[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 15 May 2020 13:11:25 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
aea444b0 by security tracker role at 2020-05-15T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,416 @@
-CVE-2020-12888 [vfio: access to disabled MMIO space of some devices may lead 
to DoS scenario]
+CVE-2020-13094
+       RESERVED
+CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory 
traversal. ...)
+       TODO: check
+CVE-2020-13092 (scikit-learn (aka sklearn) through 0.23.0 can unserialize and 
execute  ...)
+       TODO: check
+CVE-2020-13091 (pandas through 1.0.3 can unserialize and execute commands from 
an untr ...)
+       TODO: check
+CVE-2020-13090
+       RESERVED
+CVE-2020-13089
+       RESERVED
+CVE-2020-13088
+       RESERVED
+CVE-2020-13087
+       RESERVED
+CVE-2020-13086
+       RESERVED
+CVE-2020-13085
+       RESERVED
+CVE-2020-13084
+       RESERVED
+CVE-2020-13083
+       RESERVED
+CVE-2020-13082
+       RESERVED
+CVE-2020-13081
+       RESERVED
+CVE-2020-13080
+       RESERVED
+CVE-2020-13079
+       RESERVED
+CVE-2020-13078
+       RESERVED
+CVE-2020-13077
+       RESERVED
+CVE-2020-13076
+       RESERVED
+CVE-2020-13075
+       RESERVED
+CVE-2020-13074
+       RESERVED
+CVE-2020-13073
+       RESERVED
+CVE-2020-13072
+       RESERVED
+CVE-2020-13071
+       RESERVED
+CVE-2020-13070
+       RESERVED
+CVE-2020-13069
+       RESERVED
+CVE-2020-13068
+       RESERVED
+CVE-2020-13067
+       RESERVED
+CVE-2020-13066
+       RESERVED
+CVE-2020-13065
+       RESERVED
+CVE-2020-13064
+       RESERVED
+CVE-2020-13063
+       RESERVED
+CVE-2020-13062
+       RESERVED
+CVE-2020-13061
+       RESERVED
+CVE-2020-13060
+       RESERVED
+CVE-2020-13059
+       RESERVED
+CVE-2020-13058
+       RESERVED
+CVE-2020-13057
+       RESERVED
+CVE-2020-13056
+       RESERVED
+CVE-2020-13055
+       RESERVED
+CVE-2020-13054
+       RESERVED
+CVE-2020-13053
+       RESERVED
+CVE-2020-13052
+       RESERVED
+CVE-2020-13051
+       RESERVED
+CVE-2020-13050
+       RESERVED
+CVE-2020-13049
+       RESERVED
+CVE-2020-13048
+       RESERVED
+CVE-2020-13047
+       RESERVED
+CVE-2020-13046
+       RESERVED
+CVE-2020-13045
+       RESERVED
+CVE-2020-13044
+       RESERVED
+CVE-2020-13043
+       RESERVED
+CVE-2020-13042
+       RESERVED
+CVE-2020-13041
+       RESERVED
+CVE-2020-13040
+       RESERVED
+CVE-2020-13039
+       RESERVED
+CVE-2020-13038
+       RESERVED
+CVE-2020-13037
+       RESERVED
+CVE-2020-13036
+       RESERVED
+CVE-2020-13035
+       RESERVED
+CVE-2020-13034
+       RESERVED
+CVE-2020-13033
+       RESERVED
+CVE-2020-13032
+       RESERVED
+CVE-2020-13031
+       RESERVED
+CVE-2020-13030
+       RESERVED
+CVE-2020-13029
+       RESERVED
+CVE-2020-13028
+       RESERVED
+CVE-2020-13027
+       RESERVED
+CVE-2020-13026
+       RESERVED
+CVE-2020-13025
+       RESERVED
+CVE-2020-13024
+       RESERVED
+CVE-2020-13023
+       RESERVED
+CVE-2020-13022
+       RESERVED
+CVE-2020-13021
+       RESERVED
+CVE-2020-13020
+       RESERVED
+CVE-2020-13019
+       RESERVED
+CVE-2020-13018
+       RESERVED
+CVE-2020-13017
+       RESERVED
+CVE-2020-13016
+       RESERVED
+CVE-2020-13015
+       RESERVED
+CVE-2020-13014
+       RESERVED
+CVE-2020-13013
+       RESERVED
+CVE-2020-13012
+       RESERVED
+CVE-2020-13011
+       RESERVED
+CVE-2020-13010
+       RESERVED
+CVE-2020-13009
+       RESERVED
+CVE-2020-13008
+       RESERVED
+CVE-2020-13007
+       RESERVED
+CVE-2020-13006
+       RESERVED
+CVE-2020-13005
+       RESERVED
+CVE-2020-13004
+       RESERVED
+CVE-2020-13003
+       RESERVED
+CVE-2020-13002
+       RESERVED
+CVE-2020-13001
+       RESERVED
+CVE-2020-13000
+       RESERVED
+CVE-2020-12999
