Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ab4e6615 by security tracker role at 2020-05-18T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,39 @@
-CVE-2020-13143 [USB: gadget: fix illegal array access in binding with UDC]
+CVE-2020-13146 (Studio in Open edX Ironwood 2.5 allows CSV injection because
an added ...)
+ TODO: check
+CVE-2020-13145 (Studio in Open edX Ironwood 2.5 allows users to upload SVG
files via t ...)
+ TODO: check
+CVE-2020-13144 (Studio in Open edX Ironwood 2.5, when CodeJail is not used,
allows a u ...)
+ TODO: check
+CVE-2020-13142
+ RESERVED
+CVE-2020-13141
+ RESERVED
+CVE-2020-13140
+ RESERVED
+CVE-2020-13139
+ RESERVED
+CVE-2020-13138
+ RESERVED
+CVE-2020-13137
+ RESERVED
+CVE-2020-13136 (D-Link DSP-W215 1.26b03 devices send an obfuscated hash that
can be re ...)
+ TODO: check
+CVE-2020-13135 (D-Link DSP-W215 1.26b03 devices allow information disclosure
by interc ...)
+ TODO: check
+CVE-2020-13134
+ RESERVED
+CVE-2020-13133
+ RESERVED
+CVE-2020-13132
+ RESERVED
+CVE-2020-13131
+ RESERVED
+CVE-2020-13143 (gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in
the Linu ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/15753588bcd4bbffae1cca33c8ced5722477fe1f
CVE-2020-13130
RESERVED
-CVE-2020-13129 (An issue was discovered in the stashcat app through 3.9.1 for
macOS. T ...)
+CVE-2020-13129 (An issue was discovered in the stashcat app through 3.9.1 for
macOS, W ...)
NOT-FOR-US: stashcat app for MacOS
CVE-2020-13128 (An issue was discovered in Manolo GWTUpload 1.0.3.
server/UploadServle ...)
NOT-FOR-US: Manolo GWTUpload
@@ -92,9 +122,9 @@ CVE-2020-13094
RESERVED
CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory
traversal. ...)
NOT-FOR-US: iSpyConnect.com Agent DVR
-CVE-2020-13092 (scikit-learn (aka sklearn) through 0.23.0 can unserialize and
execute ...)
+CVE-2020-13092 (** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can
unseriali ...)
- scikit-learn <unfixed> (unimportant)
-CVE-2020-13091 (pandas through 1.0.3 can unserialize and execute commands from
an untr ...)
+CVE-2020-13091 (** DISPUTED ** pandas through 1.0.3 can unserialize and
execute comman ...)
- pandas <unfixed> (unimportant)
CVE-2020-13090
RESERVED
@@ -693,8 +723,8 @@ CVE-2020-12803
RESERVED
CVE-2020-12802
RESERVED
-CVE-2020-12801
- RESERVED
+CVE-2020-12801 (If LibreOffice has an encrypted document open and crashes,
that docume ...)
+ TODO: check
CVE-2020-12800
RESERVED
CVE-2020-12799
@@ -2024,16 +2054,16 @@ CVE-2020-12261 (Open-AudIT 3.3.0 allows an XSS attack
after login. ...)
NOT-FOR-US: Open-AudIT
CVE-2020-12260
RESERVED
-CVE-2020-12259
- RESERVED
-CVE-2020-12258
- RESERVED
-CVE-2020-12257
- RESERVED
-CVE-2020-12256
- RESERVED
-CVE-2020-12255
- RESERVED
+CVE-2020-12259 (rConfig 3.9.4 is vulnerable to reflected XSS. The
configDevice.php fil ...)
+ TODO: check
+CVE-2020-12258 (rConfig 3.9.4 is vulnerable to session fixation because
session expiry ...)
+ TODO: check
+CVE-2020-12257 (rConfig 3.9.4 is vulnerable to cross-site request forgery
(CSRF) becau ...)
+ TODO: check
+CVE-2020-12256 (rConfig 3.9.4 is vulnerable to reflected XSS. The
devicemgmnt.php file ...)
+ TODO: check
+CVE-2020-12255 (rConfig 3.9.4 is vulnerable to remote code execution due to
improper v ...)
+ TODO: check
CVE-2020-12254 (Avira Antivirus before 5.0.2003.1821 on Windows allows
privilege escal ...)
NOT-FOR-US: Avira Antivirus
CVE-2019-20789 (Croogo before 3.0.7 allows XSS via the title to
admin/menus/menus or a ...)
@@ -4885,12 +4915,12 @@ CVE-2020-11553 (An issue was discovered in Castle Rock
SNMPc Online 12.10.10 bef
NOT-FOR-US: Castle Rock SNMPc
CVE-2020-11552
RESERVED
-CVE-2020-11551
- RESERVED
-CVE-2020-11550
- RESERVED
-CVE-2020-11549
- RESERVED
+CVE-2020-11551 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi
Add-on ...)
+ TODO: check
+CVE-2020-11550 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi
Add-on ...)
+ TODO: check
+CVE-2020-11549 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi
Add-on ...)
+ TODO: check
CVE-2020-11548 (The Search Meter plugin through 2.13.2 for WordPress allows
user input ...)
NOT-FOR-US: Search Meter plugin for WordPress
CVE-2020-11547 (PRTG Network Monitor before 20.1.57.1745 allows remote
unauthenticated ...)
@@ -6261,8 +6291,7 @@ CVE-2020-10968 (FasterXML jackson-databind 2.x before
2.9.10.4 mishandles the in
NOTE: https://github.com/FasterXML/jackson-databind/issues/2662
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
NOTE: but still an issue when Default Typing is enabled.
