[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 05 Jun 2020 13:10:54 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
07d00f1e by security tracker role at 2020-06-05T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2020-13870 (An issue was discovered in the Comments plugin before 1.5.5 
for Craft  ...)
+       TODO: check
+CVE-2020-13869 (An issue was discovered in the Comments plugin before 1.5.6 
for Craft  ...)
+       TODO: check
+CVE-2020-13868 (An issue was discovered in the Comments plugin before 1.5.5 
for Craft  ...)
+       TODO: check
+CVE-2020-13867 (Open-iSCSI targetcli-fb through 2.1.52 has weak permissions 
for /etc/t ...)
+       TODO: check
 CVE-2020-13866
        RESERVED
 CVE-2020-13865
@@ -107,7 +115,7 @@ CVE-2020-13817 (ntpd in ntp before 4.2.8p14 and 4.3.x 
before 4.3.100 allows remo
        NOTE: https://bugs.ntp.org/show_bug.cgi?id=3596
        TODO: check ntpsec
 CVE-2020-13816
-       RESERVED
+       REJECTED
 CVE-2020-13815 (An issue was discovered in Foxit Reader and PhantomPDF before 
9.7.1. I ...)
        NOT-FOR-US: Foxit Reader
 CVE-2020-13814 (An issue was discovered in Foxit Reader and PhantomPDF before 
9.7.1. I ...)
@@ -2363,10 +2371,10 @@ CVE-2020-12851 (Pydio Cells 2.0.4 allows an 
authenticated user to write or overw
        TODO: check
 CVE-2020-12850
        RESERVED
-CVE-2020-12849
-       RESERVED
-CVE-2020-12848
-       RESERVED
+CVE-2020-12849 (Pydio Cells 2.0.4 allows any user to upload a profile image to 
the web ...)
+       TODO: check
+CVE-2020-12848 (In Pydio Cells 2.0.4, once an authenticated user shares a file 
selecti ...)
+       TODO: check
 CVE-2020-12847 (Pydio Cells 2.0.4 web application offers an administrative 
console nam ...)
        TODO: check
 CVE-2020-12846 (Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 
allows remo ...)
@@ -2691,8 +2699,7 @@ CVE-2020-12725
        RESERVED
 CVE-2020-12724
        RESERVED
-CVE-2020-12723 [Buffer overflow caused by a crafted regular expression]
-       RESERVED
+CVE-2020-12723 (regcomp.c in Perl before 5.30.3 allows a buffer overflow via a 
crafted ...)
        - perl 5.30.3-1 (bug #962005)
        [buster] - perl <no-dsa> (Minor issue)
        [stretch] - perl <no-dsa> (Minor issue)
@@ -4345,6 +4352,7 @@ CVE-2020-12050 (SQLiteODBC 0.9996, as packaged for 
certain Linux distributions a
        NOTE: issue.
 CVE-2020-12049
        RESERVED
+       {DLA-2235-1}
        - dbus 1.12.18-1
        [buster] - dbus <no-dsa> (Minor issue)
        [stretch] - dbus <no-dsa> (Minor issue)
@@ -4498,8 +4506,7 @@ CVE-2020-11977
        RESERVED
 CVE-2020-11976
        RESERVED
-CVE-2020-11975
-       RESERVED
+CVE-2020-11975 (Apache Unomi allows conditions to use OGNL scripting which 
offers the  ...)
        NOT-FOR-US: Apache Unomi
 CVE-2020-11974
        RESERVED
@@ -6907,8 +6914,8 @@ CVE-2020-11494 (An issue was discovered in slc_bump in 
drivers/net/can/slcan.c i
        NOTE: 
https://lore.kernel.org/netdev/[email protected]/
 CVE-2020-11493
        RESERVED
-CVE-2020-11492
-       RESERVED
+CVE-2020-11492 (An issue was discovered in Docker Desktop through 2.2.0.5 on 
Windows.  ...)
+       TODO: check
 CVE-2020-11491 (Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote 
authenticat ...)
        NOT-FOR-US: Zen Load Balancer
 CVE-2020-11490 (Manage::Certificates in Zen Load Balancer 3.10.1 allows remote 
authent ...)
@@ -8502,8 +8509,7 @@ CVE-2020-10880
        RESERVED
 CVE-2020-10879 (rConfig before 3.9.5 allows command injection by sending a 
crafted GET ...)
        NOT-FOR-US: rConfig
-CVE-2020-10878 [Integer overflow via malformed bytecode produced by a crafted 
regular expression]
-       RESERVED
+CVE-2020-10878 (Perl before 5.30.3 has an integer overflow related to 
mishandling of a ...)
        - perl 5.30.3-1 (bug #962005)
        [buster] - perl <no-dsa> (Minor issue)
        [stretch] - perl <no-dsa> (Minor issue)
@@ -9653,8 +9659,7 @@ CVE-2020-10544 (An XSS issue was discovered in 
tooltip/tooltip.js in PrimeTek Pr
        NOT-FOR-US: PrimeTek PrimeFaces
 CVE-2009-5159 (Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, 
when Int ...)
        NOT-FOR-US: Invision Power Board
-CVE-2020-10543 [Buffer overflow caused by a crafted regular expression]
-       RESERVED
+CVE-2020-10543 (Perl before 5.30.3 on 32-bit platforms allows a heap-based 
buffer over ...)
