[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 29 May 2020 13:11:14 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a89e10e7 by security tracker role at 2020-05-29T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2020-13699
+       RESERVED
+CVE-2020-13698
+       RESERVED
+CVE-2020-13697
+       RESERVED
+CVE-2020-13696
+       RESERVED
+CVE-2020-13695
+       RESERVED
+CVE-2020-13694
+       RESERVED
 CVE-2020-13693 (An unauthenticated privilege-escalation issue exists in the 
bbPress pl ...)
        NOT-FOR-US: bbPress plugin for WordPress
 CVE-2020-13692
@@ -129,8 +141,8 @@ CVE-2020-13636
        RESERVED
 CVE-2020-13635
        RESERVED
-CVE-2020-13634
-       RESERVED
+CVE-2020-13634 (In Windows Master (aka Windows Optimization Master) 
7.99.13.604, the d ...)
+       TODO: check
 CVE-2020-13633 (Fork before 5.8.3 allows XSS via navigation_title or title. 
...)
        NOT-FOR-US: Fork CMS
 CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL 
pointer der ...)
@@ -2252,8 +2264,8 @@ CVE-2020-12677 (An issue was discovered in Progress 
MOVEit Automation Web Admin.
        NOT-FOR-US: Progress MOVEit Automation Web Admin
 CVE-2020-12676
        RESERVED
-CVE-2020-12675
-       RESERVED
+CVE-2020-12675 (The mappress-google-maps-for-wordpress plugin before 2.54.6 
for WordPr ...)
+       TODO: check
 CVE-2020-12692 (An issue was discovered in OpenStack Keystone before 15.0.1, 
and 16.0. ...)
        {DSA-4679-1}
        - keystone 2:17.0.0~rc2-1 (bug #959900)
@@ -2681,8 +2693,8 @@ CVE-2020-12495
        RESERVED
 CVE-2020-12494
        RESERVED
-CVE-2020-12493
-       RESERVED
+CVE-2020-12493 (An open port used for debugging in SWARCOs CPU LS4000 Series 
with vers ...)
+       TODO: check
 CVE-2020-12492
        RESERVED
 CVE-2020-12491
@@ -5629,12 +5641,12 @@ CVE-2020-11653 (An issue was discovered in Varnish 
Cache before 6.0.6 LTS, 6.1.x
        NOTE: https://varnish-cache.org/security/VSV00005.html#vsv00005
        NOTE: 
https://github.com/varnishcache/varnish-cache/commit/2d8fc1a784a1e26d78c30174923a2b14ee2ebf62
 CVE-2020-11652 (An issue was discovered in SaltStack Salt before 2019.2.4 and 
3000 bef ...)
-       {DSA-4676-2 DSA-4676-1}
+       {DSA-4676-2 DSA-4676-1 DLA-2223-1}
        - salt 3000.2+dfsg1-1 (bug #959684)
        NOTE: 
https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
        NOTE: Fixed by: 
https://github.com/saltstack/salt/commit/cce7abad9c22d9d50ccee2813acabff8deca35dd
 CVE-2020-11651 (An issue was discovered in SaltStack Salt before 2019.2.4 and 
3000 bef ...)
-       {DSA-4676-2 DSA-4676-1}
+       {DSA-4676-2 DSA-4676-1 DLA-2223-1}
        - salt 3000.2+dfsg1-1 (bug #959684)
        NOTE: 
https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
        NOTE: Fixed by: 
https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7
@@ -7372,8 +7384,7 @@ CVE-2020-11042 (In FreeRDP greater than 1.1 and before 
2.0.0, there is an out-of
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q
        NOTE: Fixed by: 
https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f
        NOTE: https://github.com/FreeRDP/FreeRDP/issues/6010
-CVE-2020-11041 [Unchecked read of array offset in rdpsnd_recv_wave2_pdu ]
-       RESERVED
+CVE-2020-11041 (In FreeRDP less than or equal to 2.0.0, an outside controlled 
array in ...)
        - freerdp2 2.1.1+dfsg1-1
        [buster] - freerdp2 <no-dsa> (Minor issue)
        - freerdp <removed>
@@ -7386,15 +7397,13 @@ CVE-2020-11040 [out of bound access in 
clear_decompress_subcode_rlex]
        - freerdp <removed>
        [stretch] - freerdp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr
-CVE-2020-11039 [Out of bound read/write in usb redirection channel]
-       RESERVED
+CVE-2020-11039 (In FreeRDP less than or equal to 2.0.0, when using a 
manipulated serve ...)
        - freerdp2 2.1.1+dfsg1-1
        [buster] - freerdp2 <no-dsa> (Minor issue)
        - freerdp <removed>
        [stretch] - freerdp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq
-CVE-2020-11038 [Integer overflow in VIDEO channel]
-       RESERVED
+CVE-2020-11038 (In FreeRDP less than or equal to 2.0.0, an Integer Overflow to 
Buffer  ...)
