[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Aug 17 21:10:23 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4bf2cf7d by security tracker role at 2020-08-17T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2020-24381
+ RESERVED
+CVE-2020-24380
+ RESERVED
+CVE-2020-24379
+ RESERVED
+CVE-2020-24378
+ RESERVED
+CVE-2020-24377
+ RESERVED
+CVE-2020-24376
+ RESERVED
+CVE-2020-24375
+ RESERVED
+CVE-2020-24374
+ RESERVED
+CVE-2020-24373
+ RESERVED
+CVE-2020-24372 (LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in ...)
+ TODO: check
+CVE-2020-24371 (lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the ...)
+ TODO: check
+CVE-2020-24370 (ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation faul ...)
+ TODO: check
+CVE-2020-24369 (ldebug.c in Lua 5.4.0 attempts to access debug information via the lin ...)
+ TODO: check
+CVE-2020-24368
+ RESERVED
CVE-2020-24367
RESERVED
CVE-2020-24366
@@ -306,8 +334,8 @@ CVE-2020-24222
RESERVED
CVE-2020-24221
RESERVED
-CVE-2020-24220
- RESERVED
+CVE-2020-24220 (ShopXO v1.8.1 has a command execution vulnerability. Attackers can use ...)
+ TODO: check
CVE-2020-24219
RESERVED
CVE-2020-24218
@@ -330,8 +358,8 @@ CVE-2020-24210
RESERVED
CVE-2020-24209
RESERVED
-CVE-2020-24208
- RESERVED
+CVE-2020-24208 (A SQL injection vulnerability in SourceCodester Online Shopping Alphaw ...)
+ TODO: check
CVE-2020-24207
RESERVED
CVE-2020-24206
@@ -3306,7 +3334,8 @@ CVE-2020-22722 (Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local priv
NOT-FOR-US: Rapid Software LLC Rapid SCADA
CVE-2020-22721 (A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8. ...)
NOT-FOR-US: PNotes - Andrey Gruber PNotes.NET
-CVE-2020-22720 (A local privilege escalation vulnerability in SPSSLVpnService.exe in S ...)
+CVE-2020-22720
+ REJECTED
NOT-FOR-US: Securepoint SSL VPN Client
CVE-2020-22719
RESERVED
@@ -13871,7 +13900,8 @@ CVE-2020-17449 (PHP-Fusion 9.03 allows XSS via the error_log file. ...)
CVE-2020-17448 (Telegram Desktop through 2.1.13 allows a spoofed file type to bypass t ...)
- telegram-desktop 2.2.0+ds-1
[buster] - telegram-desktop <no-dsa> (Minor issue)
-CVE-2020-17447 (MyBB before 1.8.24 allows XSS because the visual editor mishandles [al ...)
+CVE-2020-17447
+ REJECTED
NOT-FOR-US: MyBB
CVE-2020-17446 (asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger ...)
- asyncpg 0.21.0-1
@@ -22118,8 +22148,8 @@ CVE-2020-13943
RESERVED
CVE-2020-13942
RESERVED
-CVE-2020-13941
- RESERVED
+CVE-2020-13941 (Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), rel ...)
+ TODO: check
CVE-2020-13940
RESERVED
CVE-2020-13939
@@ -24190,8 +24220,8 @@ CVE-2020-13124 (SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerabil
NOT-FOR-US: SABnzbd
CVE-2020-13123
RESERVED
-CVE-2020-13122
- RESERVED
+CVE-2020-13122 (The novish command-line interface, included in NoviFlow NoviWare befor ...)
+ TODO: check
CVE-2020-13121 (Submitty through 20.04.01 has an open redirect via authentication/logi ...)
NOT-FOR-US: Submitty
CVE-2020-13120
@@ -25495,8 +25525,8 @@ CVE-2020-12608 (An issue was discovered in SolarWinds MSP PME (Patch Management
NOT-FOR-US: SolarWinds
CVE-2020-12607 (An issue was discovered in fastecdsa before 2.1.2. When using the NIST ...)
NOT-FOR-US: fastecdsa
-CVE-2020-12606
- RESERVED
+CVE-2020-12606 (An issue was discovered in DB Soft SGLAC before 20.05.001. The Procedi ...)
+ TODO: check
CVE-2020-12605 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-12604 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to incr ...)
@@ -35505,26 +35535,26 @@ CVE-2020-9244 (HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R
NOT-FOR-US: Huawei
CVE-2020-9243 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...)
