[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Aug 14 21:10:35 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
128200fa by security tracker role at 2020-08-14T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2020-24359
+ RESERVED
+CVE-2020-24358
+ RESERVED
+CVE-2020-24357
+ RESERVED
+CVE-2020-24356
+ RESERVED
CVE-2020-24355
RESERVED
CVE-2020-24354
@@ -3273,12 +3281,12 @@ CVE-2020-22724
RESERVED
CVE-2020-22723
RESERVED
-CVE-2020-22722
- RESERVED
-CVE-2020-22721
- RESERVED
-CVE-2020-22720
- RESERVED
+CVE-2020-22722 (Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege ...)
+ TODO: check
+CVE-2020-22721 (A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8. ...)
+ TODO: check
+CVE-2020-22720 (A local privilege escalation vulnerability in SPSSLVpnService.exe in S ...)
+ TODO: check
CVE-2020-22719
RESERVED
CVE-2020-22718
@@ -13805,8 +13813,8 @@ CVE-2020-17464
RESERVED
CVE-2020-17463 (FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/it ...)
NOT-FOR-US: FUEL CMS
-CVE-2020-17462
- RESERVED
+CVE-2020-17462 (CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload beca ...)
+ TODO: check
CVE-2020-17461
RESERVED
CVE-2020-17460
@@ -16392,8 +16400,8 @@ CVE-2020-16207 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. M
NOT-FOR-US: Advantech WebAccess
CVE-2020-16206
RESERVED
-CVE-2020-16205
- RESERVED
+CVE-2020-16205 (Using a specially crafted URL command, a remote authenticated user can ...)
+ TODO: check
CVE-2020-16204
RESERVED
CVE-2020-16203 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...)
@@ -16462,7 +16470,7 @@ CVE-2020-16172
RESERVED
CVE-2020-16171
RESERVED
-CVE-2020-16170 (The Temi application 1.3.3 through 1.3.7931 for Android has hard-coded ...)
+CVE-2020-16170 (Use of Hard-coded Credentials in Robotemi Global Ltd Temi Firmware up ...)
NOT-FOR-US: Temi application fo Android
CVE-2020-16169 (Authentication Bypass Using an Alternate Path or Channel in Robotemi G ...)
NOT-FOR-US: Temi Robox OS
@@ -17370,8 +17378,8 @@ CVE-2020-15783
RESERVED
CVE-2020-15782
RESERVED
-CVE-2020-15781
- RESERVED
+CVE-2020-15781 (A vulnerability has been identified in SICAM WEB firmware for SICAM A8 ...)
+ TODO: check
CVE-2020-15779 (A Path Traversal issue was discovered in the socket.io-file package th ...)
NOT-FOR-US: Node socket.io-file
CVE-2020-15780 (An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux k ...)
@@ -17585,12 +17593,12 @@ CVE-2020-15696 (An issue was discovered in Joomla! through 3.9.19. Lack of input
NOT-FOR-US: Joomla!
CVE-2020-15695 (An issue was discovered in Joomla! through 3.9.19. A missing token che ...)
NOT-FOR-US: Joomla!
-CVE-2020-15694
- RESERVED
-CVE-2020-15693
- RESERVED
-CVE-2020-15692
- RESERVED
+CVE-2020-15694 (In Nim 1.2.4, the standard library httpClient fails to properly valida ...)
+ TODO: check
+CVE-2020-15693 (In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF ...)
+ TODO: check
+CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL argumen ...)
+ TODO: check
CVE-2020-15691
RESERVED
CVE-2020-15690
@@ -18890,16 +18898,16 @@ CVE-2020-15147
RESERVED
CVE-2020-15146
RESERVED
-CVE-2020-15145
- RESERVED
+CVE-2020-15145 (In Composer-Setup for Windows before version 6.0.0, if the developer's ...)
+ TODO: check
CVE-2020-15144
RESERVED
CVE-2020-15143
RESERVED
-CVE-2020-15142
- RESERVED
-CVE-2020-15141
- RESERVED
+CVE-2020-15142 (In openapi-python-client before version 0.5.3, clients generated with ...)
+ TODO: check
+CVE-2020-15141 (In openapi-python-client before version 0.5.3, there is a path travers ...)
+ TODO: check
CVE-2020-15140
RESERVED
CVE-2020-15139 (In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visu ...)