+       RESERVED
+CVE-2020-12998
+       RESERVED
+CVE-2020-12997
+       RESERVED
+CVE-2020-12996
+       RESERVED
+CVE-2020-12995
+       RESERVED
+CVE-2020-12994
+       RESERVED
+CVE-2020-12993
+       RESERVED
+CVE-2020-12992
+       RESERVED
+CVE-2020-12991
+       RESERVED
+CVE-2020-12990
+       RESERVED
+CVE-2020-12989
+       RESERVED
+CVE-2020-12988
+       RESERVED
+CVE-2020-12987
+       RESERVED
+CVE-2020-12986
+       RESERVED
+CVE-2020-12985
+       RESERVED
+CVE-2020-12984
+       RESERVED
+CVE-2020-12983
+       RESERVED
+CVE-2020-12982
+       RESERVED
+CVE-2020-12981
+       RESERVED
+CVE-2020-12980
+       RESERVED
+CVE-2020-12979
+       RESERVED
+CVE-2020-12978
+       RESERVED
+CVE-2020-12977
+       RESERVED
+CVE-2020-12976
+       RESERVED
+CVE-2020-12975
+       RESERVED
+CVE-2020-12974
+       RESERVED
+CVE-2020-12973
+       RESERVED
+CVE-2020-12972
+       RESERVED
+CVE-2020-12971
+       RESERVED
+CVE-2020-12970
+       RESERVED
+CVE-2020-12969
+       RESERVED
+CVE-2020-12968
+       RESERVED
+CVE-2020-12967
+       RESERVED
+CVE-2020-12966
+       RESERVED
+CVE-2020-12965
+       RESERVED
+CVE-2020-12964
+       RESERVED
+CVE-2020-12963
+       RESERVED
+CVE-2020-12962
+       RESERVED
+CVE-2020-12961
+       RESERVED
+CVE-2020-12960
+       RESERVED
+CVE-2020-12959
+       RESERVED
+CVE-2020-12958
+       RESERVED
+CVE-2020-12957
+       RESERVED
+CVE-2020-12956
+       RESERVED
+CVE-2020-12955
+       RESERVED
+CVE-2020-12954
+       RESERVED
+CVE-2020-12953
+       RESERVED
+CVE-2020-12952
+       RESERVED
+CVE-2020-12951
+       RESERVED
+CVE-2020-12950
+       RESERVED
+CVE-2020-12949
+       RESERVED
+CVE-2020-12948
+       RESERVED
+CVE-2020-12947
+       RESERVED
+CVE-2020-12946
+       RESERVED
+CVE-2020-12945
+       RESERVED
+CVE-2020-12944
+       RESERVED
+CVE-2020-12943
+       RESERVED
+CVE-2020-12942
+       RESERVED
+CVE-2020-12941
+       RESERVED
+CVE-2020-12940
+       RESERVED
+CVE-2020-12939
+       RESERVED
+CVE-2020-12938
+       RESERVED
+CVE-2020-12937
+       RESERVED
+CVE-2020-12936
+       RESERVED
+CVE-2020-12935
+       RESERVED
+CVE-2020-12934
+       RESERVED
+CVE-2020-12933
+       RESERVED
+CVE-2020-12932
+       RESERVED
+CVE-2020-12931
+       RESERVED
+CVE-2020-12930
+       RESERVED
+CVE-2020-12929
+       RESERVED
+CVE-2020-12928
+       RESERVED
+CVE-2020-12927
+       RESERVED
+CVE-2020-12926
+       RESERVED
+CVE-2020-12925
+       RESERVED
+CVE-2020-12924
+       RESERVED
+CVE-2020-12923
+       RESERVED
+CVE-2020-12922
+       RESERVED
+CVE-2020-12921
+       RESERVED
+CVE-2020-12920
+       RESERVED
+CVE-2020-12919
+       RESERVED
+CVE-2020-12918
+       RESERVED
+CVE-2020-12917
+       RESERVED
+CVE-2020-12916
+       RESERVED
+CVE-2020-12915
+       RESERVED
+CVE-2020-12914
+       RESERVED
+CVE-2020-12913
+       RESERVED
+CVE-2020-12912
+       RESERVED
+CVE-2020-12911
+       RESERVED
+CVE-2020-12910
+       RESERVED
+CVE-2020-12909
+       RESERVED
+CVE-2020-12908
+       RESERVED
+CVE-2020-12907
+       RESERVED
+CVE-2020-12906
+       RESERVED
+CVE-2020-12905
+       RESERVED
+CVE-2020-12904
+       RESERVED
+CVE-2020-12903
+       RESERVED
+CVE-2020-12902
+       RESERVED
+CVE-2020-12901
+       RESERVED
+CVE-2020-12900
+       RESERVED
+CVE-2020-12899
+       RESERVED
+CVE-2020-12898
+       RESERVED
+CVE-2020-12897
+       RESERVED
+CVE-2020-12896
+       RESERVED
+CVE-2020-12895
+       RESERVED
+CVE-2020-12894
+       RESERVED
+CVE-2020-12893
+       RESERVED
+CVE-2020-12892
+       RESERVED
+CVE-2020-12891
+       RESERVED
+CVE-2020-12890
+       RESERVED
+CVE-2020-12889 (MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection 
across us ...)
