[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 05 May 2020 13:10:56 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1f55169c by security tracker role at 2020-05-05T20:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2017-18867 (Certain NETGEAR devices are affected by incorrect 
configuration of sec ...)
+       TODO: check
+CVE-2017-18866 (Certain NETGEAR devices are affected by stored XSS. This 
affects R9000 ...)
+       TODO: check
+CVE-2017-18865 (Certain NETGEAR devices are affected by a stack-based buffer 
overflow  ...)
+       TODO: check
+CVE-2017-18864 (Certain NETGEAR devices are affected by a buffer overflow by 
an unauth ...)
+       TODO: check
 CVE-2020-12661
        RESERVED
 CVE-2020-12660
@@ -400,12 +408,14 @@ CVE-2019-20793
 CVE-2016-11061 (Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 
6655i, 7 ...)
        NOT-FOR-US: Xerox
 CVE-2020-12626 (An issue was discovered in Roundcube Webmail before 1.4.4. A 
CSRF atta ...)
+       {DSA-4674-1}
        - roundcube 1.4.4+dfsg.1-1 (bug #959142)
        NOTE: https://github.com/roundcube/roundcubemail/pull/7302
        NOTE: 1.4.x: 
https://github.com/roundcube/roundcubemail/commit/9bbda422ff0b782b81de59c86994f1a5fd93f8e6
        NOTE: 1.3.x: 
https://github.com/roundcube/roundcubemail/commit/1e7bec9cb868fa32b05acf6b0a557a6311350c56
        NOTE: 1.2.x: 
https://github.com/roundcube/roundcubemail/commit/cceeff2472c00acb2c6b96c9df7a289f1db77713
 CVE-2020-12625 (An issue was discovered in Roundcube Webmail before 1.4.4. 
There is a  ...)
+       {DSA-4674-1}
        - roundcube 1.4.4+dfsg.1-1 (bug #959140)
        NOTE: 1.4.x: 
https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0
        NOTE: 1.3.x: 
https://github.com/roundcube/roundcubemail/commit/23c06159ae8c6f500336e3075820e648aa6f40a4
@@ -1232,8 +1242,8 @@ CVE-2020-12105 (OpenConnect through 8.08 mishandles 
negative return values from
        NOTE: https://gitlab.com/openconnect/openconnect/-/merge_requests/96
        NOTE: Only an issue if building with OpenSSL, where Debian binary 
packages use
        NOTE: GnuTLS.
-CVE-2020-12104
-       RESERVED
+CVE-2020-12104 (The Import feature in the wp-advanced-search plugin 3.3.6 for 
WordPres ...)
+       TODO: check
 CVE-2020-12103 (In Tiny File Manager 2.4.1 there is a vulnerability in the 
ajax file b ...)
        NOT-FOR-US: Tiny File Manager
 CVE-2020-12102 (In Tiny File Manager 2.4.1, there is a Path Traversal 
vulnerability in ...)
@@ -2065,13 +2075,15 @@ CVE-2017-18776 (Certain NETGEAR devices are affected by 
authentication bypass. T
        NOT-FOR-US: Netgear
 CVE-2017-18775 (Certain NETGEAR devices are affected by CSRF. This affects 
R6100 befor ...)
        NOT-FOR-US: Netgear
-CVE-2017-18774 (Certain NETGEAR devices are affected by incorrect 
configuration of sec ...)
+CVE-2017-18774
+       REJECTED
        NOT-FOR-US: Netgear
 CVE-2017-18773 (Certain NETGEAR devices are affected by command injection by 
an authen ...)
        NOT-FOR-US: Netgear
 CVE-2017-18772 (Certain NETGEAR devices are affected by authentication bypass. 
This af ...)
        NOT-FOR-US: Netgear
-CVE-2017-18771 (Certain NETGEAR devices are affected by stored XSS. This 
affects R9000 ...)
+CVE-2017-18771
+       REJECTED
        NOT-FOR-US: Netgear
 CVE-2017-18770 (Certain NETGEAR devices are affected by a buffer overflow by 
an authen ...)
        NOT-FOR-US: Netgear
@@ -2093,7 +2105,8 @@ CVE-2017-18762 (Certain NETGEAR devices are affected by 
command injection by an
        NOT-FOR-US: Netgear
 CVE-2017-18761 (NETGEAR R8000 devices before 1.0.4.2 are affected by a 
stack-based buf ...)