@@ -20964,7 +20972,7 @@ CVE-2020-14354 [ares_destroy() with pending ares_getaddrinfo() leads to Use-Afte
NOTE: Introduced in: https://github.com/c-ares/c-ares/commit/dbd4c441fb7babad5c56f455d720af38e20546bc (1.16.0)
NOTE: Fixed by: https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e (1.16.1)
CVE-2020-14353
- RESERVED
+ REJECTED
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
[jessie] - linux 3.16.56-1
@@ -25370,8 +25378,8 @@ CVE-2020-12650
REJECTED
CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory tr ...)
NOT-FOR-US: Gurbalib
-CVE-2020-12648
- RESERVED
+CVE-2020-12648 (A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlie ...)
+ TODO: check
CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 6 ...)
NOT-FOR-US: Unisys ALGOL Compiler
CVE-2020-12646
@@ -33518,8 +33526,8 @@ CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to
NOT-FOR-US: GeniXCMS
CVE-2020-10056
RESERVED
-CVE-2020-10055
- RESERVED
+CVE-2020-10055 (A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3 ...)
+ TODO: check
CVE-2020-10054
RESERVED
CVE-2020-10053
@@ -34118,8 +34126,8 @@ CVE-2020-9769 (Multiple issues were addressed by updating to version 8.1.1850. T
NOT-FOR-US: Apple
CVE-2020-9768 (A use after free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
-CVE-2020-9767
- RESERVED
+CVE-2020-9767 (A vulnerability related to Dynamic-link Library (“DLL”) lo ...)
+ TODO: check
CVE-2020-10028 (Multiple syscalls with insufficient argument validation See NCC-ZEP-00 ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10027 (An attacker who has obtained code execution within a user thread is ab ...)
@@ -34307,8 +34315,8 @@ CVE-2020-9710
RESERVED
CVE-2020-9709
RESERVED
-CVE-2020-9708
- RESERVED
+CVE-2020-9708 (The resolveRepositoryPath function doesn't properly validate user inpu ...)
+ TODO: check
CVE-2020-9707
RESERVED
CVE-2020-9706
@@ -35494,10 +35502,10 @@ CVE-2020-9231
RESERVED
CVE-2020-9230
RESERVED
-CVE-2020-9229
- RESERVED
-CVE-2020-9228
- RESERVED
+CVE-2020-9229 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...)
+ TODO: check
+CVE-2020-9228 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...)
+ TODO: check
CVE-2020-9227 (Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 ...)
NOT-FOR-US: Huawei
CVE-2020-9226 (HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an ...)
@@ -39179,10 +39187,10 @@ CVE-2020-7703
RESERVED
CVE-2020-7702
RESERVED
-CVE-2020-7701
- RESERVED
-CVE-2020-7700
- RESERVED
+CVE-2020-7701 (madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution ...)
+ TODO: check
+CVE-2020-7700 (All versions of phpjs are vulnerable to Prototype Pollution via parse_ ...)
+ TODO: check
CVE-2020-7699 (This affects the package express-fileupload before 1.1.8. If the parse ...)
NOT-FOR-US: express-fileupload
CVE-2020-7698 (This affects the package Gerapy from 0 and before 0.9.3. The input bei ...)
@@ -39450,8 +39458,8 @@ CVE-2020-7585 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and ear
NOT-FOR-US: Siemens
CVE-2020-7584 (A vulnerability has been identified in SIMATIC S7-200 SMART CPU family ...)
NOT-FOR-US: Siemens
-CVE-2020-7583
- RESERVED
+CVE-2020-7583 (A vulnerability has been identified in Automation License Manager 5 (A ...)
+ TODO: check
CVE-2020-7582
RESERVED
CVE-2020-7581 (A vulnerability has been identified in Opcenter Execution Discrete (Al ...)
@@ -40058,7 +40066,7 @@ CVE-2020-7294
RESERVED
CVE-2020-7293
RESERVED
-CVE-2020-7292 (Inappropriate Encoding for output context in McAfee Web Gateway (MWG) ...)
+CVE-2020-7292 (Inappropriate Encoding for output context vulnerability in McAfee Web ...)
NOT-FOR-US: McAfee
CVE-2020-7291 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...)
NOT-FOR-US: McAfee
@@ -46895,8 +46903,8 @@ CVE-2020-4664
RESERVED
CVE-2020-4663
RESERVED
-CVE-2020-4662
- RESERVED
+CVE-2020-4662 (IBM Event Streams 10.0.0 could allow an authenticated user to perform ...)
+ TODO: check
CVE-2020-4661
RESERVED
CVE-2020-4660
@@ -52978,8 +52986,8 @@ CVE-2019-19645 (alter.c in SQLite through 3.30.1 allows attackers to trigger inf
NOTE: https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06
CVE-2019-19644
RESERVED
-CVE-2019-19643
- RESERVED
+CVE-2019-19643 (ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service. ...)
