[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 22 Apr 2020 13:11:13 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8e2fcd71 by security tracker role at 2020-04-22T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2020-12070
+       RESERVED
+CVE-2020-12069
+       RESERVED
+CVE-2020-12068
+       RESERVED
+CVE-2020-12067
+       RESERVED
+CVE-2020-12066 (CServer::SendMsg in engine/server/server.cpp in Teeworlds 
0.7.x before ...)
+       TODO: check
+CVE-2020-12065
+       RESERVED
+CVE-2020-12064
+       RESERVED
+CVE-2020-12063
+       RESERVED
+CVE-2020-12062
+       RESERVED
+CVE-2020-12061
+       RESERVED
+CVE-2020-12060
+       RESERVED
+CVE-2020-12059 (An issue was discovered in Ceph through 13.2.9. A POST request 
with an ...)
+       TODO: check
+CVE-2019-20787 (Teeworlds before 0.7.4 has an integer overflow when computing 
a tilema ...)
+       TODO: check
 CVE-2020-12058
        RESERVED
 CVE-2020-12057
@@ -246,8 +272,8 @@ CVE-2020-11940
        RESERVED
 CVE-2020-11939
        RESERVED
-CVE-2020-11938
-       RESERVED
+CVE-2020-11938 (In JetBrains TeamCity 2018.2 through 2019.2.1, a project 
administrator ...)
+       TODO: check
 CVE-2020-11937
        RESERVED
 CVE-2020-11936
@@ -464,46 +490,46 @@ CVE-2018-21132
        RESERVED
 CVE-2018-21131
        RESERVED
-CVE-2018-21130
-       RESERVED
-CVE-2018-21129
-       RESERVED
-CVE-2018-21128
-       RESERVED
-CVE-2018-21127
-       RESERVED
-CVE-2018-21126
-       RESERVED
-CVE-2018-21125
-       RESERVED
-CVE-2018-21124
-       RESERVED
-CVE-2018-21123
-       RESERVED
-CVE-2018-21122
-       RESERVED
-CVE-2018-21121
-       RESERVED
-CVE-2018-21120
-       RESERVED
-CVE-2018-21119
-       RESERVED
-CVE-2018-21118
-       RESERVED
-CVE-2018-21117
-       RESERVED
-CVE-2018-21116
-       RESERVED
-CVE-2018-21115
-       RESERVED
-CVE-2018-21114
-       RESERVED
-CVE-2018-21113
-       RESERVED
-CVE-2018-21112
-       RESERVED
-CVE-2018-21111
-       RESERVED
+CVE-2018-21130 (Certain NETGEAR devices are affected by command injection by 
an unauth ...)
+       TODO: check
+CVE-2018-21129 (Certain NETGEAR devices are affected by disclosure of 
sensitive inform ...)
+       TODO: check
+CVE-2018-21128 (Certain NETGEAR devices are affected by authentication bypass. 
This af ...)
+       TODO: check
+CVE-2018-21127 (Certain NETGEAR devices are affected by command injection by 
an unauth ...)
+       TODO: check
+CVE-2018-21126 (Certain NETGEAR devices are affected by command injection by 
an unauth ...)
+       TODO: check
+CVE-2018-21125 (NETGEAR WAC510 devices before 5.0.0.17 are affected by 
authentication  ...)
+       TODO: check
+CVE-2018-21124 (NETGEAR WAC510 devices before 5.0.0.17 are affected by 
privilege escal ...)
+       TODO: check
+CVE-2018-21123 (Certain NETGEAR devices are affected by command injection by 
an unauth ...)
+       TODO: check
+CVE-2018-21122 (Certain NETGEAR devices are affected by denial of service. 
This affect ...)
+       TODO: check
+CVE-2018-21121 (Certain NETGEAR devices are affected by authentication bypass. 
This af ...)
+       TODO: check
+CVE-2018-21120 (Certain NETGEAR devices are affected by CSRF. This affects 
WAC120 befo ...)
