[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 25 21:10:29 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5949979a by security tracker role at 2020-08-25T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2020-24622 (In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed b ...)
+ TODO: check
+CVE-2020-24621
+ RESERVED
+CVE-2020-24620
+ RESERVED
+CVE-2020-24619
+ RESERVED
+CVE-2020-24618
+ RESERVED
+CVE-2020-24617
+ RESERVED
+CVE-2020-24616 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...)
+ TODO: check
+CVE-2020-24615
+ RESERVED
CVE-2020-24613 (wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_C ...)
- wolfssl <unfixed>
NOTE: https://research.nccgroup.com/2020/08/24/technical-advisory-wolfssl-tls-1-3-client-man-in-the-middle-attack/
@@ -7,8 +23,8 @@ CVE-2020-24611
RESERVED
CVE-2020-24610
RESERVED
-CVE-2020-24609
- RESERVED
+CVE-2020-24609 (TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5 has XSS which can r ...)
+ TODO: check
CVE-2020-24608
RESERVED
CVE-2020-24607
@@ -115,7 +131,7 @@ CVE-2020-24557
RESERVED
CVE-2020-24556
RESERVED
-CVE-2020-24614 [fossil RCE]
+CVE-2020-24614 (Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 a ...)
- fossil 1:2.12.1-1
NOTE: https://www.openwall.com/lists/oss-security/2020/08/20/1
NOTE: https://fossil-scm.org/forum/info/a05ae3ce7760daf6
@@ -520,7 +536,7 @@ CVE-2020-24366
RESERVED
CVE-2020-24365
RESERVED
-CVE-2020-24364 (MineTime through 1.8.5 allows XSS via the notes field in a meeting inv ...)
+CVE-2020-24364 (MineTime through 1.8.5 allows arbitrary command execution via the note ...)
NOT-FOR-US: MineTime
CVE-2020-24363
RESERVED
@@ -786,12 +802,12 @@ CVE-2020-24244
RESERVED
CVE-2020-24243
RESERVED
-CVE-2020-24242
- RESERVED
-CVE-2020-24241
- RESERVED
-CVE-2020-24240
- RESERVED
+CVE-2020-24242 (In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_tex ...)
+ TODO: check
+CVE-2020-24241 (In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in ...)
+ TODO: check
+CVE-2020-24240 (GNU Bison 3.7 has a use after free (UAF) vulnerability. A local attack ...)
+ TODO: check
CVE-2020-24239
RESERVED
CVE-2020-24238
@@ -14195,7 +14211,7 @@ CVE-2020-17540
CVE-2020-17539
RESERVED
CVE-2020-17538 (A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/g ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701792
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 (9.51)
@@ -14524,12 +14540,12 @@ CVE-2020-17388
RESERVED
CVE-2020-17387
RESERVED
-CVE-2020-17386
- RESERVED
-CVE-2020-17385
- RESERVED
-CVE-2020-17384
- RESERVED
+CVE-2020-17386 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...)
+ TODO: check
+CVE-2020-17385 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...)
+ TODO: check
+CVE-2020-17384 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...)