NOT-FOR-US: Huawei
-CVE-2020-9242
- RESERVED
-CVE-2020-9241
- RESERVED
+CVE-2020-9242 (FusionCompute 8.0.0 have a command injection vulnerability. The softwa ...)
+ TODO: check
+CVE-2020-9241 (Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00), ...)
+ TODO: check
CVE-2020-9240
RESERVED
CVE-2020-9239
RESERVED
CVE-2020-9238
RESERVED
-CVE-2020-9237
- RESERVED
+CVE-2020-9237 (Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C ...)
+ TODO: check
CVE-2020-9236
RESERVED
CVE-2020-9235
RESERVED
CVE-2020-9234
RESERVED
-CVE-2020-9233
- RESERVED
+CVE-2020-9233 (FusionCompute 8.0.0 have an insufficient authentication vulnerability. ...)
+ TODO: check
CVE-2020-9232
RESERVED
CVE-2020-9231
@@ -35783,8 +35813,8 @@ CVE-2020-9105
RESERVED
CVE-2020-9104
RESERVED
-CVE-2020-9103
- RESERVED
+CVE-2020-9103 (HUAWEI Mate 20 smartphones with 9.0.0.205(C00E205R2P1) have a logic er ...)
+ TODO: check
CVE-2020-9102 (There is a information leak vulnerability in some Huawei products, and ...)
NOT-FOR-US: Huawei
CVE-2020-9101 (There is an out-of-bounds write vulnerability in some products. An una ...)
@@ -37837,22 +37867,22 @@ CVE-2020-8235
RESERVED
CVE-2020-8234
RESERVED
-CVE-2020-8233
- RESERVED
-CVE-2020-8232
- RESERVED
+CVE-2020-8233 (A command injection vulnerability exists in EdgeSwitch firmware <v1 ...)
+ TODO: check
+CVE-2020-8232 (An information disclosure vulnerability exists in EdgeMax EdgeSwitch f ...)
+ TODO: check
CVE-2020-8231
RESERVED
-CVE-2020-8230
- RESERVED
+CVE-2020-8230 (A memory corruption vulnerability exists in NextCloud Desktop Client v ...)
+ TODO: check
CVE-2020-8229 (A memory leak in the OCUtil.dll library used by Nextcloud Desktop Clie ...)
TODO: check
CVE-2020-8228
RESERVED
CVE-2020-8227
RESERVED
-CVE-2020-8226
- RESERVED
+CVE-2020-8226 (A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allow ...)
+ TODO: check
CVE-2020-8225
RESERVED
CVE-2020-8224 (A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arb ...)
@@ -37879,16 +37909,16 @@ CVE-2020-8214 (A path traversal vulnerability in servey version < 3 allows an
NOT-FOR-US: servey
CVE-2020-8213 (An information exposure vulnerability exists in UniFi Protect before v ...)
NOT-FOR-US: UniFi Protect
-CVE-2020-8212
- RESERVED
-CVE-2020-8211
- RESERVED
-CVE-2020-8210
- RESERVED
-CVE-2020-8209
- RESERVED
-CVE-2020-8208
- RESERVED
+CVE-2020-8212 (Improper access control in Citrix XenMobile Server 10.12 before RP3, C ...)
+ TODO: check
+CVE-2020-8211 (Improper input validation in Citrix XenMobile Server 10.12 before RP3, ...)
+ TODO: check
+CVE-2020-8210 (Insufficient protection of secrets in Citrix XenMobile Server 10.12 be ...)
+ TODO: check
+CVE-2020-8209 (Improper access control in Citrix XenMobile Server 10.12 before RP2, C ...)
+ TODO: check
+CVE-2020-8208 (Improper input validation in Citrix XenMobile Server 10.12 before RP1, ...)
+ TODO: check
CVE-2020-8207 (Improper access control in Citrix Workspace app for Windows 1912 CU1 a ...)
NOT-FOR-US: Citrix
CVE-2020-8206 (An improper authentication vulnerability exists in Pulse Connect Secur ...)
@@ -39210,12 +39240,12 @@ CVE-2020-7706
RESERVED
CVE-2020-7705
RESERVED
-CVE-2020-7704
- RESERVED
-CVE-2020-7703
- RESERVED
-CVE-2020-7702
- RESERVED
+CVE-2020-7704 (The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pol ...)
