[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 11 21:10:33 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f5b9f333 by security tracker role at 2020-08-11T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2020-17486
+ RESERVED
+CVE-2020-17485
+ RESERVED
+CVE-2020-17484
+ RESERVED
+CVE-2020-17483
+ RESERVED
+CVE-2020-17482
+ RESERVED
+CVE-2020-17481
+ RESERVED
CVE-2020-17480 (TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parse ...)
TODO: check
CVE-2020-17479 (jpv (aka Json Pattern Validator) before 2.2.2 does not properly valida ...)
@@ -26,8 +38,8 @@ CVE-2020-17468
RESERVED
CVE-2020-17467
RESERVED
-CVE-2020-17466
- RESERVED
+CVE-2020-17466 (Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by ...)
+ TODO: check
CVE-2020-17465
RESERVED
CVE-2020-17464
@@ -62,8 +74,8 @@ CVE-2020-17450
RESERVED
CVE-2020-17449
RESERVED
-CVE-2020-17448
- RESERVED
+CVE-2020-17448 (Telegram Desktop through 2.1.13 allows a spoofed file type to bypass t ...)
+ TODO: check
CVE-2020-17447 (MyBB before 1.8.24 allows XSS because the visual editor mishandles [al ...)
NOT-FOR-US: MyBB
CVE-2020-17446
@@ -222,13 +234,11 @@ CVE-2020-17370
RESERVED
CVE-2020-17369
RESERVED
-CVE-2020-17368 [don't pass command line through shell when redirecting output]
- RESERVED
+CVE-2020-17368 (Firejail through 0.9.62 mishandles shell metacharacters during use of ...)
{DSA-4742-1}
- firejail 0.9.62-4
NOTE: https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b
-CVE-2020-17367 [don't interpret output arguments after end-of-options tag]
- RESERVED
+CVE-2020-17367 (Firejail through 0.9.62 does not honor the -- end-of-options indicator ...)
{DSA-4742-1}
- firejail 0.9.62-4
NOTE: https://github.com/netblue30/firejail/commit/2c734d6350ad321fccbefc5ef0382199ac331b37
@@ -2694,6 +2704,7 @@ CVE-2020-16146
RESERVED
CVE-2020-16145 [Fix cross-site scripting (XSS) via HTML messages with malicious svg content]
RESERVED
+ {DLA-2322-1}
- roundcube 1.4.8+dfsg.1-1 (bug #968216)
NOTE: https://github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4 (1.4.8)
NOTE: https://github.com/roundcube/roundcubemail/commit/d44ca2308a96576b88d6bf27528964d4fe1a6b8b (1.3.15)
@@ -2823,8 +2834,7 @@ CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a mali
NOTE: https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313
CVE-2020-16093
RESERVED
-CVE-2020-16092 [reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c ]
- RESERVED
+CVE-2020-16092 (In QEMU through 5.0.0, an assertion failure can occur in the network p ...)
- qemu <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860283
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8
@@ -4027,8 +4037,8 @@ CVE-2020-15599 (Victor CMS through 2019-02-28 allows XSS via the register.php us
NOT-FOR-US: Victor CMS
CVE-2020-15598
RESERVED
-CVE-2020-15597
- RESERVED
+CVE-2020-15597 (SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statute ...)
+ TODO: check
CVE-2020-15596
RESERVED
CVE-2019-20906
@@ -5246,8 +5256,8 @@ CVE-2020-15073 (An issue was discovered in phpList through 3.5.4. An XSS vulnera
- phplist <itp> (bug #612288)
CVE-2020-15072 (An issue was discovered in phpList through 3.5.4. An error-based SQL I ...)
- phplist <itp> (bug #612288)
-CVE-2020-15071
- RESERVED
+CVE-2020-15071 (content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS ...)
+ TODO: check
CVE-2020-15070
RESERVED
CVE-2020-15069 (Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow an ...)
@@ -5464,7 +5474,7 @@ CVE-2020-14981 (The ThreatTrack VIPRE Password Vault app through 1.100.1090 for
CVE-2020-14980 (The Sophos Secure Email application through 3.9.4 for Android has Miss ...)
NOT-FOR-US: Sophos Secure Email application for Android
CVE-2020-14979
- RESERVED
+ REJECTED
CVE-2020-14978 (An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorre ...)
NOT-FOR-US: F-Secure SAFE
CVE-2020-14977 (An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC servic ...)