+ TODO: check
CVE-2020-17383
RESERVED
CVE-2020-17382
@@ -16697,126 +16713,126 @@ CVE-2020-16312
CVE-2020-16311
RESERVED
CVE-2020-16310 (A division by zero vulnerability in dot24_print_page() in devices/gdev ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701828
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=eaba1d97b62831b42c51840cc8ee2bc4576c942e (9.51)
CVE-2020-16309 (A buffer overflow vulnerability in lxm5700m_print_page() in devices/gd ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701827
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6f7464dddc689386668a38b92dfd03cc1b38a10 (9.51)
NOTE: PoC requires de8b6458abaeb9d0b14f02377f3e617f2854e647 (9.27) to trigger
CVE-2020-16308 (A buffer overflow vulnerability in p_print_image() in devices/gdevcdj. ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701829
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=af004276fd8f6c305727183c159b83021020f7d6 (9.51)
CVE-2020-16307 (A null pointer dereference vulnerability in devices/vector/gdevtxtw.c ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701822
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=407c98a38c3a6ac1681144ed45cc2f4fc374c91f (9.51)
CVE-2020-16306 (A null pointer dereference vulnerability in devices/gdevtsep.c of Arti ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=aadb53eb834b3def3ef68d78865ff87a68901804 (9.51)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701821
CVE-2020-16305 (A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701819
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2793769ff107d8d22dadd30c6e68cd781b569550 (9.51)
CVE-2020-16304 (A buffer overflow vulnerability in image_render_color_thresh() in base ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=027c546e0dd11e0526f1780a7f3c2c66acffe209 (9.51)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701816
NOTE: PoC requires de8b6458abaeb9d0b14f02377f3e617f2854e647 (9.27) to trigger
CVE-2020-16303 (A use-after-free vulnerability in xps_finish_image_path() in devices/v ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701818
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=94d8955cb7725eb5f3557ddc02310c76124fdd1a (9.51)
CVE-2020-16302 (A buffer overflow vulnerability in jetp3852_print_page() in devices/gd ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701815
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=366ad48d076c1aa4c8f83c65011258a04e348207 (9.51)
CVE-2020-16301 (A buffer overflow vulnerability in okiibm_print_page1() in devices/gde ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701808
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f54414c8b15b2c27d1dcadd92cfe84f6d15f18dc (9.51)
CVE-2020-16300 (A buffer overflow vulnerability in tiff12_print_page() in devices/gdev ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701807
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=714e8995cd582d418276915cbbec3c70711fb19e (9.51)
CVE-2020-16299 (A Division by Zero vulnerability in bj10v_print_page() in contrib/japa ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701801
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=19cebe708b9ee3d9e0f8bcdd79dbc6ef9ddc70d2 (9.51)
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4fcbece468706e0e89ed2856729b2ccacbc112be (9.51)
CVE-2020-16298 (A buffer overflow vulnerability in mj_color_correct() in contrib/japan ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701799
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=849e74e5ab450dd581942192da7101e0664fa5af (9.51)
CVE-2020-16297 (A buffer overflow vulnerability in FloydSteinbergDitheringC() in contr ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701800
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=bf72f1a3dd5392ee8291e3b1518a0c2c5dc6ba39 (9.51)
CVE-2020-16296 (A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/ ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701792
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 (9.51)
NOTE: chunk #2, see also CVE-2020-17538
CVE-2020-16295 (A null pointer dereference vulnerability in clj_media_size() in device ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=2c2dc335c212750e0fb8ae157063bc06cafa8d3e (9.51)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701796
CVE-2020-16294 (A buffer overflow vulnerability in epsc_print_page() in devices/gdevep ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701794
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=89f58f1aa95b3482cadf6977da49457194ee5358 (9.51)
CVE-2020-16293 (A null pointer dereference vulnerability in compose_group_nonknockout_ ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701795
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7870f4951bcc6a153f317e3439e14d0e929fd231 (9.51)
CVE-2020-16292 (A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701793
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=863ada11f9a942a622a581312e2be022d9e2a6f7 (9.51)
CVE-2020-16291 (A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Softwa ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=4f73e8b4d578e69a17f452fa60d2130c5faaefd6 (9.51)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701787
CVE-2020-16290 (A buffer overflow vulnerability in jetp3852_print_page() in devices/gd ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=93cb0c0adbd9bcfefd021d59c472388f67d3300d (9.51)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701786
CVE-2020-16289 (A buffer overflow vulnerability in cif_print_page() in devices/gdevcif ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701788
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d31e25ed5b130499e0d880e4609b1b4824699768 (9.51)
CVE-2020-16288 (A buffer overflow vulnerability in pj_common_print_page() in devices/g ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=aba3375ac24f8e02659d9b1eb9093909618cdb9f (9.51)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701791
CVE-2020-16287 (A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gd ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701785
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=450da26a76286a8342ec0864b3d113856709f8f6 (9.51)
@@ -16910,8 +16926,8 @@ CVE-2020-16247
RESERVED
CVE-2020-16246
RESERVED
-CVE-2020-16245
- RESERVED
+CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product is vulne ...)
