[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Aug 26 09:10:26 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab1d4576 by security tracker role at 2020-08-26T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2020-24656 (Maltego before 4.2.12 allows XXE attacks. ...)
+	TODO: check
+CVE-2020-24655
+	RESERVED
+CVE-2020-24654
+	RESERVED
+CVE-2020-24653 (secure-store in Expo through 2.16.1 on iOS provides the insecure kSecA ...)
+	TODO: check
+CVE-2020-24652
+	RESERVED
+CVE-2020-24651
+	RESERVED
+CVE-2020-24650
+	RESERVED
+CVE-2020-24649
+	RESERVED
+CVE-2020-24648
+	RESERVED
+CVE-2020-24647
+	RESERVED
+CVE-2020-24646
+	RESERVED
+CVE-2020-24645
+	RESERVED
+CVE-2020-24644
+	RESERVED
+CVE-2020-24643
+	RESERVED
+CVE-2020-24642
+	RESERVED
+CVE-2020-24641
+	RESERVED
+CVE-2020-24640
+	RESERVED
+CVE-2020-24639
+	RESERVED
+CVE-2020-24638
+	RESERVED
+CVE-2020-24637
+	RESERVED
+CVE-2020-24636
+	RESERVED
+CVE-2020-24635
+	RESERVED
+CVE-2020-24634
+	RESERVED
+CVE-2020-24633
+	RESERVED
+CVE-2020-24632
+	RESERVED
+CVE-2020-24631
+	RESERVED
+CVE-2020-24630
+	RESERVED
+CVE-2020-24629
+	RESERVED
+CVE-2020-24628
+	RESERVED
+CVE-2020-24627
+	RESERVED
+CVE-2020-24626
+	RESERVED
+CVE-2020-24625
+	RESERVED
+CVE-2020-24624
+	RESERVED
+CVE-2020-24623
+	RESERVED
 CVE-2020-24622 (In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed b ...)
 	NOT-FOR-US: Sonatype
 CVE-2020-24621
@@ -11284,8 +11352,8 @@ CVE-2020-19007
 	RESERVED
 CVE-2020-19006
 	RESERVED
-CVE-2020-19005
-	RESERVED
+CVE-2020-19005 (zrlog v2.1.0 has a vulnerability with the permission check. If admin a ...)
+	TODO: check
 CVE-2020-19004
 	RESERVED
 CVE-2020-19003
@@ -14512,42 +14580,42 @@ CVE-2020-17406
 	RESERVED
 CVE-2020-17405
 	RESERVED
-CVE-2020-17404
-	RESERVED
-CVE-2020-17403
-	RESERVED
-CVE-2020-17402
-	RESERVED
-CVE-2020-17401
-	RESERVED
-CVE-2020-17400
-	RESERVED
-CVE-2020-17399
-	RESERVED
-CVE-2020-17398
-	RESERVED
-CVE-2020-17397
-	RESERVED
-CVE-2020-17396
-	RESERVED
-CVE-2020-17395
-	RESERVED
-CVE-2020-17394
-	RESERVED
-CVE-2020-17393
-	RESERVED
-CVE-2020-17392
-	RESERVED
-CVE-2020-17391
-	RESERVED
-CVE-2020-17390
-	RESERVED
-CVE-2020-17389
-	RESERVED
-CVE-2020-17388
-	RESERVED
-CVE-2020-17387
-	RESERVED
+CVE-2020-17404 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-17403 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-17402 (This vulnerability allows local attackers to disclose sensitive inform ...)
+	TODO: check
+CVE-2020-17401 (This vulnerability allows local attackers to disclose sensitive inform ...)
+	TODO: check
+CVE-2020-17400 (This vulnerability allows local attackers to escalate privileges on af ...)
+	TODO: check
+CVE-2020-17399 (This vulnerability allows local attackers to escalate privileges on af ...)
+	TODO: check
+CVE-2020-17398 (This vulnerability allows local attackers to disclose information on a ...)
