[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Aug 27 21:10:30 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5125bd71 by security tracker role at 2020-08-27T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2020-24718
+ RESERVED
+CVE-2020-24717 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group pe ...)
+ TODO: check
+CVE-2020-24716 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permiss ...)
+ TODO: check
+CVE-2020-24715
+ RESERVED
+CVE-2020-24714
+ RESERVED
+CVE-2020-24713
+ RESERVED
+CVE-2020-24712
+ RESERVED
+CVE-2020-24711
+ RESERVED
+CVE-2020-24710
+ RESERVED
+CVE-2020-24709
+ RESERVED
+CVE-2020-24708
+ RESERVED
+CVE-2020-24707
+ RESERVED
+CVE-2020-24706 (An issue was discovered in certain WSO2 products. The Try It tool allo ...)
+ TODO: check
+CVE-2020-24705 (An issue was discovered in certain WSO2 products. A valid Carbon Manag ...)
+ TODO: check
+CVE-2020-24704 (An issue was discovered in certain WSO2 products. The Try It tool allo ...)
+ TODO: check
+CVE-2020-24703 (An issue was discovered in certain WSO2 products. A valid Carbon Manag ...)
+ TODO: check
+CVE-2020-24702
+ RESERVED
+CVE-2020-24701
+ RESERVED
+CVE-2020-24700
+ RESERVED
CVE-2020-24699
RESERVED
CVE-2020-24698
@@ -628,8 +666,8 @@ CVE-2020-24392
RESERVED
CVE-2020-24391
RESERVED
-CVE-2020-24390
- RESERVED
+CVE-2020-24390 (eonweb in EyesOfNetwork before 5.3-7 does not properly escape the user ...)
+ TODO: check
CVE-2020-24389
RESERVED
CVE-2020-24388
@@ -1049,10 +1087,10 @@ CVE-2020-24205
RESERVED
CVE-2020-24204
RESERVED
-CVE-2020-24203
- RESERVED
-CVE-2020-24202
- RESERVED
+CVE-2020-24203 (Insecure File Permissions and Arbitrary File Upload in the upload pic ...)
+ TODO: check
+CVE-2020-24202 (File Upload component in Projects World House Rental v1.0 suffers from ...)
+ TODO: check
CVE-2020-24201
RESERVED
CVE-2020-24200
@@ -1063,8 +1101,8 @@ CVE-2020-24198
RESERVED
CVE-2020-24197
RESERVED
-CVE-2020-24196
- RESERVED
+CVE-2020-24196 (An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental ...)
+ TODO: check
CVE-2020-24195
RESERVED
CVE-2020-24194
@@ -1487,32 +1525,32 @@ CVE-2020-23986
RESERVED
CVE-2020-23985
RESERVED
-CVE-2020-23984
- RESERVED
-CVE-2020-23983
- RESERVED
-CVE-2020-23982
- RESERVED
-CVE-2020-23981
- RESERVED
-CVE-2020-23980
- RESERVED
-CVE-2020-23979
- RESERVED
-CVE-2020-23978
- RESERVED
-CVE-2020-23977
- RESERVED
-CVE-2020-23976
- RESERVED
-CVE-2020-23975
- RESERVED
-CVE-2020-23974
- RESERVED
-CVE-2020-23973
- RESERVED
-CVE-2020-23972
- RESERVED
+CVE-2020-23984 (Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-s ...)
+ TODO: check
+CVE-2020-23983 (Michael-design iChat Realtime PHP Live Support System 1.6 has persiste ...)
+ TODO: check
+CVE-2020-23982 (DesignMasterEvents Conference management 1.0.0 has cross site scriptin ...)
+ TODO: check
+CVE-2020-23981 (13enforme CMS 1.0 has Cross Site Scripting via the "content.php" id pa ...)
+ TODO: check
+CVE-2020-23980 (DesignMasterEvents Conference management 1.0.0 allows SQL Injection vi ...)
+ TODO: check
+CVE-2020-23979 (13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter ...)
+ TODO: check
+CVE-2020-23978 (SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the ...)
+ TODO: check
+CVE-2020-23977 (KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the 't ...)