+ TODO: check
CVE-2020-16244
RESERVED
CVE-2020-16243
@@ -17006,8 +17022,8 @@ CVE-2020-16199 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.
NOT-FOR-US: Delta Industrial Automation
CVE-2020-16198
RESERVED
-CVE-2020-16197
- RESERVED
+CVE-2020-16197 (An issue was discovered in Octopus Deploy 3.4. A deployment target can ...)
+ TODO: check
CVE-2020-16196
RESERVED
CVE-2020-16195
@@ -20909,12 +20925,12 @@ CVE-2020-14526
RESERVED
CVE-2020-14525
RESERVED
-CVE-2020-14524
- RESERVED
+CVE-2020-14524 (Softing Industrial Automation all versions prior to the latest build o ...)
+ TODO: check
CVE-2020-14523
RESERVED
-CVE-2020-14522
- RESERVED
+CVE-2020-14522 (Softing Industrial Automation all versions prior to the latest build o ...)
+ TODO: check
CVE-2020-14521
RESERVED
CVE-2020-14520 (The affected product is vulnerable to an information leak, which may a ...)
@@ -20933,16 +20949,16 @@ CVE-2020-14514
RESERVED
CVE-2020-14513
RESERVED
-CVE-2020-14512
- RESERVED
+CVE-2020-14512 (GateManager versions prior to 9.2c, The affected product uses a weak h ...)
+ TODO: check
CVE-2020-14511 (Malicious operation of the crafted web browser cookie may cause a stac ...)
NOT-FOR-US: EDR routers
-CVE-2020-14510
- RESERVED
+CVE-2020-14510 (GateManager versions prior to 9.2c, The affected product contains a ha ...)
+ TODO: check
CVE-2020-14509
RESERVED
-CVE-2020-14508
- RESERVED
+CVE-2020-14508 (GateManager versions prior to 9.2c, The affected product is vulnerable ...)
+ TODO: check
CVE-2020-14507 (Advantech iView, versions 5.6 and prior, is vulnerable to multiple pat ...)
NOT-FOR-US: Advantech
CVE-2020-14506
@@ -20957,8 +20973,8 @@ CVE-2020-14502
RESERVED
CVE-2020-14501 (Advantech iView, versions 5.6 and prior, has an improper authenticatio ...)
NOT-FOR-US: Advantech
-CVE-2020-14500
- RESERVED
+CVE-2020-14500 (Secomea GateManager all versions prior to 9.2c, An attacker can send a ...)
+ TODO: check
CVE-2020-14499 (Advantech iView, versions 5.6 and prior, has an improper access contro ...)
NOT-FOR-US: Advantech
CVE-2020-14498
@@ -22448,8 +22464,8 @@ CVE-2020-14044 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request
NOT-FOR-US: Codiad
CVE-2020-14043 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery ...)
NOT-FOR-US: Codiad
-CVE-2020-14042
- RESERVED
+CVE-2020-14042 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) ...)
+ TODO: check
CVE-2020-14041
RESERVED
CVE-2020-14040 (The x/text package before 0.3.3 for Go has a vulnerability in encoding ...)
@@ -39651,8 +39667,8 @@ CVE-2020-7826 (EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions conta
NOT-FOR-US: EyeSurfer BflyInstallerX.ocx
CVE-2020-7825 (A vulnerability exists that could allow the execution of operating sys ...)
NOT-FOR-US: MiPlatform
-CVE-2020-7824
- RESERVED
+CVE-2020-7824 (A vulnerability in the web-based management interface of iPECS could a ...)
+ TODO: check
CVE-2020-7823 (DaviewIndy has a Memory corruption vulnerability, triggered when the u ...)
NOT-FOR-US: DaviewIndy
CVE-2020-7822 (DaviewIndy has a Heap-based overflow vulnerability, triggered when the ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5949979ab5f737cb9f11986c8ac3c6ae4d29c533
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5949979ab5f737cb9f11986c8ac3c6ae4d29c533
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200825/12900e62/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list