[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 31 Aug 2020 13:11:16 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
00e78ba1 by security tracker role at 2020-08-31T20:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-25042
+       RESERVED
+CVE-2020-25041
+       RESERVED
+CVE-2020-25040
+       RESERVED
+CVE-2020-25039
+       RESERVED
+CVE-2020-25038
+       RESERVED
+CVE-2020-25037
+       RESERVED
+CVE-2020-25036
+       RESERVED
+CVE-2020-25035
+       RESERVED
+CVE-2020-25034
+       RESERVED
 CVE-2020-25033 (The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 
1.3.1 for ...)
        TODO: check
 CVE-2020-25032 (An issue was discovered in Flask-CORS (aka CORS Middleware for 
Flask)  ...)
@@ -495,8 +513,8 @@ CVE-2020-24788
        RESERVED
 CVE-2020-24787
        RESERVED
-CVE-2020-24786
-       RESERVED
+CVE-2020-24786 (An issue was discovered in Zoho ManageEngine Exchange Reporter 
Plus be ...)
+       TODO: check
 CVE-2020-24785
        RESERVED
 CVE-2020-24784
@@ -669,8 +687,8 @@ CVE-2020-24701
        RESERVED
 CVE-2020-24700
        RESERVED
-CVE-2020-24699
-       RESERVED
+CVE-2020-24699 (The Chamber Dashboard Business Directory plugin 3.2.8 for 
WordPress al ...)
+       TODO: check
 CVE-2020-24698
        RESERVED
 CVE-2020-24697
@@ -1376,8 +1394,8 @@ CVE-2020-24365
        RESERVED
 CVE-2020-24364 (MineTime through 1.8.5 allows arbitrary command execution via 
the note ...)
        NOT-FOR-US: MineTime
-CVE-2020-24363
-       RESERVED
+CVE-2020-24363 (TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an 
unauthenticat ...)
+       TODO: check
 CVE-2016-11085 (php/qmn_options_questions_tab.php in the quiz-master-next 
plugin befor ...)
        NOT-FOR-US: Wordpress plugin
 CVE-2020-24362
@@ -1397,8 +1415,8 @@ CVE-2020-24356
        RESERVED
 CVE-2020-24355
        RESERVED
-CVE-2020-24354
-       RESERVED
+CVE-2020-24354 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and 
possibl ...)
+       TODO: check
 CVE-2020-24353
        RESERVED
 CVE-2020-24352
@@ -1904,8 +1922,8 @@ CVE-2020-24117
        RESERVED
 CVE-2020-24116
        RESERVED
-CVE-2020-24115
-       RESERVED
+CVE-2020-24115 (In projectworlds Online Book Store 1.0 Use of Hard-coded 
Credentials i ...)
+       TODO: check
 CVE-2020-24114
        RESERVED
 CVE-2020-24113
@@ -8878,14 +8896,14 @@ CVE-2020-20630
        RESERVED
 CVE-2020-20629
        RESERVED
-CVE-2020-20628
-       RESERVED
-CVE-2020-20627
-       RESERVED
-CVE-2020-20626
-       RESERVED
-CVE-2020-20625
-       RESERVED
+CVE-2020-20628 (controller/controller-comments.php in WP GDPR plugin through 
2.1.1 has ...)
+       TODO: check
+CVE-2020-20627 (The includes/gateways/stripe/includes/admin/admin-actions.php 
in GiveW ...)
+       TODO: check
+CVE-2020-20626 (lara-google-analytics.php in Lara Google Analytics plugin 
through 2.0. ...)
+       TODO: check
+CVE-2020-20625 (Sliced Invoices plugin for WordPress 3.8.2 and earlier allows 
unauthen ...)
+       TODO: check
 CVE-2020-20624
        RESERVED
 CVE-2020-20623
@@ -15230,8 +15248,8 @@ CVE-2020-17467
        RESERVED
 CVE-2020-17466 (Turcom TRCwifiZone through 2020-08-10 allows authentication 
bypass by  ...)
        NOT-FOR-US: Turcom TRCwifiZone
-CVE-2020-17465
-       RESERVED
+CVE-2020-17465 (Dashboards and progressiveProfileForms in ForgeRock Identity 
Manager b ...)