+       TODO: check
+CVE-2020-12888 (The VFIO PCI driver in the Linux kernel through 5.6.13 
mishandles atte ...)
        - linux <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1836244
 CVE-2020-12887
@@ -31,8 +443,8 @@ CVE-2020-12874 (Veritas APTARE versions prior to 10.4 
included code that bypasse
        NOT-FOR-US: Veritas
 CVE-2020-12873
        RESERVED
-CVE-2020-12872
-       RESERVED
+CVE-2020-12872 (yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads 
obsolete TLS  ...)
+       TODO: check
 CVE-2020-12871
        RESERVED
 CVE-2020-12870
@@ -107,8 +519,8 @@ CVE-2020-12836
        RESERVED
 CVE-2020-12835
        RESERVED
-CVE-2020-12834
-       RESERVED
+CVE-2020-12834 (eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and 
CCU3 thr ...)
+       TODO: check
 CVE-2020-12833
        RESERVED
 CVE-2020-12832 (The simple-file-list plugin before 4.2.8 for WordPress 
mishandles a .. ...)
@@ -193,8 +605,8 @@ CVE-2020-12800
        RESERVED
 CVE-2020-12799
        RESERVED
-CVE-2020-12798
-       RESERVED
+CVE-2020-12798 (Cellebrite UFED 5.0 to 7.5.0.845 implements local operating 
system pol ...)
+       TODO: check
 CVE-2020-12797
        RESERVED
 CVE-2020-12796
@@ -451,8 +863,8 @@ CVE-2020-12687 (An issue was discovered in Serpico before 
1.3.3. The /admin/atta
        NOT-FOR-US: Serpico
 CVE-2020-12686
        RESERVED
-CVE-2020-12685
-       RESERVED
+CVE-2020-12685 (XSS in the admin help system admin/help.html and 
admin/quicklinks.html ...)
+       TODO: check
 CVE-2020-12684
        RESERVED
 CVE-2020-12683 (Katyshop2 before 2.12 has multiple stored XSS issues. ...)
@@ -565,8 +977,8 @@ CVE-2020-12652 (The __mptctl_ioctl function in 
drivers/message/fusion/mptctl.c i
        - linux 5.4.19-1
        [buster] - linux 4.19.98-1
        NOTE: 
https://git.kernel.org/linus/28d76df18f0ad5bcf5fa48510b225f0ed262a99b (5.5-rc7)
-CVE-2020-12651
-       RESERVED
+CVE-2020-12651 (SecureCRT before 8.7.2 allows remote attackers to execute 
arbitrary co ...)
+       TODO: check
 CVE-2020-12650
        REJECTED
 CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c 
directory tr ...)
@@ -4421,23 +4833,22 @@ CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based 
buffer overflow (129-byte w
        NOT-FOR-US: bit2spr
 CVE-2020-11527 (In Zoho ManageEngine OpManager before 12.4.181, an 
unauthenticated rem ...)
        NOT-FOR-US: Zoho
-CVE-2020-11526
-       RESERVED
+CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions &gt; 1.1 through 
2.0.0-rc ...)
        - freerdp2 <unfixed>
        - freerdp <removed>
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9
        NOTE: Fixed by: 
https://github.com/FreeRDP/FreeRDP/commit/192856cb59974ee4d7d3e72cbeafa676aa7565cf
        NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012
-CVE-2020-11525
-       RESERVED
-CVE-2020-11524
-       RESERVED
-CVE-2020-11523
-       RESERVED
-CVE-2020-11522
-       RESERVED
-CVE-2020-11521
-       RESERVED
+CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP versions &gt; 1.0 through 
2.0.0-r ...)