+       TODO: check
+CVE-2018-21119 (Certain NETGEAR devices are affected by command injection by 
an authen ...)
+       TODO: check
+CVE-2018-21118 (NETGEAR XR500 devices before 2.3.2.32 are affected by 
authentication b ...)
+       TODO: check
+CVE-2018-21117 (NETGEAR XR500 devices before 2.3.2.32 are affected by remote 
code exec ...)
+       TODO: check
+CVE-2018-21116 (NETGEAR XR500 devices before 2.3.2.32 are affected by remote 
code exec ...)
+       TODO: check
+CVE-2018-21115 (NETGEAR XR500 devices before 2.3.2.32 are affected by remote 
code exec ...)
+       TODO: check
+CVE-2018-21114 (Certain NETGEAR devices are affected by command injection by 
an authen ...)
+       TODO: check
+CVE-2018-21113 (Certain NETGEAR devices are affected by command injection by 
an unauth ...)
+       TODO: check
+CVE-2018-21112 (Certain NETGEAR devices are affected by command injection by 
an authen ...)
+       TODO: check
+CVE-2018-21111 (Certain NETGEAR devices are affected by a stack-based buffer 
overflow  ...)
+       TODO: check
 CVE-2018-21110
        RESERVED
 CVE-2018-21109
@@ -666,82 +692,82 @@ CVE-2017-18791 (Certain NETGEAR devices are affected by 
CSRF. This affects R6050
        NOT-FOR-US: Netgear
 CVE-2017-18790 (Certain NETGEAR devices are affected by disclosure of 
sensitive inform ...)
        NOT-FOR-US: Netgear
-CVE-2017-18789
-       RESERVED
-CVE-2017-18788
-       RESERVED
-CVE-2017-18787
-       RESERVED
-CVE-2017-18786
-       RESERVED
-CVE-2017-18785
-       RESERVED
-CVE-2017-18784
-       RESERVED
-CVE-2017-18783
-       RESERVED
-CVE-2017-18782
-       RESERVED
-CVE-2017-18781
-       RESERVED
-CVE-2017-18780
-       RESERVED
-CVE-2017-18779
-       RESERVED
-CVE-2017-18778
-       RESERVED
-CVE-2017-18777
-       RESERVED
-CVE-2017-18776
-       RESERVED
-CVE-2017-18775
-       RESERVED
+CVE-2017-18789 (Certain NETGEAR devices are affected by disclosure of 
sensitive inform ...)
+       TODO: check
+CVE-2017-18788 (Certain NETGEAR devices are affected by command injection by 
an authen ...)
+       TODO: check
+CVE-2017-18787 (Certain NETGEAR devices are affected by command injection. 
This affect ...)
+       TODO: check
+CVE-2017-18786 (Certain NETGEAR devices are affected by command injection. 
This affect ...)
+       TODO: check
+CVE-2017-18785 (Certain NETGEAR devices are affected by XSS. This affects 
D3600 before ...)
+       TODO: check
+CVE-2017-18784 (Certain NETGEAR devices are affected by XSS. This affects 
D6200 before ...)
+       TODO: check
+CVE-2017-18783 (Certain NETGEAR devices are affected by XSS. This affects 
D6200 before ...)
+       TODO: check
+CVE-2017-18782 (Certain NETGEAR devices are affected by CSRF. This affects 
D6200 befor ...)
+       TODO: check
+CVE-2017-18781 (Certain NETGEAR devices are affected by CSRF. This affects 
D6200 befor ...)
+       TODO: check
+CVE-2017-18780 (Certain NETGEAR devices are affected by denial of service. 
This affect ...)
+       TODO: check
+CVE-2017-18779 (Certain NETGEAR devices are affected by a buffer overflow. 
This affect ...)
+       TODO: check
+CVE-2017-18778 (Certain NETGEAR devices are affected by incorrect 
configuration of sec ...)
+       TODO: check
+CVE-2017-18777 (Certain NETGEAR devices are affected by administrative 
password disclo ...)
