Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
01b7baf1 by security tracker role at 2020-05-07T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2020-12711
+ RESERVED
+CVE-2020-12710
+ RESERVED
+CVE-2020-12709
+ RESERVED
+CVE-2020-12708 (Multiple cross-site scripting vulnerabilities in PHP-Fusion
9.03.50 al ...)
+ TODO: check
+CVE-2020-12707
+ RESERVED
+CVE-2020-12706
+ RESERVED
+CVE-2020-12705
+ RESERVED
+CVE-2020-12704
+ RESERVED
+CVE-2020-12703
+ RESERVED
+CVE-2020-12702
+ RESERVED
+CVE-2020-12701
+ RESERVED
+CVE-2020-12700
+ RESERVED
+CVE-2020-12699
+ RESERVED
+CVE-2020-12698
+ RESERVED
+CVE-2020-12697
+ RESERVED
CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a
URL. ...)
NOT-FOR-US: iframe plugin for WordPress
CVE-2020-12695
@@ -8,27 +38,26 @@ CVE-2020-12693
RESERVED
CVE-2020-12688
RESERVED
-CVE-2020-12687
- RESERVED
+CVE-2020-12687 (An issue was discovered in Serpico before 1.3.3. The
/admin/attacments ...)
+ TODO: check
CVE-2020-12686
RESERVED
CVE-2020-12685
RESERVED
CVE-2020-12684
RESERVED
-CVE-2020-12683
- RESERVED
+CVE-2020-12683 (Katyshop2 before 2.12 has multiple stored XSS issues. ...)
+ TODO: check
CVE-2020-12682
RESERVED
CVE-2020-12681
RESERVED
CVE-2020-12680
RESERVED
-CVE-2020-12679
- RESERVED
+CVE-2020-12679 (A reflected cross-site scripting (XSS) vulnerability in the
Mitel Shor ...)
+ TODO: check
CVE-2020-12678
REJECTED
- TODO: check
CVE-2020-12677
RESERVED
CVE-2020-12676
@@ -209,8 +238,8 @@ CVE-2020-12610
RESERVED
CVE-2020-12609
RESERVED
-CVE-2020-12608
- RESERVED
+CVE-2020-12608 (An issue was discovered in SolarWinds MSP PME (Patch
Management Engine ...)
+ TODO: check
CVE-2020-12607
RESERVED
CVE-2020-12606
@@ -551,8 +580,8 @@ CVE-2020-12450
RESERVED
CVE-2020-12449
RESERVED
-CVE-2020-12448
- RESERVED
+CVE-2020-12448 (GitLab EE 12.8 and later allows Exposure of Sensitive
Information to a ...)
+ TODO: check
CVE-2020-12447 (A Local File Inclusion (LFI) issue on Onkyo TX-NR585
1000-0000-000-000 ...)
NOT-FOR-US: Onkyo
CVE-2020-12446 (The ene.sys driver in G.SKILL Trident Z Lighting Control
through 1.00. ...)
@@ -1367,6 +1396,7 @@ CVE-2020-12110 (Certain TP-Link devices have a Hardcoded
Encryption Key. This af
CVE-2020-12109 (Certain TP-Link devices allow Command Injection. This affects
NC200 2. ...)
NOT-FOR-US: TP-Link
CVE-2020-12108 (/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary
Content ...)
+ {DLA-2204-1}
- mailman <removed>
NOTE: https://bugs.launchpad.net/mailman/+bug/1873722
CVE-2020-12107
@@ -3362,12 +3392,12 @@ CVE-2020-11653 (An issue was discovered in Varnish
Cache before 6.0.6 LTS, 6.1.x
NOTE: https://varnish-cache.org/security/VSV00005.html#vsv00005
NOTE:
https://github.com/varnishcache/varnish-cache/commit/2d8fc1a784a1e26d78c30174923a2b14ee2ebf62
CVE-2020-11652 (An issue was discovered in SaltStack Salt before 2019.2.4 and
3000 bef ...)
- {DSA-4676-1}
+ {DSA-4676-2 DSA-4676-1}
- salt 3000.2+dfsg1-1 (bug #959684)
NOTE:
https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
NOTE: Fixed by:
https://github.com/saltstack/salt/commit/cce7abad9c22d9d50ccee2813acabff8deca35dd
CVE-2020-11651 (An issue was discovered in SaltStack Salt before 2019.2.4 and
3000 bef ...)
- {DSA-4676-1}
+ {DSA-4676-2 DSA-4676-1}
- salt 3000.2+dfsg1-1 (bug #959684)
NOTE:
https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
NOTE: Fixed by:
https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7
@@ -4154,8 +4184,8 @@ CVE-2020-11433
RESERVED
CVE-2020-11432
RESERVED
-CVE-2020-11431
- RESERVED
+CVE-2020-11431 (The documentation component in i-net Clear Reports 16.0 to
19.2, HelpD ...)