+       TODO: check
+CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions &gt; 1.0 
through 2. ...)
+       TODO: check
+CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP versions &gt; 1.0 through 
2.0.0-rc4 ...)
+       TODO: check
+CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP &gt; 1.0 through 2.0.0-rc4 has 
an Out- ...)
+       TODO: check
+CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version &gt; 1.0 through 
2.0.0-rc ...)
+       TODO: check
 CVE-2020-11520
        RESERVED
 CVE-2020-11519
@@ -6487,8 +6898,7 @@ CVE-2020-10746
        RESERVED
 CVE-2020-10745
        RESERVED
-CVE-2020-10744 [incomplete fix for CVE-2020-1733]
-       RESERVED
+CVE-2020-10744 (An incomplete fix was found for the fix of the flaw 
CVE-2020-1733 ansi ...)
        - ansible <unfixed>
        [buster] - ansible <not-affected> (Incomplete fix not applied)
        [stretch] - ansible <not-affected> (Incomplete fix not applied)
@@ -10405,8 +10815,8 @@ CVE-2020-9075
        RESERVED
 CVE-2020-9074
        RESERVED
-CVE-2020-9073
-       RESERVED
+CVE-2020-9073 (Huawei P20 smartphones with versions earlier than 
10.0.0.156(C00E156R1 ...)
+       TODO: check
 CVE-2020-9072 (Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 
have a  ...)
        NOT-FOR-US: Huawei
 CVE-2020-9071
@@ -12529,8 +12939,8 @@ CVE-2020-8151 (There is a possible information 
disclosure issue in Active Resour
        TODO: check
 CVE-2020-8150
        RESERVED
-CVE-2020-8149
-       RESERVED
+CVE-2020-8149 (Lack of output sanitization allowed an attack to execute 
arbitrary she ...)
+       TODO: check
 CVE-2020-8148 (UniFi Cloud Key firmware &lt; 1.1.6 contains a vulnerability 
that enab ...)
        NOT-FOR-US: UniFi Cloud Key firmware
 CVE-2020-8147 (Flaw in input validation in npm package utils-extend version 
1.0.8 and ...)
@@ -12650,8 +13060,8 @@ CVE-2020-8102
        RESERVED
 CVE-2020-8101
        RESERVED
-CVE-2020-8100
-       RESERVED
+CVE-2020-8100 (Improper Input Validation vulnerability in the cevakrnl.rv0 
module as  ...)
+       TODO: check
 CVE-2020-8099 (A vulnerability in the improper handling of junctions in 
Bitdefender A ...)
        NOT-FOR-US: Bitdefender Antivirus Free
 CVE-2020-8098
@@ -13434,8 +13844,8 @@ CVE-2020-7811
        RESERVED
 CVE-2020-7810
        RESERVED
-CVE-2020-7809
-       RESERVED
+CVE-2020-7809 (ALSong 3.46 and earlier version contain a Document Object Model 
(DOM)  ...)
+       TODO: check
 CVE-2020-7808
        RESERVED
 CVE-2020-7807
@@ -14129,10 +14539,10 @@ CVE-2020-7473 (In certain situations, all versions of 
Citrix ShareFile StorageZo
        NOT-FOR-US: Citrix
 CVE-2020-7472
        RESERVED
-CVE-2019-20390
-       RESERVED
-CVE-2019-20389
-       RESERVED
+CVE-2019-20390 (A Cross-Site Request Forgery (CSRF) vulnerability was 
discovered in Su ...)
+       TODO: check
+CVE-2019-20389 (An XSS issue was identified on the Subrion CMS 4.2.1 
/panel/configurat ...)
+       TODO: check
 CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an 
xmlSchemaV ...)
        - libxml2 2.9.10+dfsg-2.1 (bug #949583)
        [buster] - libxml2 <no-dsa> (Minor issue)
@@ -23646,8 +24056,7 @@ CVE-2020-3812
        RESERVED
 CVE-2020-3811
        RESERVED
-CVE-2020-3810 [apt out-of-bounds read in .ar/.tar implemations]
-       RESERVED
+CVE-2020-3810 (Missing input validation in the ar/tar implementations of APT 
before v ...)