+       TODO: check
+CVE-2017-18776 (Certain NETGEAR devices are affected by authentication bypass. 
This af ...)
+       TODO: check
+CVE-2017-18775 (Certain NETGEAR devices are affected by CSRF. This affects 
R6100 befor ...)
+       TODO: check
 CVE-2017-18774
        RESERVED
-CVE-2017-18773
-       RESERVED
-CVE-2017-18772
-       RESERVED
+CVE-2017-18773 (Certain NETGEAR devices are affected by command injection by 
an authen ...)
+       TODO: check
+CVE-2017-18772 (Certain NETGEAR devices are affected by authentication bypass. 
This af ...)
+       TODO: check
 CVE-2017-18771
        RESERVED
-CVE-2017-18770
-       RESERVED
-CVE-2017-18769
-       RESERVED
-CVE-2017-18768
-       RESERVED
-CVE-2017-18767
-       RESERVED
-CVE-2017-18766
-       RESERVED
-CVE-2017-18765
-       RESERVED
-CVE-2017-18764
-       RESERVED
-CVE-2017-18763
-       RESERVED
-CVE-2017-18762
-       RESERVED
-CVE-2017-18761
-       RESERVED
+CVE-2017-18770 (Certain NETGEAR devices are affected by a buffer overflow by 
an authen ...)
+       TODO: check
+CVE-2017-18769 (Certain NETGEAR devices are affected by an attacker's ability 
to read  ...)
+       TODO: check
+CVE-2017-18768 (Certain NETGEAR devices are affected by CSRF. This affects 
EX6100 befo ...)
+       TODO: check
+CVE-2017-18767 (Certain NETGEAR devices are affected by command injection by 
an authen ...)
+       TODO: check
+CVE-2017-18766 (Certain NETGEAR devices are affected by an attacker's ability 
to read  ...)
+       TODO: check
+CVE-2017-18765 (Certain NETGEAR devices are affected by denial of service. 
This affect ...)
+       TODO: check
+CVE-2017-18764 (Certain NETGEAR devices are affected by command injection by 
an unauth ...)
+       TODO: check
+CVE-2017-18763 (Certain NETGEAR devices are affected by incorrect 
configuration of sec ...)
+       TODO: check
+CVE-2017-18762 (Certain NETGEAR devices are affected by command injection by 
an unauth ...)
+       TODO: check
+CVE-2017-18761 (NETGEAR R8000 devices before 1.0.4.2 are affected by a 
stack-based buf ...)
+       TODO: check
 CVE-2017-18760
        RESERVED
-CVE-2017-18759
-       RESERVED
-CVE-2017-18758
-       RESERVED
-CVE-2017-18757
-       RESERVED
-CVE-2017-18756
-       RESERVED
-CVE-2017-18755
-       RESERVED
-CVE-2017-18754
-       RESERVED
+CVE-2017-18759 (Certain NETGEAR devices are affected by a stack-based buffer 
overflow  ...)
+       TODO: check
+CVE-2017-18758 (Certain NETGEAR devices are affected by a stack-based buffer 
overflow  ...)
+       TODO: check
+CVE-2017-18757 (Certain NETGEAR devices are affected by incorrect 
configuration of sec ...)
+       TODO: check
+CVE-2017-18756 (Certain NETGEAR devices are affected by incorrect 
configuration of sec ...)
+       TODO: check
+CVE-2017-18755 (Certain NETGEAR devices are affected by CSRF. This affects 
R6300v2 bef ...)
+       TODO: check
+CVE-2017-18754 (Certain NETGEAR devices are affected by command injection by 
an authen ...)
+       TODO: check
 CVE-2017-18753
        RESERVED
-CVE-2017-18752
-       RESERVED
+CVE-2017-18752 (Certain NETGEAR devices are affected by an attacker's ability 
to read  ...)
