Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: aea444b0 by security tracker role at 2020-05-15T20:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,4 +1,416 @@ -CVE-2020-12888 [vfio: access to disabled MMIO space of some devices may lead to DoS scenario] +CVE-2020-13094 + RESERVED +CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. ...) + TODO: check +CVE-2020-13092 (scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute ...) + TODO: check +CVE-2020-13091 (pandas through 1.0.3 can unserialize and execute commands from an untr ...) + TODO: check +CVE-2020-13090 + RESERVED +CVE-2020-13089 + RESERVED +CVE-2020-13088 + RESERVED +CVE-2020-13087 + RESERVED +CVE-2020-13086 + RESERVED +CVE-2020-13085 + RESERVED +CVE-2020-13084 + RESERVED +CVE-2020-13083 + RESERVED +CVE-2020-13082 + RESERVED +CVE-2020-13081 + RESERVED +CVE-2020-13080 + RESERVED +CVE-2020-13079 + RESERVED +CVE-2020-13078 + RESERVED +CVE-2020-13077 + RESERVED +CVE-2020-13076 + RESERVED +CVE-2020-13075 + RESERVED +CVE-2020-13074 + RESERVED +CVE-2020-13073 + RESERVED +CVE-2020-13072 + RESERVED +CVE-2020-13071 + RESERVED +CVE-2020-13070 + RESERVED +CVE-2020-13069 + RESERVED +CVE-2020-13068 + RESERVED +CVE-2020-13067 + RESERVED +CVE-2020-13066 + RESERVED +CVE-2020-13065 + RESERVED +CVE-2020-13064 + RESERVED +CVE-2020-13063 + RESERVED +CVE-2020-13062 + RESERVED +CVE-2020-13061 + RESERVED +CVE-2020-13060 + RESERVED +CVE-2020-13059 + RESERVED +CVE-2020-13058 + RESERVED +CVE-2020-13057 + RESERVED +CVE-2020-13056 + RESERVED +CVE-2020-13055 + RESERVED +CVE-2020-13054 + RESERVED +CVE-2020-13053 + RESERVED +CVE-2020-13052 + RESERVED +CVE-2020-13051 + RESERVED +CVE-2020-13050 + RESERVED +CVE-2020-13049 + RESERVED +CVE-2020-13048 + RESERVED +CVE-2020-13047 + RESERVED +CVE-2020-13046 + RESERVED +CVE-2020-13045 + RESERVED +CVE-2020-13044 + RESERVED +CVE-2020-13043 + RESERVED +CVE-2020-13042 + RESERVED +CVE-2020-13041 + RESERVED +CVE-2020-13040 + RESERVED +CVE-2020-13039 + RESERVED +CVE-2020-13038 + RESERVED +CVE-2020-13037 + RESERVED +CVE-2020-13036 + RESERVED +CVE-2020-13035 + RESERVED +CVE-2020-13034 + RESERVED +CVE-2020-13033 + RESERVED +CVE-2020-13032 + RESERVED +CVE-2020-13031 + RESERVED +CVE-2020-13030 + RESERVED +CVE-2020-13029 + RESERVED +CVE-2020-13028 + RESERVED +CVE-2020-13027 + RESERVED +CVE-2020-13026 + RESERVED +CVE-2020-13025 + RESERVED +CVE-2020-13024 + RESERVED +CVE-2020-13023 + RESERVED +CVE-2020-13022 + RESERVED +CVE-2020-13021 + RESERVED +CVE-2020-13020 + RESERVED +CVE-2020-13019 + RESERVED +CVE-2020-13018 + RESERVED +CVE-2020-13017 + RESERVED +CVE-2020-13016 + RESERVED +CVE-2020-13015 + RESERVED +CVE-2020-13014 + RESERVED +CVE-2020-13013 + RESERVED +CVE-2020-13012 + RESERVED +CVE-2020-13011 + RESERVED +CVE-2020-13010 + RESERVED +CVE-2020-13009 + RESERVED +CVE-2020-13008 + RESERVED +CVE-2020-13007 + RESERVED +CVE-2020-13006 + RESERVED +CVE-2020-13005 + RESERVED +CVE-2020-13004 + RESERVED +CVE-2020-13003 + RESERVED +CVE-2020-13002 + RESERVED +CVE-2020-13001 + RESERVED +CVE-2020-13000 + RESERVED +CVE-2020-12999 + RESERVED +CVE-2020-12998 + RESERVED +CVE-2020-12997 + RESERVED +CVE-2020-12996 + RESERVED +CVE-2020-12995 + RESERVED +CVE-2020-12994 + RESERVED +CVE-2020-12993 + RESERVED +CVE-2020-12992 + RESERVED +CVE-2020-12991 + RESERVED +CVE-2020-12990 + RESERVED +CVE-2020-12989 + RESERVED +CVE-2020-12988 + RESERVED +CVE-2020-12987 + RESERVED +CVE-2020-12986 + RESERVED +CVE-2020-12985 + RESERVED +CVE-2020-12984 + RESERVED +CVE-2020-12983 + RESERVED +CVE-2020-12982 + RESERVED +CVE-2020-12981 + RESERVED +CVE-2020-12980 + RESERVED +CVE-2020-12979 + RESERVED +CVE-2020-12978 + RESERVED +CVE-2020-12977 + RESERVED +CVE-2020-12976 + RESERVED +CVE-2020-12975 + RESERVED +CVE-2020-12974 + RESERVED +CVE-2020-12973 + RESERVED +CVE-2020-12972 + RESERVED +CVE-2020-12971 + RESERVED +CVE-2020-12970 + RESERVED +CVE-2020-12969 + RESERVED +CVE-2020-12968 + RESERVED +CVE-2020-12967 + RESERVED +CVE-2020-12966 + RESERVED +CVE-2020-12965 + RESERVED +CVE-2020-12964 + RESERVED +CVE-2020-12963 + RESERVED +CVE-2020-12962 + RESERVED +CVE-2020-12961 + RESERVED +CVE-2020-12960 + RESERVED +CVE-2020-12959 + RESERVED +CVE-2020-12958 + RESERVED +CVE-2020-12957 + RESERVED +CVE-2020-12956 + RESERVED +CVE-2020-12955 + RESERVED +CVE-2020-12954 + RESERVED +CVE-2020-12953 + RESERVED +CVE-2020-12952 + RESERVED +CVE-2020-12951 + RESERVED +CVE-2020-12950 + RESERVED +CVE-2020-12949 + RESERVED +CVE-2020-12948 + RESERVED +CVE-2020-12947 + RESERVED +CVE-2020-12946 + RESERVED +CVE-2020-12945 + RESERVED +CVE-2020-12944 + RESERVED +CVE-2020-12943 + RESERVED +CVE-2020-12942 + RESERVED +CVE-2020-12941 + RESERVED +CVE-2020-12940 + RESERVED +CVE-2020-12939 + RESERVED +CVE-2020-12938 + RESERVED +CVE-2020-12937 + RESERVED +CVE-2020-12936 + RESERVED +CVE-2020-12935 + RESERVED +CVE-2020-12934 + RESERVED +CVE-2020-12933 + RESERVED +CVE-2020-12932 + RESERVED +CVE-2020-12931 + RESERVED +CVE-2020-12930 + RESERVED +CVE-2020-12929 + RESERVED +CVE-2020-12928 + RESERVED +CVE-2020-12927 + RESERVED +CVE-2020-12926 + RESERVED +CVE-2020-12925 + RESERVED +CVE-2020-12924 + RESERVED +CVE-2020-12923 + RESERVED +CVE-2020-12922 + RESERVED +CVE-2020-12921 + RESERVED +CVE-2020-12920 + RESERVED +CVE-2020-12919 + RESERVED +CVE-2020-12918 + RESERVED +CVE-2020-12917 + RESERVED +CVE-2020-12916 + RESERVED +CVE-2020-12915 + RESERVED +CVE-2020-12914 + RESERVED +CVE-2020-12913 + RESERVED +CVE-2020-12912 + RESERVED +CVE-2020-12911 + RESERVED +CVE-2020-12910 + RESERVED +CVE-2020-12909 + RESERVED +CVE-2020-12908 + RESERVED +CVE-2020-12907 + RESERVED +CVE-2020-12906 + RESERVED +CVE-2020-12905 + RESERVED +CVE-2020-12904 + RESERVED +CVE-2020-12903 + RESERVED +CVE-2020-12902 + RESERVED +CVE-2020-12901 + RESERVED +CVE-2020-12900 + RESERVED +CVE-2020-12899 + RESERVED +CVE-2020-12898 + RESERVED +CVE-2020-12897 + RESERVED +CVE-2020-12896 + RESERVED +CVE-2020-12895 + RESERVED +CVE-2020-12894 + RESERVED +CVE-2020-12893 + RESERVED +CVE-2020-12892 + RESERVED +CVE-2020-12891 + RESERVED +CVE-2020-12890 + RESERVED +CVE-2020-12889 (MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across us ...) + TODO: check +CVE-2020-12888 (The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles atte ...) - linux <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1836244 CVE-2020-12887 @@ -31,8 +443,8 @@ CVE-2020-12874 (Veritas APTARE versions prior to 10.4 included code that bypasse NOT-FOR-US: Veritas CVE-2020-12873 RESERVED -CVE-2020-12872 - RESERVED +CVE-2020-12872 (yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ...) + TODO: check CVE-2020-12871 RESERVED CVE-2020-12870 @@ -107,8 +519,8 @@ CVE-2020-12836 RESERVED CVE-2020-12835 RESERVED -CVE-2020-12834 - RESERVED +CVE-2020-12834 (eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 thr ...) + TODO: check CVE-2020-12833 RESERVED CVE-2020-12832 (The simple-file-list plugin before 4.2.8 for WordPress mishandles a .. ...) @@ -193,8 +605,8 @@ CVE-2020-12800 RESERVED CVE-2020-12799 RESERVED -CVE-2020-12798 - RESERVED +CVE-2020-12798 (Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system pol ...) + TODO: check CVE-2020-12797 RESERVED CVE-2020-12796 @@ -451,8 +863,8 @@ CVE-2020-12687 (An issue was discovered in Serpico before 1.3.3. The /admin/atta NOT-FOR-US: Serpico CVE-2020-12686 RESERVED -CVE-2020-12685 - RESERVED +CVE-2020-12685 (XSS in the admin help system admin/help.html and admin/quicklinks.html ...) + TODO: check CVE-2020-12684 RESERVED CVE-2020-12683 (Katyshop2 before 2.12 has multiple stored XSS issues. ...) @@ -565,8 +977,8 @@ CVE-2020-12652 (The __mptctl_ioctl function in drivers/message/fusion/mptctl.c i - linux 5.4.19-1 [buster] - linux 4.19.98-1 NOTE: https://git.kernel.org/linus/28d76df18f0ad5bcf5fa48510b225f0ed262a99b (5.5-rc7) -CVE-2020-12651 - RESERVED +CVE-2020-12651 (SecureCRT before 8.7.2 allows remote attackers to execute arbitrary co ...) + TODO: check CVE-2020-12650 REJECTED CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory tr ...) @@ -4421,23 +4833,22 @@ CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte w NOT-FOR-US: bit2spr CVE-2020-11527 (In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated rem ...) NOT-FOR-US: Zoho -CVE-2020-11526 - RESERVED +CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc ...) - freerdp2 <unfixed> - freerdp <removed> NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9 NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/192856cb59974ee4d7d3e72cbeafa676aa7565cf NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012 -CVE-2020-11525 - RESERVED -CVE-2020-11524 - RESERVED -CVE-2020-11523 - RESERVED -CVE-2020-11522 - RESERVED -CVE-2020-11521 - RESERVED +CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-r ...) + TODO: check +CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2. ...) + TODO: check +CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 ...) + TODO: check +CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out- ...) + TODO: check +CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc ...) + TODO: check CVE-2020-11520 RESERVED CVE-2020-11519 @@ -6487,8 +6898,7 @@ CVE-2020-10746 RESERVED CVE-2020-10745 RESERVED -CVE-2020-10744 [incomplete fix for CVE-2020-1733] - RESERVED +CVE-2020-10744 (An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansi ...) - ansible <unfixed> [buster] - ansible <not-affected> (Incomplete fix not applied) [stretch] - ansible <not-affected> (Incomplete fix not applied) @@ -10405,8 +10815,8 @@ CVE-2020-9075 RESERVED CVE-2020-9074 RESERVED -CVE-2020-9073 - RESERVED +CVE-2020-9073 (Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1 ...) + TODO: check CVE-2020-9072 (Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a ...) NOT-FOR-US: Huawei CVE-2020-9071 @@ -12529,8 +12939,8 @@ CVE-2020-8151 (There is a possible information disclosure issue in Active Resour TODO: check CVE-2020-8150 RESERVED -CVE-2020-8149 - RESERVED +CVE-2020-8149 (Lack of output sanitization allowed an attack to execute arbitrary she ...) + TODO: check CVE-2020-8148 (UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enab ...) NOT-FOR-US: UniFi Cloud Key firmware CVE-2020-8147 (Flaw in input validation in npm package utils-extend version 1.0.8 and ...) @@ -12650,8 +13060,8 @@ CVE-2020-8102 RESERVED CVE-2020-8101 RESERVED -CVE-2020-8100 - RESERVED +CVE-2020-8100 (Improper Input Validation vulnerability in the cevakrnl.rv0 module as ...) + TODO: check CVE-2020-8099 (A vulnerability in the improper handling of junctions in Bitdefender A ...) NOT-FOR-US: Bitdefender Antivirus Free CVE-2020-8098 @@ -13434,8 +13844,8 @@ CVE-2020-7811 RESERVED CVE-2020-7810 RESERVED -CVE-2020-7809 - RESERVED +CVE-2020-7809 (ALSong 3.46 and earlier version contain a Document Object Model (DOM) ...) + TODO: check CVE-2020-7808 RESERVED CVE-2020-7807 @@ -14129,10 +14539,10 @@ CVE-2020-7473 (In certain situations, all versions of Citrix ShareFile StorageZo NOT-FOR-US: Citrix CVE-2020-7472 RESERVED -CVE-2019-20390 - RESERVED -CVE-2019-20389 - RESERVED +CVE-2019-20390 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Su ...) + TODO: check +CVE-2019-20389 (An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configurat ...) + TODO: check CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaV ...) - libxml2 