        {DSA-4685-1 DLA-2210-1}
        - apt 2.1.2
        NOTE: https://github.com/Debian/apt/issues/111
@@ -25494,8 +25903,8 @@ CVE-2019-19722 (In Dovecot before 2.3.9.2, an attacker 
can crash a push-notifica
        NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/2
        NOTE: 
https://github.com/dovecot/core/commit/1307766b6f5d97341a47376657d342bcefd10f1b
        NOTE: 
https://github.com/dovecot/core/commit/393a8cabf4dad893bf2ec60bf96cfde7a0c58432
-CVE-2019-19721
-       RESERVED
+CVE-2019-19721 (An off-by-one error in the DecodeBlock function in 
codec/sdl_image.c i ...)
+       TODO: check
 CVE-2020-3109
        RESERVED
 CVE-2020-3108
@@ -29078,8 +29487,8 @@ CVE-2020-1810 (There is a weak algorithm vulnerability 
in some Huawei products.
        NOT-FOR-US: Huawei
 CVE-2020-1809
        RESERVED
-CVE-2020-1808
-       RESERVED
+CVE-2020-1808 (Huawei smartphones Honor View 20;Honor 20;Honor 20 PRO;Honor 
Magic2 wi ...)
+       TODO: check
 CVE-2020-1807 (HUAWEI Mate 20 smartphones with versions earlier than 
10.0.0.188(C00E7 ...)
        NOT-FOR-US: Huawei
 CVE-2020-1806 (Huawei Honor V10 smartphones with versions earlier than 
10.0.0.156(C00 ...)
@@ -29477,8 +29886,7 @@ CVE-2020-1759 (A vulnerability was found in Red Hat 
Ceph Storage 4 and Red Hat O
        NOTE: Fixed by: 
https://github.com/ceph/ceph-ci/commit/84d2e215969cde830b086d11544aeb3666614211
        NOTE: Fixed by: 
https://github.com/ceph/ceph-ci/commit/659ec7dc6e30fe961832f813da007f49e603a33d
        NOTE: https://www.openwall.com/lists/oss-security/2020/04/07/2
-CVE-2020-1758
-       RESERVED
+CVE-2020-1758 (A flaw was found in Keycloak in versions before 10.0.0, where 
it does  ...)
        NOT-FOR-US: Keycloak
 CVE-2020-1757 (A flaw was found in all undertow-2.x.x SP1 versions prior to 
undertow- ...)
        - undertow <unfixed>
@@ -33825,8 +34233,8 @@ CVE-2019-18668 (An issue was discovered in the Currency 
Switcher addon before 2.
        NOT-FOR-US: Currency Switcher addon for WooCommerce
 CVE-2019-18667 (/usr/local/www/freeradius_view_config.php in the freeradius3 
package b ...)
        NOT-FOR-US: FreeBSD specific freeradius_view_config.php in the 
freeradius3 package
-CVE-2019-18666
-       RESERVED
+CVE-2019-18666 (An issue was discovered on D-Link DAP-1360 revision F devices. 
Remote  ...)
+       TODO: check
 CVE-2019-18665 (The Log module in SECUDOS DOMOS before 5.6 allows local file 
inclusion ...)
        NOT-FOR-US: SECUDOS DOMOS
 CVE-2019-18664 (The Log module in SECUDOS DOMOS before 5.6 allows XSS. ...)
@@ -113230,8 +113638,8 @@ CVE-2018-10758 (The edit/ URI in Datenstrom Yellow 
0.7.3 has CSRF via a delete a
        NOT-FOR-US: Datenstrom Yellow
 CVE-2018-10757 (CSP MySQL User Manager 2.3.1 allows SQL injection, and 
resultant Authe ...)
        NOT-FOR-US: CSP MySQL User Manager
-CVE-2018-10756
-       RESERVED
+CVE-2018-10756 (Use-after-free in libtransmission/variant.c in Transmission 
before 3.0 ...)
+       TODO: check
 CVE-2018-10755
        REJECTED
 CVE-2018-10754
@@ -140169,6 +140577,7 @@ CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when 
using Distributed Test only (R
 CVE-2018-1286 (In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on 
privileged us ...)
        NOT-FOR-US: Apache OpenMeetings
 CVE-2018-1285 (Apache log4net before 2.0.8 does not disable XML external 
entities whe ...)
+       {DLA-2211-1}
        - log4net <unfixed>
        NOTE: https://issues.apache.org/jira/browse/LOG4NET-575
        NOTE: 
https://github.com/apache/logging-log4net/commit/d0b4b0157d4af36b23c24a23739c47925c3bd8d7



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aea444b03e97e78ba39908c436609dd3e8af3cf5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aea444b03e97e78ba39908c436609dd3e8af3cf5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to