+ TODO: check
+CVE-2020-7703 (All versions of package nis-utils are vulnerable to Prototype Pollutio ...)
+ TODO: check
+CVE-2020-7702 (All versions of package templ8 are vulnerable to Prototype Pollution v ...)
+ TODO: check
CVE-2020-7701 (madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution ...)
TODO: check
CVE-2020-7700 (All versions of phpjs are vulnerable to Prototype Pollution via parse_ ...)
@@ -46884,8 +46914,8 @@ CVE-2020-4688
RESERVED
CVE-2020-4687
RESERVED
-CVE-2020-4686
- RESERVED
+CVE-2020-4686 (IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated ...)
+ TODO: check
CVE-2020-4685
RESERVED
CVE-2020-4684
@@ -50445,12 +50475,12 @@ CVE-2020-3504
RESERVED
CVE-2020-3503
RESERVED
-CVE-2020-3502
- RESERVED
-CVE-2020-3501
- RESERVED
-CVE-2020-3500
- RESERVED
+CVE-2020-3502 (Multiple vulnerabilities in the user interface of Cisco Webex Meetings ...)
+ TODO: check
+CVE-2020-3501 (Multiple vulnerabilities in the user interface of Cisco Webex Meetings ...)
+ TODO: check
+CVE-2020-3500 (A vulnerability in the IPv6 implementation of Cisco StarOS could allow ...)
+ TODO: check
CVE-2020-3499
RESERVED
CVE-2020-3498
@@ -50508,8 +50538,8 @@ CVE-2020-3474
RESERVED
CVE-2020-3473
RESERVED
-CVE-2020-3472
- RESERVED
+CVE-2020-3472 (A vulnerability in the contacts feature of Cisco Webex Meetings could ...)
+ TODO: check
CVE-2020-3471
RESERVED
CVE-2020-3470
@@ -50524,10 +50554,10 @@ CVE-2020-3466
RESERVED
CVE-2020-3465
RESERVED
-CVE-2020-3464
- RESERVED
-CVE-2020-3463
- RESERVED
+CVE-2020-3464 (A vulnerability in the web-based management interface of Cisco UCS Dir ...)
+ TODO: check
+CVE-2020-3463 (A vulnerability in the web-based management interface of Cisco Webex M ...)
+ TODO: check
CVE-2020-3462 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
NOT-FOR-US: Cisco
CVE-2020-3461 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
@@ -50554,12 +50584,12 @@ CVE-2020-3451
RESERVED
CVE-2020-3450 (A vulnerability in the web-based management interface of Cisco Vision ...)
NOT-FOR-US: Cisco
-CVE-2020-3449
- RESERVED
-CVE-2020-3448
- RESERVED
-CVE-2020-3447
- RESERVED
+CVE-2020-3449 (A vulnerability in the Border Gateway Protocol (BGP) additional paths ...)
+ TODO: check
+CVE-2020-3448 (A vulnerability in an access control mechanism of Cisco Cyber Vision C ...)
+ TODO: check
+CVE-2020-3447 (A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security A ...)
+ TODO: check
CVE-2020-3446
RESERVED
CVE-2020-3445
@@ -50582,12 +50612,12 @@ CVE-2020-3437 (A vulnerability in the web-based management interface of Cisco SD
NOT-FOR-US: Cisco
CVE-2020-3436
RESERVED
-CVE-2020-3435
- RESERVED
-CVE-2020-3434
- RESERVED
-CVE-2020-3433
- RESERVED
+CVE-2020-3435 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
+ TODO: check
+CVE-2020-3434 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
+ TODO: check
+CVE-2020-3433 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
+ TODO: check
CVE-2020-3432
RESERVED
CVE-2020-3431
@@ -50626,12 +50656,12 @@ CVE-2020-3415
RESERVED
CVE-2020-3414
RESERVED
-CVE-2020-3413
- RESERVED
-CVE-2020-3412
- RESERVED
-CVE-2020-3411
- RESERVED
+CVE-2020-3413 (A vulnerability in the scheduled meeting template feature of Cisco Web ...)
+ TODO: check
+CVE-2020-3412 (A vulnerability in the scheduled meeting template feature of Cisco Web ...)
+ TODO: check
+CVE-2020-3411 (A vulnerability in Cisco DNA Center software could allow an unauthenti ...)