        - freerdp2 2.1.1+dfsg1-1
        [buster] - freerdp2 <no-dsa> (Minor issue)
        - freerdp <removed>
@@ -7494,20 +7503,17 @@ CVE-2020-11020 (Faye (NPM, RubyGem) versions greater 
than 0.5.0 and before 1.0.4
        - ruby-faye <unfixed> (bug #959392)
        NOTE: 
https://github.com/faye/faye/security/advisories/GHSA-qpg4-4w7w-2mq5
        NOTE: 
https://github.com/faye/faye/commit/65d297d341b607f3cb0b5fa6021a625a991cc30e
-CVE-2020-11019 [Out of bound read in update_recv]
-       RESERVED
+CVE-2020-11019 (In FreeRDP less than or equal to 2.0.0, when running with 
logger set t ...)
        - freerdp2 2.1.1+dfsg1-1
        [buster] - freerdp2 <no-dsa> (Minor issue)
        - freerdp <removed>
        [stretch] - freerdp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh
-CVE-2020-11018 [Out of bound read in cliprdr_server_receive_capabilities]
-       RESERVED
+CVE-2020-11018 (In FreeRDP less than or equal to 2.0.0, a possible resource 
exhaustion ...)
        - freerdp2 2.1.1+dfsg1-1
        - freerdp <removed>
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw
-CVE-2020-11017 [Double free in cliprdr_server_receive_capabilities]
-       RESERVED
+CVE-2020-11017 (In FreeRDP less than or equal to 2.0.0, by providing 
manipulated input ...)
        - freerdp2 2.1.1+dfsg1-1
        - freerdp <removed>
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c
@@ -13010,8 +13016,8 @@ CVE-2020-8818 (An issue was discovered in the CardGate 
Payments plugin through 2
        NOT-FOR-US: CardGate Payments plugin for Magento
 CVE-2020-8817
        RESERVED
-CVE-2020-8816
-       RESERVED
+CVE-2020-8816 (Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution 
by priv ...)
+       TODO: check
 CVE-2020-8815 (Improper connection handling in the base connection handler in 
IKTeam  ...)
        NOT-FOR-US: BearFTP
 CVE-2020-8814
@@ -20593,10 +20599,10 @@ CVE-2020-5575 (Cross-site scripting vulnerability in 
Movable Type series (Movabl
        - movabletype-opensource <removed>
 CVE-2020-5574 (HTML attribute value injection vulnerability in Movable Type 
series (M ...)
        - movabletype-opensource <removed>
-CVE-2020-5573
-       RESERVED
-CVE-2020-5572
-       RESERVED
+CVE-2020-5573 (Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an 
attack ...)
+       TODO: check
+CVE-2020-5572 (Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an 
attacker t ...)
+       TODO: check
 CVE-2020-5571 (SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and 
earlier, AQ ...)
        NOT-FOR-US: SHARP AQUOS
 CVE-2020-5570 (Cross-site scripting vulnerability in Sales Force Assistant 
version 11 ...)
@@ -23434,8 +23440,8 @@ CVE-2020-4492
        RESERVED
 CVE-2020-4491
        RESERVED
-CVE-2020-4490
-       RESERVED
+CVE-2020-4490 (IBM Business Automation Workflow 18 and 19, and IBM Business 
Process M ...)
+       TODO: check
 CVE-2020-4489
        RESERVED
 CVE-2020-4488
@@ -23710,8 +23716,8 @@ CVE-2020-4354
        RESERVED
 CVE-2020-4353 (IBM MaaS360 6.82 could allow a user with pysical access to the 
device  ...)
        NOT-FOR-US: IBM
-CVE-2020-4352
-       RESERVED
+CVE-2020-4352 (IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a 
privilege esc ...)
+       TODO: check
 CVE-2020-4351
        RESERVED
 CVE-2020-4350 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than 
expected c ...)
@@ -23802,8 +23808,8 @@ CVE-2020-4308
        RESERVED
 CVE-2020-4307
        RESERVED
-CVE-2020-4306
-       RESERVED
+CVE-2020-4306 (IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable 
to cros ...)
+       TODO: check
 CVE-2020-4305
        RESERVED
 CVE-2020-4304 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 
20.0.0.3 i ...)
@@ -31070,8 +31076,8 @@ CVE-2020-1834
        RESERVED
 CVE-2020-1833
        RESERVED
-CVE-2020-1832
-       RESERVED
+CVE-2020-1832 (E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 
10.0.3. ...)
+       TODO: check
 CVE-2020-1831
        RESERVED
 CVE-2020-1830 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and 
V500R005C0 ...)
@@ -31138,8 +31144,8 @@ CVE-2020-1800 (HUAWEI smartphones P30 with versions 
earlier than 10.0.0.185(C00E
        NOT-FOR-US: Huawei
 CVE-2020-1799 (E6878-370 with versions of 10.0.3.1(H557SP27C233), 
10.0.3.1(H563SP1C00 ...)
        NOT-FOR-US: Huawei
-CVE-2020-1798
-       RESERVED
+CVE-2020-1798 (HUAWEI P30 smartphones with versions earlier than 
10.1.0.135(C00E135R2 ...)
+       TODO: check
 CVE-2020-1797
        RESERVED
 CVE-2020-1796 (There is an improper authorization vulnerability in several 
smartphone ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a89e10e73a826c3824bd1f26718b8c3521b1a21a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a89e10e73a826c3824bd1f26718b8c3521b1a21a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to