[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Jul 16 09:10:25 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
465f6978 by security tracker role at 2020-07-16T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,46 @@
-CVE-2020-15780 [ACPI: configfs: Disallow loading ACPI tables when locked down]
+CVE-2020-15800
+	RESERVED
+CVE-2020-15799
+	RESERVED
+CVE-2020-15798
+	RESERVED
+CVE-2020-15797
+	RESERVED
+CVE-2020-15796
+	RESERVED
+CVE-2020-15795
+	RESERVED
+CVE-2020-15794
+	RESERVED
+CVE-2020-15793
+	RESERVED
+CVE-2020-15792
+	RESERVED
+CVE-2020-15791
+	RESERVED
+CVE-2020-15790
+	RESERVED
+CVE-2020-15789
+	RESERVED
+CVE-2020-15788
+	RESERVED
+CVE-2020-15787
+	RESERVED
+CVE-2020-15786
+	RESERVED
+CVE-2020-15785
+	RESERVED
+CVE-2020-15784
+	RESERVED
+CVE-2020-15783
+	RESERVED
+CVE-2020-15782
+	RESERVED
+CVE-2020-15781
+	RESERVED
+CVE-2020-15779 (A Path Traversal issue was discovered in the socket.io-file package th ...)
+	TODO: check
+CVE-2020-15780 (An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux k ...)
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/15/3
 	NOTE: Fixed by: https://git.kernel.org/linus/75b0cea7bf307f362057cc778efe89af4c615354
@@ -189,7 +231,7 @@ CVE-2020-15688
 	RESERVED
 CVE-2020-15687
 	RESERVED
-CVE-2019-20908 [efi: Restrict efivar_ssdt_load when the kernel is locked down]
+CVE-2019-20908 (An issue was discovered in drivers/firmware/efi/efi.c in the Linux ker ...)
 	- linux 5.2.6-1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/14/1
 	NOTE: Fixed by: https://git.kernel.org/linus/1957a85b0032a81e6482ca4aab883643b8dae06e
@@ -373,10 +415,10 @@ CVE-2020-15605
 	RESERVED
 CVE-2020-15604
 	RESERVED
-CVE-2020-15603
-	RESERVED
-CVE-2020-15602
-	RESERVED
+CVE-2020-15603 (An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v1 ...)
+	TODO: check
+CVE-2020-15602 (An untrusted search path remote code execution (RCE) vulnerability in  ...)
+	TODO: check
 CVE-2020-15601
 	RESERVED
 CVE-2020-15600 (An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to ...)
@@ -956,8 +998,8 @@ CVE-2020-15368 (AsrDrv103.sys in the ASRock RGB Driver does not properly restric
 	NOT-FOR-US: ASRock RGB Driver
 CVE-2020-15367 (Venki Supravizio BPM 10.1.2 does not limit the number of authenticatio ...)
 	NOT-FOR-US: Venki
-CVE-2020-15366
-	RESERVED
+CVE-2020-15366 (An issue was discovered in ajv.validate() in Ajv (aka Another JSON Sch ...)
+	TODO: check
 CVE-2020-15365 (LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in ...)
 	- libraw <not-affected> (Vulnerable code introduced in 0.20-Beta1)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/301
@@ -1490,8 +1532,8 @@ CVE-2020-15109
 	RESERVED
 CVE-2020-15108
 	RESERVED
-CVE-2020-15107
-	RESERVED
+CVE-2020-15107 (In openenclave before 0.10.0, enclaves that use x87 FPU operations are ...)
+	TODO: check
 CVE-2020-15106
 	RESERVED
 CVE-2020-15105 (Django Two-Factor Authentication before 1.12, stores the user's passwo ...)
@@ -1605,8 +1647,8 @@ CVE-2020-15053
 	RESERVED
 CVE-2020-15052
 	RESERVED
-CVE-2020-15051
-	RESERVED
+CVE-2020-15051 (An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS ...)
+	TODO: check
 CVE-2020-15050 (An issue was discovered in the Video Extension in Suprema BioStar 2 be ...)