        NOT-FOR-US: Netgear
-CVE-2017-18760 (Certain NETGEAR devices are affected by a stack-based buffer 
overflow  ...)
+CVE-2017-18760
+       REJECTED
        NOT-FOR-US: Netgear
 CVE-2017-18759 (Certain NETGEAR devices are affected by a stack-based buffer 
overflow  ...)
        NOT-FOR-US: Netgear
@@ -2107,7 +2120,8 @@ CVE-2017-18755 (Certain NETGEAR devices are affected by 
CSRF. This affects R6300
        NOT-FOR-US: Netgear
 CVE-2017-18754 (Certain NETGEAR devices are affected by command injection by 
an authen ...)
        NOT-FOR-US: Netgear
-CVE-2017-18753 (Certain NETGEAR devices are affected by a buffer overflow by 
an unauth ...)
+CVE-2017-18753
+       REJECTED
        NOT-FOR-US: Netgear
 CVE-2017-18752 (Certain NETGEAR devices are affected by an attacker's ability 
to read  ...)
        NOT-FOR-US: Netgear
@@ -2371,6 +2385,7 @@ CVE-2020-11869 (An integer overflow was found in QEMU 
4.0.1 through 4.2.0 in the
        NOTE: Fixed by: 
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ac2071c3791b67fc7af78b8ceb320c01ca1b5df7
        NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/2
 CVE-2020-11868 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an 
off-pat ...)
+       {DLA-2201-1}
        - ntp 1:4.2.8p14+dfsg-1
        [buster] - ntp <no-dsa> (Minor issue)
        [stretch] - ntp <no-dsa> (Minor issue)
@@ -3000,8 +3015,8 @@ CVE-2020-11739 (An issue was discovered in Xen through 
4.13.x, allowing guest OS
        NOTE: https://xenbits.xen.org/xsa/advisory-314.html
 CVE-2020-11738 (The Snap Creek Duplicator plugin before 1.3.28 for WordPress 
(and Dupl ...)
        NOT-FOR-US: Snap Creek Duplicator plugin for WordPress
-CVE-2020-11737
-       RESERVED
+CVE-2020-11737 (A cross-site scripting (XSS) vulnerability in Web Client in 
Zimbra 9.0 ...)
+       TODO: check
 CVE-2020-11735
        RESERVED
 CVE-2020-11736 (fr-archive-libarchive.c in GNOME file-roller through 3.36.1 
allows Dir ...)
@@ -3867,7 +3882,7 @@ CVE-2020-11497
 CVE-2020-11496
        RESERVED
 CVE-2020-11495
-       RESERVED
+       REJECTED
 CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c 
in the  ...)
        - linux 5.5.17-1
        NOTE: 
https://lore.kernel.org/netdev/[email protected]/
@@ -10305,10 +10320,10 @@ CVE-2019-20451 (The HTTP API in Prismview System 9 
11.10.17.00 and Prismview Pla
        NOT-FOR-US: Prismview
 CVE-2017-18642 (Syska Smart Bulb devices through 2017-08-06 receive RGB 
parameters ove ...)
        NOT-FOR-US: Syska Smart Bulb devices
-CVE-2020-8830
-       RESERVED
-CVE-2020-8829
-       RESERVED
+CVE-2020-8830 (CSRF in login.asp on Ruckus devices allows an attacker to 
access the p ...)
+       TODO: check
+CVE-2020-8829 (CSRF on Intelbras CIP 92200 devices allows an attacker to 
access the p ...)
+       TODO: check
 CVE-2020-8828 (As of v1.5.0, the default admin password is set to the 
argocd-server p ...)
        NOT-FOR-US: Argo
 CVE-2020-8827 (As of v1.5.0, the Argo API does not implement anti-automation 
measures ...)
@@ -10384,8 +10399,8 @@ CVE-2020-8801 (SuiteCRM through 7.11.11 allows PHAR 
Deserialization. ...)
        NOT-FOR-US: SuiteCRM
 CVE-2020-8800 (SuiteCRM through 7.11.11 allows 
EmailsControllerActionGetFromFields PH ...)
        NOT-FOR-US: SuiteCRM
-CVE-2020-8799
-       RESERVED
+CVE-2020-8799 (A Stored XSS vulnerability has been found in the administration 
page o ...)
+       TODO: check
 CVE-2020-8798 (httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers 
to cha ...)
        NOT-FOR-US: Juplink
 CVE-2020-8797 (Juplink RX4-1500 v1.0.3 allows remote attackers to gain root 
access to ...)
