Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ba330a8b by security tracker role at 2020-04-23T08:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-12079 (Beaker before 0.8.9 allows a sandbox escape, enabling system
access an ...)
+ TODO: check
+CVE-2020-12078
+ RESERVED
+CVE-2020-12077 (The mappress-google-maps-for-wordpress plugin before 2.53.9
for WordPr ...)
+ TODO: check
+CVE-2020-12076 (The data-tables-generator-by-supsystic plugin before 1.9.92
for WordPr ...)
+ TODO: check
+CVE-2020-12075 (The data-tables-generator-by-supsystic plugin before 1.9.92
for WordPr ...)
+ TODO: check
+CVE-2020-12074 (The users-customers-import-export-for-wp-woocommerce plugin
before 1.3 ...)
+ TODO: check
+CVE-2020-12073 (The responsive-add-ons plugin before 2.2.7 for WordPress has
incorrect ...)
+ TODO: check
+CVE-2020-12072
+ RESERVED
+CVE-2020-12071 (Anchor 0.12.7 allows admins to cause XSS via crafted post
content. ...)
+ TODO: check
CVE-2020-12070
RESERVED
CVE-2020-12069
@@ -451,10 +469,10 @@ CVE-2018-21153
RESERVED
CVE-2018-21152
RESERVED
-CVE-2018-21151
- RESERVED
-CVE-2018-21150
- RESERVED
+CVE-2018-21151 (Certain NETGEAR devices are affected by a buffer overflow by
an authen ...)
+ TODO: check
+CVE-2018-21150 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
CVE-2018-21149
RESERVED
CVE-2018-21148 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
@@ -1828,8 +1846,7 @@ CVE-2020-11651
RESERVED
CVE-2020-11650 (An issue was discovered in iXsystems FreeNAS (and TrueNAS)
11.2 before ...)
NOT-FOR-US: FreeNAS
-CVE-2020-11649
- RESERVED
+CVE-2020-11649 (An issue was discovered in GitLab CE and EE 8.15 through
12.9.2. Membe ...)
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/
CVE-2020-11648
@@ -2438,12 +2455,10 @@ CVE-2020-11508 (An XSS vulnerability in the WP Lead
Plus X plugin through 0.98 f
NOT-FOR-US: WP Lead Plus X plugin for WordPress
CVE-2020-11507 (An Untrusted Search Path vulnerability in Malwarebytes
AdwCleaner 8.0. ...)
NOT-FOR-US: Malwarebytes AdwCleaner
-CVE-2020-11506
- RESERVED
+CVE-2020-11506 (An issue was discovered in GitLab 10.7.0 and later through
12.9.2. A W ...)
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/
-CVE-2020-11505
- RESERVED
+CVE-2020-11505 (An issue was discovered in GitLab Community Edition (CE) and
Enterpris ...)
- gitlab <not-affected> (Only affects GitLab EE 12.8.0 and later)
NOTE:
https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/
CVE-2020-11504
@@ -3741,60 +3756,60 @@ CVE-2020-10917
RESERVED
CVE-2020-10916
RESERVED
-CVE-2020-10915
- RESERVED
-CVE-2020-10914
- RESERVED
-CVE-2020-10913
- RESERVED
-CVE-2020-10912
- RESERVED
-CVE-2020-10911
- RESERVED
-CVE-2020-10910
- RESERVED
-CVE-2020-10909
- RESERVED
-CVE-2020-10908
- RESERVED
-CVE-2020-10907
- RESERVED
-CVE-2020-10906
- RESERVED
-CVE-2020-10905
- RESERVED
-CVE-2020-10904
- RESERVED
-CVE-2020-10903
- RESERVED
-CVE-2020-10902
- RESERVED
-CVE-2020-10901
- RESERVED
-CVE-2020-10900
- RESERVED
-CVE-2020-10899
- RESERVED
-CVE-2020-10898
- RESERVED
-CVE-2020-10897
- RESERVED
-CVE-2020-10896
- RESERVED
-CVE-2020-10895
- RESERVED
-CVE-2020-10894
- RESERVED
-CVE-2020-10893
- RESERVED
-CVE-2020-10892
- RESERVED
-CVE-2020-10891
- RESERVED
-CVE-2020-10890
- RESERVED
-CVE-2020-10889
- RESERVED
+CVE-2020-10915 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10914 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10913 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10912 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10911 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10910 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10909 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10908 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10907 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10906 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10905 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2020-10904 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10903 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2020-10902 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10901 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2020-10900 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10899 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10898 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10897 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10896 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10895 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10894 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2020-10893 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10892 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10891 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10890 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10889 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
CVE-2020-10888 (This vulnerability allows remote attackers to bypass
authentication on ...)