        - perl 5.30.3-1 (bug #962005)
        [buster] - perl <no-dsa> (Minor issue)
        [stretch] - perl <no-dsa> (Minor issue)
@@ -10722,14 +10727,14 @@ CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1 
allows Denial of Service. It was
        NOTE: 
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10072
        RESERVED
-CVE-2020-10071
-       RESERVED
-CVE-2020-10070
-       RESERVED
+CVE-2020-10071 (The Zephyr MQTT parsing code performs insufficient checking of 
the len ...)
+       TODO: check
+CVE-2020-10070 (In the Zephyr Project MQTT code, improper bounds checking can 
result i ...)
+       TODO: check
 CVE-2020-10069
        RESERVED
-CVE-2020-10068
-       RESERVED
+CVE-2020-10068 (In the Zephyr project Bluetooth subsystem, certain duplicate 
and back- ...)
+       TODO: check
 CVE-2020-10067 (A malicious userspace application can cause a integer overflow 
and byp ...)
        NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10066
@@ -10738,12 +10743,12 @@ CVE-2020-10065
        RESERVED
 CVE-2020-10064
        RESERVED
-CVE-2020-10063
-       RESERVED
-CVE-2020-10062
-       RESERVED
-CVE-2020-10061
-       RESERVED
+CVE-2020-10063 (A remote adversary with the ability to send arbitrary CoAP 
packets to  ...)
+       TODO: check
+CVE-2020-10062 (An off-by-one error in the Zephyr project MQTT packet length 
decoder c ...)
+       TODO: check
+CVE-2020-10061 (Improper handling of the full-buffer case in the Zephyr 
Bluetooth impl ...)
+       TODO: check
 CVE-2020-10060 (In updatehub_probe, right after JSON parsing is complete, 
objects\[1]  ...)
        NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10059 (The UpdateHub module disables DTLS peer checking, which allows 
for a m ...)
@@ -11115,8 +11120,8 @@ CVE-2020-9861
        RESERVED
 CVE-2020-9860
        RESERVED
-CVE-2020-9859
-       RESERVED
+CVE-2020-9859 (A memory consumption issue was addressed with improved memory 
handling ...)
+       TODO: check
 CVE-2020-9858
        RESERVED
 CVE-2020-9857
@@ -12974,8 +12979,8 @@ CVE-2020-9076
        RESERVED
 CVE-2020-9075
        RESERVED
-CVE-2020-9074
-       RESERVED
+CVE-2020-9074 (Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an 
imprope ...)
+       TODO: check
 CVE-2020-9073 (Huawei P20 smartphones with versions earlier than 
10.0.0.156(C00E156R1 ...)
        NOT-FOR-US: Huawei
 CVE-2020-9072 (Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 
have a  ...)
@@ -15262,8 +15267,8 @@ CVE-2020-8105
        RESERVED
 CVE-2020-8104
        RESERVED
-CVE-2020-8103
-       RESERVED
+CVE-2020-8103 (A vulnerability in the improper handling of symbolic links in 
Bitdefen ...)
+       TODO: check
 CVE-2020-8102
        RESERVED
 CVE-2020-8101
@@ -21201,8 +21206,8 @@ CVE-2020-5593
        RESERVED
 CVE-2020-5592
        RESERVED
-CVE-2020-5591
-       RESERVED
+CVE-2020-5591 (XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 
1.7.0 to ...)
+       TODO: check
 CVE-2020-5590
        RESERVED
 CVE-2020-5589
@@ -24158,12 +24163,12 @@ CVE-2020-4452
        RESERVED
 CVE-2020-4451
        RESERVED
-CVE-2020-4450
-       RESERVED
-CVE-2020-4449
-       RESERVED
-CVE-2020-4448
-       RESERVED
+CVE-2020-4450 (IBM WebSphere Application Server 8.5 and 9.0 traditional could 
allow a ...)
+       TODO: check
+CVE-2020-4449 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 
traditional co ...)
+       TODO: check
+CVE-2020-4448 (IBM WebSphere Application Server Network Deployment 7.0, 8.0, 
8.5, and ...)
+       TODO: check
 CVE-2020-4447
        RESERVED
 CVE-2020-4446 (IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business 
Automa ...)
@@ -24600,8 +24605,8 @@ CVE-2020-4231 (IBM Security Identity Governance and 
Intelligence 5.2.6 could all
        NOT-FOR-US: IBM
 CVE-2020-4230 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 11.1 ...)
        NOT-FOR-US: IBM
-CVE-2020-4229
-       RESERVED
+CVE-2020-4229 (IBM Worklight/MobileFoundation 8.0.0.0 does not properly 
invalidate se ...)
+       TODO: check
 CVE-2020-4228
        RESERVED
 CVE-2020-4227
@@ -31601,8 +31606,8 @@ CVE-2019-19467
        RESERVED
 CVE-2020-1884
        RESERVED
-CVE-2020-1883
-       RESERVED
+CVE-2020-1883 (Huawei products NIP6800;Secospace USG6600;USG9500 have a memory 
leak v ...)
+       TODO: check
 CVE-2020-1882 (Huawei mobile phones Ever-L29B versions earlier than 
10.0.0.180(C185E6 ...)
        NOT-FOR-US: Huawei
 CVE-2020-1881 (NIP6800;Secospace USG6600;USG9500 products with versions of 
V500R001C3 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07d00f1e84b5a4a5799a2a662afa530f7d8e70ff

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07d00f1e84b5a4a5799a2a662afa530f7d8e70ff
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to