+       TODO: check
 CVE-2020-17464
        REJECTED
 CVE-2020-17463 (FUEL CMS 1.4.7 allows SQL Injection via the col parameter to 
/pages/it ...)
@@ -19097,8 +19115,8 @@ CVE-2020-15689 (Appweb before 7.2.2 and 8.x before 
8.1.0, when built with CGI su
        NOT-FOR-US: Appweb
 CVE-2020-15688 (The HTTP Digest Authentication in the GoAhead web server 
before 5.1.2  ...)
        NOT-FOR-US: Embedthis GoAhead
-CVE-2020-15687
-       RESERVED
+CVE-2020-15687 (Missing access control restrictions in the Hypervisor 
component of the ...)
+       TODO: check
 CVE-2019-20908 (An issue was discovered in drivers/firmware/efi/efi.c in the 
Linux ker ...)
        - linux 5.2.6-1
        [buster] - linux 4.19.132-1
@@ -19160,7 +19178,7 @@ CVE-2020-15670
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15670
 CVE-2020-15669
        RESERVED
-       {DSA-4754-1 DSA-4749-1 DLA-2346-1}
+       {DSA-4754-1 DSA-4749-1 DLA-2360-1 DLA-2346-1}
        - firefox-esr 68.12.0esr-1
        - thunderbird 1:68.12.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15669
@@ -19183,7 +19201,7 @@ CVE-2020-15665
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15665
 CVE-2020-15664
        RESERVED
-       {DSA-4754-1 DSA-4749-1 DLA-2346-1}
+       {DSA-4754-1 DSA-4749-1 DLA-2360-1 DLA-2346-1}
        - firefox 80.0-1
        - firefox-esr 68.12.0esr-1
        - thunderbird 1:68.12.0-1
@@ -20736,8 +20754,8 @@ CVE-2020-15022
        RESERVED
 CVE-2020-15021
        RESERVED
-CVE-2020-15020
-       RESERVED
+CVE-2020-15020 (An issue was discovered in the Elementor plugin through 2.9.13 
for Wor ...)
+       TODO: check
 CVE-2020-15019
        RESERVED
 CVE-2020-15018 (playSMS through 1.4.3 is vulnerable to session fixation. ...)
@@ -22504,8 +22522,7 @@ CVE-2020-14366
        RESERVED
 CVE-2020-14365
        RESERVED
-CVE-2020-14364 [usb: out-of-bounds r/w access issue]
-       RESERVED
+CVE-2020-14364 (An out-of-bounds read/write access flaw was found in the USB 
emulator  ...)
        - qemu <unfixed> (bug #968947)
        NOTE: https://xenbits.xen.org/xsa/advisory-335.html
        NOTE: https://www.openwall.com/lists/oss-security/2020/08/24/3
@@ -23972,8 +23989,8 @@ CVE-2020-13830 (An issue was discovered on Samsung 
mobile devices with P(9.0) so
        NOT-FOR-US: Samsung mobile devices
 CVE-2020-13829 (An issue was discovered on Samsung mobile devices with P(9.0) 
and Q(10 ...)
        NOT-FOR-US: Samsung mobile devices
-CVE-2020-13828
-       RESERVED
+CVE-2020-13828 (Dolibarr 11.0.4 is affected by multiple stored Cross-Site 
Scripting (X ...)
+       TODO: check
 CVE-2020-13827 (phpList before 3.5.4 allows XSS via /lists/admin/user.php and 
/lists/a ...)
        - phplist <itp> (bug #612288)
 CVE-2020-13826 (A CSV injection (aka Excel Macro Injection or Formula 
Injection) issue ...)
@@ -24499,8 +24516,8 @@ CVE-2020-13657 (An elevation of privilege vulnerability 
exists in Avast Free Ant
        NOT-FOR-US: Avast
 CVE-2020-13656 (In Morgan Stanley Hobbes through 2020-05-21, the array 
implementation  ...)
        NOT-FOR-US: Hobbes
-CVE-2020-13655
-       RESERVED
+CVE-2020-13655 (An issue was discovered in Collabtive 3.0 and later. 
managefile.php is ...)