 	NOT-FOR-US: Suprema BioStar
 CVE-2020-15049 (An issue was discovered in http/ContentLengthInterpreter.cc in Squid b ...)
@@ -1774,8 +1816,8 @@ CVE-2020-14983 (The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't
 	NOTE: https://github.com/chocolate-doom/chocolate-doom/issues/1293
 	NOTE: https://github.com/chocolate-doom/chocolate-doom/commit/8b6cfbfc6c934923b3c2c16e5e7e5a74d5d238e1
 	NOTE: https://github.com/fabiangreffrath/crispy-doom/commit/8b6cfbfc6c934923b3c2c16e5e7e5a74d5d238e1
-CVE-2020-14982
-	RESERVED
+CVE-2020-14982 (A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later be ...)
+	TODO: check
 CVE-2020-14981 (The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS ha ...)
 	NOT-FOR-US: ThreatTrack VIPRE Password Vault app for IOS
 CVE-2020-14980 (The Sophos Secure Email application through 3.9.4 for Android has Miss ...)
@@ -1922,6 +1964,7 @@ CVE-2020-14929 (Alpine before 2.23 silently proceeds to use an insecure connecti
 	NOTE: https://repo.or.cz/alpine.git/commitdiff/000edd9036b6aea5e6a06900ecd6c58faec665ab
 CVE-2020-14928
 	RESERVED
+	{DSA-4725-1}
 	- evolution-data-server 3.36.4-1
 	NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226
 	NOTE: https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df
@@ -4130,12 +4173,12 @@ CVE-2020-14068 (An issue was discovered in MK-AUTH 19.01. The web login function
 	NOT-FOR-US: MK-AUTH
 CVE-2020-14067 (The install_from_hash functionality in Navigate CMS 2.9 does not consi ...)
 	NOT-FOR-US: Navigate CMS
-CVE-2020-14066
-	RESERVED
-CVE-2020-14065
-	RESERVED
-CVE-2020-14064
-	RESERVED
+CVE-2020-14066 (IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaSc ...)
+	TODO: check
+CVE-2020-14065 (IceWarp Email Server 12.3.0.1 allows remote attackers to upload files  ...)
+	TODO: check
+CVE-2020-14064 (IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user ac ...)
+	TODO: check
 CVE-2020-14063
 	RESERVED
 CVE-2020-14062 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...)
@@ -4946,8 +4989,8 @@ CVE-2020-13790 (libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer
 	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a (2.0.x)
 CVE-2020-13789
 	RESERVED
-CVE-2020-13788
-	RESERVED
+CVE-2020-13788 (Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker wi ...)
+	TODO: check
 CVE-2020-13787 (D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of ...)
 	NOT-FOR-US: D-Link
 CVE-2020-13786 (D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. ...)
@@ -7542,8 +7585,8 @@ CVE-2020-12686
 	RESERVED
 CVE-2020-12685 (XSS in the admin help system admin/help.html and admin/quicklinks.html ...)
 	NOT-FOR-US: Interchange
-CVE-2020-12684
-	RESERVED
+CVE-2020-12684 (XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer ...)
+	TODO: check
 CVE-2020-12683 (Katyshop2 before 2.12 has multiple stored XSS issues. ...)
 	NOT-FOR-US: Katyshop2
 CVE-2020-12682
@@ -11893,14 +11936,14 @@ CVE-2020-11441 (** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demons
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/16056
 CVE-2020-11440
 	RESERVED
-CVE-2020-11439
-	RESERVED
-CVE-2020-11438
-	RESERVED
-CVE-2020-11437
-	RESERVED
-CVE-2020-11436
-	RESERVED
+CVE-2020-11439 (LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue all ...)
+	TODO: check
+CVE-2020-11438 (LibreHealth EMR v2.0.0 is affected by systemic CSRF. ...)
+	TODO: check
+CVE-2020-11437 (LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privi ...)
+	TODO: check
+CVE-2020-11436 (LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the abilit ...)
