[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 11 May 2020 13:10:41 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7217e547 by security tracker role at 2020-05-11T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,38 @@
-CVE-2020-12783 [Out-of-bound buffer read leads to Authentication Bypass in 
Exim SPA authentication method]
+CVE-2020-12790 (In the SEOmatic plugin before 3.2.49 for Craft CMS, 
helpers/DynamicMet ...)
+       TODO: check
+CVE-2020-12789
+       RESERVED
+CVE-2020-12788
+       RESERVED
+CVE-2020-12787
+       RESERVED
+CVE-2020-12786
+       RESERVED
+CVE-2020-12785 (cPanel before 86.0.14 allows attackers to obtain access to the 
current ...)
+       TODO: check
+CVE-2020-12784 (cPanel before 86.0.14 allows remote attackers to trigger a 
bandwidth s ...)
+       TODO: check
+CVE-2020-12782
+       RESERVED
+CVE-2020-12781
+       RESERVED
+CVE-2020-12780
+       RESERVED
+CVE-2020-12779
+       RESERVED
+CVE-2020-12778
+       RESERVED
+CVE-2020-12777
+       RESERVED
+CVE-2020-12776
+       RESERVED
+CVE-2020-12775
+       RESERVED
+CVE-2020-12774
+       RESERVED
+CVE-2020-12773
+       RESERVED
+CVE-2020-12783 (Exim through 4.93 has an out-of-bounds read in the SPA 
authenticator t ...)
        - exim4 4.93-16
        NOTE: https://bugs.exim.org/show_bug.cgi?id=2571
        NOTE: 
https://git.exim.org/exim.git/commitdiff/57aa14b216432be381b6295c312065b2fd034f86
@@ -55,8 +89,8 @@ CVE-2020-12761 (modules/loaders/loader_ico.c in imlib2 1.6.0 
has an integer over
        [stretch] - imlib2 <not-affected> (Vulnerable code introduced later)
        [jessie] - imlib2 <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c95f938ff1effaf91729c050a0f1c8684da4dd63
-CVE-2020-12760
-       RESERVED
+CVE-2020-12760 (An issue was discovered in OpenNMS Horizon before 26.0.1, and 
Meridian ...)
+       TODO: check
 CVE-2020-12759
        RESERVED
 CVE-2020-12758
@@ -73,30 +107,30 @@ CVE-2020-12755 (fishProtocol::establishConnection in 
fish/fish.cpp in KDE kio-ex
 CVE-2019-20794 (An issue was discovered in the Linux kernel 4.18 through 
5.6.11 when u ...)
        - linux <unfixed>
        NOTE: https://sourceforge.net/p/fuse/mailman/message/36598753/
-CVE-2020-12754
-       RESERVED
-CVE-2020-12753
-       RESERVED
-CVE-2020-12752
-       RESERVED
-CVE-2020-12751
-       RESERVED
-CVE-2020-12750
-       RESERVED
-CVE-2020-12749
-       RESERVED
-CVE-2020-12748
-       RESERVED
-CVE-2020-12747
-       RESERVED
-CVE-2020-12746
-       RESERVED
-CVE-2020-12745
-       RESERVED
+CVE-2020-12754 (An issue was discovered on LG mobile devices with Android OS 
7.2, 8.0, ...)
+       TODO: check
+CVE-2020-12753 (An issue was discovered on LG mobile devices with Android OS 
7.2, 8.0, ...)
+       TODO: check
+CVE-2020-12752 (An issue was discovered on Samsung mobile devices with P(9.0) 
and Q(10 ...)
+       TODO: check
+CVE-2020-12751 (An issue was discovered on Samsung mobile devices with O(8.X), 
P(9.0), ...)
+       TODO: check
+CVE-2020-12750 (An issue was discovered on Samsung mobile devices with Q(10.0) 
softwar ...)
+       TODO: check
+CVE-2020-12749 (An issue was discovered on Samsung mobile devices with P(9.0) 
(Exynos  ...)
+       TODO: check
+CVE-2020-12748 (An issue was discovered on Samsung mobile devices with Q(10.0) 
softwar ...)
+       TODO: check
+CVE-2020-12747 (An issue was discovered on Samsung mobile devices with Q(10.0) 
(Exynos ...)
+       TODO: check
+CVE-2020-12746 (An issue was discovered on Samsung mobile devices with O(8.X), 
P(9.0), ...)
