[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 16 21:10:36 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0c40d36f by security tracker role at 2020-07-16T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2019-20915 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...)
+ TODO: check
+CVE-2019-20914 (An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL ...)
+ TODO: check
+CVE-2019-20913 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...)
+ TODO: check
+CVE-2019-20912 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...)
+ TODO: check
+CVE-2019-20911 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...)
+ TODO: check
+CVE-2019-20910 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...)
+ TODO: check
+CVE-2019-20909 (An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL ...)
+ TODO: check
CVE-2020-XXXX [XSA 329]
- linux <unfixed>
[buster] - linux <not-affected> (Only affects 5.5 and later)
@@ -1713,8 +1727,8 @@ CVE-2020-15029 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Th
NOT-FOR-US: NeDi
CVE-2020-15028 (NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The ap ...)
NOT-FOR-US: NeDi
-CVE-2020-15027
- RESERVED
+CVE-2020-15027 (ConnectWise Automate through 2020.x has insufficient validation on cer ...)
+ TODO: check
CVE-2020-15026 (Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ ...)
NOT-FOR-US: Bludit
CVE-2020-15025 (ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remo ...)
@@ -1973,7 +1987,7 @@ CVE-2020-14929 (Alpine before 2.23 silently proceeds to use an insecure connecti
NOTE: https://repo.or.cz/alpine.git/commitdiff/000edd9036b6aea5e6a06900ecd6c58faec665ab
CVE-2020-14928
RESERVED
- {DSA-4725-1}
+ {DSA-4725-1 DLA-2281-1}
- evolution-data-server 3.36.4-1
NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226
NOTE: https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df
@@ -4400,8 +4414,8 @@ CVE-2020-14002 (PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to
NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=08f1e2a5066ea95559945af339a60ca14560d764 (0.74)
CVE-2020-14001
RESERVED
-CVE-2020-14000
- RESERVED
+CVE-2020-14000 (MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.2 ...)
+ TODO: check
CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Libr ...)
- libemf 1.0.13-1 (bug #963778)
[buster] - libemf <no-dsa> (Minor issue)
@@ -5892,8 +5906,8 @@ CVE-2020-13407
RESERVED
CVE-2020-13406
RESERVED
-CVE-2020-13405
- RESERVED
+CVE-2020-13405 (userfiles/modules/users/controller/controller.php in Microweber before ...)
+ TODO: check
CVE-2020-13404
RESERVED
CVE-2020-13403
@@ -9309,8 +9323,8 @@ CVE-2020-12013
RESERVED
CVE-2020-12012 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Vers ...)
NOT-FOR-US: Baxter
-CVE-2020-12011
- RESERVED
+CVE-2020-12011 (A specially crafted communication packet sent to the affected systems ...)
+ TODO: check
CVE-2020-12010 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12009
@@ -29471,8 +29485,8 @@ CVE-2020-4464
RESERVED
CVE-2020-4463
RESERVED
-CVE-2020-4462
- RESERVED
+CVE-2020-4462 (IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and ...)
+ TODO: check
CVE-2020-4461 (IBM Security Access Manager Appliance 9.0.7.1 could allow an authentic ...)
NOT-FOR-US: IBM
CVE-2020-4460
@@ -29763,8 +29777,8 @@ CVE-2020-4318
RESERVED
CVE-2020-4317
RESERVED
-CVE-2020-4316
- RESERVED
+CVE-2020-4316 (IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure ...)
+ TODO: check
CVE-2020-4315
RESERVED
CVE-2020-4314
@@ -30205,8 +30219,8 @@ CVE-2020-4097
RESERVED
CVE-2020-4096
RESERVED
-CVE-2020-4095
- RESERVED
+CVE-2020-4095 ("BigFix Platform is storing clear text credentials within the system's ...)
+ TODO: check
CVE-2020-4094
RESERVED
CVE-2020-4093
@@ -32639,8 +32653,8 @@ CVE-2020-3470
RESERVED
CVE-2020-3469
RESERVED
-CVE-2020-3468
- RESERVED
+CVE-2020-3468 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ TODO: check
CVE-2020-3467
RESERVED
CVE-2020-3466
@@ -32675,8 +32689,8 @@ CVE-2020-3452
RESERVED
CVE-2020-3451
RESERVED
-CVE-2020-3450
- RESERVED
+CVE-2020-3450 (A vulnerability in the web-based management interface of Cisco Vision ...)