+ TODO: check
+CVE-2020-23976 (Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection ...)
+ TODO: check
+CVE-2020-23975 (Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scr ...)
+ TODO: check
+CVE-2020-23974 (Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting ...)
+ TODO: check
+CVE-2020-23973 (KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php ...)
+ TODO: check
+CVE-2020-23972 (In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can ...)
+ TODO: check
CVE-2020-23971
RESERVED
CVE-2020-23970
@@ -2303,8 +2341,8 @@ CVE-2020-23578
RESERVED
CVE-2020-23577
RESERVED
-CVE-2020-23576
- RESERVED
+CVE-2020-23576 (Laborator Neon dashboard v3 is affected by stored Cross Site Scripting ...)
+ TODO: check
CVE-2020-23575
RESERVED
CVE-2020-23574 (When uploading a file in Sysax Multi Server 6.90, an authenticated use ...)
@@ -17309,8 +17347,8 @@ CVE-2020-16144
RESERVED
CVE-2020-16143 (The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijac ...)
- seafile-client <not-affected> (Windows-specific)
-CVE-2020-16142
- RESERVED
+CVE-2020-16142 (On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the B ...)
+ TODO: check
CVE-2020-16141
RESERVED
CVE-2020-16140
@@ -18076,17 +18114,20 @@ CVE-2020-15812
RESERVED
CVE-2020-15811
RESERVED
+ {DSA-4751-1}
- squid 4.13-1 (bug #968932)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_8.patch
CVE-2020-24606 (Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perfor ...)
+ {DSA-4751-1}
- squid 4.13-1 (bug #968933)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch
CVE-2020-15810
RESERVED
+ {DSA-4751-1}
- squid 4.13-1 (bug #968934)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m
@@ -18473,7 +18514,7 @@ CVE-2020-15670
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15670
CVE-2020-15669
RESERVED
- {DSA-4749-1}
+ {DSA-4749-1 DLA-2346-1}
- firefox-esr 68.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15669
CVE-2020-15668
@@ -18494,7 +18535,7 @@ CVE-2020-15665
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15665
CVE-2020-15664
RESERVED
- {DSA-4749-1}
+ {DSA-4749-1 DLA-2346-1}
- firefox 80.0-1
- firefox-esr 68.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15664
@@ -21647,8 +21688,7 @@ CVE-2020-14418
RESERVED
CVE-2020-14417
RESERVED
-CVE-2020-14415 [division by zero in oss_write() in audio/ossaudio.c]
- RESERVED
+CVE-2020-14415 (oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer ...)
- qemu 1:5.0-1
[buster] - qemu <not-affected> (Vulnerable code introduced later)
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
@@ -37821,6 +37861,7 @@ CVE-2020-8626
CVE-2020-8625
RESERVED
CVE-2020-8624 (In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21 ...)
+ {DSA-4752-1}
- bind9 1:9.16.6-1 (bug #966497)
[stretch] - bind9 <not-affected> (Vulnerable code (dns_ssu_mtypefromstring()) introduced later)
NOTE: https://kb.isc.org/docs/cve-2020-8624
@@ -37831,11 +37872,13 @@ CVE-2020-8624 (In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.
NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/393e8f643c02215fa4e6d4edf67be7d77085da0e (v9_11_22)
NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/58e560beb50873c699f3431cf57e215dc645d7aa (v9_11_22)
CVE-2020-8623 (In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3 ...)
+ {DSA-4752-1}
- bind9 1:9.16.6-1
NOTE: https://kb.isc.org/docs/cve-2020-8623
NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/ac3862a5da95bb07b6cf748b0958175687a9de1d (v9_16_6)
NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/8d807cc21655eaa6e6a08afafeec3682c0f3f2ab (v9_11_22)
CVE-2020-8622 (In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, ...)
+ {DSA-4752-1}
- bind9 1:9.16.6-1
NOTE: https://kb.isc.org/docs/cve-2020-8622
NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/0eec632d6a5a474280017ec949d8a8014612f3b3 (v9_16_6)
@@ -37853,6 +37896,7 @@ CVE-2020-8620 (In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who
NOTE: https://kb.isc.org/docs/cve-2020-8620
NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/9a372f2bce642545164d2b4408eb6c4e301acc5e (v9_16_6)
CVE-2020-8619 (In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9. ...)