2.9.10+dfsg-2.1 (bug #949583) [buster] - libxml2 <no-dsa> (Minor issue) @@ -23646,8 +24056,7 @@ CVE-2020-3812 RESERVED CVE-2020-3811 RESERVED -CVE-2020-3810 [apt out-of-bounds read in .ar/.tar implemations] - RESERVED +CVE-2020-3810 (Missing input validation in the ar/tar implementations of APT before v ...) {DSA-4685-1 DLA-2210-1} - apt 2.1.2 NOTE: https://github.com/Debian/apt/issues/111 @@ -25494,8 +25903,8 @@ CVE-2019-19722 (In Dovecot before 2.3.9.2, an attacker can crash a push-notifica NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/2 NOTE: https://github.com/dovecot/core/commit/1307766b6f5d97341a47376657d342bcefd10f1b NOTE: https://github.com/dovecot/core/commit/393a8cabf4dad893bf2ec60bf96cfde7a0c58432 -CVE-2019-19721 - RESERVED +CVE-2019-19721 (An off-by-one error in the DecodeBlock function in codec/sdl_image.c i ...) + TODO: check CVE-2020-3109 RESERVED CVE-2020-3108 @@ -29078,8 +29487,8 @@ CVE-2020-1810 (There is a weak algorithm vulnerability in some Huawei products. NOT-FOR-US: Huawei CVE-2020-1809 RESERVED -CVE-2020-1808 - RESERVED +CVE-2020-1808 (Huawei smartphones Honor View 20;Honor 20;Honor 20 PRO;Honor Magic2 wi ...) + TODO: check CVE-2020-1807 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E7 ...) NOT-FOR-US: Huawei CVE-2020-1806 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...) @@ -29477,8 +29886,7 @@ CVE-2020-1759 (A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat O NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/84d2e215969cde830b086d11544aeb3666614211 NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/659ec7dc6e30fe961832f813da007f49e603a33d NOTE: https://www.openwall.com/lists/oss-security/2020/04/07/2 -CVE-2020-1758 - RESERVED +CVE-2020-1758 (A flaw was found in Keycloak in versions before 10.0.0, where it does ...) NOT-FOR-US: Keycloak CVE-2020-1757 (A flaw was found in all undertow-2.x.x SP1 versions prior to undertow- ...) - undertow <unfixed> @@ -33825,8 +34233,8 @@ CVE-2019-18668 (An issue was discovered in the Currency Switcher addon before 2. NOT-FOR-US: Currency Switcher addon for WooCommerce CVE-2019-18667 (/usr/local/www/freeradius_view_config.php in the freeradius3 package b ...) NOT-FOR-US: FreeBSD specific freeradius_view_config.php in the freeradius3 package -CVE-2019-18666 - RESERVED +CVE-2019-18666 (An issue was discovered on D-Link DAP-1360 revision F devices. Remote ...) + TODO: check CVE-2019-18665 (The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion ...) NOT-FOR-US: SECUDOS DOMOS CVE-2019-18664 (The Log module in SECUDOS DOMOS before 5.6 allows XSS. ...) @@ -113230,8 +113638,8 @@ CVE-2018-10758 (The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete a NOT-FOR-US: Datenstrom Yellow CVE-2018-10757 (CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authe ...) NOT-FOR-US: CSP MySQL User Manager -CVE-2018-10756 - RESERVED +CVE-2018-10756 (Use-after-free in libtransmission/variant.c in Transmission before 3.0 ...) + TODO: check CVE-2018-10755 REJECTED CVE-2018-10754 @@ -140169,6 +140577,7 @@ CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only (R CVE-2018-1286 (In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged us ...) NOT-FOR-US: Apache OpenMeetings CVE-2018-1285 (Apache log4net before 2.0.8 does not disable XML external entities whe ...) + {DLA-2211-1} - log4net <unfixed> NOTE: https://issues.apache.org/jira/browse/LOG4NET-575 NOTE: https://github.com/apache/logging-log4net/commit/d0b4b0157d4af36b23c24a23739c47925c3bd8d7 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aea444b03e97e78ba39908c436609dd3e8af3cf5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aea444b03e97e78ba39908c436609dd3e8af3cf5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits