[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Aug 20 21:10:27 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ddba839c by security tracker role at 2020-08-20T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2020-24555
+ RESERVED
+CVE-2020-24554
+ RESERVED
+CVE-2020-24553
+ RESERVED
+CVE-2020-24552
+ RESERVED
+CVE-2020-24551
+ RESERVED
CVE-2020-24550
RESERVED
CVE-2020-24549
@@ -383,8 +393,8 @@ CVE-2020-24361 (SNMPTT before 1.4.2 allows attackers to execute shell code via E
- snmptt 1.4.2-1
CVE-2020-24360
RESERVED
-CVE-2020-24359
- RESERVED
+CVE-2020-24359 (HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrect ...)
+ TODO: check
CVE-2020-24358
RESERVED
CVE-2020-24357
@@ -1241,10 +1251,10 @@ CVE-2020-23938 (***REJECTED***Out of bounds read (CWE-125) in AnnLab V3 Lite 4.0
TODO: check
CVE-2020-23937
RESERVED
-CVE-2020-23936
- RESERVED
-CVE-2020-23935
- RESERVED
+CVE-2020-23936 (PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Auth ...)
+ TODO: check
+CVE-2020-23935 (Kabir Alhasan Student Management System 1.0 is vulnerable to Authentic ...)
+ TODO: check
CVE-2020-23934 (An issue was discovered in RiteCMS 2.2.1. An authenticated user can di ...)
NOT-FOR-US: RiteCMS
CVE-2020-23933
@@ -14039,6 +14049,7 @@ CVE-2020-17540
CVE-2020-17539
RESERVED
CVE-2020-17538 (A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/g ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701792
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 (9.51)
@@ -16535,102 +16546,126 @@ CVE-2020-16312
CVE-2020-16311
RESERVED
CVE-2020-16310 (A division by zero vulnerability in dot24_print_page() in devices/gdev ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701828
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=eaba1d97b62831b42c51840cc8ee2bc4576c942e (9.51)
CVE-2020-16309 (A buffer overflow vulnerability in lxm5700m_print_page() in devices/gd ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701827
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6f7464dddc689386668a38b92dfd03cc1b38a10 (9.51)
NOTE: PoC requires de8b6458abaeb9d0b14f02377f3e617f2854e647 (9.27) to trigger
CVE-2020-16308 (A buffer overflow vulnerability in p_print_image() in devices/gdevcdj. ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701829
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=af004276fd8f6c305727183c159b83021020f7d6 (9.51)
CVE-2020-16307 (A null pointer dereference vulnerability in devices/vector/gdevtxtw.c ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701822
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=407c98a38c3a6ac1681144ed45cc2f4fc374c91f (9.51)
CVE-2020-16306 (A null pointer dereference vulnerability in devices/gdevtsep.c of Arti ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=aadb53eb834b3def3ef68d78865ff87a68901804 (9.51)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701821
CVE-2020-16305 (A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701819
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2793769ff107d8d22dadd30c6e68cd781b569550 (9.51)
CVE-2020-16304 (A buffer overflow vulnerability in image_render_color_thresh() in base ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=027c546e0dd11e0526f1780a7f3c2c66acffe209 (9.51)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701816
NOTE: PoC requires de8b6458abaeb9d0b14f02377f3e617f2854e647 (9.27) to trigger
CVE-2020-16303 (A use-after-free vulnerability in xps_finish_image_path() in devices/v ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701818
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=94d8955cb7725eb5f3557ddc02310c76124fdd1a (9.51)
CVE-2020-16302 (A buffer overflow vulnerability in jetp3852_print_page() in devices/gd ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701815
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=366ad48d076c1aa4c8f83c65011258a04e348207 (9.51)
CVE-2020-16301 (A buffer overflow vulnerability in okiibm_print_page1() in devices/gde ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701808
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f54414c8b15b2c27d1dcadd92cfe84f6d15f18dc (9.51)
CVE-2020-16300 (A buffer overflow vulnerability in tiff12_print_page() in devices/gdev ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701807
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=714e8995cd582d418276915cbbec3c70711fb19e (9.51)
CVE-2020-16299 (A Division by Zero vulnerability in bj10v_print_page() in contrib/japa ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701801
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=19cebe708b9ee3d9e0f8bcdd79dbc6ef9ddc70d2 (9.51)
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4fcbece468706e0e89ed2856729b2ccacbc112be (9.51)
CVE-2020-16298 (A buffer overflow vulnerability in mj_color_correct() in contrib/japan ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701799
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=849e74e5ab450dd581942192da7101e0664fa5af (9.51)
CVE-2020-16297 (A buffer overflow vulnerability in FloydSteinbergDitheringC() in contr ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701800
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=bf72f1a3dd5392ee8291e3b1518a0c2c5dc6ba39 (9.51)
CVE-2020-16296 (A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/ ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701792
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 (9.51)
NOTE: chunk #2, see also CVE-2020-17538
CVE-2020-16295 (A null pointer dereference vulnerability in clj_media_size() in device ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=2c2dc335c212750e0fb8ae157063bc06cafa8d3e (9.51)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701796
CVE-2020-16294 (A buffer overflow vulnerability in epsc_print_page() in devices/gdevep ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701794
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=89f58f1aa95b3482cadf6977da49457194ee5358 (9.51)
CVE-2020-16293 (A null pointer dereference vulnerability in compose_group_nonknockout_ ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701795
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7870f4951bcc6a153f317e3439e14d0e929fd231 (9.51)
CVE-2020-16292 (A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701793
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=863ada11f9a942a622a581312e2be022d9e2a6f7 (9.51)
CVE-2020-16291 (A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Softwa ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=4f73e8b4d578e69a17f452fa60d2130c5faaefd6 (9.51)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701787
CVE-2020-16290 (A buffer overflow vulnerability in jetp3852_print_page() in devices/gd ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=93cb0c0adbd9bcfefd021d59c472388f67d3300d (9.51)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701786
CVE-2020-16289 (A buffer overflow vulnerability in cif_print_page() in devices/gdevcif ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701788
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d31e25ed5b130499e0d880e4609b1b4824699768 (9.51)
CVE-2020-16288 (A buffer overflow vulnerability in pj_common_print_page() in devices/g ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=aba3375ac24f8e02659d9b1eb9093909618cdb9f (9.51)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701791
CVE-2020-16287 (A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gd ...)
