Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 10eea197 by security tracker role at 2020-05-19T20:10:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,9 @@ +CVE-2020-13165 + RESERVED +CVE-2020-13164 + RESERVED +CVE-2020-13163 + RESERVED CVE-2020-13162 RESERVED CVE-2020-13161 @@ -851,7 +857,7 @@ CVE-2020-12769 (An issue was discovered in the Linux kernel before 5.4.17. drive - linux 5.4.19-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/19b61392c5a852b4e8a0bf35aecb969983c5932d (5.5-rc6) -CVE-2020-12768 (An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit ...) +CVE-2020-12768 (** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. ...) - linux 5.6.7-1 (unimportant) NOTE: https://git.kernel.org/linus/d80b64ff297e40c2b6f7d7abc1b3eba70d22a068 (5.6-rc4) CVE-2020-12766 (Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via t ...) @@ -1092,8 +1098,7 @@ CVE-2020-12669 (core/get_menudiv.php in Dolibarr before 11.0.4 allows remote aut - dolibarr <removed> CVE-2020-12668 RESERVED -CVE-2020-12667 - RESERVED +CVE-2020-12667 (Knot Resolver before 5.1.1 allows traffic amplification via a crafted ...) - knot-resolver <unfixed> NOTE: https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/ CVE-2020-12666 (macaron before 1.3.7 has an open redirect in the static handler, as de ...) @@ -1102,13 +1107,11 @@ CVE-2020-12665 RESERVED CVE-2020-12664 RESERVED -CVE-2020-12663 - RESERVED +CVE-2020-12663 (Unbound before 1.10.1 has an infinite loop via malformed DNS answers r ...) - unbound 1.10.1-1 NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff -CVE-2020-12662 - RESERVED +CVE-2020-12662 (Unbound before 1.10.1 has Insufficient Control of Network Message Volu ...) - unbound 1.10.1-1 NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff @@ -1603,7 +1606,7 @@ CVE-2020-12442 (Ivanti Avalanche 6.3 allows a SQL injection that is vaguely asso NOT-FOR-US: Ivanti CVE-2020-12441 RESERVED -CVE-2020-12440 (NGINX through 1.18.0 allows an HTTP request smuggling attack that can ...) +CVE-2020-12440 (** DISPUTED ** NGINX through 1.18.0 allows an HTTP request smuggling a ...) TODO: check CVE-2020-12439 (Grin before 3.1.0 allows attackers to adversely affect availability of ...) NOT-FOR-US: Grin @@ -2131,8 +2134,7 @@ CVE-2020-12246 (Beeline Smart Box 2.0.38 routers allow "Advanced settings > O CVE-2020-12245 (Grafana before 6.7.3 allows table-panel XSS via column.title or cellLi ...) - grafana <removed> NOTE: https://github.com/grafana/grafana/pull/23816 -CVE-2020-12244 - RESERVED +CVE-2020-12244 (An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where ...) - pdns-recursor 4.3.1-1 NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3 @@ -3653,8 +3655,8 @@ CVE-2020-11847 RESERVED CVE-2020-11846 RESERVED -CVE-2020-11845 - RESERVED +CVE-2020-11845 (Cross Site Scripting vulnerability in Micro Focus Service Manager prod ...) + TODO: check CVE-2020-11844 RESERVED CVE-2020-11843 @@ -3733,8 +3735,8 @@ CVE-2020-11809 RESERVED CVE-2020-11808 RESERVED -CVE-2020-11807 - RESERVED +CVE-2020-11807 (Because of Unrestricted Upload of a File with a Dangerous Type, Source ...) + TODO: check CVE-2020-11806 (In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through ...) NOT-FOR-US: MailStore Outlook Add-in CVE-2020-11805 @@ -4262,8 +4264,8 @@ CVE-2020-11717 RESERVED CVE-2020-11716 RESERVED -CVE-2020-11715 - RESERVED +CVE-2020-11715 (Panasonic P99 devices through 2020-04-10 have Incorrect Access Control ...) + TODO: check CVE-2020-11714 (eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Loc ...) NOT-FOR-US: eten PSG-6528VM 1.1 devices CVE-2020-11713 (wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does n ...) @@ -6256,8 +6258,7 @@ CVE-2020-10997 (Percona XtraBackup before 2.4.20 unintentionally writes the comm NOTE: https://www.percona.com/blog/2020/04/16/cve-2020-10997-percona-xtrabackup-information-disclosure-of-command-line-arguments/ CVE-2020-10996 (An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41. ...) NOT-FOR-US: Percona XtraDB Cluster -CVE-2020-10995 - RESERVED +CVE-2020-10995 (PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not suffic ...) - pdns-recursor 4.3.1-1 NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3 @@ -7178,18 +7179,15 @@ CVE-2020-10725 - dpdk 19.11.2-1 (bug #960936) [buster] - dpdk <not-affected> (Vulnerable code not present) [stretch] - dpdk <not-affected> (Vulnerable code not present) -CVE-2020-10724 - RESERVED +CVE-2020-10724 (A vulnerability was found in DPDK versions 18.11 and above. The vhost- ...) - dpdk 19.11.2-1 (bug #960936) [buster] - dpdk 18.11.6-1~deb10u2 [stretch] - dpdk <not-affected> (Vulnerable code not present) -CVE-2020-10723 - RESERVED +CVE-2020-10723 (A memory corruption issue was found in DPDK versions 