+ TODO: check
CVE-2020-3410
RESERVED
CVE-2020-3409
@@ -50726,8 +50756,8 @@ CVE-2020-3365
RESERVED
CVE-2020-3364 (A vulnerability in the access control list (ACL) functionality of the ...)
NOT-FOR-US: Cisco
-CVE-2020-3363
- RESERVED
+CVE-2020-3363 (A vulnerability in the IPv6 packet processing engine of Cisco Small Bu ...)
+ TODO: check
CVE-2020-3362 (A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO ...)
NOT-FOR-US: Cisco
CVE-2020-3361 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...)
@@ -50763,8 +50793,8 @@ CVE-2020-3348 (Multiple vulnerabilities in the web-based management interface of
NOT-FOR-US: Cisco
CVE-2020-3347 (A vulnerability in Cisco Webex Meetings Desktop App for Windows could ...)
NOT-FOR-US: Cisco
-CVE-2020-3346
- RESERVED
+CVE-2020-3346 (A vulnerability in the web UI of Cisco Unified Communications Manager ...)
+ TODO: check
CVE-2020-3345 (A vulnerability in certain web pages of Cisco Webex Meetings and Cisco ...)
NOT-FOR-US: Cisco
CVE-2020-3344 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...)
@@ -149222,69 +149252,69 @@ CVE-2018-7159 (The HTTP parser in all current versions of Node.js ignores spaces
CVE-2018-7158 (The `'path'` module in the Node.js 4.x release line contains a potenti ...)
- nodejs 6.0.0~dfsg-1 (unimportant)
CVE-2018-7157
- RESERVED
+ REJECTED
CVE-2018-7156
- RESERVED
+ REJECTED
CVE-2018-7155
- RESERVED
+ REJECTED
CVE-2018-7154
- RESERVED
+ REJECTED
CVE-2018-7153
- RESERVED
+ REJECTED
CVE-2018-7152
- RESERVED
+ REJECTED
CVE-2018-7151
- RESERVED
+ REJECTED
CVE-2018-7150
- RESERVED
+ REJECTED
CVE-2018-7149
- RESERVED
+ REJECTED
CVE-2018-7148
- RESERVED
+ REJECTED
CVE-2018-7147
- RESERVED
+ REJECTED
CVE-2018-7146
- RESERVED
+ REJECTED
CVE-2018-7145
- RESERVED
+ REJECTED
CVE-2018-7144
- RESERVED
+ REJECTED
CVE-2018-7143
- RESERVED
+ REJECTED
CVE-2018-7142
- RESERVED
+ REJECTED
CVE-2018-7141
- RESERVED
+ REJECTED
CVE-2018-7140
- RESERVED
+ REJECTED
CVE-2018-7139
- RESERVED
+ REJECTED
CVE-2018-7138
- RESERVED
+ REJECTED
CVE-2018-7137
- RESERVED
+ REJECTED
CVE-2018-7136
- RESERVED
+ REJECTED
CVE-2018-7135
- RESERVED
+ REJECTED
CVE-2018-7134
- RESERVED
+ REJECTED
CVE-2018-7133
- RESERVED
+ REJECTED
CVE-2018-7132
- RESERVED
+ REJECTED
CVE-2018-7131
- RESERVED
+ REJECTED
CVE-2018-7130
- RESERVED
+ REJECTED
CVE-2018-7129
- RESERVED
+ REJECTED
CVE-2018-7128
- RESERVED
+ REJECTED
CVE-2018-7127
- RESERVED
+ REJECTED
CVE-2018-7126
- RESERVED
+ REJECTED
CVE-2018-7125 (A remote code execution vulnerability was identified in HPE Intelligen ...)
NOT-FOR-US: HPE
CVE-2018-7124 (A remote code execution vulnerability was identified in HPE Intelligen ...)
@@ -149358,15 +149388,15 @@ CVE-2018-7091 (HPE XP P9000 Command View Advanced Edition Software (CVAE) has op
CVE-2018-7090 (HPE XP P9000 Command View Advanced Edition Software (CVAE) has local a ...)
NOT-FOR-US: HPE
CVE-2018-7089
- RESERVED
+ REJECTED
CVE-2018-7088
- RESERVED
+ REJECTED
CVE-2018-7087
- RESERVED
+ REJECTED
CVE-2018-7086
- RESERVED
+ REJECTED
CVE-2018-7085
- RESERVED
+ REJECTED
CVE-2018-7084 (A command injection vulnerability is present that permits an unauthent ...)