@@ -7240,11 +7250,9 @@ CVE-2020-14326
- resteasy3.0 <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1855826
NOTE: https://issues.redhat.com/browse/RESTEASY-2643
-CVE-2020-14325
- RESERVED
+CVE-2020-14325 (Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Imperson ...)
NOT-FOR-US: Red Hat CloudForm
-CVE-2020-14324
- RESERVED
+CVE-2020-14324 (A high severity vulnerability was found in all active versions of Red ...)
NOT-FOR-US: Red Hat CloudForm
CVE-2020-14323
RESERVED
@@ -7274,8 +7282,7 @@ CVE-2020-14314 [buffer uses out of index in ext3/4 filesystem]
RESERVED
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853922
-CVE-2020-14313
- RESERVED
+CVE-2020-14313 (An information disclosure vulnerability was found in Red Hat Quay in v ...)
NOT-FOR-US: Quay
CVE-2020-14312
RESERVED
@@ -7336,8 +7343,7 @@ CVE-2020-14298 (The version of docker as released for Red Hat Enterprise Linux 7
- docker.io <not-affected> (Red Hat specific regression)
CVE-2020-14297 (A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat ...)
- wildfly <itp> (bug #752018)
-CVE-2020-14296
- RESERVED
+CVE-2020-14296 (Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request For ...)
NOT-FOR-US: Red Hat CloudForm
CVE-2020-14295 (A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to ...)
- cacti 1.2.13+ds1-1 (bug #963139)
@@ -7668,7 +7674,7 @@ CVE-2020-14154 (Mutt before 1.14.3 proceeds with a connection even if, in respon
NOTE: https://gitlab.com/muttmua/mutt/commit/5fccf603ebcf352ba783136d6b2d2600d811fb3b
NOTE: https://gitlab.com/muttmua/mutt/commit/f64ec1deefb67d471a642004e102cd1c501a1db3
NOTE: Negligible security impact
-CVE-2020-14153 (In IJG JPEG (aka libjpeg) before 9d, jdhuff.c has an out-of-bounds arr ...)
+CVE-2020-14153 (In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an o ...)
- libjpeg9 1:9d-1
- libjpeg-turbo <not-affected> (Vulnerable code not present; problematic condition cannot be reached)
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/445
@@ -10161,18 +10167,18 @@ CVE-2020-13181
RESERVED
CVE-2020-13180
RESERVED
-CVE-2020-13179
- RESERVED
-CVE-2020-13178
- RESERVED
-CVE-2020-13177
- RESERVED
-CVE-2020-13176
- RESERVED
-CVE-2020-13175
- RESERVED
-CVE-2020-13174
- RESERVED
+CVE-2020-13179 (Broker Protocol messages in Teradici PCoIP Standard Agent for Windows ...)
+ TODO: check
+CVE-2020-13178 (A function in the Teradici PCoIP Standard Agent for Windows and Graphi ...)
+ TODO: check
+CVE-2020-13177 (The support bundler in Teradici PCoIP Standard Agent for Windows and G ...)
+ TODO: check
+CVE-2020-13176 (The Management Interface of the Teradici Cloud Access Connector and Cl ...)
+ TODO: check
+CVE-2020-13175 (The Management Interface of the Teradici Cloud Access Connector and Cl ...)
+ TODO: check
+CVE-2020-13174 (The web server in the Teradici Managament console versions 20.04 and 2 ...)
+ TODO: check
CVE-2020-13173 (Initialization of the pcoip_credential_provider in Teradici PCoIP Stan ...)
NOT-FOR-US: Teradici
CVE-2020-13172
@@ -10304,8 +10310,8 @@ CVE-2020-13126 (An issue was discovered in the Elementor Pro plugin before 2.9.4
NOT-FOR-US: Elementor Pro plugin for WordPress
CVE-2020-13125 (An issue was discovered in the "Ultimate Addons for Elementor" plugin ...)
NOT-FOR-US: "Ultimate Addons for Elementor" plugin for WordPress
-CVE-2020-13124
- RESERVED
+CVE-2020-13124 (SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in ...)
+ TODO: check
CVE-2020-13123
RESERVED
CVE-2020-13122
@@ -13190,8 +13196,7 @@ CVE-2020-11978 (An issue was found in Apache Airflow versions 1.10.10 and below.
- airflow <itp> (bug #819700)
CVE-2020-11977
RESERVED
-CVE-2020-11976
- RESERVED
+CVE-2020-11976 (By crafting a special URL it is possible to make Wicket deliver unproc ...)
