Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
01271c2a by security tracker role at 2020-05-20T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2020-13250
+ RESERVED
+CVE-2020-13249 (libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8
does not ...)
+ TODO: check
+CVE-2020-13248
+ RESERVED
+CVE-2020-13247
+ RESERVED
+CVE-2020-13246 (An issue was discovered in Gitea through 1.11.5. An attacker
can trigg ...)
+ TODO: check
+CVE-2020-13245
+ RESERVED
+CVE-2020-13244
+ RESERVED
+CVE-2020-13243
+ RESERVED
+CVE-2020-13242
+ RESERVED
+CVE-2020-13241 (Microweber 1.1.18 allows Unrestricted File Upload because
admin/view:m ...)
+ TODO: check
+CVE-2020-13240 (The DMS/ECM module in Dolibarr 11.0.4 allows users with the
'Setup doc ...)
+ TODO: check
+CVE-2020-13239 (The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded
.html file ...)
+ TODO: check
+CVE-2020-13238
+ RESERVED
+CVE-2020-13237
+ RESERVED
+CVE-2020-13236
+ RESERVED
+CVE-2020-13235
+ RESERVED
+CVE-2020-13234
+ RESERVED
+CVE-2020-13233
+ RESERVED
+CVE-2020-13232
+ RESERVED
+CVE-2020-13231 (In Cacti before 1.2.11, auth_profile.php?action=edit allows
CSRF for a ...)
+ TODO: check
+CVE-2020-13230 (In Cacti before 1.2.11, disabling a user account does not
immediately ...)
+ TODO: check
+CVE-2020-13229
+ RESERVED
+CVE-2020-13228
+ RESERVED
+CVE-2020-13227
+ RESERVED
+CVE-2020-13226 (WSO2 API Manager 3.0.0 does not properly restrict outbound
network acc ...)
+ TODO: check
CVE-2020-13225 (phpIPAM 1.4 contains a stored cross site scripting (XSS)
vulnerability ...)
- phpipam <itp> (bug #731713)
NOTE: https://github.com/phpipam/phpipam/issues/3025
@@ -150,8 +200,8 @@ CVE-2020-13154 (Zoho ManageEngine Service Plus before 11.1
build 11112 allows lo
NOT-FOR-US: Zoho
CVE-2020-13153 (app/View/Events/resolved_attributes.ctp in MISP before 2.4.126
has XSS ...)
NOT-FOR-US: MISP
-CVE-2020-13152
- RESERVED
+CVE-2020-13152 (A remote user can create a specially crafted M3U file, media
playlist ...)
+ TODO: check
CVE-2020-13151
RESERVED
CVE-2020-13150
@@ -808,8 +858,8 @@ CVE-2020-12837
RESERVED
CVE-2020-12836
RESERVED
-CVE-2020-12835
- RESERVED
+CVE-2020-12835 (An issue was discovered in SmartBear ReadyAPI SoapUI Pro
3.2.5. Due to ...)
+ TODO: check
CVE-2020-12834 (eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and
CCU3 thr ...)
NOT-FOR-US: eQ-3 Homematic Central Control Unit
CVE-2020-12833
@@ -1740,7 +1790,8 @@ CVE-2020-12442 (Ivanti Avalanche 6.3 allows a SQL
injection that is vaguely asso
NOT-FOR-US: Ivanti
CVE-2020-12441
RESERVED
-CVE-2020-12440 (** DISPUTED ** NGINX through 1.18.0 allows an HTTP request
smuggling a ...)
+CVE-2020-12440
+ REJECTED
NOTE: Nginx non issue
CVE-2020-12439 (Grin before 3.1.0 allows attackers to adversely affect
availability of ...)
NOT-FOR-US: Grin
@@ -4404,8 +4455,8 @@ CVE-2020-11718
RESERVED
CVE-2020-11717
RESERVED
-CVE-2020-11716
- RESERVED
+CVE-2020-11716 (Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro
devices throu ...)
+ TODO: check
CVE-2020-11715 (Panasonic P99 devices through 2020-04-10 have Incorrect Access
Control ...)
NOT-FOR-US: Panasonic
CVE-2020-11714 (eten PSG-6528VM 1.1 devices allow XSS via System Contact or
System Loc ...)
@@ -6126,8 +6177,8 @@ CVE-2020-11080
RESERVED
CVE-2020-11079
RESERVED
-CVE-2020-11078
- RESERVED
+CVE-2020-11078 (In httplib2 before version 0.18.0, an attacker controlling
unescaped p ...)
+ TODO: check
CVE-2020-11077
RESERVED
CVE-2020-11076
@@ -6485,6 +6536,7 @@ CVE-2020-10968 (FasterXML jackson-databind 2.x before
2.9.10.4 mishandles the in
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-10967 (In Dovecot before 2.3.10.1, remote unauthenticated attackers
can crash ...)
+ {DSA-4690-1}
- dovecot <unfixed> (bug #960963)
[stretch] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
[jessie] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
@@ -6517,11 +6569,13 @@ CVE-2020-10959 [mediawiki: User content can redirect
the logout button to differ
NOTE: https://phabricator.wikimedia.org/T232932
NOTE:
https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html
CVE-2020-10958 (In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message
triggers an un ...)
+ {DSA-4690-1}
- dovecot <unfixed> (bug #960963)
[stretch] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
[jessie] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1
CVE-2020-10957 (In Dovecot before 2.3.10.1, unauthenticated sending of
malformed param ...)
+ {DSA-4690-1}
- dovecot <unfixed> (bug #960963)
[stretch] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
[jessie] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
@@ -7312,13 +7366,11 @@ CVE-2020-10728
NOT-FOR-US: automationbroker/apb
CVE-2020-10727
RESERVED
-CVE-2020-10726
- RESERVED
+CVE-2020-10726 (A vulnerability was found in DPDK versions 19.11 and above. A
maliciou ...)