+ TODO: check
CVE-2019-19642 (On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02 ...)
NOT-FOR-US: SuperMicro
CVE-2019-19641
@@ -55822,7 +55830,7 @@ CVE-2019-19303
RESERVED
CVE-2019-19302
RESERVED
-CVE-2019-19301 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
+CVE-2019-19301 (A vulnerability has been identified in SCALANCE S602 (All versions), S ...)
NOT-FOR-US: Siemens
CVE-2019-19300 (A vulnerability has been identified in KTK ATE530S (All versions), SID ...)
NOT-FOR-US: Siemens
@@ -84656,7 +84664,7 @@ CVE-2019-10925 (A vulnerability has been identified in SIMATIC Ident MV420 famil
NOT-FOR-US: Siemens
CVE-2019-10924 (A vulnerability has been identified in LOGO! Soft Comfort (All version ...)
NOT-FOR-US: Siemens
-CVE-2019-10923 (A vulnerability has been identified in CP1604 (All versions < V2.8) ...)
+CVE-2019-10923 (A vulnerability has been identified in Development/Evaluation Kits for ...)
NOT-FOR-US: Siemens
CVE-2019-10922 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...)
NOT-FOR-US: Siemens
@@ -95224,8 +95232,8 @@ CVE-2019-7412 (The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandle
NOT-FOR-US: Wordpress plugin
CVE-2019-7411 (Multiple stored cross-site scripting (XSS) in the MyThemeShop Launcher ...)
NOT-FOR-US: MyThemeShop Launcher plugin for WordPress
-CVE-2019-7410
- RESERVED
+CVE-2019-7410 (There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remo ...)
+ TODO: check
CVE-2019-7409 (Multiple cross-site scripting (XSS) vulnerabilities in ProfileDesign C ...)
NOT-FOR-US: ProfileDesign CMS
CVE-2019-7408
@@ -97295,7 +97303,7 @@ CVE-2019-6570 (A vulnerability has been identified in SINEMA Remote Connect Serv
NOT-FOR-US: Siemens
CVE-2019-6569 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
NOT-FOR-US: Scalance
-CVE-2019-6568 (A vulnerability has been identified in CP1604, CP1616, CP343-1 Advance ...)
+CVE-2019-6568 (A vulnerability has been identified in RFID 181EIP, SIMATIC ET 200SP O ...)
NOT-FOR-US: Siemens
CVE-2019-6567 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
NOT-FOR-US: Siemens
@@ -98559,8 +98567,8 @@ CVE-2019-6114 (An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. A
NOT-FOR-US: Corel PaintShop Pro
CVE-2019-6113 (Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-001 ...)
NOT-FOR-US: ONKYO
-CVE-2019-6112
- RESERVED
+CVE-2019-6112 (A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in ...)
+ TODO: check
CVE-2019-6111 (An issue was discovered in OpenSSH 7.9. Due to the scp implementation ...)
{DSA-4387-2 DSA-4387-1 DLA-1728-1}
- openssh 1:7.9p1-9 (bug #923486)
@@ -100053,8 +100061,8 @@ CVE-2019-5593 (Improper permission or value checking in the CLI console may allo
NOT-FOR-US: FortiOS
CVE-2019-5592 (Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, ...)
NOT-FOR-US: Fortinet
-CVE-2019-5591
- RESERVED
+CVE-2019-5591 (A Default Configuration vulnerability in FortiOS may allow an unauthen ...)
+ TODO: check
CVE-2019-5590 (The URL part of the report message is not encoded in Fortinet FortiWeb ...)
NOT-FOR-US: Fortinet
CVE-2019-5589 (An Unsafe Search Path vulnerability in FortiClient Online Installer (W ...)
@@ -253811,10 +253819,10 @@ CVE-2014-9754 (The hardware VPN client in Viprinet MultichannelVPN Router 300 ve
NOT-FOR-US: Viprinet
CVE-2015-8075
REJECTED
-CVE-2015-8033
- RESERVED
-CVE-2015-8032
- RESERVED
+CVE-2015-8033 (In Textpattern 4.5.7, the password-reset feature does not securely tet ...)
+ TODO: check
+CVE-2015-8032 (In Textpattern 4.5.7, an unprivileged author can change an article's m ...)
+ TODO: check
CVE-2015-8035 (The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly d ...)
{DSA-3430-1}
- libxml2 2.9.3+dfsg1-1 (bug #803942)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/128200fa0e19c5e7b966453d1859c8bddb07f3b4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/128200fa0e19c5e7b966453d1859c8bddb07f3b4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200814/02d83978/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list