NOT-FOR-US: Apache Wicket
CVE-2020-11975 (Apache Unomi allows conditions to use OGNL scripting which offers the ...)
NOT-FOR-US: Apache Unomi
@@ -15469,8 +15474,8 @@ CVE-2020-11554 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 bef
NOT-FOR-US: Castle Rock SNMPc
CVE-2020-11553 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...)
NOT-FOR-US: Castle Rock SNMPc
-CVE-2020-11552
- RESERVED
+CVE-2020-11552 (An elevation of privilege vulnerability exists in ManageEngine ADSelfS ...)
+ TODO: check
CVE-2020-11551 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...)
NOT-FOR-US: Netgear
CVE-2020-11550 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...)
@@ -17698,8 +17703,7 @@ CVE-2020-10785
RESERVED
CVE-2020-10784
RESERVED
-CVE-2020-10783
- RESERVED
+CVE-2020-10783 (Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege esc ...)
NOT-FOR-US: Red Hat CloudForm
CVE-2020-10782 (An exposure of sensitive information flaw was found in Ansible version ...)
NOT-FOR-US: Ansible Tower
@@ -17710,17 +17714,13 @@ CVE-2020-10781 [zram sysfs resource consumption]
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2020/06/18/1
NOTE: https://git.kernel.org/linus/853eab68afc80f59f36bbdeb715e5c88c501e680
-CVE-2020-10780
- RESERVED
+CVE-2020-10780 (Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a craf ...)
NOT-FOR-US: Red Hat CloudForm
-CVE-2020-10779
- RESERVED
+CVE-2020-10779 (Red Hat CloudForms 4.7 and 5 leads to insecure direct object reference ...)
NOT-FOR-US: Red Hat CloudForm
-CVE-2020-10778
- RESERVED
+CVE-2020-10778 (In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited b ...)
NOT-FOR-US: Red Hat CloudForm
-CVE-2020-10777
- RESERVED
+CVE-2020-10777 (A cross-site scripting flaw was found in Report Menu feature of Red Ha ...)
NOT-FOR-US: Red Hat CloudForm
CVE-2020-10776
RESERVED
@@ -21152,10 +21152,10 @@ CVE-2020-9406 (IBL Online Weather before 4.3.5a allows unauthenticated eval inje
NOT-FOR-US: IBL Online Weather
CVE-2020-9405 (IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS ...)
NOT-FOR-US: IBL Online Weather
-CVE-2020-9404
- RESERVED
-CVE-2020-9403
- RESERVED
+CVE-2020-9404 (In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stor ...)
+ TODO: check
+CVE-2020-9403 (In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stor ...)
+ TODO: check
CVE-2020-9402 (Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 al ...)
- python-django 2:2.2.11-1 (low; bug #953102)
[buster] - python-django 1:1.11.29-1~deb10u1
@@ -21593,8 +21593,8 @@ CVE-2020-9246
RESERVED
CVE-2020-9245 (HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUA ...)
NOT-FOR-US: Huawei
-CVE-2020-9244
- RESERVED
+CVE-2020-9244 (HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8); ...)
+ TODO: check
CVE-2020-9243 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...)
NOT-FOR-US: Huawei
CVE-2020-9242
@@ -22317,8 +22317,8 @@ CVE-2020-8920
RESERVED
CVE-2020-8919
RESERVED
-CVE-2020-8918
- RESERVED
+CVE-2020-8918 (An improperly initialized 'migrationAuth' value in Google's go-tpm TPM ...)
+ TODO: check
CVE-2020-8917
RESERVED
CVE-2020-8916 (A memory leak in Openthread's wpantund versions up to commit 0e5d1601f ...)
@@ -33344,10 +33344,10 @@ CVE-2020-4488
RESERVED
CVE-2020-4487
RESERVED
-CVE-2020-4486
- RESERVED
-CVE-2020-4485
- RESERVED
+CVE-2020-4486 (IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to ov ...)
+ TODO: check
+CVE-2020-4485 (IBM QRadar 7.2.0 through 7.2.9 could allow an authenticated user to di ...)
+ TODO: check
CVE-2020-4484
RESERVED
CVE-2020-4483
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5b9f3335f2d33b3c7aaa4364faaee056d83c114
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5b9f3335f2d33b3c7aaa4364faaee056d83c114
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200811/1698143d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list