[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Aug 3 21:10:34 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
853578fd by security tracker role at 2020-08-03T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2020-16286
+ RESERVED
+CVE-2020-16285
+ RESERVED
+CVE-2020-16284
+ RESERVED
+CVE-2020-16283
+ RESERVED
+CVE-2020-16282
+ RESERVED
+CVE-2020-16281
+ RESERVED
+CVE-2020-16280
+ RESERVED
+CVE-2020-16279
+ RESERVED
+CVE-2020-16278
+ RESERVED
+CVE-2020-16277
+ RESERVED
+CVE-2020-16276
+ RESERVED
+CVE-2020-16275
+ RESERVED
+CVE-2020-16274
+ RESERVED
+CVE-2020-16273
+ RESERVED
+CVE-2020-16272 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is mis ...)
+ TODO: check
+CVE-2020-16271 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 genera ...)
+ TODO: check
+CVE-2020-16270
+ RESERVED
+CVE-2020-16269 (radare2 4.5.0 misparses DWARF information in executable files, causing ...)
+ TODO: check
+CVE-2020-16268
+ RESERVED
+CVE-2020-16267
+ RESERVED
+CVE-2020-16266
+ RESERVED
+CVE-2015-9549 (A reflected Cross-site Scripting (XSS) vulnerability exists in OcPorta ...)
+ TODO: check
CVE-2020-16265
RESERVED
CVE-2020-16264
@@ -273,8 +317,8 @@ CVE-2020-16132
RESERVED
CVE-2017-18923 (beroNet VoIP Gateways before 3.0.16 have a PHP script that allows down ...)
NOT-FOR-US: beroNet
-CVE-2020-16131
- RESERVED
+CVE-2020-16131 (Tiki before 21.2 allows XSS because [\s\/"\'] is not properly consider ...)
+ TODO: check
CVE-2020-16130
RESERVED
CVE-2020-16129
@@ -1023,6 +1067,7 @@ CVE-2020-15805
CVE-2020-15804
RESERVED
CVE-2020-15803 (Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x bef ...)
+ {DLA-2311-1}
- zabbix 1:5.0.2+dfsg-1 (bug #966146)
[buster] - zabbix <no-dsa> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-18057
@@ -4766,8 +4811,7 @@ CVE-2020-14321
RESERVED
CVE-2020-14320
RESERVED
-CVE-2020-14319
- RESERVED
+CVE-2020-14319 (It was found that the AMQ Online console is vulnerable to a Cross-Site ...)
NOT-FOR-US: AMQ Online
CVE-2020-14318
RESERVED
@@ -6055,8 +6099,8 @@ CVE-2020-13822 (The Elliptic package 6.5.2 for Node.js allows ECDSA signature ma
NOTE: https://github.com/indutny/elliptic/issues/226
CVE-2020-13821
RESERVED
-CVE-2020-13820
- RESERVED
+CVE-2020-13820 (Extreme Management Center 8.4.1.24 allows unauthenticated reflected XS ...)
+ TODO: check
CVE-2020-13819
RESERVED
CVE-2020-13818 (In Zoho ManageEngine OpManager before 125144, when <cachestart> ...)
@@ -8716,8 +8760,8 @@ CVE-2020-12740 (tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer ov
NOTE: Fixed with: https://github.com/appneta/tcpreplay/issues/578
NOTE: --fuzz-seed in PoC not present until version 4.2.0
NOTE: Crash in CLI tool, no security impact
-CVE-2020-12739
- RESERVED
+CVE-2020-12739 (A vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could ...)
+ TODO: check
CVE-2020-12738
RESERVED
CVE-2020-12737 (An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authen ...)
@@ -20589,10 +20633,10 @@ CVE-2020-8577
RESERVED
CVE-2020-8576
RESERVED
-CVE-2020-8575
- RESERVED
-CVE-2020-8574
- RESERVED
+CVE-2020-8575 (Active IQ Unified Manager for VMware vSphere and Windows versions prio ...)
+ TODO: check
+CVE-2020-8574 (Active IQ Unified Manager for Linux versions prior to 9.6 ship with th ...)
+ TODO: check
CVE-2020-8573 (The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers ...)
NOT-FOR-US: NetApp
CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior to vers ...)
@@ -21692,8 +21736,8 @@ CVE-2020-8110
RESERVED
CVE-2020-8109
RESERVED
-CVE-2020-8108
- RESERVED
+CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint Security ...)
