apport hook may disclose sensitive information since it
automati ...)
- byobu <unfixed> (unimportant)
NOTE: https://bugs.launchpad.net/ubuntu/+source/byobu/+bug/1827202
NOTE: Issue in /usr/share/apport/package-hooks/source_byobu.py hook,
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e6cf80098fd02b2ada4e78e43aa9b228ac4cdb8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e6cf80098fd02b2ada4e78e43aa9b228ac4cdb8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