+       TODO: check
 CVE-2020-13654
        RESERVED
 CVE-2020-13653 (An XSS vulnerability exists in the Webmail component of Zimbra 
Collabo ...)
@@ -24663,12 +24680,12 @@ CVE-2020-13596 (An issue was discovered in Django 2.2 
before 2.2.13 and 3.0 befo
        NOTE: 
https://github.com/django/django/commit/49d7cc19e33a104bb23f7ae1dbb1240b4f6c40f9
 (3.1 branch)
        NOTE: 
https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38
 (3.0 branch)
        NOTE: 
https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815
 (2.2. branch)
-CVE-2020-13595
-       RESERVED
-CVE-2020-13594
-       RESERVED
-CVE-2020-13593
-       RESERVED
+CVE-2020-13595 (The Bluetooth Low Energy (BLE) controller implementation in 
Espressif  ...)
+       TODO: check
+CVE-2020-13594 (The Bluetooth Low Energy (BLE) controller implementation in 
Espressif  ...)
+       TODO: check
+CVE-2020-13593 (The Bluetooth Low Energy Secure Manager Protocol (SMP) 
implementation  ...)
+       TODO: check
 CVE-2020-13662 [Drupal SA 2020-003]
        RESERVED
        {DSA-4693-1 DLA-2250-1}
@@ -24915,26 +24932,26 @@ CVE-2020-13474
        RESERVED
 CVE-2020-13473
        RESERVED
-CVE-2020-13472
-       RESERVED
-CVE-2020-13471
-       RESERVED
-CVE-2020-13470
-       RESERVED
-CVE-2020-13469
-       RESERVED
-CVE-2020-13468
-       RESERVED
-CVE-2020-13467
-       RESERVED
-CVE-2020-13466
-       RESERVED
-CVE-2020-13465
-       RESERVED
-CVE-2020-13464
-       RESERVED
-CVE-2020-13463
-       RESERVED
+CVE-2020-13472 (The flash memory readout protection in Gigadevice GD32F103 
devices all ...)
+       TODO: check
+CVE-2020-13471 (Apex Microelectronics APM32F103 devices allow physical 
attackers to ex ...)
+       TODO: check
+CVE-2020-13470 (Gigadevice GD32F103 and GD32F130 devices allow physical 
attackers to e ...)
+       TODO: check
+CVE-2020-13469 (The flash memory readout protection in Gigadevice GD32VF103 
devices al ...)
+       TODO: check
+CVE-2020-13468 (Gigadevice GD32F130 devices allow physical attackers to 
escalate their ...)
+       TODO: check
+CVE-2020-13467 (The flash memory readout protection in China Key Systems &amp; 
Integra ...)
+       TODO: check
+CVE-2020-13466 (STMicroelectronics STM32F103 devices through 2020-05-20 allow 
physical ...)
+       TODO: check
+CVE-2020-13465 (The security protection in Gigadevice GD32F103 devices allows 
physical ...)
+       TODO: check
+CVE-2020-13464 (The flash memory readout protection in China Key Systems &amp; 
Integra ...)
+       TODO: check
+CVE-2020-13463 (The flash memory readout protection in Apex Microelectronics 
APM32F103 ...)
+       TODO: check
 CVE-2020-13462
        RESERVED
 CVE-2020-13461
@@ -26441,8 +26458,7 @@ CVE-2020-12831 (** DISPUTED ** An issue was discovered 
in FRRouting FRR (aka Fre
        NOTE: 
https://github.com/FRRouting/frr/commit/7734484a378052a513c9e21165c13bf85f78ad48
 CVE-2020-12830
        RESERVED
-CVE-2020-12829
-       RESERVED
+CVE-2020-12829 (In QEMU through 5.0.0, an integer overflow was found in the 
SM501 disp ...)
        - qemu 1:5.0-12 (low; bug #961451)
        [buster] - qemu <no-dsa> (Minor issue)
        [stretch] - qemu <no-dsa> (Minor issue)
@@ -26999,14 +27015,14 @@ CVE-2020-12648 (A cross-site scripting (XSS) 
vulnerability in TinyMCE 5.2.1 and
        NOTE: https://labs.bishopfox.com/advisories/tinymce-version-5.2.1
 CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 
59.1a.9, and 6 ...)