+ {DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701785
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=450da26a76286a8342ec0864b3d113856709f8f6 (9.51)
@@ -16642,14 +16677,14 @@ CVE-2020-16284
RESERVED
CVE-2020-16283
RESERVED
-CVE-2020-16282
- RESERVED
-CVE-2020-16281
- RESERVED
-CVE-2020-16280
- RESERVED
-CVE-2020-16279
- RESERVED
+CVE-2020-16282 (In the default configuration of Rangee GmbH RangeeOS 8.0.4, all compon ...)
+ TODO: check
+CVE-2020-16281 (The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a loca ...)
+ TODO: check
+CVE-2020-16280 (Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plain ...)
+ TODO: check
+CVE-2020-16279 (The Kommbox component in Rangee GmbH RangeeOS 8.0.4 is vulnerable to R ...)
+ TODO: check
CVE-2020-16278 (A cross-site scripting (XSS) vulnerability in the Permissions componen ...)
NOT-FOR-US: SAINT Security Suite
CVE-2020-16277 (An SQL injection vulnerability in the Analytics component of SAINT Sec ...)
@@ -17661,7 +17696,7 @@ CVE-2020-15826 (In JetBrains TeamCity before 2020.1, users are able to assign mo
NOT-FOR-US: JetBrains TeamCity
CVE-2020-15825 (In JetBrains TeamCity before 2020.1, users with the Modify Group permi ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2020-15824 (In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.70 is not aff ...)
+CVE-2020-15824 (In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not aff ...)
- kotlin <itp> (bug #892842)
CVE-2020-15823 (JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Wor ...)
NOT-FOR-US: JetBrains YouTrack
@@ -21369,7 +21404,7 @@ CVE-2020-14359
CVE-2020-14358
RESERVED
CVE-2020-14357
- RESERVED
+ REJECTED
CVE-2020-14356 (A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem ...)
- linux 5.7.10-1
NOTE: Fixed by: https://git.kernel.org/linus/ad0f75e5f57ccbceec13274e1e242f2b5a6397ed
@@ -33336,8 +33371,8 @@ CVE-2020-10291
RESERVED
CVE-2020-10290
RESERVED
-CVE-2020-10289
- RESERVED
+CVE-2020-10289 (Use of unsafe yaml load. Allows instantiation of arbitrary objects. Th ...)
+ TODO: check
CVE-2020-10288 (IRC5 exposes an ftp server (port 21). Upon attempting to gain access y ...)
NOT-FOR-US: ABB IRC5
CVE-2020-10287 (The IRC5 family with UAS service enabled comes by default with credent ...)
@@ -33348,8 +33383,8 @@ CVE-2020-10285 (The authentication implementation on the xArm controller has ver
NOT-FOR-US: xArm
CVE-2020-10284 (No authentication is required to control the robot inside the network, ...)
NOT-FOR-US: xArm
-CVE-2020-10283
- RESERVED
+CVE-2020-10283 (The Micro Air Vehicle Link (MAVLink) protocol presents authentication ...)
+ TODO: check
CVE-2020-10282 (The Micro Air Vehicle Link (MAVLink) protocol presents no authenticati ...)
NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol
CVE-2020-10281 (This vulnerability applies to the Micro Air Vehicle Link (MAVLink) pro ...)
@@ -46379,12 +46414,12 @@ CVE-2019-20154 (An issue was discovered in Determine (formerly Selectica) Contra
NOT-FOR-US: Determine (formerly Selectica) Contract Lifecycle Management
CVE-2019-20153 (An issue was discovered in Determine (formerly Selectica) Contract Lif ...)
NOT-FOR-US: Determine (formerly Selectica) Contract Lifecycle Management
-CVE-2019-20152
- RESERVED
-CVE-2019-20151
- RESERVED
-CVE-2019-20150
- RESERVED
+CVE-2019-20152 (An XSS issue was discovered in TreasuryXpress 19191105. Due to the lac ...)
+ TODO: check
+CVE-2019-20151 (An XSS issue was discovered in TreasuryXpress 19191105. Due to the lac ...)
+ TODO: check
+CVE-2019-20150 (In TreasuryXpress 19191105, a logged-in user can discover saved creden ...)
+ TODO: check
CVE-2020-5128
RESERVED
CVE-2020-5127
@@ -47267,8 +47302,8 @@ CVE-2020-4689
RESERVED
CVE-2020-4688
RESERVED
-CVE-2020-4687
- RESERVED
+CVE-2020-4687 (IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated use ...)
+ TODO: check
CVE-2020-4686 (IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated ...)
TODO: check
CVE-2020-4685
@@ -47545,8 +47580,8 @@ CVE-2020-4550 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attac
NOT-FOR-US: IBM
CVE-2020-4549 (IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute ...)
NOT-FOR-US: IBM
-CVE-2020-4548
- RESERVED
+CVE-2020-4548 (IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input ...)
+ TODO: check
CVE-2020-4547
RESERVED
CVE-2020-4546
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddba839c87c110a333bb8e8d15921c0a7244caf9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddba839c87c110a333bb8e8d15921c0a7244caf9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200820/16938650/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list