+       TODO: check
 CVE-2017-18751
        RESERVED
 CVE-2017-18750
@@ -1182,10 +1208,10 @@ CVE-2020-11798
        RESERVED
 CVE-2020-11797
        RESERVED
-CVE-2020-11796
-       RESERVED
-CVE-2020-11795
-       RESERVED
+CVE-2020-11796 (In JetBrains Space through 2020-04-22, the password 
authentication imp ...)
+       TODO: check
+CVE-2020-11795 (In JetBrains Space through 2020-04-22, the session timeout 
period was  ...)
+       TODO: check
 CVE-2020-11794
        RESERVED
 CVE-2020-11793 (A use-after-free issue exists in WebKitGTK before 2.28.1 and 
WPE WebKi ...)
@@ -1689,24 +1715,24 @@ CVE-2020-11695
        RESERVED
 CVE-2020-11694 (In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple 
Notarizatio ...)
        - pycharm <itp> (bug #742394)
-CVE-2020-11693
-       RESERVED
-CVE-2020-11692
-       RESERVED
-CVE-2020-11691
-       RESERVED
-CVE-2020-11690
-       RESERVED
-CVE-2020-11689
-       RESERVED
-CVE-2020-11688
-       RESERVED
-CVE-2020-11687
-       RESERVED
-CVE-2020-11686
-       RESERVED
-CVE-2020-11685
-       RESERVED
+CVE-2020-11693 (JetBrains YouTrack before 2020.1.659 was vulnerable to DoS 
that could  ...)
+       TODO: check
+CVE-2020-11692 (In JetBrains YouTrack before 2020.1.659, DB export was 
accessible to r ...)
+       TODO: check
+CVE-2020-11691 (In JetBrains Hub before 2020.1.12099, content spoofing in the 
Hub OAut ...)
+       TODO: check
+CVE-2020-11690 (In JetBrains IntelliJ IDEA before 2020.1, the license server 
could be  ...)
+       TODO: check
+CVE-2020-11689 (In JetBrains TeamCity before 2019.2.1, a user without 
appropriate perm ...)
+       TODO: check
+CVE-2020-11688 (In JetBrains TeamCity before 2019.2.1, the application state 
is kept a ...)
+       TODO: check
+CVE-2020-11687 (In JetBrains TeamCity before 2019.2.2, password values were 
shown in a ...)
+       TODO: check
+CVE-2020-11686 (In JetBrains TeamCity before 2019.1.4, a project administrator 
was abl ...)
+       TODO: check
+CVE-2020-11685 (In JetBrains GoLand before 2019.3.2, the plugin repository was 
accesse ...)
+       TODO: check
 CVE-2015-9547 (An issue was discovered on Samsung mobile devices with JBP(4.3) 
and KK ...)
        NOT-FOR-US: Samsung mobile devices
 CVE-2015-9546 (An issue was discovered on Samsung mobile devices with KK(4.4) 
and lat ...)
@@ -2343,8 +2369,8 @@ CVE-2020-11541
        RESERVED
 CVE-2020-11540
        RESERVED
-CVE-2020-11539
-       RESERVED
+CVE-2020-11539 (An issue was discovered on Tata Sonata Smart SF Rush 1.12 
devices. It  ...)
+       TODO: check
 CVE-2020-11538
        RESERVED
 CVE-2020-11537 (A SQL Injection issue was discovered in ONLYOFFICE Document 
Server 5.5 ...)
@@ -2605,8 +2631,8 @@ CVE-2020-11418
        RESERVED
 CVE-2020-11417
        RESERVED
-CVE-2020-11416
-       RESERVED
+CVE-2020-11416 (JetBrains Space through 2020-04-22 allows stored XSS in Chats. 
...)
+       TODO: check
 CVE-2020-11415
        RESERVED
 CVE-2020-11414 (An issue was discovered in Progress Telerik UI for Silverlight 
before  ...)
@@ -3455,8 +3481,8 @@ CVE-2020-11013
        RESERVED
 CVE-2020-11012
        RESERVED
-CVE-2020-11011
-       RESERVED
+CVE-2020-11011 (In Phproject before version 1.7.8, there's a vulnerability 
which allow ...)