+ {DSA-4752-1}
- bind9 1:9.16.4-1
[stretch] - bind9 <not-affected> (Vulnerable code introduced later)
[jessie] - bind9 <not-affected> (Vulnerable code introduced later)
@@ -45844,8 +45888,8 @@ CVE-2020-5385 (Dell Encryption versions prior to 10.8 and Dell Endpoint Security
NOT-FOR-US: Dell
CVE-2020-5384 (Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Wi ...)
NOT-FOR-US: RSA MFA Agent
-CVE-2020-5383
- RESERVED
+CVE-2020-5383 (Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS vers ...)
+ TODO: check
CVE-2020-5382
RESERVED
CVE-2020-5381
@@ -48009,8 +48053,8 @@ CVE-2020-4605
RESERVED
CVE-2020-4604
RESERVED
-CVE-2020-4603
- RESERVED
+CVE-2020-4603 (IBM Security Guardium Insights 2.0.1 performs an operation at a privil ...)
+ TODO: check
CVE-2020-4602
RESERVED
CVE-2020-4601
@@ -48065,8 +48109,8 @@ CVE-2020-4577
RESERVED
CVE-2020-4576
RESERVED
-CVE-2020-4575
- RESERVED
+CVE-2020-4575 (IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Vir ...)
+ TODO: check
CVE-2020-4574 (IBM Tivoli Key Lifecycle Manager does not require that users should ha ...)
NOT-FOR-US: IBM
CVE-2020-4573 (IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitiv ...)
@@ -48865,26 +48909,26 @@ CVE-2020-4177 (IBM Security Guardium 11.1 contains hard-coded credentials, such
NOT-FOR-US: IBM
CVE-2020-4176
RESERVED
-CVE-2020-4175
- RESERVED
-CVE-2020-4174
- RESERVED
+CVE-2020-4175 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to ...)
+ TODO: check
+CVE-2020-4174 (IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptog ...)
+ TODO: check
CVE-2020-4173 (IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure a ...)
NOT-FOR-US: IBM
-CVE-2020-4172
- RESERVED
-CVE-2020-4171
- RESERVED
+CVE-2020-4172 (IBM Security Guardium Insights 2.0.1 stores sensitive information in U ...)
+ TODO: check
+CVE-2020-4171 (IBM Security Guardium Insights 2.0.1 allows web pages to be stored loc ...)
+ TODO: check
CVE-2020-4170 (IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site reque ...)
NOT-FOR-US: IBM
-CVE-2020-4169
- RESERVED
+CVE-2020-4169 (IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptog ...)
+ TODO: check
CVE-2020-4168
RESERVED
-CVE-2020-4167
- RESERVED
-CVE-2020-4166
- RESERVED
+CVE-2020-4167 (IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain ...)
+ TODO: check
+CVE-2020-4166 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to ...)
+ TODO: check
CVE-2020-4165 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to ...)
NOT-FOR-US: IBM
CVE-2020-4164 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...)
@@ -51381,8 +51425,8 @@ CVE-2020-3519 (A vulnerability in a specific REST API method of Cisco Data Cente
TODO: check
CVE-2020-3518 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
TODO: check
-CVE-2020-3517
- RESERVED
+CVE-2020-3517 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...)
+ TODO: check
CVE-2020-3516
RESERVED
CVE-2020-3515
@@ -51407,8 +51451,8 @@ CVE-2020-3506 (Multiple vulnerabilities in the Cisco Discovery Protocol implemen
TODO: check
CVE-2020-3505 (A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveil ...)
TODO: check
-CVE-2020-3504
- RESERVED
+CVE-2020-3504 (A vulnerability in the local management (local-mgmt) CLI of Cisco UCS ...)
+ TODO: check
CVE-2020-3503
RESERVED
CVE-2020-3502 (Multiple vulnerabilities in the user interface of Cisco Webex Meetings ...)