        NOT-FOR-US: Unisys ALGOL Compiler
-CVE-2020-12646
-       RESERVED
-CVE-2020-12645
-       RESERVED
-CVE-2020-12644
-       RESERVED
-CVE-2020-12643
-       RESERVED
+CVE-2020-12646 (OX App Suite 7.10.3 and earlier allows XSS via 
text/x-javascript, text ...)
+       TODO: check
+CVE-2020-12645 (OX App Suite 7.10.1 to 7.10.3 has improper input validation 
for rate l ...)
+       TODO: check
+CVE-2020-12644 (OX App Suite 7.10.3 and earlier allows SSRF, related to the 
mail accou ...)
+       TODO: check
+CVE-2020-12643 (OX App Suite 7.10.3 and earlier has Incorrect Access Control 
via an /a ...)
+       TODO: check
 CVE-2020-12642 (An issue was discovered in service-api before 4.3.12 and 5.x 
before 5. ...)
        NOT-FOR-US: Report Portal
 CVE-2020-12641 (rcube_image.php in Roundcube Webmail before 1.4.4 allows 
attackers to  ...)
@@ -28648,6 +28664,7 @@ CVE-2020-11995
 CVE-2020-11994 (Server-Side Template Injection and arbitrary file disclosure 
on Camel  ...)
        NOT-FOR-US: Apache Camel
 CVE-2020-11993 (Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug 
was enab ...)
+       {DSA-4757-1}
        - apache2 2.4.46-1
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993
        NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/3
@@ -28683,6 +28700,7 @@ CVE-2020-11985 (IP address spoofing when proxying using 
mod_remoteip and mod_rew
        NOTE: Upstream patch: https://svn.apache.org/r1688399
        NOTE: 
https://github.com/apache/httpd/commit/dd6c959b3625048ee15ba4ad72e6cb7bcaf91020
 CVE-2020-11984 (Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info 
disclosure an ...)
+       {DSA-4757-1}
        - apache2 2.4.46-1
        [stretch] - apache2 <not-affected> (Vulnerable code not present)
        - uwsgi <unfixed> (unimportant)
@@ -30556,10 +30574,10 @@ CVE-2020-11619 (FasterXML jackson-databind 2.x before 
2.9.10.4 mishandles the in
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2680
        NOTE: Starting from 2.10 series mitigated as Safe Default Typing is 
enabled by default
        NOTE: but still an issue when Default Typing is enabled.
-CVE-2020-11618
-       RESERVED
-CVE-2020-11617
-       RESERVED
+CVE-2020-11618 (THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 
set-top b ...)
+       TODO: check
+CVE-2020-11617 (The RSS application on THOMSON THT741FTA 2.2.1 and Philips 
DTR3502BFTA ...)
+       TODO: check
 CVE-2020-11616
        RESERVED
 CVE-2020-11615
@@ -36441,6 +36459,7 @@ CVE-2020-9492
 CVE-2020-9491
        RESERVED
 CVE-2020-9490 (Apache HTTP Server versions 2.4.20 to 2.4.43. A specially 
crafted valu ...)
+       {DSA-4757-1}
        - apache2 2.4.46-1
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490
        NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/4
@@ -41282,20 +41301,20 @@ CVE-2020-7529
        RESERVED
 CVE-2020-7528
        RESERVED
-CVE-2020-7527
-       RESERVED
-CVE-2020-7526
-       RESERVED
-CVE-2020-7525
-       RESERVED
-CVE-2020-7524
-       RESERVED
-CVE-2020-7523
-       RESERVED
-CVE-2020-7522
-       RESERVED
-CVE-2020-7521
-       RESERVED
+CVE-2020-7527 (Incorrect Default Permission vulnerability exists in SoMove 
(V2.8.1) a ...)
+       TODO: check
+CVE-2020-7526 (Improper Input Validation vulnerability exists in PowerChute 
Business  ...)
+       TODO: check
+CVE-2020-7525 (Improper Restriction of Excessive Authentication Attempts 
vulnerabilit ...)
+       TODO: check
+CVE-2020-7524 (Out-of-bounds Write vulnerability exists in Modicon M218 Logic 
Control ...)