-CVE-2020-10967
- RESERVED
+CVE-2020-10967 (In Dovecot before 2.3.10.1, remote unauthenticated attackers
can crash ...)
- dovecot <unfixed> (bug #960963)
[stretch] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
[jessie] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
@@ -6294,14 +6323,12 @@ CVE-2020-10959 [mediawiki: User content can redirect
the logout button to differ
- mediawiki <not-affected> (Vulnerable code introduced later)
NOTE: https://phabricator.wikimedia.org/T232932
NOTE:
https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html
-CVE-2020-10958
- RESERVED
+CVE-2020-10958 (In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message
triggers an un ...)
- dovecot <unfixed> (bug #960963)
[stretch] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
[jessie] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1
-CVE-2020-10957
- RESERVED
+CVE-2020-10957 (In Dovecot before 2.3.10.1, unauthenticated sending of
malformed param ...)
- dovecot <unfixed> (bug #960963)
[stretch] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
[jessie] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
@@ -7109,6 +7136,7 @@ CVE-2020-10723
[stretch] - dpdk <not-affected> (Vulnerable code not present)
CVE-2020-10722
RESERVED
+ {DSA-4688-1}
- dpdk 19.11.2-1 (bug #960936)
CVE-2020-10721
RESERVED
@@ -9884,8 +9912,8 @@ CVE-2020-9526
RESERVED
CVE-2020-9525
RESERVED
-CVE-2020-9524
- RESERVED
+CVE-2020-9524 (Cross Site scripting vulnerability on Micro Focus Enterprise
Server an ...)
+ TODO: check
CVE-2020-9523 (Insufficiently protected credentials vulnerability on Micro
Focus ente ...)
NOT-FOR-US: Micro Focus
CVE-2020-9522
@@ -13360,10 +13388,10 @@ CVE-2020-8037
RESERVED
CVE-2020-8036
RESERVED
-CVE-2020-8035
- RESERVED
-CVE-2020-8034
- RESERVED
+CVE-2020-8035 (The image view functionality in Horde Groupware Webmail Edition
before ...)
+ TODO: check
+CVE-2020-8034 (Gollem before 3.0.13, as used in Horde Groupware Webmail
Edition 5.2.2 ...)
+ TODO: check
CVE-2020-8033 (Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp
Device Nam ...)
NOT-FOR-US: Ruckus
CVE-2020-8032
@@ -18042,10 +18070,10 @@ CVE-2020-6095 (An exploitable denial of service
vulnerability exists in the GstR
NOTE:
https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a
CVE-2020-6094 (An exploitable code execution vulnerability exists in the TIFF
fillinr ...)
NOT-FOR-US: Accusoft ImageGear
-CVE-2020-6093
- RESERVED
-CVE-2020-6092
- RESERVED
+CVE-2020-6093 (An exploitable information disclosure vulnerability exists in
the way ...)
+ TODO: check
+CVE-2020-6092 (An exploitable code execution vulnerability exists in the way
Nitro Pr ...)
+ TODO: check
CVE-2020-6091
RESERVED
CVE-2020-6090
@@ -18104,8 +18132,8 @@ CVE-2020-6076 (An exploitable out-of-bounds write
vulnerability exists in the ig
NOT-FOR-US: Accusoft
CVE-2020-6075 (An exploitable out-of-bounds write vulnerability exists in the
store_d ...)
NOT-FOR-US: Accusoft
-CVE-2020-6074
- RESERVED
+CVE-2020-6074 (An exploitable code execution vulnerability exists in the PDF
parser o ...)
+ TODO: check
CVE-2020-6073 (An exploitable denial-of-service vulnerability exists in the
TXT recor ...)
{DSA-4671-1}
- libmicrodns <removed>
@@ -29708,12 +29736,12 @@ CVE-2019-19458 (SALTO ProAccess SPACE 5.4.3.0 allows
Directory Traversal in the
NOT-FOR-US: SALTO ProAccess SPACE
CVE-2019-19457 (SALTO ProAccess SPACE 5.4.3.0 allows XSS. ...)
NOT-FOR-US: SALTO ProAccess SPACE
-CVE-2019-19456
- RESERVED
+CVE-2019-19456 (A Reflected XSS was found in the server selection box inside
the login ...)
+ TODO: check
CVE-2019-19455
RESERVED
-CVE-2019-19454
- RESERVED
+CVE-2019-19454 (An arbitrary file download was found in the "Download Log"
functionali ...)
+ TODO: check
CVE-2019-19453
RESERVED
CVE-2019-19452 (A buffer overflow was found in Patriot Viper RGB through 1.1
when proc ...)
@@ -70246,10 +70274,10 @@ CVE-2019-7282 (In NetKit through 0.17, rcp.c in the
rcp client allows remote rsh
[jessie] - netkit-rsh <no-dsa> (Minor issue)
CVE-2019-7248
RESERVED
-CVE-2019-7247
- RESERVED
-CVE-2019-7246
- RESERVED
+CVE-2019-7247 (An issue was discovered in AODDriver2.sys in AMD OverDrive. The
vulner ...)
+ TODO: check
+CVE-2019-7246 (An issue was discovered in atillk64.sys in AMD ATI Diagnostics
Hardwar ...)
+ TODO: check
CVE-2019-7245 (An issue was discovered in GPU-Z.sys in TechPowerUp GPU-Z
before 2.23. ...)
NOT-FOR-US: TechPowerUp GPU-Z
CVE-2019-7244 (An issue was discovered in kerneld.sys in AIDA64 before 5.99.
The vuln ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab4e6615ef881060abd06ee458d97a47a6242e44
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab4e6615ef881060abd06ee458d97a47a6242e44
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