- dpdk 19.11.2-1 (bug #960936)
[buster] - dpdk <not-affected> (Vulnerable code not present)
[stretch] - dpdk <not-affected> (Vulnerable code not present)
-CVE-2020-10725
- RESERVED
+CVE-2020-10725 (A flaw was found in DPDK version 19.11 and above that allows a
malicio ...)
- dpdk 19.11.2-1 (bug #960936)
[buster] - dpdk <not-affected> (Vulnerable code not present)
[stretch] - dpdk <not-affected> (Vulnerable code not present)
@@ -10198,8 +10250,8 @@ CVE-2020-9486
RESERVED
CVE-2020-9485
RESERVED
-CVE-2020-9484
- RESERVED
+CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4,
9.0.0.M1 to ...)
+ TODO: check
CVE-2020-9483
RESERVED
CVE-2020-9482 (If NiFi Registry 0.1.0 to 0.5.0 uses an authentication
mechanism other ...)
@@ -10395,10 +10447,10 @@ CVE-2020-9412
RESERVED
CVE-2020-9411
RESERVED
-CVE-2020-9410
- RESERVED
-CVE-2020-9409
- RESERVED
+CVE-2020-9410 (The report generator component of TIBCO Software Inc.'s TIBCO
JasperRe ...)
+ TODO: check
+CVE-2020-9409 (The administrative UI component of TIBCO Software Inc.'s TIBCO
JasperR ...)
+ TODO: check
CVE-2020-9408 (The Spotfire library component of TIBCO Software Inc.'s TIBCO
Spotfire ...)
NOT-FOR-US: TIBCO
CVE-2020-9407 (IBL Online Weather before 4.3.5a allows attackers to obtain
sensitive ...)
@@ -19012,8 +19064,8 @@ CVE-2020-5755
RESERVED
CVE-2020-5754
RESERVED
-CVE-2020-5753
- RESERVED
+CVE-2020-5753 (Signal Private Messenger Android v4.59.0 and up and iOS
v3.8.1.5 and u ...)
+ TODO: check
CVE-2020-5752
RESERVED
CVE-2020-5751 (Insufficient output sanitization in TCExam 14.2.2 allows a
remote, aut ...)
@@ -19360,8 +19412,8 @@ CVE-2020-5581
RESERVED
CVE-2020-5580
RESERVED
-CVE-2020-5579
- RESERVED
+CVE-2020-5579 (SQL injection vulnerability in the Paid Memberships versions
prior to ...)
+ TODO: check
CVE-2020-5578
RESERVED
CVE-2020-5577 (Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier
(Movabl ...)
@@ -22271,8 +22323,8 @@ CVE-2020-4463
RESERVED
CVE-2020-4462
RESERVED
-CVE-2020-4461
- RESERVED
+CVE-2020-4461 (IBM Security Access Manager Appliance 9.0.7.1 could allow an
authentic ...)
+ TODO: check
CVE-2020-4460
RESERVED
CVE-2020-4459
@@ -23281,8 +23333,8 @@ CVE-2020-3958
RESERVED
CVE-2020-3957
RESERVED
-CVE-2020-3956
- RESERVED
+CVE-2020-3956 (VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before
9.7.0.5, ...)
+ TODO: check
CVE-2020-3955 (ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7
without patch ...)
NOT-FOR-US: VMware
CVE-2020-3954 (Open Redirect vulnerability exists in VMware vRealize Log
Insight prio ...)
@@ -29399,8 +29451,8 @@ CVE-2020-1957 (Apache Shiro before 1.5.2, when using
Apache Shiro with Spring dy
CVE-2020-1956
RESERVED
NOT-FOR-US: Apache Kylin
-CVE-2020-1955
- RESERVED
+CVE-2020-1955 (CouchDB version 3.0.0 shipped with a new configuration setting
that go ...)
+ TODO: check
CVE-2020-1954 (Apache CXF has the ability to integrate with JMX by registering
an Ins ...)
NOT-FOR-US: Apache CXF
CVE-2020-1953 (Apache Commons Configuration uses a third-party library to
parse YAML ...)
@@ -59053,8 +59105,8 @@ CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and
7.4.0 on Windows, when su
- php5 <not-affected> (Windows specific issue)
NOTE: Fixed in PHP 7.4.1, 7.3.13
NOTE: PHP Bug: http://bugs.php.net/78943
-CVE-2019-11048
- RESERVED
+CVE-2019-11048 (In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and
7.4.x below ...)
+ TODO: check
CVE-2019-11047 (When PHP EXIF extension is parsing EXIF information from an
image, e.g ...)
{DSA-4628-1 DSA-4626-1 DLA-2050-1}
- php7.3 7.3.15-1
@@ -73577,8 +73629,8 @@ CVE-2019-5999 (Buffer overflow in PTP (Picture Transfer
Protocol) of EOS series
NOT-FOR-US: Canon
CVE-2019-5998 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS
series digit ...)
NOT-FOR-US: Canon
-CVE-2019-5997
- RESERVED
+CVE-2019-5997 (Video Insight VMS 7.5 and earlier allows remote attackers to
conduct c ...)
+ TODO: check
CVE-2019-5996 (SQL injection vulnerability in the Video Insight VMS 7.3.2.5
and earli ...)
NOT-FOR-US: Video Insight VMS
CVE-2019-5995 (Missing authorization vulnerability exists in EOS series
digital camer ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01271c2a26c6ad5a322e31153a82cc89c7f11183
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01271c2a26c6ad5a322e31153a82cc89c7f11183
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