+       TODO: check
+CVE-2020-7523 (Improper Privilege Management vulnerability exists in Schneider 
Electr ...)
+       TODO: check
+CVE-2020-7522 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+       TODO: check
+CVE-2020-7521 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+       TODO: check
 CVE-2020-7520 (A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') 
vulnera ...)
        NOT-FOR-US: Schneider
 CVE-2020-7519 (A CWE-521: Weak Password Requirements vulnerability exists in 
Easergy  ...)
@@ -46513,8 +46532,8 @@ CVE-2020-5421
        RESERVED
 CVE-2020-5420
        RESERVED
-CVE-2020-5419
-       RESERVED
+CVE-2020-5419 (RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a 
Windows-specific ...)
+       TODO: check
 CVE-2020-5418
        RESERVED
 CVE-2020-5417 (Cloud Foundry CAPI (Cloud Controller), versions prior to 
1.97.0, when  ...)
@@ -48996,8 +49015,8 @@ CVE-2020-4494 (IBM Spectrum Protect Client 8.1.7.0 
through 8.1.9.1 (Linux and Wi
        NOT-FOR-US: IBM
 CVE-2020-4493
        RESERVED
-CVE-2020-4492
-       RESERVED
+CVE-2020-4492 (IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 
through V4.2 ...)
+       TODO: check
 CVE-2020-4491
        RESERVED
 CVE-2020-4490 (IBM Business Automation Workflow 18 and 19, and IBM Business 
Process M ...)
@@ -55720,8 +55739,8 @@ CVE-2020-2077 (SICK Package Analytics software up to 
and including version V04.0
        NOT-FOR-US: SICK
 CVE-2020-2076 (SICK Package Analytics software up to and including version 
V04.0.0 ar ...)
        NOT-FOR-US: SICK
-CVE-2020-2075
-       RESERVED
+CVE-2020-2075 (Platform mechanism AutoIP allows remote attackers to reboot the 
device ...)
+       TODO: check
 CVE-2020-2074
        RESERVED
 CVE-2020-2073
@@ -56340,6 +56359,7 @@ CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30, 
8.5.0 to 8.5.50 and 7.0.0 to
        NOTE: 
https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56
 (8.5.51)
        NOTE: 
https://github.com/apache/tomcat/commit/702bf15bea292915684d931526d95d4990b2e73d
 (7.0.100)
 CVE-2020-1934 (In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use 
uninitial ...)
+       {DSA-4757-1}
        - apache2 2.4.43-1 (low)
        [stretch] - apache2 <no-dsa> (Minor issue)
        [jessie] - apache2 <ignored> (Minor issue)
@@ -56366,6 +56386,7 @@ CVE-2020-1929 (The Apache Beam MongoDB connector in 
versions 2.10.0 to 2.16.0 ha
 CVE-2020-1928 (An information disclosure vulnerability was found in Apache 
NiFi 1.10. ...)
        NOT-FOR-US: Apache NiFi
 CVE-2020-1927 (In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured 
with mod_r ...)
+       {DSA-4757-1}
        - apache2 2.4.43-1 (low)
        [stretch] - apache2 <no-dsa> (Minor issue)
        [jessie] - apache2 <ignored> (Minor issue)
@@ -200050,7 +200071,7 @@ CVE-2017-7878 (SQL Injection vulnerability in 
flatCore version 1.4.6 allows an a
        NOT-FOR-US: flatCore
 CVE-2017-7877 (CSRF vulnerability in flatCore version 1.4.6 allows remote 
attackers t ...)
        NOT-FOR-US: flatCore
-CVE-2017-7876 (QNAP QTS before 4.2.6 build 20170517 allows command injection. 
...)
+CVE-2017-7876 (This command injection vulnerability in authLogout.cgi allows 
attacker ...)
        NOT-FOR-US: QNAP QTS
 CVE-2017-7875 (In wallpaper.c in feh before v2.18.3, if a malicious client 
pretends t ...)
        {DLA-2219-1 DLA-899-1}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00e78ba19cd1558519f8c6a8adcdb62a51577118

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00e78ba19cd1558519f8c6a8adcdb62a51577118
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to