+ TODO: check
CVE-2020-11430
RESERVED
CVE-2020-11429
@@ -4964,16 +4994,16 @@ CVE-2020-11048
RESERVED
CVE-2020-11047
RESERVED
-CVE-2020-11046
- RESERVED
-CVE-2020-11045
- RESERVED
-CVE-2020-11044
- RESERVED
+CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream
out-of-bounds ...)
+ TODO: check
+CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an
out-of-bound read i ...)
+ TODO: check
+CVE-2020-11044 (In FreeRDP greater than 1.2 and before 2.0.0, a double free in
update_ ...)
+ TODO: check
CVE-2020-11043
RESERVED
-CVE-2020-11042
- RESERVED
+CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an
out-of-bound ...)
+ TODO: check
CVE-2020-11041
RESERVED
CVE-2020-11040
@@ -5179,14 +5209,14 @@ CVE-2020-10975 (GitLab EE/CE 10.8 to 12.9 is leaking
metadata and comments on vu
[experimental] - gitlab 12.8.8-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
-CVE-2020-10974
- RESERVED
-CVE-2020-10973
- RESERVED
-CVE-2020-10972
- RESERVED
-CVE-2020-10971
- RESERVED
+CVE-2020-10974 (An issue was discovered on Wavlink WL-WN579G3 -
M79X3.V5030.180719 and ...)
+ TODO: check
+CVE-2020-10973 (An issue was discovered on Wavlink WL-WN530HG4
M30HG4.V5030.191116 dev ...)
+ TODO: check
+CVE-2020-10972 (An issue was discovered on Wavlink WL-WN530HG4
M30HG4.V5030.191116 dev ...)
+ TODO: check
+CVE-2020-10971 (An issue was discovered on Wavlink WL-WN579G3
M79X3.V5030.180719, WL-W ...)
+ TODO: check
CVE-2020-10970
RESERVED
CVE-2020-10969 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interact ...)
@@ -10093,10 +10123,10 @@ CVE-2020-8985 (ZendTo prior to 5.22-2 Beta allowed
reflected XSS and CSRF via th
NOT-FOR-US: ZendTo
CVE-2020-8984 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP
address s ...)
NOT-FOR-US: ZendTo
-CVE-2020-8983
- RESERVED
-CVE-2020-8982
- RESERVED
+CVE-2020-8983 (In certain situations, all versions of Citrix ShareFile
StorageZones ( ...)
+ TODO: check
+CVE-2020-8982 (In certain situations, all versions of Citrix ShareFile
StorageZones ( ...)
+ TODO: check
CVE-2020-8981 (A cross-site scripting (XSS) vulnerability was discovered in
the Sourc ...)
NOT-FOR-US: Source Integration plugin for MantisBT
CVE-2020-8980
@@ -12880,12 +12910,12 @@ CVE-2020-7807
RESERVED
CVE-2020-7806 (Tobesoft Xplatform 9.2.2.250 and earlier version have an
arbitrary cod ...)
NOT-FOR-US: Tobesoft Xplatform
-CVE-2020-7805
- RESERVED
+CVE-2020-7805 (An issue was discovered on KT Slim egg IML500 (R7283, R8112,
R8424) an ...)
+ TODO: check
CVE-2020-7804 (ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for
Windows 7, ...)
NOT-FOR-US: Handy Groupware
-CVE-2020-7803
- RESERVED
+CVE-2020-7803 (IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3,
versio ...)
+ TODO: check
CVE-2020-7802 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70,
with fir ...)
NOT-FOR-US: Synergy Systems & Solutions (SSS)
CVE-2020-7801 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70,
with fir ...)
@@ -13198,8 +13228,8 @@ CVE-2020-7648
RESERVED
CVE-2020-7647
RESERVED
-CVE-2020-7646
- RESERVED
+CVE-2020-7646 (curlrequest through 1.0.1 allows execution of arbitrary
commands.It is ...)
+ TODO: check
CVE-2020-7645 (All versions of chrome-launcher allow execution of arbitrary
commands, ...)
NOT-FOR-US: Node chrome-launcher
CVE-2020-7644 (fun-map through 3.3.1 is vulnerable to Prototype Pollution. The
functi ...)
@@ -13563,8 +13593,8 @@ CVE-2020-7475 (A CWE-74: Improper Neutralization of
Special Elements in Output U
NOT-FOR-US: EcoStruxure Control Expert
CVE-2020-7474 (A CWE-427: Uncontrolled Search Path Element vulnerability
exists in Pr ...)