17.05 and above. ...) - dpdk 19.11.2-1 (bug #960936) [buster] - dpdk 18.11.6-1~deb10u2 [stretch] - dpdk <not-affected> (Vulnerable code not present) -CVE-2020-10722 - RESERVED +CVE-2020-10722 (A vulnerability was found in DPDK versions 18.05 and above. A missing ...) {DSA-4688-1} - dpdk 19.11.2-1 (bug #960936) CVE-2020-10721 @@ -8629,10 +8627,10 @@ CVE-2020-10137 RESERVED CVE-2020-10136 RESERVED -CVE-2020-10135 - RESERVED -CVE-2020-10134 - RESERVED +CVE-2020-10135 (Legacy pairing and secure-connections pairing authentication in Blueto ...) + TODO: check +CVE-2020-10134 (Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthe ...) + TODO: check CVE-2020-10133 RESERVED CVE-2020-10132 @@ -8902,8 +8900,7 @@ CVE-2020-10032 RESERVED CVE-2020-10031 RESERVED -CVE-2020-10030 - RESERVED +CVE-2020-10030 (An issue has been found in PowerDNS Recursor 4.1.0 up to and including ...) - pdns-recursor 4.3.1-1 NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-03.html NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3 @@ -12142,13 +12139,13 @@ CVE-2020-8619 RESERVED CVE-2020-8618 RESERVED -CVE-2020-8617 - RESERVED +CVE-2020-8617 (Using a specially-crafted message, an attacker may potentially cause a ...) + {DSA-4689-1} - bind9 <unfixed> NOTE: https://kb.isc.org/docs/cve-2020-8617 NOTE: https://kb.isc.org/docs/cve-2020-8617-faq-and-supplemental-information -CVE-2020-8616 - RESERVED +CVE-2020-8616 (A malicious actor who intentionally exploits this lack of effective li ...) + {DSA-4689-1} - bind9 <unfixed> NOTE: https://kb.isc.org/docs/cve-2020-8616 CVE-2020-8615 (A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPres ...) @@ -12581,8 +12578,8 @@ CVE-2020-8436 (XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for Wo NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-8435 (An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for Wo ...) NOT-FOR-US: RegistrationMagic plugin for WordPress -CVE-2020-8434 - RESERVED +CVE-2020-8434 (Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 ...) + TODO: check CVE-2020-8433 RESERVED CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length ...) @@ -13478,8 +13475,8 @@ CVE-2020-8023 RESERVED CVE-2020-8022 RESERVED -CVE-2020-8021 - RESERVED +CVE-2020-8021 (a Improper Access Control vulnerability in of Open Build Service allow ...) + TODO: check CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation vulnerab ...) TODO: check CVE-2020-8019 @@ -16008,8 +16005,8 @@ CVE-2020-6958 (An XXE vulnerability in JnlpSupport in Yet Another Java Service W NOT-FOR-US: Yet Another Java Service Wrapper (YAJSW) CVE-2020-6957 RESERVED -CVE-2020-6956 - RESERVED +CVE-2020-6956 (PCS DEXICON 3.4.1 allows XSS via the loginName parameter in login_acti ...) + TODO: check CVE-2020-6955 (An issue was discovered on Cayin SMP-PRO4 devices. They allow image_pr ...) NOT-FOR-US: Cayin SMP-PRO4 devices CVE-2020-6954 (An issue was discovered on Cayin SMP-PRO4 devices. A user can discover ...) @@ -22221,10 +22218,10 @@ CVE-2020-4414 RESERVED CVE-2020-4413 RESERVED -CVE-2020-4412 - RESERVED -CVE-2020-4411 - RESERVED +CVE-2020-4412 (The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4. ...) + TODO: check +CVE-2020-4411 (The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4. ...) + TODO: check CVE-2020-4410 RESERVED CVE-2020-4409 @@ -22449,8 +22446,8 @@ CVE-2020-4300 RESERVED CVE-2020-4299 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 c ...) NOT-FOR-US: IBM -CVE-2020-4298 - RESERVED +CVE-2020-4298 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...) + TODO: check CVE-2020-4297 RESERVED CVE-2020-4296 @@ -22473,8 +22470,8 @@ CVE-2020-4288 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote at NOT-FOR-US: IBM CVE-2020-4287 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM -CVE-2020-4286 - RESERVED +CVE-2020-4286 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...) + TODO: check CVE-2020-4285 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4284 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) @@ -30389,8 +30386,7 @@ CVE-2020-1697 (It was found in all keycloak versions before 9.0.0 that links to CVE-2020-1696 (A flaw was found in the all pki-core 10.x.x versions, where Token Proc ...) - dogtag-pki <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780707 -CVE-2020-1695 - RESERVED +CVE-2020-1695 (A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final ...) - resteasy <undetermined> - resteasy3.0 <undetermined> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1730462 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10eea1975800bb8aab8ebf3d314b4d234d380c24 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10eea1975800bb8aab8ebf3d314b4d234d380c24 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits