[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Aug 19 21:10:26 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3ac8e491 by security tracker role at 2020-08-19T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,117 @@
+CVE-2020-24447
+ RESERVED
+CVE-2020-24446
+ RESERVED
+CVE-2020-24445
+ RESERVED
+CVE-2020-24444
+ RESERVED
+CVE-2020-24443
+ RESERVED
+CVE-2020-24442
+ RESERVED
+CVE-2020-24441
+ RESERVED
+CVE-2020-24440
+ RESERVED
+CVE-2020-24439
+ RESERVED
+CVE-2020-24438
+ RESERVED
+CVE-2020-24437
+ RESERVED
+CVE-2020-24436
+ RESERVED
+CVE-2020-24435
+ RESERVED
+CVE-2020-24434
+ RESERVED
+CVE-2020-24433
+ RESERVED
+CVE-2020-24432
+ RESERVED
+CVE-2020-24431
+ RESERVED
+CVE-2020-24430
+ RESERVED
+CVE-2020-24429
+ RESERVED
+CVE-2020-24428
+ RESERVED
+CVE-2020-24427
+ RESERVED
+CVE-2020-24426
+ RESERVED
+CVE-2020-24425
+ RESERVED
+CVE-2020-24424
+ RESERVED
+CVE-2020-24423
+ RESERVED
+CVE-2020-24422
+ RESERVED
+CVE-2020-24421
+ RESERVED
+CVE-2020-24420
+ RESERVED
+CVE-2020-24419
+ RESERVED
+CVE-2020-24418
+ RESERVED
+CVE-2020-24417
+ RESERVED
+CVE-2020-24416
+ RESERVED
+CVE-2020-24415
+ RESERVED
+CVE-2020-24414
+ RESERVED
+CVE-2020-24413
+ RESERVED
+CVE-2020-24412
+ RESERVED
+CVE-2020-24411
+ RESERVED
+CVE-2020-24410
+ RESERVED
+CVE-2020-24409
+ RESERVED
+CVE-2020-24408
+ RESERVED
+CVE-2020-24407
+ RESERVED
+CVE-2020-24406
+ RESERVED
+CVE-2020-24405
+ RESERVED
+CVE-2020-24404
+ RESERVED
+CVE-2020-24403
+ RESERVED
+CVE-2020-24402
+ RESERVED
+CVE-2020-24401
+ RESERVED
+CVE-2020-24400
+ RESERVED
+CVE-2020-24399
+ RESERVED
+CVE-2020-24398
+ RESERVED
+CVE-2020-24397
+ RESERVED
+CVE-2020-24396
+ RESERVED
+CVE-2020-24395
+ RESERVED
+CVE-2020-24394 (In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) ca ...)
+ TODO: check
+CVE-2020-24393
+ RESERVED
+CVE-2020-24392
+ RESERVED
+CVE-2020-24391
+ RESERVED
CVE-2020-24390
RESERVED
CVE-2020-24389
@@ -16,8 +130,8 @@ CVE-2020-24383
RESERVED
CVE-2020-24382
RESERVED
-CVE-2020-24381
- RESERVED
+CVE-2020-24381 (** DISPUTED ** GUnet Open eClass Platform (aka openeclass) through 3.9 ...)
+ TODO: check
CVE-2020-24380
RESERVED
CVE-2020-24379
@@ -42,8 +156,8 @@ CVE-2020-24370 (ldebug.c in Lua 5.4.0 allows a negation overflow and segmentatio
TODO: check
CVE-2020-24369 (ldebug.c in Lua 5.4.0 attempts to access debug information via the lin ...)
TODO: check
-CVE-2020-24368
- RESERVED
+CVE-2020-24368 (Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Director ...)
+ TODO: check
CVE-2020-24367
RESERVED
CVE-2020-24366
@@ -1644,8 +1758,8 @@ CVE-2020-23576
RESERVED
CVE-2020-23575
RESERVED
-CVE-2020-23574
- RESERVED
+CVE-2020-23574 (When uploading a file in Sysax Multi Server 6.90, an authenticated use ...)