NOT-FOR-US: ProSoft Configurator
-CVE-2020-7473
- RESERVED
+CVE-2020-7473 (In certain situations, all versions of Citrix ShareFile
StorageZones ( ...)
+ TODO: check
CVE-2020-7472
RESERVED
CVE-2019-20390
@@ -15579,10 +15609,10 @@ CVE-2020-6654
RESERVED
CVE-2020-6653
RESERVED
-CVE-2020-6652
- RESERVED
-CVE-2020-6651
- RESERVED
+CVE-2020-6652 (Incorrect Privilege Assignment vulnerability in Eaton's
Intelligent Po ...)
+ TODO: check
+CVE-2020-6651 (Improper Input Validation in Eaton's Intelligent Power Manager
(IPM) v ...)
+ TODO: check
CVE-2020-6650 (UPS companion software v1.05 & Prior is affected by
‘Eval In ...)
NOT-FOR-US: UPS companion software
CVE-2020-6649
@@ -16943,8 +16973,8 @@ CVE-2020-6083
RESERVED
CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the
ico_rea ...)
NOT-FOR-US: Accusoft
-CVE-2020-6081
- RESERVED
+CVE-2020-6081 (An exploitable code execution vulnerability exists in the
PLC_Task fun ...)
+ TODO: check
CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the
resource ...)
{DSA-4671-1}
- libmicrodns <removed>
@@ -17378,10 +17408,10 @@ CVE-2020-5897
RESERVED
CVE-2020-5896
RESERVED
-CVE-2020-5895
- RESERVED
-CVE-2020-5894
- RESERVED
+CVE-2020-5895 (On NGINX Controller versions 3.1.0-3.3.0, AVRD uses
world-readable and ...)
+ TODO: check
+CVE-2020-5894 (On versions 3.0.0-3.3.0, the NGINX Controller webserver does
not inval ...)
+ TODO: check
CVE-2020-5893 (In versions 7.1.5-7.1.8, when a user connects to a VPN using
BIG-IP Ed ...)
NOT-FOR-US: F5 BIG-IP
CVE-2020-5892 (In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in
BIG-IP A ...)
@@ -17666,24 +17696,24 @@ CVE-2020-5753
RESERVED
CVE-2020-5752
RESERVED
-CVE-2020-5751
- RESERVED
-CVE-2020-5750
- RESERVED
-CVE-2020-5749
- RESERVED
-CVE-2020-5748
- RESERVED
-CVE-2020-5747
- RESERVED
-CVE-2020-5746
- RESERVED
-CVE-2020-5745
- RESERVED
-CVE-2020-5744
- RESERVED
-CVE-2020-5743
- RESERVED
+CVE-2020-5751 (Insufficient output sanitization in TCExam 14.2.2 allows a
remote, aut ...)
+ TODO: check
+CVE-2020-5750 (Insufficient output sanitization in TCExam 14.2.2 allows a
remote, una ...)
+ TODO: check
+CVE-2020-5749 (Insufficient output sanitization in TCExam 14.2.2 allows a
remote, aut ...)
+ TODO: check
+CVE-2020-5748 (Insufficient output sanitization in TCExam 14.2.2 allows a
remote, una ...)
+ TODO: check
+CVE-2020-5747 (Insufficient output sanitization in TCExam 14.2.2 allows a
remote, aut ...)
+ TODO: check
+CVE-2020-5746 (Insufficient output sanitization in TCExam 14.2.2 allows a
remote, aut ...)
+ TODO: check
+CVE-2020-5745 (Cross-site request forgery in TCExam 14.2.2 allows a remote
attacker t ...)
+ TODO: check
+CVE-2020-5744 (Relative Path Traversal in TCExam 14.2.2 allows a remote,
authenticate ...)
+ TODO: check
+CVE-2020-5743 (Improper Control of Resource Identifiers in TCExam 14.2.2
allows a rem ...)
+ TODO: check
CVE-2020-5742
RESERVED
CVE-2020-5741
@@ -22757,24 +22787,28 @@ CVE-2020-3904 (Multiple memory corruption issues were
addressed with improved st
CVE-2020-3903 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
CVE-2020-3902 (An input validation issue was addressed with improved input
validation ...)
+ {DSA-4681-1}
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
- wpewebkit 2.28.0-1
NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3901 (A type confusion issue was addressed with improved memory
handling. Th ...)
+ {DSA-4681-1}
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
- wpewebkit 2.28.0-1
NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3900 (A memory corruption issue was addressed with improved memory
handling. ...)
+ {DSA-4681-1}
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
- wpewebkit 2.28.0-1
NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3899 (A memory consumption issue was addressed with improved memory
handling ...)