+	TODO: check
+CVE-2020-17397 (This vulnerability allows local attackers to escalate privileges on af ...)
+	TODO: check
+CVE-2020-17396 (This vulnerability allows local attackers to escalate privileges on af ...)
+	TODO: check
+CVE-2020-17395 (This vulnerability allows local attackers to escalate privileges on af ...)
+	TODO: check
+CVE-2020-17394 (This vulnerability allows local attackers to disclose sensitive inform ...)
+	TODO: check
+CVE-2020-17393 (This vulnerability allows local attackers to disclose information on a ...)
+	TODO: check
+CVE-2020-17392 (This vulnerability allows local attackers to escalate privileges on af ...)
+	TODO: check
+CVE-2020-17391 (This vulnerability allows local attackers to disclose information on a ...)
+	TODO: check
+CVE-2020-17390 (This vulnerability allows local attackers to escalate privileges on af ...)
+	TODO: check
+CVE-2020-17389 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-17388 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-17387 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2020-17386 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...)
 	NOT-FOR-US: Cellopoint Cellos
 CVE-2020-17385 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...)
@@ -18026,8 +18094,8 @@ CVE-2020-15778 (scp in OpenSSH through 8.3p1 allows command injection in scp.c r
 	NOTE: https://github.com/cpandya2909/CVE-2020-15778
 	NOTE: Negligible security impact, changing the scp protocol can have a good chance
 	NOTE: of breaking existing workflows.
-CVE-2020-15777
-	RESERVED
+CVE-2020-15777 (An issue was discovered in the Maven Extension plugin before 1.6 for G ...)
+	TODO: check
 CVE-2020-15776
 	RESERVED
 CVE-2020-15775
@@ -18422,20 +18490,20 @@ CVE-2020-15646
 	{DSA-4718-1}
 	- thunderbird 1:68.10.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-15646
-CVE-2020-15645
-	RESERVED
-CVE-2020-15644
-	RESERVED
-CVE-2020-15643
-	RESERVED
-CVE-2020-15642
-	RESERVED
-CVE-2020-15641
-	RESERVED
-CVE-2020-15640
-	RESERVED
-CVE-2020-15639
-	RESERVED
+CVE-2020-15645 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-15644 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-15643 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-15642 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-15641 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2020-15640 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2020-15639 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2020-15638 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit
 CVE-2020-15637 (This vulnerability allows remote attackers to disclose sensitive infor ...)
@@ -40811,8 +40879,8 @@ CVE-2020-7311
 	RESERVED
 CVE-2020-7310 (Privilege Escalation vulnerability in the installer in McAfee McAfee T ...)
 	NOT-FOR-US: McAfee
-CVE-2020-7309
-	RESERVED
+CVE-2020-7309 (Cross Site Scripting vulnerability in ePO extension in McAfee Applicat ...)
+	TODO: check
 CVE-2020-7308
 	RESERVED
 CVE-2020-7307 (Unprotected Storage of Credentials vulnerability in McAfee Data Loss P ...)
@@ -72481,8 +72549,7 @@ CVE-2019-14905 (A vulnerability was found in Ansible Engine versions 2.9.x befor
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776943
 	NOTE: https://github.com/ansible/ansible/pull/65423
 	NOTE: https://github.com/ansible/ansible/blob/stable-2.2/CHANGELOG.md
-CVE-2019-14904 [vulnerability in solaris_zone module via crafted solaris zone]
-	RESERVED
+CVE-2019-14904 (A flaw was found in the solaris_zone module from the Ansible Community ...)
 	- ansible 2.9.4+dfsg-1 (low)
 	[buster] - ansible <no-dsa> (Minor issue)
 	[stretch] - ansible <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab1d4576e5fd817edffb03cc4d9dd9c228f154fd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab1d4576e5fd817edffb03cc4d9dd9c228f154fd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200826/afa60372/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list