+       TODO: check
+CVE-2020-12745 (An issue was discovered on Samsung mobile devices with Q(10.0) 
softwar ...)
+       TODO: check
 CVE-2020-12744
        RESERVED
-CVE-2020-12743
-       RESERVED
+CVE-2020-12743 (An issue was discovered in Gazie 7.32. A successful 
installation does  ...)
+       TODO: check
 CVE-2020-12742
        RESERVED
 CVE-2020-12741
@@ -323,7 +357,7 @@ CVE-2020-12652 (The __mptctl_ioctl function in 
drivers/message/fusion/mptctl.c i
 CVE-2020-12651
        RESERVED
 CVE-2020-12650
-       RESERVED
+       REJECTED
 CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c 
directory tr ...)
        NOT-FOR-US: Gurbalib
 CVE-2020-12648
@@ -2737,14 +2771,14 @@ CVE-2020-11868 (ntpd in ntp before 4.2.8p14 and 4.3.x 
before 4.3.100 allows an o
        NOTE: https://gitlab.com/NTPsec/ntpsec/issues/651
 CVE-2020-11867
        RESERVED
-CVE-2020-11866
-       RESERVED
-CVE-2020-11865
-       RESERVED
-CVE-2020-11864
-       RESERVED
-CVE-2020-11863
-       RESERVED
+CVE-2020-11866 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a 
use-aft ...)
+       TODO: check
+CVE-2020-11865 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows 
out-of-bo ...)
+       TODO: check
+CVE-2020-11864 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows 
denial of ...)
+       TODO: check
+CVE-2020-11863 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows 
denial of ...)
+       TODO: check
 CVE-2019-20785 (An issue was discovered on LG mobile devices with Android OS 
8.0 and 8 ...)
        NOT-FOR-US: LG mobile devices
 CVE-2019-20784 (An issue was discovered on LG mobile devices with Android OS 
7.0, 7.1, ...)
@@ -5040,8 +5074,8 @@ CVE-2020-11110
        RESERVED
 CVE-2020-11109
        RESERVED
-CVE-2020-11108
-       RESERVED
+CVE-2020-11108 (The Gravity updater in Pi-hole through 4.4 allows an 
authenticated adv ...)
+       TODO: check
 CVE-2020-11107 (An issue was discovered in XAMPP before 7.2.29, 7.3.x before 
7.3.16 ,  ...)
        NOT-FOR-US: XAMPP
 CVE-2020-11106 (An issue was discovered in Responsive Filemanager through 
9.14.0. In t ...)
@@ -6420,8 +6454,7 @@ CVE-2020-10687
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1785049
 CVE-2020-10686 (A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was 
fixed in ...)
        NOT-FOR-US: Keycloak
-CVE-2020-10685 [modules which use files encrypted with vault are not properly 
cleaned up]
-       RESERVED
+CVE-2020-10685 (A flaw was found in Ansible Engine affecting Ansible Engine 
versions 2 ...)
        - ansible <unfixed>
        [jessie] - ansible <not-affected> (Vulnerable code introduced later, 
all decryption in-memory, no transparent file decryption)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814627
@@ -28279,7 +28312,7 @@ CVE-2020-1964 (It was noticed that Apache Heron 
0.20.2-incubating, Release 0.20.
 CVE-2020-1963
        RESERVED
 CVE-2020-1962
-       RESERVED
+       REJECTED
 CVE-2020-1961 (Vulnerability to Server-Side Template Injection on Mail 
templates for  ...)
        NOT-FOR-US: Apache Syncope
 CVE-2020-1960
@@ -28341,7 +28374,7 @@ CVE-2020-1940 (The optional initial password change and 
password expiration feat
 CVE-2020-1939
        RESERVED
 CVE-2020-1938 (When using the Apache JServ Protocol (AJP), care must be taken 
when tr ...)
-       {DSA-4680-1 DSA-4673-1 DLA-2133-1}
+       {DSA-4680-1 DSA-4673-1 DLA-2209-1 DLA-2133-1}
        - tomcat9 9.0.31-1 (bug #952437)
        - tomcat8 <removed> (bug #952438)
        - tomcat7 <removed> (bug #952436)
@@ -28367,7 +28400,7 @@ CVE-2020-1937 (Kylin has some restful apis which will 
concatenate SQLs with the
 CVE-2020-1936
        RESERVED
 CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 
to 7.0. ...)