+	TODO: check
 CVE-2020-11435
 	RESERVED
 CVE-2020-11434
@@ -15161,16 +15204,16 @@ CVE-2020-10290
 	RESERVED
 CVE-2020-10289
 	RESERVED
-CVE-2020-10288
-	RESERVED
-CVE-2020-10287
-	RESERVED
-CVE-2020-10286
-	RESERVED
-CVE-2020-10285
-	RESERVED
-CVE-2020-10284
-	RESERVED
+CVE-2020-10288 (IRC5 exposes an ftp server (port 21). Upon attempting to gain access y ...)
+	TODO: check
+CVE-2020-10287 (The IRC5 family with UAS service enabled comes by default with credent ...)
+	TODO: check
+CVE-2020-10286 (the main user account has restricted privileges but is in the sudoers  ...)
+	TODO: check
+CVE-2020-10285 (The authentication implementation on the xArm controller has very low  ...)
+	TODO: check
+CVE-2020-10284 (No authentication is required to control the robot inside the network, ...)
+	TODO: check
 CVE-2020-10283
 	RESERVED
 CVE-2020-10282 (The Micro Air Vehicle Link (MAVLink) protocol presents no authenticati ...)
@@ -17475,12 +17518,12 @@ CVE-2020-9313
 	RESERVED
 CVE-2020-9312
 	RESERVED
-CVE-2020-9311
-	RESERVED
+CVE-2020-9311 (In SilverStripe through 4.5, malicious users with a valid Silverstripe ...)
+	TODO: check
 CVE-2020-9310
 	REJECTED
-CVE-2020-9309
-	RESERVED
+CVE-2020-9309 (Silverstripe CMS through 4.5 can be susceptible to script execution fr ...)
+	TODO: check
 CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts ...)
 	- libarchive 3.4.0-2 (bug #951759)
 	[buster] - libarchive <not-affected> (rar5 support added in 3.4.0)
@@ -18299,8 +18342,8 @@ CVE-2020-8960 (Western Digital mycloud.com before Web Version 2.2.0-134 allows X
 	NOT-FOR-US: Western Digital mycloud.com
 CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 all ...)
 	NOT-FOR-US: Western Digital
-CVE-2020-8958
-	RESERVED
+CVE-2020-8958 (Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804R ...)
+	TODO: check
 CVE-2020-8957
 	RESERVED
 CVE-2020-8956
@@ -25236,10 +25279,10 @@ CVE-2020-6167 (A flaw in the WordPress plugin, Minimal Coming Soon & Mainten
 	NOT-FOR-US: WordPress plugin
 CVE-2020-6166 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2020-6165
-	RESERVED
-CVE-2020-6164
-	RESERVED
+CVE-2020-6165 (SilverStripe 4.5.0 allows attackers to read certain records that shoul ...)
+	TODO: check
+CVE-2020-6164 (In SilverStripe through 4.5.0, a specific URL path configured by defau ...)
+	TODO: check
 CVE-2020-6163 (The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because  ...)
 	NOT-FOR-US: WikibaseMediaInfo MediaWiki extension
 CVE-2020-6162 (An issue was discovered in Bftpd 5.3. Under certain circumstances, an  ...)
@@ -37844,7 +37887,7 @@ CVE-2019-19328 (ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI
 	NOT-FOR-US: Wikibase Wikidata Query Service GUI
 CVE-2019-19327 (ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-S ...)
 	NOT-FOR-US: Wikibase Wikidata Query Service GUI
-CVE-2019-19326 (SilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequ ...)
+CVE-2019-19326 (Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache  ...)
 	TODO: check
 CVE-2019-19325 (SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows  ...)
 	NOT-FOR-US: SilverStripe
@@ -45396,8 +45439,8 @@ CVE-2019-17641
 	RESERVED
 CVE-2019-17640
 	RESERVED
-CVE-2019-17639
-	RESERVED
+CVE-2019-17639 (In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling th ...)
+	TODO: check
 CVE-2019-17638 (In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in ca ...)
 	TODO: check
 CVE-2019-17637 (In all versions of Eclipse Web Tools Platform through release 3.18 (20 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/465f6978d33152db0484313c090866faeaf68502

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/465f6978d33152db0484313c090866faeaf68502
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200716/e610202c/attachment.html>

More information about the debian-security-tracker-commits mailing list