+ TODO: check
CVE-2020-8107
RESERVED
CVE-2020-8106
@@ -30619,8 +30663,8 @@ CVE-2020-4562
RESERVED
CVE-2020-4561
RESERVED
-CVE-2020-4560
- RESERVED
+CVE-2020-4560 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site sc ...)
+ TODO: check
CVE-2020-4559
RESERVED
CVE-2020-4558
@@ -30631,18 +30675,18 @@ CVE-2020-4556
RESERVED
CVE-2020-4555
RESERVED
-CVE-2020-4554
- RESERVED
-CVE-2020-4553
- RESERVED
-CVE-2020-4552
- RESERVED
-CVE-2020-4551
- RESERVED
-CVE-2020-4550
- RESERVED
-CVE-2020-4549
- RESERVED
+CVE-2020-4554 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...)
+ TODO: check
+CVE-2020-4553 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...)
+ TODO: check
+CVE-2020-4552 (IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute ...)
+ TODO: check
+CVE-2020-4551 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...)
+ TODO: check
+CVE-2020-4550 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...)
+ TODO: check
+CVE-2020-4549 (IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute ...)
+ TODO: check
CVE-2020-4548
RESERVED
CVE-2020-4547
@@ -30671,8 +30715,8 @@ CVE-2020-4536
RESERVED
CVE-2020-4535
RESERVED
-CVE-2020-4534
- RESERVED
+CVE-2020-4534 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
+ TODO: check
CVE-2020-4533
RESERVED
CVE-2020-4532 (IBM Business Automation Workflow and IBM Business Process Manager (IBM ...)
@@ -30985,8 +31029,8 @@ CVE-2020-4379 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expec
NOT-FOR-US: IBM
CVE-2020-4378 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged au ...)
NOT-FOR-US: IBM
-CVE-2020-4377
- RESERVED
+CVE-2020-4377 (IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Ent ...)
+ TODO: check
CVE-2020-4376 (IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could ...)
NOT-FOR-US: IBM
CVE-2020-4375 (IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 ...)
@@ -31083,8 +31127,8 @@ CVE-2020-4330
RESERVED
CVE-2020-4329 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0 ...)
NOT-FOR-US: IBM
-CVE-2020-4328
- RESERVED
+CVE-2020-4328 (IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection ...)
+ TODO: check
CVE-2020-4327 (IBM Security Secret Server 10.7 could allow a remote attacker to obtai ...)
NOT-FOR-US: IBM
CVE-2020-4326
@@ -38540,12 +38584,12 @@ CVE-2019-19457 (SALTO ProAccess SPACE 5.4.3.0 allows XSS. ...)
NOT-FOR-US: SALTO ProAccess SPACE
CVE-2019-19456 (A Reflected XSS was found in the server selection box inside the login ...)
NOT-FOR-US: Wowza Streaming Engine
-CVE-2019-19455
- RESERVED
+CVE-2019-19455 (Wowza Streaming Engine through 2019-11-28 has Insecure Permissions. ...)
+ TODO: check
CVE-2019-19454 (An arbitrary file download was found in the "Download Log" functionali ...)
NOT-FOR-US: Wowza Streaming Engine
-CVE-2019-19453
- RESERVED
+CVE-2019-19453 (Wowza Streaming Engine through 2019-11-28 allows XSS (issue 1 of 2). ...)
+ TODO: check
CVE-2019-19452 (A buffer overflow was found in Patriot Viper RGB through 1.1 when proc ...)
NOT-FOR-US: Patriot Viper RGB
CVE-2019-19451 (When GNOME Dia before 2019-11-27 is launched with a filename argument ...)
@@ -85782,8 +85826,8 @@ CVE-2019-4591 (IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate s
NOT-FOR-US: IBM
CVE-2019-4590
RESERVED
-CVE-2019-4589
- RESERVED
+CVE-2019-4589 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalatio ...)
+ TODO: check
CVE-2019-4588
RESERVED
CVE-2019-4587
@@ -86228,8 +86272,8 @@ CVE-2019-4368
RESERVED
CVE-2019-4367
RESERVED
-CVE-2019-4366
- RESERVED
+CVE-2019-4366 (IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information di ...)
+ TODO: check
CVE-2019-4365
RESERVED
CVE-2019-4364 (IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/853578fde2e750e07e1516a218bc401a067054f1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/853578fde2e750e07e1516a218bc401a067054f1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200803/033c7a35/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list