+ TODO: check
CVE-2020-23573
RESERVED
CVE-2020-23572
@@ -13899,8 +14013,8 @@ CVE-2020-17458
RESERVED
CVE-2020-17457
RESERVED
-CVE-2020-17456
- RESERVED
+CVE-2020-17456 (SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution ...)
+ TODO: check
CVE-2020-17455
RESERVED
CVE-2020-17454
@@ -17254,8 +17368,7 @@ CVE-2020-15863 (hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 0
[buster] - qemu <postponed> (Minor issue, can be fixed along in next DSA)
NOTE: https://www.openwall.com/lists/oss-security/2020/07/22/1
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5519724a13664b43e225ca05351c60b4468e4555
-CVE-2020-15861 [Elevation of Privileges due to symlink handling]
- RESERVED
+CVE-2020-15861 (Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX ...)
{DSA-4746-1 DLA-2313-1}
- net-snmp 5.8+dfsg-5 (bug #966599)
NOTE: https://github.com/net-snmp/net-snmp/issues/145
@@ -17354,8 +17467,7 @@ CVE-2020-15818 (In JetBrains YouTrack before 2020.2.8527, the subtasks workflow
NOT-FOR-US: JetBrains YouTrack
CVE-2020-15817 (In JetBrains YouTrack before 2020.1.1331, an external user could execu ...)
NOT-FOR-US: JetBrains YouTrack
-CVE-2020-15862 [privilege escalation]
- RESERVED
+CVE-2020-15862 (Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP ...)
{DSA-4746-1 DLA-2299-1}
- net-snmp 5.8+dfsg-4 (bug #965166)
NOTE: The commit https://github.com/net-snmp/net-snmp/commit/c2b96ee744392243782094432f657ded4e985a07
@@ -18132,8 +18244,8 @@ CVE-2020-15533
RESERVED
CVE-2019-20895
RESERVED
-CVE-2020-15532
- RESERVED
+CVE-2020-15532 (Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overf ...)
+ TODO: check
CVE-2020-15531
RESERVED
CVE-2020-15530 (An issue was discovered in Valve Steam Client 2.10.91.91. The installe ...)
@@ -18972,12 +19084,12 @@ CVE-2020-15153
RESERVED
CVE-2020-15152 (ftp-srv versions 1.0.0 through 4.3.3 are vulnerable to Server-Side Req ...)
TODO: check
-CVE-2020-15151
- RESERVED
+CVE-2020-15151 (OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to cir ...)
+ TODO: check
CVE-2020-15150
RESERVED
-CVE-2020-15149
- RESERVED
+CVE-2020-15149 (NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in ...)
+ TODO: check
CVE-2020-15148
RESERVED
CVE-2020-15147
@@ -21043,8 +21155,7 @@ CVE-2020-14358
RESERVED
CVE-2020-14357
RESERVED
-CVE-2020-14356 [cgroup: fix cgroup_sk_alloc() for sk_clone_lock()]
- RESERVED
+CVE-2020-14356 (A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem ...)
- linux 5.7.10-1
NOTE: Fixed by: https://git.kernel.org/linus/ad0f75e5f57ccbceec13274e1e242f2b5a6397ed
CVE-2020-14355
@@ -28112,8 +28223,8 @@ CVE-2020-11850
RESERVED
CVE-2020-11849 (Elevation of privilege and/or unauthorized access vulnerability in Mic ...)
NOT-FOR-US: Micro Focus
-CVE-2020-11848
- RESERVED
+CVE-2020-11848 (Denial of service vulnerability on Micro Focus ArcSight Management Cen ...)
+ TODO: check
CVE-2020-11847
RESERVED
CVE-2020-11846
@@ -34370,70 +34481,70 @@ CVE-2020-9726
RESERVED
CVE-2020-9725
RESERVED
-CVE-2020-9724
- RESERVED
-CVE-2020-9723
- RESERVED
-CVE-2020-9722
- RESERVED
-CVE-2020-9721
- RESERVED
-CVE-2020-9720
- RESERVED
-CVE-2020-9719
- RESERVED
-CVE-2020-9718
- RESERVED
-CVE-2020-9717
- RESERVED
-CVE-2020-9716
- RESERVED
-CVE-2020-9715
- RESERVED
-CVE-2020-9714
- RESERVED
+CVE-2020-9724 (Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library ...)
+ TODO: check
+CVE-2020-9723 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
+CVE-2020-9722 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
+CVE-2020-9721 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
+CVE-2020-9720 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
+CVE-2020-9719 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
+CVE-2020-9718 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
+CVE-2020-9717 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
+CVE-2020-9716 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
+CVE-2020-9715 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
+CVE-2020-9714 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
CVE-2020-9713
RESERVED
-CVE-2020-9712
- RESERVED
+CVE-2020-9712 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
CVE-2020-9711
RESERVED
-CVE-2020-9710
- RESERVED
+CVE-2020-9710 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
CVE-2020-9709
RESERVED
CVE-2020-9708 (The resolveRepositoryPath function doesn't properly validate user inpu ...)
TODO: check
-CVE-2020-9707
- RESERVED
-CVE-2020-9706
- RESERVED
-CVE-2020-9705
- RESERVED
-CVE-2020-9704
- RESERVED
-CVE-2020-9703
- RESERVED
-CVE-2020-9702
- RESERVED
-CVE-2020-9701
- RESERVED
-CVE-2020-9700
- RESERVED
-CVE-2020-9699
- RESERVED
-CVE-2020-9698
- RESERVED
-CVE-2020-9697
- RESERVED
-CVE-2020-9696
- RESERVED
+CVE-2020-9707 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
+CVE-2020-9706 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
+CVE-2020-9705 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
+CVE-2020-9704 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
+CVE-2020-9703 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
+CVE-2020-9702 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
+CVE-2020-9701 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
+CVE-2020-9700 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
+CVE-2020-9699 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
+CVE-2020-9698 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
+CVE-2020-9697 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
+CVE-2020-9696 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
CVE-2020-9695
RESERVED
-CVE-2020-9694
- RESERVED
-CVE-2020-9693
- RESERVED
+CVE-2020-9694 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
+CVE-2020-9693 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ TODO: check
CVE-2020-9692 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...)
NOT-FOR-US: Magento
CVE-2020-9691 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...)
@@ -39364,6 +39475,7 @@ CVE-2020-7664 (In all versions of the package github.com/unknwon/cae/zip, the Ex
- golang-github-unknwon-cae <removed> (bug #967955)
NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAEZIP-570383
CVE-2020-7663 (websocket-extensions ruby module prior to 0.1.5 allows Denial of Servi ...)
+ {DLA-2334-1}
- ruby-websocket-extensions <unfixed> (bug #964274)
NOTE: https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2
NOTE: https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b
@@ -47010,8 +47122,8 @@ CVE-2020-4655
RESERVED
CVE-2020-4654
RESERVED
-CVE-2020-4653
- RESERVED
+CVE-2020-4653 (IBM Planning Analytics 2.0 could allow a remote attacker to conduct ph ...)
+ TODO: check
CVE-2020-4652
RESERVED
CVE-2020-4651
@@ -47020,8 +47132,8 @@ CVE-2020-4650
RESERVED
CVE-2020-4649
RESERVED
-CVE-2020-4648
- RESERVED
+CVE-2020-4648 (A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars ...)
+ TODO: check
CVE-2020-4647
RESERVED
CVE-2020-4646
@@ -47554,8 +47666,8 @@ CVE-2020-4383
RESERVED
CVE-2020-4382
RESERVED
-CVE-2020-4381
- RESERVED
+CVE-2020-4381 (IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.6 ...)
+ TODO: check
CVE-2020-4380 (IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting. ...)
NOT-FOR-US: IBM
CVE-2020-4379 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ac8e49146851dc6fd6dc0ef45a952cc34ddb1c4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ac8e49146851dc6fd6dc0ef45a952cc34ddb1c4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200819/5cee3b5b/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list