+ {DSA-4681-1}
- webkit2gtk 2.28.2-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
@@ -22790,6 +22824,7 @@ CVE-2020-3898 [heap based buffer overflow in libcups's
ppdFindOption() in ppd-ma
NOTE:
https://src.fedoraproject.org/rpms/cups/blob/c1920d09b842bd2d0611559d00d595abd8aa2424/f/cups-ppdopen-heap-overflow.patch
NOTE:
https://github.com/apple/cups/commit/82e3ee0e3230287b76a76fb8f16b92ca6e50b444
(cups/ppd.c, ppdc/ppdc-source.cxx)
CVE-2020-3897 (A type confusion issue was addressed with improved memory
handling. Th ...)
+ {DSA-4681-1}
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
@@ -22798,12 +22833,14 @@ CVE-2020-3897 (A type confusion issue was addressed
with improved memory handlin
CVE-2020-3896
RESERVED
CVE-2020-3895 (A memory corruption issue was addressed with improved memory
handling. ...)
+ {DSA-4681-1}
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
- wpewebkit 2.28.0-1
NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3894 (A race condition was addressed with additional validation. This
issue ...)
+ {DSA-4681-1}
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
@@ -22826,6 +22863,7 @@ CVE-2020-3887 (A logic issue was addressed with
improved restrictions. This issu
CVE-2020-3886
RESERVED
CVE-2020-3885 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ {DSA-4681-1}
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
@@ -29706,8 +29744,8 @@ CVE-2019-19166 (Tobesoft XPlatform v9.1, 9.2.0, 9.2.1
and 9.2.2 have a vulnerabi
TODO: check
CVE-2019-19165 (AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a
vulnerability ...)
NOT-FOR-US: Inogard Ebiz4u
-CVE-2019-19164
- RESERVED
+CVE-2019-19164 (dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and
earlier versio ...)
+ TODO: check
CVE-2019-19163
RESERVED
CVE-2019-19162
@@ -30517,24 +30555,24 @@ CVE-2019-18874 (psutil (aka python-psutil) through
5.6.5 can have a double free.
NOTE: https://github.com/giampaolo/psutil/pull/1616
CVE-2019-18873 (FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent
HTTP hea ...)
NOT-FOR-US: FUDForum
-CVE-2019-18872
- RESERVED
-CVE-2019-18871
- RESERVED
-CVE-2019-18870
- RESERVED
-CVE-2019-18869
- RESERVED
-CVE-2019-18868
- RESERVED
-CVE-2019-18867
- RESERVED
-CVE-2019-18866
- RESERVED
-CVE-2019-18865
- RESERVED
-CVE-2019-18864
- RESERVED
+CVE-2019-18872 (Weak password requirements in Blaauw Remote Kiln Control
through v3.00 ...)
+ TODO: check
+CVE-2019-18871 (A path traversal in debug.php accessed via default.php in
Blaauw Remot ...)
+ TODO: check
+CVE-2019-18870 (A path traversal via the iniFile parameter in excel.php in
Blaauw Remo ...)
+ TODO: check
+CVE-2019-18869 (Leftover Debug Code in Blaauw Remote Kiln Control through
v3.00r4 allo ...)
+ TODO: check
+CVE-2019-18868 (Blaauw Remote Kiln Control through v3.00r4 allows an
unauthenticated a ...)
+ TODO: check
+CVE-2019-18867 (Browsable directories in Blaauw Remote Kiln Control through
v3.00r4 al ...)
+ TODO: check
+CVE-2019-18866 (Unauthenticated SQL injection via the username in the login
mechanism ...)
+ TODO: check
+CVE-2019-18865 (Information disclosure via error message discrepancies in
authenticati ...)
+ TODO: check
+CVE-2019-18864 (/server-info and /server-status in Blaauw Remote Kiln Control
through ...)
+ TODO: check
CVE-2019-18863 (A key length vulnerability in the implementation of the SRTP
128-bit k ...)
NOT-FOR-US: Mitel
CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and
allows loca ...)
@@ -127615,8 +127653,8 @@ CVE-2018-5495 (All StorageGRID Webscale versions are
susceptible to a vulnerabil
NOT-FOR-US: NetApp
CVE-2018-5494
RESERVED
-CVE-2018-5493
- RESERVED
+CVE-2018-5493 (ATTO FibreBridge 7500N firmware versions prior to 2.90 are
susceptible ...)
+ TODO: check
CVE-2018-5492 (NetApp E-Series SANtricity OS Controller Software 11.30 and
later vers ...)
NOT-FOR-US: NetApp
CVE-2018-5491
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01b7baf17a12756d3ed341030f3c8a332920faa9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01b7baf17a12756d3ed341030f3c8a332920faa9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