-       {DSA-4680-1 DSA-4673-1 DLA-2133-1}
+       {DSA-4680-1 DSA-4673-1 DLA-2209-1 DLA-2133-1}
        - tomcat9 9.0.31-1
        - tomcat8 <removed>
        - tomcat7 <removed>
@@ -29409,8 +29442,7 @@ CVE-2020-1699 (A path traversal flaw was found in the 
Ceph dashboard implemented
        [jessie] - ceph <not-affected> (Vulnerable code introduced later)
        NOTE: https://tracker.ceph.com/issues/41320
        NOTE: 
https://github.com/ceph/ceph/commit/0443e40c11280ba3b7efcba61522afa70c4f8158
-CVE-2020-1698
-       RESERVED
+CVE-2020-1698 (A flaw was found in keycloak in versions before 9.0.0. A logged 
except ...)
        NOT-FOR-US: Keycloak
 CVE-2020-1697 (It was found in all keycloak versions before 9.0.0 that links 
to exter ...)
        NOT-FOR-US: Keycloak
@@ -29993,8 +30025,8 @@ CVE-2019-19164 (dext5.ocx ActiveX Control in Dext5 
Upload 5.0.0.112 and earlier
        TODO: check
 CVE-2019-19163
        RESERVED
-CVE-2019-19162
-       RESERVED
+CVE-2019-19162 (A use-after-free vulnerability in the TOBESOFT XPLATFORM 
versions 9.1  ...)
+       TODO: check
 CVE-2019-19161
        RESERVED
 CVE-2019-19160
@@ -37323,7 +37355,7 @@ CVE-2019-17565 (There is a vulnerability in Apache 
Traffic Server 6.0.0 to 6.2.3
 CVE-2019-17564 (Unsafe deserialization occurs within a Dubbo application which 
has HTT ...)
        NOT-FOR-US: Dubbo
 CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to 
9.0.29,  ...)
-       {DSA-4680-1 DSA-4596-1 DLA-2077-1}
+       {DSA-4680-1 DSA-4596-1 DLA-2209-1 DLA-2077-1}
        - tomcat9 9.0.31-1
        - tomcat8 <removed>
        - tomcat7 <removed>
@@ -73783,8 +73815,8 @@ CVE-2019-5502 (SMB in Data ONTAP operating in 7-Mode 
versions prior to 8.2.5P3 h
        NOT-FOR-US: Data ONTAP
 CVE-2019-5501 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may 
disclose  ...)
        NOT-FOR-US: Data ONTAP
-CVE-2019-5500
-       RESERVED
+CVE-2019-5500 (Certain versions of the NetApp Service Processor and Baseboard 
Managem ...)
+       TODO: check
 CVE-2019-5499
        REJECTED
 CVE-2019-5498 (OnCommand Insight versions through 7.3.6 may disclose sensitive 
accoun ...)
@@ -75693,8 +75725,8 @@ CVE-2019-4669 (IBM Business Process Manager 8.5.7.0 
through 8.5.7.0 2017.06, 8.6
        NOT-FOR-US: IBM
 CVE-2019-4668 (IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in 
plain in ...)
        NOT-FOR-US: IBM
-CVE-2019-4667
-       RESERVED
+CVE-2019-4667 (IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote 
attacker to ob ...)
+       TODO: check
 CVE-2019-4666 (IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 
could a ...)
        NOT-FOR-US: IBM
 CVE-2019-4665 (IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site 
scripting.  ...)
@@ -139857,8 +139889,7 @@ CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when 
using Distributed Test only (R
        NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
 CVE-2018-1286 (In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on 
privileged us ...)
        NOT-FOR-US: Apache OpenMeetings
-CVE-2018-1285
-       RESERVED
+CVE-2018-1285 (Apache log4net before 2.0.8 does not disable XML external 
entities whe ...)
        - log4net <unfixed>
        NOTE: https://issues.apache.org/jira/browse/LOG4NET-575
        NOTE: 
https://github.com/apache/logging-log4net/commit/d0b4b0157d4af36b23c24a23739c47925c3bd8d7



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7217e5475c5022c1415bb71a83e6dbf054a781e2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7217e5475c5022c1415bb71a83e6dbf054a781e2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to