NOT-FOR-US: Aruba
CVE-2018-7083 (If a process running within Aruba Instant crashes, it may leave behind ...)
@@ -149412,9 +149442,9 @@ CVE-2018-7064 (A reflected cross-site scripting (XSS) vulnerability is present i
CVE-2018-7063 (In Aruba ClearPass, disabled API admins can still perform read/write o ...)
NOT-FOR-US: Aruba
CVE-2018-7062
- RESERVED
+ REJECTED
CVE-2018-7061
- RESERVED
+ REJECTED
CVE-2018-7060 (Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulne ...)
NOT-FOR-US: Aruba ClearPass
CVE-2018-7059 (Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that hel ...)
@@ -195164,35 +195194,35 @@ CVE-2016-10372 (The Eir D1000 modem does not properly restrict the TR-064 protoc
CVE-2017-9019
RESERVED
CVE-2017-9018
- RESERVED
+ REJECTED
CVE-2017-9017
- RESERVED
+ REJECTED
CVE-2017-9016
- RESERVED
+ REJECTED
CVE-2017-9015
- RESERVED
+ REJECTED
CVE-2017-9014
- RESERVED
+ REJECTED
CVE-2017-9013
- RESERVED
+ REJECTED
CVE-2017-9012
- RESERVED
+ REJECTED
CVE-2017-9011
- RESERVED
+ REJECTED
CVE-2017-9010
- RESERVED
+ REJECTED
CVE-2017-9009
- RESERVED
+ REJECTED
CVE-2017-9008
- RESERVED
+ REJECTED
CVE-2017-9007
- RESERVED
+ REJECTED
CVE-2017-9006
- RESERVED
+ REJECTED
CVE-2017-9005
- RESERVED
+ REJECTED
CVE-2017-9004
- RESERVED
+ REJECTED
CVE-2017-9003 (Multiple memory corruption flaws are present in ArubaOS which could al ...)
NOT-FOR-US: Aruba
CVE-2017-9002 (All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross ...)
@@ -195202,15 +195232,15 @@ CVE-2017-9001 (Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lo
CVE-2017-9000 (ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x ...)
NOT-FOR-US: Aruba
CVE-2017-8999
- RESERVED
+ REJECTED
CVE-2017-8998
- RESERVED
+ REJECTED
CVE-2017-8997
- RESERVED
+ REJECTED
CVE-2017-8996
- RESERVED
+ REJECTED
CVE-2017-8995
- RESERVED
+ REJECTED
CVE-2017-8994 (A input validation vulnerability in HPE Operations Orchestration produ ...)
NOT-FOR-US: HPE
CVE-2017-8993 (A Remote Cross-Site Scripting vulnerability in HPE Project and Portfol ...)
@@ -195228,7 +195258,7 @@ CVE-2017-8988 (A Remote Bypass of Security Restrictions vulnerability was identi
CVE-2017-8987 (A Unauthenticated Remote Denial of Service vulnerability was identifie ...)
NOT-FOR-US: HPE
CVE-2017-8986
- RESERVED
+ REJECTED
CVE-2017-8985 (HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local au ...)
NOT-FOR-US: HPE XP Storage
CVE-2017-8984 (A remote code execution vulnerability in HPE Intelligent Management Ce ...)
@@ -230721,15 +230751,15 @@ CVE-2016-6515 (The auth_password function in auth-passwd.c in sshd in OpenSSH be
CVE-2016-6514
RESERVED
CVE-2016-6502
- RESERVED
+ REJECTED
CVE-2016-6501 (JFrog Artifactory before 4.11 allows remote attackers to execute arbit ...)
NOT-FOR-US: JFrog Artifactory
CVE-2016-6500 (Unspecified methods in the RACF Connector component before 1.1.1.0 in ...)
NOT-FOR-US: ForgeRock
CVE-2016-6499
- RESERVED
+ REJECTED
CVE-2016-6498
- RESERVED
+ REJECTED
CVE-2016-6497 (main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP ...)
NOT-FOR-US: Groovy LDAP extension
CVE-2016-6496 (The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bf2cf7d22764236200859ed517b7d927302ee34
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bf2cf7d22764236200859ed517b7d927302ee34
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200817/4c115232/attachment.html>
More information about the debian-security-tracker-commits
mailing list