+       TODO: check
 CVE-2020-11010 (In Tortoise ORM before versions 0.15.23 and 0.16.6, various 
forms of S ...)
        NOT-FOR-US: Tortoise ORM
 CVE-2020-11009
@@ -4389,8 +4415,7 @@ CVE-2020-10714
        RESERVED
 CVE-2020-10713
        RESERVED
-CVE-2020-10712
-       RESERVED
+CVE-2020-10712 (A flaw was found in OpenShift Container Platform version 4.1 
and later ...)
        NOT-FOR-US: image registry operator in OpenShift Container Platform
 CVE-2020-10711
        RESERVED
@@ -9503,7 +9528,7 @@ CVE-2020-8511 (In Artica Pandora FMS through 7.42, Web 
Admin users can execute a
        NOT-FOR-US: Artica Pandora FMS
 CVE-2020-8510 (An issue was discovered in phpABook 0.9 Intermediate. On the 
login pag ...)
        NOT-FOR-US: phpABook
-CVE-2020-8509 (Zoho ManageEngine Desktop Central allows unauthenticated users 
to acce ...)
+CVE-2020-8509 (Zoho ManageEngine Desktop Central 10.0.483 allows 
unauthenticated user ...)
        NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2020-8508 (nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to 
call arbi ...)
        NOT-FOR-US: Norman Malware Cleaner
@@ -9581,14 +9606,14 @@ CVE-2020-8479
        RESERVED
 CVE-2020-8478
        RESERVED
-CVE-2020-8477
-       RESERVED
+CVE-2020-8477 (The installations for ABB System 800xA Information Manager 
versions 5. ...)
+       TODO: check
 CVE-2020-8476
        RESERVED
 CVE-2020-8475
        RESERVED
-CVE-2020-8474
-       RESERVED
+CVE-2020-8474 (Weak Registry permissions in ABB System 800xA Base allow low 
privilege ...)
+       TODO: check
 CVE-2020-8473
        RESERVED
 CVE-2020-8472
@@ -11508,8 +11533,8 @@ CVE-2020-7644
        RESERVED
 CVE-2020-7643
        RESERVED
-CVE-2020-7642
-       RESERVED
+CVE-2020-7642 (lazysizes through 5.2.0 allows execution of malicious 
JavaScript. The  ...)
+       TODO: check
 CVE-2020-7641
        RESERVED
 CVE-2020-7640
@@ -11826,14 +11851,14 @@ CVE-2020-7492
        RESERVED
 CVE-2020-7491
        RESERVED
-CVE-2020-7490
-       RESERVED
-CVE-2020-7489
-       RESERVED
-CVE-2020-7488
-       RESERVED
-CVE-2020-7487
-       RESERVED
+CVE-2020-7490 (A CWE-426: Untrusted Search Path vulnerability exists in Vijeo 
Designe ...)
+       TODO: check
+CVE-2020-7489 (A CWE-74: Improper Neutralization of Special Elements in Output 
Used b ...)
+       TODO: check
+CVE-2020-7488 (A CWE-319: Cleartext Transmission of Sensitive Information 
vulnerabili ...)
+       TODO: check
+CVE-2020-7487 (A CWE-345: Insufficient Verification of Data Authenticity 
vulnerabilit ...)
+       TODO: check
 CVE-2020-7486 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could 
cause TC ...)
        NOT-FOR-US: Schneider Electric
 CVE-2020-7485 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support 
account in th ...)
@@ -12847,8 +12872,8 @@ CVE-2020-7057 (Hikvision DVR DS-7204HGHI-F1 V4.0.1 
build 180903 Web Version send
        NOT-FOR-US: Hikvision
 CVE-2020-7056
        RESERVED
-CVE-2020-7055
-       RESERVED
+CVE-2020-7055 (An issue was discovered in Elementor 2.7.4. Arbitrary file 
upload is p ...)
