[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Aug 22 09:10:48 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b2489633 by security tracker role at 2020-08-22T08:10:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2020-24596
+ RESERVED
+CVE-2020-24595
+ RESERVED
+CVE-2020-24594
+ RESERVED
+CVE-2020-24593
+ RESERVED
+CVE-2020-24592
+ RESERVED
CVE-2020-24591 (The Management Console in certain WSO2 products allows XXE attacks dur ...)
NOT-FOR-US: WSO2
CVE-2020-24590 (The Management Console in WSO2 API Manager through 3.1.0 and API Micro ...)
@@ -17722,8 +17732,8 @@ CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because
[buster] - qemu <postponed> (Minor issue, can be fixed along in next DSA)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html
NOTE: https://bugs.launchpad.net/qemu/+bug/1886362
-CVE-2020-15858
- RESERVED
+CVE-2020-15858 (Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allo ...)
+ TODO: check
CVE-2020-15857
RESERVED
CVE-2020-15856
@@ -33883,14 +33893,14 @@ CVE-2020-10128
RESERVED
CVE-2020-10127
RESERVED
-CVE-2020-10126
- RESERVED
-CVE-2020-10125
- RESERVED
-CVE-2020-10124
- RESERVED
-CVE-2020-10123
- RESERVED
+CVE-2020-10126 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate ...)
+ TODO: check
+CVE-2020-10125 (NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 51 ...)
+ TODO: check
+CVE-2020-10124 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authentic ...)
+ TODO: check
+CVE-2020-10123 (The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 ...)
+ TODO: check
CVE-2019-20501 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...)
NOT-FOR-US: D-Link
CVE-2019-20500 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...)
@@ -36396,10 +36406,10 @@ CVE-2020-9065 (Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0
NOT-FOR-US: Huawei
CVE-2020-9064 (Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 1 ...)
NOT-FOR-US: Huawei
-CVE-2020-9063
- RESERVED
-CVE-2020-9062
- RESERVED
+CVE-2020-9063 (NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authent ...)
+ TODO: check
+CVE-2020-9062 (Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version ...)
+ TODO: check
CVE-2020-9061
RESERVED
CVE-2020-9060
@@ -37472,24 +37482,19 @@ CVE-2020-8626
RESERVED
CVE-2020-8625
RESERVED
-CVE-2020-8624
- RESERVED
+CVE-2020-8624 (In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21 ...)
- bind9 1:9.16.6-1 (bug #966497)
NOTE: https://kb.isc.org/docs/cve-2020-8624
-CVE-2020-8623
- RESERVED
+CVE-2020-8623 (In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3 ...)
- bind9 1:9.16.6-1
NOTE: https://kb.isc.org/docs/cve-2020-8623
-CVE-2020-8622
- RESERVED
+CVE-2020-8622 (In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, ...)
- bind9 1:9.16.6-1
NOTE: https://kb.isc.org/docs/cve-2020-8622
-CVE-2020-8621
- RESERVED
+CVE-2020-8621 (In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is confi ...)
- bind9 1:9.16.6-1
NOTE: https://kb.isc.org/docs/cve-2020-8621
-CVE-2020-8620
- RESERVED
+CVE-2020-8620 (In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can ...)
- bind9 1:9.16.6-1
NOTE: https://kb.isc.org/docs/cve-2020-8620
CVE-2020-8619 (In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9. ...)
@@ -38376,8 +38381,8 @@ CVE-2020-8236
RESERVED
CVE-2020-8235
RESERVED
-CVE-2020-8234
- RESERVED
+CVE-2020-8234 (A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 w ...)
+ TODO: check
CVE-2020-8233 (A command injection vulnerability exists in EdgeSwitch firmware <v1 ...)
NOT-FOR-US: Edgeswitch
CVE-2020-8232 (An information disclosure vulnerability exists in EdgeMax EdgeSwitch f ...)
@@ -38395,8 +38400,8 @@ CVE-2020-8229 (A memory leak in the OCUtil.dll library used by Nextcloud Desktop
NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-034
CVE-2020-8228
RESERVED
-CVE-2020-8227
- RESERVED
+CVE-2020-8227 (Missing sanitization of a server response in Nextcloud Desktop Client ...)
+ TODO: check
CVE-2020-8226 (A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allow ...)
NOT-FOR-US: phpBB
CVE-2020-8225
@@ -38475,8 +38480,8 @@ CVE-2020-8191 (Improper input validation in Citrix ADC and Citrix Gateway versio
NOT-FOR-US: Citrix
CVE-2020-8190 (Incorrect file permissions in Citrix ADC and Citrix Gateway before ver ...)
NOT-FOR-US: Citrix
-CVE-2020-8189
- RESERVED
+CVE-2020-8189 (A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed ...)
+ TODO: check
CVE-2020-8188 (We have recently released new version of UniFi Protect firmware v1.13. ...)
NOT-FOR-US: UniFi Protect
CVE-2020-8187 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...)
@@ -45346,10 +45351,10 @@ CVE-2020-5419
RESERVED
CVE-2020-5418
RESERVED
-CVE-2020-5417
- RESERVED
-CVE-2020-5416
- RESERVED
+CVE-2020-5417 (Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when ...)
+ TODO: check
+CVE-2020-5416 (Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used ...)
+ TODO: check
CVE-2020-5415 (Concourse, versions prior to 6.3.1 and 6.4.1, in installations which u ...)
TODO: check
CVE-2020-5414 (VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7. ...)
@@ -78465,7 +78470,7 @@ CVE-2019-13306 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at co
NOTE: later reverted by the CVE-2019-13305 fix which is the right one:
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
CVE-2019-13305 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/p ...)
- {DSA-4712-1 DLA-1888-1}
+ {DSA-4715-1 DSA-4712-1 DLA-1888-1}
- imagemagick 8:6.9.11.24+dfsg-1 (bug #931452)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1613
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2489633317815a688b4ee71e04f369273dcc768
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2489633317815a688b4ee71e04f369273dcc768
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200822/15cb962b/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list