[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Aug 10 21:10:28 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
26b0ccd3 by security tracker role at 2020-08-10T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2020-17478 (ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly conside ...)
+ TODO: check
+CVE-2020-17477
+ RESERVED
+CVE-2020-17476 (Mibew Messenger before 3.2.7 allows XSS via a crafted user name. ...)
+ TODO: check
+CVE-2020-17475
+ RESERVED
+CVE-2020-17474
+ RESERVED
+CVE-2020-17473
+ RESERVED
+CVE-2020-17472
+ RESERVED
+CVE-2020-17471
+ RESERVED
+CVE-2020-17470
+ RESERVED
+CVE-2020-17469
+ RESERVED
+CVE-2020-17468
+ RESERVED
+CVE-2020-17467
+ RESERVED
+CVE-2020-17466
+ RESERVED
+CVE-2020-17465
+ RESERVED
CVE-2020-17464
RESERVED
CVE-2020-17463
@@ -3815,14 +3843,13 @@ CVE-2020-15664
RESERVED
CVE-2020-15663
RESERVED
-CVE-2020-15662
- RESERVED
-CVE-2020-15661
- RESERVED
+CVE-2020-15662 (A rogue webpage could override the injected WKUserScript used by the d ...)
+ TODO: check
+CVE-2020-15661 (A rogue webpage could override the injected WKUserScript used by the l ...)
+ TODO: check
CVE-2020-15660
RESERVED
-CVE-2020-15659
- RESERVED
+CVE-2020-15659 (Mozilla developers and community members reported memory safety bugs p ...)
{DSA-4740-1 DSA-4736-1 DLA-2310-1 DLA-2297-1}
- firefox 79.0-1
- firefox-esr 68.11.0esr-1
@@ -3831,44 +3858,37 @@ CVE-2020-15659
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15659
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15659
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-15659
-CVE-2020-15658
- RESERVED
+CVE-2020-15658 (The code for downloading files did not properly take care of special c ...)
- firefox 79.0-1
- thunderbird <not-affected> (Only affects Thunderbird 78.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15658
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15658
-CVE-2020-15657
- RESERVED
+CVE-2020-15657 (Firefox could be made to load attacker-supplied DLL files from the ins ...)
- firefox <not-affected> (Only affects Windows)
- thunderbird <not-affected> (Only affects Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15657
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15657
-CVE-2020-15656
- RESERVED
+CVE-2020-15656 (JIT optimizations involving the Javascript arguments object could conf ...)
- firefox 79.0-1
- thunderbird <not-affected> (Only affects Thunderbird 78.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15656
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15656
-CVE-2020-15655
- RESERVED
+CVE-2020-15655 (A redirected HTTP request which is observed or modified through a web ...)
- firefox 79.0-1
- thunderbird <not-affected> (Only affects Thunderbird 78.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15655
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15655
-CVE-2020-15654
- RESERVED
+CVE-2020-15654 (When in an endless loop, a website specifying a custom cursor using CS ...)
- firefox 79.0-1
- thunderbird <not-affected> (Only affects Thunderbird 78.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15654
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15654
-CVE-2020-15653
- RESERVED
+CVE-2020-15653 (An iframe sandbox element with the allow-popups flag could be bypassed ...)
- firefox 79.0-1
- thunderbird <not-affected> (Only affects Thunderbird 78.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15653
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15653
-CVE-2020-15652
- RESERVED
+CVE-2020-15652 (By observing the stack trace for JavaScript errors in web workers, it ...)
{DSA-4740-1 DSA-4736-1 DLA-2310-1 DLA-2297-1}
- firefox 79.0-1
- firefox-esr 68.11.0esr-1
@@ -3877,24 +3897,22 @@ CVE-2020-15652
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15652
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15652
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-15652
-CVE-2020-15651
- RESERVED
-CVE-2020-15650
- RESERVED
+CVE-2020-15651 (A unicode RTL order character in the downloaded file name can be used ...)
+ TODO: check
+CVE-2020-15650 (Given an installed malicious file picker application, an attacker was ...)
- firefox-esr <not-affected> (Android specific)
- firefox <not-affected> (Android specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15650
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15650
-CVE-2020-15649
- RESERVED
+CVE-2020-15649 (Given an installed malicious file picker application, an attacker was ...)
- firefox-esr <not-affected> (Android specific)
- firefox <not-affected> (Android specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15649
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15649
-CVE-2020-15648
- RESERVED
-CVE-2020-15647
- RESERVED
+CVE-2020-15648 (Using object or embed tags, it was possible to frame other websites, e ...)
+ TODO: check
+CVE-2020-15647 (A Content Provider in Firefox for Android allowed local files accessib ...)
+ TODO: check
CVE-2020-15646
RESERVED
{DSA-4718-1}
@@ -8079,7 +8097,7 @@ CVE-2020-14002 (PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to
[jessie] - putty <no-dsa> (Minor issue)
NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=08f1e2a5066ea95559945af339a60ca14560d764 (0.74)
CVE-2020-14001 (The kramdown gem before 2.3.0 for Ruby processes the template option i ...)
