[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Aug 22 09:10:48 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b2489633 by security tracker role at 2020-08-22T08:10:39+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2020-24596
+	RESERVED
+CVE-2020-24595
+	RESERVED
+CVE-2020-24594
+	RESERVED
+CVE-2020-24593
+	RESERVED
+CVE-2020-24592
+	RESERVED
 CVE-2020-24591 (The Management Console in certain WSO2 products allows XXE attacks dur ...)
 	NOT-FOR-US: WSO2
 CVE-2020-24590 (The Management Console in WSO2 API Manager through 3.1.0 and API Micro ...)
@@ -17722,8 +17732,8 @@ CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because
 	[buster] - qemu <postponed> (Minor issue, can be fixed along in next DSA)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1886362
-CVE-2020-15858
-	RESERVED
+CVE-2020-15858 (Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allo ...)
+	TODO: check
 CVE-2020-15857
 	RESERVED
 CVE-2020-15856
@@ -33883,14 +33893,14 @@ CVE-2020-10128
 	RESERVED
 CVE-2020-10127
 	RESERVED
-CVE-2020-10126
-	RESERVED
-CVE-2020-10125
-	RESERVED
-CVE-2020-10124
-	RESERVED
-CVE-2020-10123
-	RESERVED
+CVE-2020-10126 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate  ...)
+	TODO: check
+CVE-2020-10125 (NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 51 ...)
+	TODO: check
+CVE-2020-10124 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authentic ...)
+	TODO: check
+CVE-2020-10123 (The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00  ...)
+	TODO: check
 CVE-2019-20501 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...)
 	NOT-FOR-US: D-Link
 CVE-2019-20500 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...)
@@ -36396,10 +36406,10 @@ CVE-2020-9065 (Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0
 	NOT-FOR-US: Huawei
 CVE-2020-9064 (Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 1 ...)
 	NOT-FOR-US: Huawei
-CVE-2020-9063
-	RESERVED
-CVE-2020-9062
-	RESERVED
+CVE-2020-9063 (NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authent ...)
+	TODO: check
+CVE-2020-9062 (Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version ...)
+	TODO: check
 CVE-2020-9061
 	RESERVED
 CVE-2020-9060
@@ -37472,24 +37482,19 @@ CVE-2020-8626
 	RESERVED
 CVE-2020-8625
 	RESERVED
-CVE-2020-8624
-	RESERVED
+CVE-2020-8624 (In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21 ...)
 	- bind9 1:9.16.6-1 (bug #966497)
 	NOTE: https://kb.isc.org/docs/cve-2020-8624
-CVE-2020-8623
-	RESERVED
+CVE-2020-8623 (In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3 ...)
 	- bind9 1:9.16.6-1
 	NOTE: https://kb.isc.org/docs/cve-2020-8623
-CVE-2020-8622
-	RESERVED
+CVE-2020-8622 (In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, ...)
 	- bind9 1:9.16.6-1
 	NOTE: https://kb.isc.org/docs/cve-2020-8622
-CVE-2020-8621
-	RESERVED
+CVE-2020-8621 (In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is confi ...)
 	- bind9 1:9.16.6-1
 	NOTE: https://kb.isc.org/docs/cve-2020-8621
-CVE-2020-8620
-	RESERVED
+CVE-2020-8620 (In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can  ...)
 	- bind9 1:9.16.6-1
 	NOTE: https://kb.isc.org/docs/cve-2020-8620
 CVE-2020-8619 (In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9. ...)
@@ -38376,8 +38381,8 @@ CVE-2020-8236
 	RESERVED
 CVE-2020-8235
 	RESERVED
-CVE-2020-8234
-	RESERVED
+CVE-2020-8234 (A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 w ...)
+	TODO: check
 CVE-2020-8233 (A command injection vulnerability exists in EdgeSwitch firmware <v1 ...)
 	NOT-FOR-US: Edgeswitch
 CVE-2020-8232 (An information disclosure vulnerability exists in EdgeMax EdgeSwitch f ...)
@@ -38395,8 +38400,8 @@ CVE-2020-8229 (A memory leak in the OCUtil.dll library used by Nextcloud Desktop
 	NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-034
 CVE-2020-8228
 	RESERVED
-CVE-2020-8227
-	RESERVED
+CVE-2020-8227 (Missing sanitization of a server response in Nextcloud Desktop Client  ...)
+	TODO: check
 CVE-2020-8226 (A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allow ...)
 	NOT-FOR-US: phpBB
 CVE-2020-8225
@@ -38475,8 +38480,8 @@ CVE-2020-8191 (Improper input validation in Citrix ADC and Citrix Gateway versio
 	NOT-FOR-US: Citrix
 CVE-2020-8190 (Incorrect file permissions in Citrix ADC and Citrix Gateway before ver ...)
 	NOT-FOR-US: Citrix
-CVE-2020-8189
-	RESERVED
+CVE-2020-8189 (A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed ...)
+	TODO: check
 CVE-2020-8188 (We have recently released new version of UniFi Protect firmware v1.13. ...)
 	NOT-FOR-US: UniFi Protect
 CVE-2020-8187 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...)
@@ -45346,10 +45351,10 @@ CVE-2020-5419
 	RESERVED
 CVE-2020-5418
 	RESERVED
-CVE-2020-5417
-	RESERVED
-CVE-2020-5416
-	RESERVED
+CVE-2020-5417 (Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when  ...)
+	TODO: check
+CVE-2020-5416 (Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used ...)
+	TODO: check
 CVE-2020-5415 (Concourse, versions prior to 6.3.1 and 6.4.1, in installations which u ...)
 	TODO: check
 CVE-2020-5414 (VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7. ...)
@@ -78465,7 +78470,7 @@ CVE-2019-13306 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at co
 	NOTE: later reverted by the CVE-2019-13305 fix which is the right one:
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
 CVE-2019-13305 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/p ...)
-	{DSA-4712-1 DLA-1888-1}
+	{DSA-4715-1 DSA-4712-1 DLA-1888-1}
 	- imagemagick 8:6.9.11.24+dfsg-1 (bug #931452)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1613
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2489633317815a688b4ee71e04f369273dcc768

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2489633317815a688b4ee71e04f369273dcc768
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200822/15cb962b/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list