[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Apr 9 09:10:35 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b9633bbf by security tracker role at 2020-04-09T08:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2020-11657
+	RESERVED
+CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...)
+	TODO: check
+CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of service (s ...)
+	TODO: check
+CVE-2020-11654
+	RESERVED
+CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6 ...)
+	TODO: check
+CVE-2020-11652
+	RESERVED
+CVE-2020-11651
+	RESERVED
+CVE-2020-11650 (An issue was discovered in iXsystems FreeNAS 11.2 and 11.3 before 11.3 ...)
+	TODO: check
+CVE-2020-11649
+	RESERVED
+CVE-2020-11648
+	RESERVED
+CVE-2020-11647
+	RESERVED
+CVE-2019-20637 (An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6 ...)
+	TODO: check
 CVE-2020-11646
 	RESERVED
 CVE-2020-11645
@@ -6878,12 +6902,12 @@ CVE-2020-8830
 	RESERVED
 CVE-2020-8829
 	RESERVED
-CVE-2020-8828
-	RESERVED
-CVE-2020-8827
-	RESERVED
-CVE-2020-8826
-	RESERVED
+CVE-2020-8828 (As of v1.5.0, the default admin password is set to the argocd-server p ...)
+	TODO: check
+CVE-2020-8827 (As of v1.5.0, the Argo API does not implement anti-automation measures ...)
+	TODO: check
+CVE-2020-8826 (As of v1.5.0, the Argo web interface authentication system issued immu ...)
+	TODO: check
 CVE-2020-8825 (index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows store ...)
 	NOT-FOR-US: Vanilla Forums
 CVE-2020-8824 (Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name ...)
@@ -21960,8 +21984,7 @@ CVE-2020-2734
 	RESERVED
 CVE-2020-2733
 	RESERVED
-CVE-2020-2732 [kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources]
-	RESERVED
+CVE-2020-2732 (A flaw was discovered in the way that the KVM hypervisor handled instr ...)
 	- linux 5.5.13-1
 	NOTE: https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec
 	NOTE: https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c
@@ -24385,8 +24408,8 @@ CVE-2020-1887 (Incorrect validation of the TLS SNI hostname in osquery versions
 	- osquery <itp> (bug #803502)
 CVE-2020-1886
 	RESERVED
-CVE-2020-1885
-	RESERVED
+CVE-2020-1885 (Writing to an unprivileged file from a privileged OVRRedir.exe process ...)
+	TODO: check
 CVE-2019-19512
 	RESERVED
 CVE-2019-19511
@@ -27014,21 +27037,17 @@ CVE-2020-1641
 	RESERVED
 CVE-2020-1640
 	RESERVED
-CVE-2020-1639
-	RESERVED
+CVE-2020-1639 (When an attacker sends a specific crafted Ethernet Operation, Administ ...)
 	NOT-FOR-US: Juniper
-CVE-2020-1638
-	RESERVED
+CVE-2020-1638 (The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and J ...)
 	NOT-FOR-US: Juniper
-CVE-2020-1637
-	RESERVED
+CVE-2020-1637 (A vulnerability in Juniper Networks SRX Series device configured as a  ...)
 	NOT-FOR-US: Juniper
 CVE-2020-1636
 	RESERVED
 CVE-2020-1635
 	RESERVED
-CVE-2020-1634
-	RESERVED
+CVE-2020-1634 (On High-End SRX Series devices, in specific configurations and when sp ...)
 	NOT-FOR-US: Juniper
 CVE-2020-1633
 	RESERVED
@@ -27038,59 +27057,41 @@ CVE-2020-1632
 	NOT-FOR-US: Juniper
 CVE-2020-1631
 	RESERVED
-CVE-2020-1630
-	RESERVED
+CVE-2020-1630 (A privilege escalation vulnerability in Juniper Networks Junos OS devi ...)
 	NOT-FOR-US: Juniper
-CVE-2020-1629
-	RESERVED
+CVE-2020-1629 (A race condition vulnerability on Juniper Network Junos OS devices may ...)
 	NOT-FOR-US: Juniper
-CVE-2020-1628
-	RESERVED
+CVE-2020-1628 (Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal com ...)
 	NOT-FOR-US: Juniper
-CVE-2020-1627
-	RESERVED
+CVE-2020-1627 (A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices  ...)
 	NOT-FOR-US: Juniper
-CVE-2020-1626
-	RESERVED
+CVE-2020-1626 (A vulnerability in Juniper Networks Junos OS Evolved may allow an atta ...)
 	NOT-FOR-US: Juniper
-CVE-2020-1625
-	RESERVED
+CVE-2020-1625 (The kernel memory usage represented as "temp" via 'show system virtual ...)
 	NOT-FOR-US: Juniper
-CVE-2020-1624
-	RESERVED
+CVE-2020-1624 (A local, authenticated user with shell can obtain the hashed values of ...)
 	NOT-FOR-US: Juniper
-CVE-2020-1623
-	RESERVED
+CVE-2020-1623 (A local, authenticated user with shell can view sensitive configuratio ...)
 	NOT-FOR-US: Juniper
-CVE-2020-1622
-	RESERVED
+CVE-2020-1622 (A local, authenticated user with shell can obtain the hashed values of ...)
 	NOT-FOR-US: Juniper
-CVE-2020-1621
-	RESERVED
+CVE-2020-1621 (A local, authenticated user with shell can obtain the hashed values of ...)
 	NOT-FOR-US: Juniper
-CVE-2020-1620
-	RESERVED
+CVE-2020-1620 (A local, authenticated user with shell can obtain the hashed values of ...)
 	NOT-FOR-US: Juniper
-CVE-2020-1619
-	RESERVED
+CVE-2020-1619 (A privilege escalation vulnerability in Juniper Networks QFX10K Series ...)
 	NOT-FOR-US: Juniper
-CVE-2020-1618
-	RESERVED
+CVE-2020-1618 (On Juniper Networks EX and QFX Series, an authentication bypass vulner ...)
 	NOT-FOR-US: Juniper
-CVE-2020-1617
-	RESERVED
+CVE-2020-1617 (This issue occurs on Juniper Networks Junos OS devices which do not su ...)
 	NOT-FOR-US: Juniper
-CVE-2020-1616
-	RESERVED
+CVE-2020-1616 (Due to insufficient server-side login attempt limit enforcement, a vul ...)
 	NOT-FOR-US: Juniper
-CVE-2020-1615
-	RESERVED
+CVE-2020-1615 (The factory configuration for vMX installations, as shipped, includes  ...)
 	NOT-FOR-US: Juniper
-CVE-2020-1614
-	RESERVED
+CVE-2020-1614 (A Use of Hard-coded Credentials vulnerability exists in the NFX250 Ser ...)
 	NOT-FOR-US: Juniper
-CVE-2020-1613
-	RESERVED
+CVE-2020-1613 (A vulnerability in the BGP FlowSpec implementation may cause a Juniper ...)
 	NOT-FOR-US: Juniper
 CVE-2020-1612
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9633bbf36277d9e3f31208c081cc0550b167a2e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9633bbf36277d9e3f31208c081cc0550b167a2e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200409/e03ab372/attachment.html>

More information about the debian-security-tracker-commits mailing list