NOT-FOR-US: TP-Link
CVE-2020-10887 (This vulnerability allows a firewall bypass on affected
installations ...)
@@ -8675,8 +8690,8 @@ CVE-2020-8869
RESERVED
CVE-2020-8868 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
NOT-FOR-US: Quest Foglight Evolve
-CVE-2020-8867
- RESERVED
+CVE-2020-8867 (This vulnerability allows remote attackers to create a
denial-of-servi ...)
+ TODO: check
CVE-2020-8866 (This vulnerability allows remote attackers to create arbitrary
files o ...)
{DLA-2162-1}
- php-horde-form <unfixed> (bug #955020)
@@ -8778,8 +8793,8 @@ CVE-2020-8834 (KVM in the Linux kernel on Power8
processors has a conflicting us
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/2
-CVE-2020-8833
- RESERVED
+CVE-2020-8833 (Time-of-check Time-of-use Race Condition vulnerability on crash
report ...)
+ TODO: check
CVE-2020-8832 (The fix for the Linux kernel in Ubuntu 18.04 LTS for
CVE-2019-14615 (" ...)
- linux 4.16.5-1
[jessie] - linux <not-affected> (No support for this hardware)
@@ -8789,8 +8804,8 @@ CVE-2020-8832 (The fix for the Linux kernel in Ubuntu
18.04 LTS for CVE-2019-146
NOTE: CVE-2019-14615 which is bc8a76a152c5 ("drm/i915/gen9: Clear
residual context
NOTE: state on context switch"). But there is need to apply as well the
prerequistite
NOTE: d2b4b97933f5 ("drm/i915: Record the default hw state after reset
upon load").
-CVE-2020-8831
- RESERVED
+CVE-2020-8831 (Apport creates a world writable lock file with root ownership
in the w ...)
+ TODO: check
CVE-2019-20451 (The HTTP API in Prismview System 9 11.10.17.00 and Prismview
Player 11 ...)
NOT-FOR-US: Prismview
CVE-2017-18642 (Syska Smart Bulb devices through 2017-08-06 receive RGB
parameters ove ...)
@@ -12161,8 +12176,8 @@ CVE-2020-7352
RESERVED
CVE-2020-7351
RESERVED
-CVE-2020-7350
- RESERVED
+CVE-2020-7350 (Rapid7 Metasploit Framework version 5.0.84 and prior suffers
from an i ...)
+ TODO: check
CVE-2020-7349
RESERVED
CVE-2020-7348
@@ -25890,8 +25905,7 @@ CVE-2020-1985 (Incorrect Default Permissions on
C:\Programdata\Secdo\Logs folder
NOT-FOR-US: Palo Alto Networks
CVE-2020-1984 (Secdo tries to execute a script at a hardcoded path if present,
which ...)
NOT-FOR-US: Palo Alto Networks
-CVE-2020-1983
- RESERVED
+CVE-2020-1983 (A use after free vulnerability in ip_reass() in ip_input.c of
libslirp ...)
- qemu 1:4.1-2
- qemu-kvm <removed>
- libslirp 4.2.0-2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba330a8b0733de4bf166f9c5095dadc13904e85b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba330a8b0733de4bf166f9c5095dadc13904e85b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
