[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Aug 14 21:10:35 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
128200fa by security tracker role at 2020-08-14T20:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2020-24359
+	RESERVED
+CVE-2020-24358
+	RESERVED
+CVE-2020-24357
+	RESERVED
+CVE-2020-24356
+	RESERVED
 CVE-2020-24355
 	RESERVED
 CVE-2020-24354
@@ -3273,12 +3281,12 @@ CVE-2020-22724
 	RESERVED
 CVE-2020-22723
 	RESERVED
-CVE-2020-22722
-	RESERVED
-CVE-2020-22721
-	RESERVED
-CVE-2020-22720
-	RESERVED
+CVE-2020-22722 (Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege  ...)
+	TODO: check
+CVE-2020-22721 (A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8. ...)
+	TODO: check
+CVE-2020-22720 (A local privilege escalation vulnerability in SPSSLVpnService.exe in S ...)
+	TODO: check
 CVE-2020-22719
 	RESERVED
 CVE-2020-22718
@@ -13805,8 +13813,8 @@ CVE-2020-17464
 	RESERVED
 CVE-2020-17463 (FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/it ...)
 	NOT-FOR-US: FUEL CMS
-CVE-2020-17462
-	RESERVED
+CVE-2020-17462 (CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload beca ...)
+	TODO: check
 CVE-2020-17461
 	RESERVED
 CVE-2020-17460
@@ -16392,8 +16400,8 @@ CVE-2020-16207 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. M
 	NOT-FOR-US: Advantech WebAccess
 CVE-2020-16206
 	RESERVED
-CVE-2020-16205
-	RESERVED
+CVE-2020-16205 (Using a specially crafted URL command, a remote authenticated user can ...)
+	TODO: check
 CVE-2020-16204
 	RESERVED
 CVE-2020-16203 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...)
@@ -16462,7 +16470,7 @@ CVE-2020-16172
 	RESERVED
 CVE-2020-16171
 	RESERVED
-CVE-2020-16170 (The Temi application 1.3.3 through 1.3.7931 for Android has hard-coded ...)
+CVE-2020-16170 (Use of Hard-coded Credentials in Robotemi Global Ltd Temi Firmware up  ...)
 	NOT-FOR-US: Temi application fo Android
 CVE-2020-16169 (Authentication Bypass Using an Alternate Path or Channel in Robotemi G ...)
 	NOT-FOR-US: Temi Robox OS
@@ -17370,8 +17378,8 @@ CVE-2020-15783
 	RESERVED
 CVE-2020-15782
 	RESERVED
-CVE-2020-15781
-	RESERVED
+CVE-2020-15781 (A vulnerability has been identified in SICAM WEB firmware for SICAM A8 ...)
+	TODO: check
 CVE-2020-15779 (A Path Traversal issue was discovered in the socket.io-file package th ...)
 	NOT-FOR-US: Node socket.io-file
 CVE-2020-15780 (An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux k ...)
@@ -17585,12 +17593,12 @@ CVE-2020-15696 (An issue was discovered in Joomla! through 3.9.19. Lack of input
 	NOT-FOR-US: Joomla!
 CVE-2020-15695 (An issue was discovered in Joomla! through 3.9.19. A missing token che ...)
 	NOT-FOR-US: Joomla!
-CVE-2020-15694
-	RESERVED
-CVE-2020-15693
-	RESERVED
-CVE-2020-15692
-	RESERVED
+CVE-2020-15694 (In Nim 1.2.4, the standard library httpClient fails to properly valida ...)
+	TODO: check
+CVE-2020-15693 (In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF ...)
+	TODO: check
+CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL argumen ...)
+	TODO: check
 CVE-2020-15691
 	RESERVED
 CVE-2020-15690
@@ -18890,16 +18898,16 @@ CVE-2020-15147
 	RESERVED
 CVE-2020-15146
 	RESERVED
-CVE-2020-15145
-	RESERVED
+CVE-2020-15145 (In Composer-Setup for Windows before version 6.0.0, if the developer's ...)
+	TODO: check
 CVE-2020-15144
 	RESERVED
 CVE-2020-15143
 	RESERVED
-CVE-2020-15142
-	RESERVED
-CVE-2020-15141
-	RESERVED
+CVE-2020-15142 (In openapi-python-client before version 0.5.3, clients generated with  ...)
+	TODO: check
+CVE-2020-15141 (In openapi-python-client before version 0.5.3, there is a path travers ...)
+	TODO: check
 CVE-2020-15140
 	RESERVED
 CVE-2020-15139 (In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visu ...)
@@ -20964,7 +20972,7 @@ CVE-2020-14354 [ares_destroy() with pending ares_getaddrinfo() leads to Use-Afte
 	NOTE: Introduced in:  https://github.com/c-ares/c-ares/commit/dbd4c441fb7babad5c56f455d720af38e20546bc (1.16.0)
 	NOTE: Fixed by: https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e (1.16.1)
 CVE-2020-14353
-	RESERVED
+	REJECTED
 	- linux 4.13.10-1
 	[stretch] - linux 4.9.65-1
 	[jessie] - linux 3.16.56-1
@@ -25370,8 +25378,8 @@ CVE-2020-12650
 	REJECTED
 CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory tr ...)
 	NOT-FOR-US: Gurbalib
-CVE-2020-12648
-	RESERVED
+CVE-2020-12648 (A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlie ...)
+	TODO: check
 CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 6 ...)
 	NOT-FOR-US: Unisys ALGOL Compiler
 CVE-2020-12646
@@ -33518,8 +33526,8 @@ CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to
 	NOT-FOR-US: GeniXCMS
 CVE-2020-10056
 	RESERVED
-CVE-2020-10055
-	RESERVED
+CVE-2020-10055 (A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3 ...)
+	TODO: check
 CVE-2020-10054
 	RESERVED
 CVE-2020-10053
@@ -34118,8 +34126,8 @@ CVE-2020-9769 (Multiple issues were addressed by updating to version 8.1.1850. T
 	NOT-FOR-US: Apple
 CVE-2020-9768 (A use after free issue was addressed with improved memory management.  ...)
 	NOT-FOR-US: Apple
-CVE-2020-9767
-	RESERVED
+CVE-2020-9767 (A vulnerability related to Dynamic-link Library (“DLL”) lo ...)
+	TODO: check
 CVE-2020-10028 (Multiple syscalls with insufficient argument validation See NCC-ZEP-00 ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10027 (An attacker who has obtained code execution within a user thread is ab ...)
@@ -34307,8 +34315,8 @@ CVE-2020-9710
 	RESERVED
 CVE-2020-9709
 	RESERVED
-CVE-2020-9708
-	RESERVED
+CVE-2020-9708 (The resolveRepositoryPath function doesn't properly validate user inpu ...)
+	TODO: check
 CVE-2020-9707
 	RESERVED
 CVE-2020-9706
@@ -35494,10 +35502,10 @@ CVE-2020-9231
 	RESERVED
 CVE-2020-9230
 	RESERVED
-CVE-2020-9229
-	RESERVED
-CVE-2020-9228
-	RESERVED
+CVE-2020-9229 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...)
+	TODO: check
+CVE-2020-9228 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...)
+	TODO: check
 CVE-2020-9227 (Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166  ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9226 (HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an ...)
@@ -39179,10 +39187,10 @@ CVE-2020-7703
 	RESERVED
 CVE-2020-7702
 	RESERVED
-CVE-2020-7701
-	RESERVED
-CVE-2020-7700
-	RESERVED
+CVE-2020-7701 (madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution  ...)
+	TODO: check
+CVE-2020-7700 (All versions of phpjs are vulnerable to Prototype Pollution via parse_ ...)
+	TODO: check
 CVE-2020-7699 (This affects the package express-fileupload before 1.1.8. If the parse ...)
 	NOT-FOR-US: express-fileupload
 CVE-2020-7698 (This affects the package Gerapy from 0 and before 0.9.3. The input bei ...)
@@ -39450,8 +39458,8 @@ CVE-2020-7585 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and ear
 	NOT-FOR-US: Siemens
 CVE-2020-7584 (A vulnerability has been identified in SIMATIC S7-200 SMART CPU family ...)
 	NOT-FOR-US: Siemens
-CVE-2020-7583
-	RESERVED
+CVE-2020-7583 (A vulnerability has been identified in Automation License Manager 5 (A ...)
+	TODO: check
 CVE-2020-7582
 	RESERVED
 CVE-2020-7581 (A vulnerability has been identified in Opcenter Execution Discrete (Al ...)
@@ -40058,7 +40066,7 @@ CVE-2020-7294
 	RESERVED
 CVE-2020-7293
 	RESERVED
-CVE-2020-7292 (Inappropriate Encoding for output context in McAfee Web Gateway (MWG)  ...)
+CVE-2020-7292 (Inappropriate Encoding for output context vulnerability in McAfee Web  ...)
 	NOT-FOR-US: McAfee
 CVE-2020-7291 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...)
 	NOT-FOR-US: McAfee
@@ -46895,8 +46903,8 @@ CVE-2020-4664
 	RESERVED
 CVE-2020-4663
 	RESERVED
-CVE-2020-4662
-	RESERVED
+CVE-2020-4662 (IBM Event Streams 10.0.0 could allow an authenticated user to perform  ...)
+	TODO: check
 CVE-2020-4661
 	RESERVED
 CVE-2020-4660
@@ -52978,8 +52986,8 @@ CVE-2019-19645 (alter.c in SQLite through 3.30.1 allows attackers to trigger inf
 	NOTE: https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06
 CVE-2019-19644
 	RESERVED
-CVE-2019-19643
-	RESERVED
+CVE-2019-19643 (ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service. ...)