- {DLA-2316-1}
+ {DSA-4743-1 DLA-2316-1}
[experimental] - ruby-kramdown 2.3.0-1
- ruby-kramdown <unfixed> (bug #965305)
NOTE: https://github.com/advisories/GHSA-mqm2-cgpr-p4m6
@@ -9842,22 +9860,18 @@ CVE-2020-13297
RESERVED
CVE-2020-13296
RESERVED
-CVE-2020-13295
- RESERVED
+CVE-2020-13295 (For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd ...)
- gitlab-ci-multi-runner <unfixed>
NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
-CVE-2020-13294
- RESERVED
+CVE-2020-13294 (In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not re ...)
[experimental] - gitlab 13.1.6-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
-CVE-2020-13293
- RESERVED
+CVE-2020-13293 (In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexa ...)
[experimental] - gitlab 13.1.6-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
-CVE-2020-13292
- RESERVED
+CVE-2020-13292 (In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass ...)
[experimental] - gitlab 13.1.6-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
@@ -20789,16 +20803,16 @@ CVE-2020-9531 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices.
NOT-FOR-US: Xiaomi
CVE-2020-9530 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The ...)
NOT-FOR-US: Xiaomi
-CVE-2020-9529
- RESERVED
-CVE-2020-9528
- RESERVED
-CVE-2020-9527
- RESERVED
-CVE-2020-9526
- RESERVED
-CVE-2020-9525
- RESERVED
+CVE-2020-9529 (Firmware developed by Shenzhen Hichip Vision Technology (V6 through V2 ...)
+ TODO: check
+CVE-2020-9528 (Firmware developed by Shenzhen Hichip Vision Technology (V6 through V2 ...)
+ TODO: check
+CVE-2020-9527 (Firmware developed by Shenzhen Hichip Vision Technology (V6 through V2 ...)
+ TODO: check
+CVE-2020-9526 (CS2 Network P2P through 3.x, as used in millions of Internet of Things ...)
+ TODO: check
+CVE-2020-9525 (CS2 Network P2P through 3.x, as used in millions of Internet of Things ...)
+ TODO: check
CVE-2020-9524 (Cross Site scripting vulnerability on Micro Focus Enterprise Server an ...)
NOT-FOR-US: Micro Focus
CVE-2020-9523 (Insufficiently protected credentials vulnerability on Micro Focus ente ...)
@@ -21557,8 +21571,8 @@ CVE-2020-9245
RESERVED
CVE-2020-9244
RESERVED
-CVE-2020-9243
- RESERVED
+CVE-2020-9243 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...)
+ TODO: check
CVE-2020-9242
RESERVED
CVE-2020-9241
@@ -23895,8 +23909,8 @@ CVE-2020-8231
RESERVED
CVE-2020-8230
RESERVED
-CVE-2020-8229
- RESERVED
+CVE-2020-8229 (A memory leak in the OCUtil.dll library used by Nextcloud Desktop Clie ...)
+ TODO: check
CVE-2020-8228
RESERVED
CVE-2020-8227
@@ -23905,8 +23919,8 @@ CVE-2020-8226
RESERVED
CVE-2020-8225
RESERVED
-CVE-2020-8224
- RESERVED
+CVE-2020-8224 (A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arb ...)
+ TODO: check
CVE-2020-8223
RESERVED
CVE-2020-8222 (A path traversal vulnerability exists in Pulse Connect Secure <9.1R ...)
@@ -29212,8 +29226,8 @@ CVE-2020-6147
RESERVED
CVE-2020-6146
RESERVED
-CVE-2020-6145
- RESERVED
+CVE-2020-6145 (An SQL injection vulnerability exists in the frappe.desk.reportview.ge ...)
+ TODO: check
CVE-2020-6144
RESERVED
CVE-2020-6143
@@ -29408,8 +29422,7 @@ CVE-2020-6071 (An exploitable denial-of-service vulnerability exists in the reso
[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994
NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
-CVE-2020-6070
- RESERVED
+CVE-2020-6070 (An exploitable code execution vulnerability exists in the file system ...)
- f2fs-tools <unfixed>
[buster] - f2fs-tools <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0988
@@ -33197,12 +33210,12 @@ CVE-2020-4543
RESERVED
CVE-2020-4542 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
NOT-FOR-US: IBM
-CVE-2020-4541
- RESERVED
+CVE-2020-4541 (IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site s ...)
+ TODO: check
CVE-2020-4540
RESERVED
-CVE-2020-4539
- RESERVED
+CVE-2020-4539 (IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vu ...)
+ TODO: check
CVE-2020-4538
RESERVED
CVE-2020-4537
@@ -33213,8 +33226,8 @@ CVE-2020-4535
RESERVED
CVE-2020-4534 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
NOT-FOR-US: IBM
-CVE-2020-4533
- RESERVED
+CVE-2020-4533 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cr ...)
+ TODO: check
CVE-2020-4532 (IBM Business Automation Workflow and IBM Business Process Manager (IBM ...)
NOT-FOR-US: IBM
CVE-2020-4531
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26b0ccd38ac3d0f06a1f1645a46bf8569d494ec9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26b0ccd38ac3d0f06a1f1645a46bf8569d494ec9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200810/6c953f80/attachment.html>
More information about the debian-security-tracker-commits
mailing list