@@ -51510,8 +51554,8 @@ CVE-2020-3456
RESERVED
CVE-2020-3455
RESERVED
-CVE-2020-3454
- RESERVED
+CVE-2020-3454 (A vulnerability in the Call Home feature of Cisco NX-OS Software could ...)
+ TODO: check
CVE-2020-3453
RESERVED
CVE-2020-3452 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
@@ -51588,8 +51632,8 @@ CVE-2020-3417
RESERVED
CVE-2020-3416
RESERVED
-CVE-2020-3415
- RESERVED
+CVE-2020-3415 (A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Sof ...)
+ TODO: check
CVE-2020-3414
RESERVED
CVE-2020-3413 (A vulnerability in the scheduled meeting template feature of Cisco Web ...)
@@ -51622,16 +51666,16 @@ CVE-2020-3400
RESERVED
CVE-2020-3399
RESERVED
-CVE-2020-3398
- RESERVED
-CVE-2020-3397
- RESERVED
+CVE-2020-3398 (A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MV ...)
+ TODO: check
+CVE-2020-3397 (A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MV ...)
+ TODO: check
CVE-2020-3396
RESERVED
CVE-2020-3395
RESERVED
-CVE-2020-3394
- RESERVED
+CVE-2020-3394 (A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Serie ...)
+ TODO: check
CVE-2020-3393
RESERVED
CVE-2020-3392
@@ -51749,8 +51793,8 @@ CVE-2020-3340 (Multiple vulnerabilities in the web-based management interface of
NOT-FOR-US: Cisco
CVE-2020-3339 (A vulnerability in the web-based management interface of Cisco Prime I ...)
NOT-FOR-US: Cisco
-CVE-2020-3338
- RESERVED
+CVE-2020-3338 (A vulnerability in the Protocol Independent Multicast (PIM) feature fo ...)
+ TODO: check
CVE-2020-3337 (A vulnerability in the web server of Cisco Umbrella could allow an una ...)
NOT-FOR-US: Cisco
CVE-2020-3336 (A vulnerability in the software upgrade process of Cisco TelePresence ...)
@@ -73060,7 +73104,7 @@ CVE-2019-14823 (A flaw was found in the "Leaf and Chain" OCSP policy implementat
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1747435
NOTE: https://github.com/dogtagpki/jss/pull/284
NOTE: https://github.com/dogtagpki/jss/commit/be37ff4738b4696d529a13b6ed33c7ac56d97ba4
-CVE-2019-14822 (A flaw was discovered in ibus that allows any unprivileged user to mon ...)
+CVE-2019-14822 (A flaw was discovered in ibus in versions before 1.5.22 that allows an ...)
{DSA-4525-1}
- ibus 1.5.21-1 (bug #940267)
[jessie] - ibus <ignored> (Hard to exploit, regression risk)
@@ -334554,8 +334598,8 @@ CVE-2012-2203 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in
NOT-FOR-US: IBM Global Security Kit
CVE-2012-2202 (Directory traversal vulnerability in javatester_init.php in IBM Lotus ...)
NOT-FOR-US: IBM Lotus Protector, IBM ISS Proventia Network Mail Security System
-CVE-2012-2201
- RESERVED
+CVE-2012-2201 (IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by a ...)
+ TODO: check
CVE-2012-2200 (The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS ...)
NOT-FOR-US: sendmail configuration in AIX
CVE-2012-2199 (The server message channel agent in the queue manager in the server in ...)
@@ -334637,8 +334681,8 @@ CVE-2012-2162 (The Web Server Plug-in in IBM WebSphere Application Server (WAS)
NOT-FOR-US: WebSphere
CVE-2012-2161 (Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Ec ...)
NOT-FOR-US: IBM Security AppScan Source
-CVE-2012-2160
- RESERVED
+CVE-2012-2160 (IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused ...)
+ TODO: check
CVE-2012-2159 (Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used ...)
NOT-FOR-US: IBM Eclipse Help System
CVE-2012-2158
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5125bd717d1103a3bde1186a6174c4fe51104cc9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5125bd717d1103a3bde1186a6174c4fe51104cc9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200827/e1c31fb8/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list