+	TODO: check
 CVE-2019-19642 (On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02 ...)
 	NOT-FOR-US: SuperMicro
 CVE-2019-19641
@@ -55822,7 +55830,7 @@ CVE-2019-19303
 	RESERVED
 CVE-2019-19302
 	RESERVED
-CVE-2019-19301 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
+CVE-2019-19301 (A vulnerability has been identified in SCALANCE S602 (All versions), S ...)
 	NOT-FOR-US: Siemens
 CVE-2019-19300 (A vulnerability has been identified in KTK ATE530S (All versions), SID ...)
 	NOT-FOR-US: Siemens
@@ -84656,7 +84664,7 @@ CVE-2019-10925 (A vulnerability has been identified in SIMATIC Ident MV420 famil
 	NOT-FOR-US: Siemens
 CVE-2019-10924 (A vulnerability has been identified in LOGO! Soft Comfort (All version ...)
 	NOT-FOR-US: Siemens
-CVE-2019-10923 (A vulnerability has been identified in CP1604 (All versions < V2.8) ...)
+CVE-2019-10923 (A vulnerability has been identified in Development/Evaluation Kits for ...)
 	NOT-FOR-US: Siemens
 CVE-2019-10922 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier  ...)
 	NOT-FOR-US: Siemens
@@ -95224,8 +95232,8 @@ CVE-2019-7412 (The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandle
 	NOT-FOR-US: Wordpress plugin
 CVE-2019-7411 (Multiple stored cross-site scripting (XSS) in the MyThemeShop Launcher ...)
 	NOT-FOR-US: MyThemeShop Launcher plugin for WordPress
-CVE-2019-7410
-	RESERVED
+CVE-2019-7410 (There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remo ...)
+	TODO: check
 CVE-2019-7409 (Multiple cross-site scripting (XSS) vulnerabilities in ProfileDesign C ...)
 	NOT-FOR-US: ProfileDesign CMS
 CVE-2019-7408
@@ -97295,7 +97303,7 @@ CVE-2019-6570 (A vulnerability has been identified in SINEMA Remote Connect Serv
 	NOT-FOR-US: Siemens
 CVE-2019-6569 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
 	NOT-FOR-US: Scalance
-CVE-2019-6568 (A vulnerability has been identified in CP1604, CP1616, CP343-1 Advance ...)
+CVE-2019-6568 (A vulnerability has been identified in RFID 181EIP, SIMATIC ET 200SP O ...)
 	NOT-FOR-US: Siemens
 CVE-2019-6567 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
 	NOT-FOR-US: Siemens
@@ -98559,8 +98567,8 @@ CVE-2019-6114 (An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. A
 	NOT-FOR-US: Corel PaintShop Pro
 CVE-2019-6113 (Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-001 ...)
 	NOT-FOR-US: ONKYO
-CVE-2019-6112
-	RESERVED
+CVE-2019-6112 (A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in ...)
+	TODO: check
 CVE-2019-6111 (An issue was discovered in OpenSSH 7.9. Due to the scp implementation  ...)
 	{DSA-4387-2 DSA-4387-1 DLA-1728-1}
 	- openssh 1:7.9p1-9 (bug #923486)
@@ -100053,8 +100061,8 @@ CVE-2019-5593 (Improper permission or value checking in the CLI console may allo
 	NOT-FOR-US: FortiOS
 CVE-2019-5592 (Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE,  ...)
 	NOT-FOR-US: Fortinet
-CVE-2019-5591
-	RESERVED
+CVE-2019-5591 (A Default Configuration vulnerability in FortiOS may allow an unauthen ...)
+	TODO: check
 CVE-2019-5590 (The URL part of the report message is not encoded in Fortinet FortiWeb ...)
 	NOT-FOR-US: Fortinet
 CVE-2019-5589 (An Unsafe Search Path vulnerability in FortiClient Online Installer (W ...)
@@ -253811,10 +253819,10 @@ CVE-2014-9754 (The hardware VPN client in Viprinet MultichannelVPN Router 300 ve
 	NOT-FOR-US: Viprinet
 CVE-2015-8075
 	REJECTED
-CVE-2015-8033
-	RESERVED
-CVE-2015-8032
-	RESERVED
+CVE-2015-8033 (In Textpattern 4.5.7, the password-reset feature does not securely tet ...)
+	TODO: check
+CVE-2015-8032 (In Textpattern 4.5.7, an unprivileged author can change an article's m ...)
+	TODO: check
 CVE-2015-8035 (The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly d ...)
 	{DSA-3430-1}
 	- libxml2 2.9.3+dfsg1-1 (bug #803942)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/128200fa0e19c5e7b966453d1859c8bddb07f3b4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/128200fa0e19c5e7b966453d1859c8bddb07f3b4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200814/02d83978/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list