@@ -12090,8 +12105,8 @@ CVE-2020-8035
        RESERVED
 CVE-2020-8034
        RESERVED
-CVE-2020-8033
-       RESERVED
+CVE-2020-8033 (Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp 
Device Nam ...)
+       TODO: check
 CVE-2020-8032
        RESERVED
 CVE-2020-8031
@@ -12202,8 +12217,8 @@ CVE-2020-7985
        RESERVED
 CVE-2020-7984 (SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 
HF2 allow ...)
        NOT-FOR-US: SolarWinds
-CVE-2020-7983
-       RESERVED
+CVE-2020-7983 (A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices 
allows re ...)
+       TODO: check
 CVE-2019-20432 (In the Lustre file system before 2.12.3, the mdt module has an 
out-of- ...)
        - lustre <removed>
 CVE-2019-20431 (In the Lustre file system before 2.12.3, the ptlrpc module has 
an osd_ ...)
@@ -17972,8 +17987,8 @@ CVE-2016-11017 (The application login page in AKIPS 
Network Monitor 15.37 throug
        NOT-FOR-US: AKIPS Network Monitor
 CVE-2020-5518
        RESERVED
-CVE-2020-5517
-       RESERVED
+CVE-2020-5517 (CSRF in the /login URI in BlueOnyx 5209R allows an attacker to 
access  ...)
+       TODO: check
 CVE-2020-5516
        RESERVED
 CVE-2020-5515 (Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. ...)
@@ -27950,14 +27965,14 @@ CVE-2020-1926
        RESERVED
 CVE-2020-1925 (Apache Olingo versions 4.0.0 to 4.7.0 provide the 
AsyncRequestWrapperI ...)
        NOT-FOR-US: Olingo
-CVE-2019-19517
-       RESERVED
+CVE-2019-19517 (Intelbras RF1200 1.1.3 devices allow CSRF to bypass the 
login.html for ...)
+       TODO: check
 CVE-2019-19516 (Intelbras WRN 150 1.0.18 devices allow CSRF via 
GO=system_password.asp ...)
        NOT-FOR-US: Intelbras WRN
-CVE-2019-19515
-       RESERVED
-CVE-2019-19514
-       RESERVED
+CVE-2019-19515 (Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in 
wireles ...)
+       TODO: check
+CVE-2019-19514 (Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in 
basic r ...)
+       TODO: check
 CVE-2019-19513
        RESERVED
 CVE-2020-1924
@@ -28772,11 +28787,13 @@ CVE-2020-1742
 CVE-2020-1741 (A flaw was found in openshift-ansible. OpenShift Container 
Platform (O ...)
        NOT-FOR-US: openshift-ansible
 CVE-2020-1740 (A flaw was found in Ansible Engine when using Ansible Vault for 
editin ...)
+       {DLA-2202-1}
        - ansible <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802193
        NOTE: https://github.com/ansible/ansible/issues/67798
        NOTE: https://github.com/ansible/ansible/pull/68644
 CVE-2020-1739 (A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, 
and 2.9 ...)
+       {DLA-2202-1}
        - ansible <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802178
        NOTE: https://github.com/ansible/ansible/issues/67797
@@ -28813,6 +28830,7 @@ CVE-2020-1734 (A flaw was found in the pipe lookup 
plugin of ansible. Arbitrary
        NOTE: Upstream considers this intended functionality and delegates it 
up to the
        NOTE: playbook author to ensure they use the quote filter.
 CVE-2020-1733 (A race condition flaw was found in Ansible Engine 2.7.17 and 
prior, 2. ...)
+       {DLA-2202-1}
        - ansible <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801735
        NOTE: https://github.com/ansible/ansible/issues/67791
@@ -45180,6 +45198,7 @@ CVE-2019-14847 (A flaw was found in samba 4.0.0 before 
samba 4.9.15 and samba 4.
        [jessie] - samba <no-dsa> (Minor issue)
        NOTE: https://www.samba.org/samba/security/CVE-2019-14847.html
 CVE-2019-14846 (Ansible, all ansible_engine-2.x versions and 
ansible_engine-3.x up to  ...)
+       {DLA-2202-1}
        - ansible 2.8.6+dfsg-1 (low; bug #942188)
        [buster] - ansible <no-dsa> (Minor issue)
        [stretch] - ansible <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f55169c034a6da2d0ef0155bc4f86b8bd512d33

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f55169c034a6da2d0ef0155bc4f86b8bd512d33
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to