+       TODO: check
 CVE-2020-7054 (MmsValue_decodeMmsData in 
mms/iso_mms/server/mms_access_result.c in li ...)
        NOT-FOR-US: libIEC61850
 CVE-2020-7053 (In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 
longterm t ...)
@@ -15933,8 +15958,8 @@ CVE-2020-5742
        RESERVED
 CVE-2020-5741
        RESERVED
-CVE-2020-5740
-       RESERVED
+CVE-2020-5740 (Improper Input Validation in Plex Media Server on Windows 
allows a loc ...)
+       TODO: check
 CVE-2020-5739 (Grandstream GXP1600 series firmware 1.0.4.152 and below is 
vulnerable  ...)
        NOT-FOR-US: Grandstream
 CVE-2020-5738 (Grandstream GXP1600 series firmware 1.0.4.152 and below is 
vulnerable  ...)
@@ -19907,8 +19932,8 @@ CVE-2020-4087
        RESERVED
 CVE-2020-4086
        RESERVED
-CVE-2020-4085
-       RESERVED
+CVE-2020-4085 ("HCL Connections is vulnerable to possible information leakage 
and cou ...)
+       TODO: check
 CVE-2020-4084 (HCL Connections v5.5, v6.0, and v6.5 are vulnerable to 
cross-site scri ...)
        NOT-FOR-US: HCL Connections
 CVE-2020-4083 (HCL Connections 6.5 is vulnerable to possible information 
leakage. Con ...)
@@ -28006,14 +28031,14 @@ CVE-2019-19109
        RESERVED
 CVE-2019-19108 (An authentication weakness in the SNMP service in B&amp;R 
Automation R ...)
        NOT-FOR-US: B&R Automation Runtime
-CVE-2019-19107
-       RESERVED
-CVE-2019-19106
-       RESERVED
-CVE-2019-19105
-       RESERVED
-CVE-2019-19104
-       RESERVED
+CVE-2019-19107 (The Configuration pages in ABB Telephone Gateway TG/S 3.2 and 
Busch-Ja ...)
+       TODO: check
+CVE-2019-19106 (Improper implementation of Access Control in ABB Telephone 
Gateway TG/ ...)
+       TODO: check
+CVE-2019-19105 (The backup function in ABB Telephone Gateway TG/S 3.2 and 
Busch-Jaeger ...)
+       TODO: check
+CVE-2019-19104 (The web server in ABB Telephone Gateway TG/S 3.2 and 
Busch-Jaeger 6186 ...)
+       TODO: check
 CVE-2019-19103
        RESERVED
 CVE-2019-19102
@@ -68067,8 +68092,8 @@ CVE-2019-6861
        RESERVED
 CVE-2019-6860
        RESERVED
-CVE-2019-6859
-       RESERVED
+CVE-2019-6859 (A CWE-798: Use of Hardcoded Credentials vulnerability exists in 
Modico ...)
+       TODO: check
 CVE-2019-6858 (A CWE-427:Uncontrolled Search Path Element vulnerability exists 
in MSX ...)
        NOT-FOR-US: MSX Configurator
 CVE-2019-6857 (A CWE-754: Improper Check for Unusual or Exceptional Conditions 
vulner ...)
@@ -90001,8 +90026,8 @@ CVE-2018-18407 (A heap-based buffer over-read was 
discovered in the tcpreplay-ed
        NOTE: 
https://github.com/appneta/tcpreplay/commit/1d7561a4d542842a1aeabf55bfd4aaf88b3a1071
 CVE-2018-18406 (An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 
2.16 bu ...)
        NOT-FOR-US: Tufin SecureTrack
-CVE-2018-18405
-       RESERVED
+CVE-2018-18405 (jQuery v2.2.2 allows XSS via a crafted onerror attribute of an 
IMG ele ...)
+       TODO: check
 CVE-2018-18404
        RESERVED
 CVE-2018-18403



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e2fcd7166d047f9cff829c0e082239fe9637676

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e2fcd7166d047f9cff829c0e082239fe9637676
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to