+ TODO: check
CVE-2020-3449
RESERVED
CVE-2020-3448
@@ -32701,8 +32715,8 @@ CVE-2020-3439
RESERVED
CVE-2020-3438
RESERVED
-CVE-2020-3437
- RESERVED
+CVE-2020-3437 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ TODO: check
CVE-2020-3436
RESERVED
CVE-2020-3435
@@ -32763,18 +32777,18 @@ CVE-2020-3408
RESERVED
CVE-2020-3407
RESERVED
-CVE-2020-3406
- RESERVED
-CVE-2020-3405
- RESERVED
+CVE-2020-3406 (A vulnerability in the web-based management interface of the Cisco SD- ...)
+ TODO: check
+CVE-2020-3405 (A vulnerability in the web UI of Cisco SD-WAN vManage Software could a ...)
+ TODO: check
CVE-2020-3404
RESERVED
CVE-2020-3403
RESERVED
CVE-2020-3402 (A vulnerability in the Java Remote Method Invocation (RMI) interface o ...)
NOT-FOR-US: Cisco
-CVE-2020-3401
- RESERVED
+CVE-2020-3401 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ TODO: check
CVE-2020-3400
RESERVED
CVE-2020-3399
@@ -32799,28 +32813,28 @@ CVE-2020-3390
RESERVED
CVE-2020-3389
RESERVED
-CVE-2020-3388
- RESERVED
-CVE-2020-3387
- RESERVED
+CVE-2020-3388 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could allo ...)
+ TODO: check
+CVE-2020-3387 (A vulnerability in Cisco SD-WAN vManage Software could allow an authen ...)
+ TODO: check
CVE-2020-3386
RESERVED
-CVE-2020-3385
- RESERVED
+CVE-2020-3385 (A vulnerability in the deep packet inspection (DPI) engine of Cisco SD ...)
+ TODO: check
CVE-2020-3384
RESERVED
CVE-2020-3383
RESERVED
CVE-2020-3382
RESERVED
-CVE-2020-3381
- RESERVED
-CVE-2020-3380
- RESERVED
-CVE-2020-3379
- RESERVED
-CVE-2020-3378
- RESERVED
+CVE-2020-3381 (A vulnerability in the web management interface of Cisco SD-WAN vManag ...)
+ TODO: check
+CVE-2020-3380 (A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) ...)
+ TODO: check
+CVE-2020-3379 (A vulnerability in Cisco SD-WAN Solution Software could allow an authe ...)
+ TODO: check
+CVE-2020-3378 (A vulnerability in the web-based management interface for Cisco SD-WAN ...)
+ TODO: check
CVE-2020-3377
RESERVED
CVE-2020-3376
@@ -32831,14 +32845,14 @@ CVE-2020-3374
RESERVED
CVE-2020-3373
RESERVED
-CVE-2020-3372
- RESERVED
+CVE-2020-3372 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ TODO: check
CVE-2020-3371
RESERVED
-CVE-2020-3370
- RESERVED
-CVE-2020-3369
- RESERVED
+CVE-2020-3370 (A vulnerability in URL filtering of Cisco Content Security Management ...)
+ TODO: check
+CVE-2020-3369 (A vulnerability in the deep packet inspection (DPI) engine of Cisco SD ...)
+ TODO: check
CVE-2020-3368 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...)
NOT-FOR-US: Cisco
CVE-2020-3367
@@ -32859,10 +32873,10 @@ CVE-2020-3360 (A vulnerability in the Web Access feature of Cisco IP Phones Seri
NOT-FOR-US: Cisco
CVE-2020-3359
RESERVED
-CVE-2020-3358
- RESERVED
-CVE-2020-3357
- RESERVED
+CVE-2020-3358 (A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisc ...)
+ TODO: check
+CVE-2020-3357 (A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco ...)
+ TODO: check
CVE-2020-3356 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
NOT-FOR-US: Cisco
CVE-2020-3355 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
@@ -32873,20 +32887,20 @@ CVE-2020-3353 (A vulnerability in the syslog processing engine of Cisco Identity
NOT-FOR-US: Cisco
CVE-2020-3352
RESERVED
-CVE-2020-3351
- RESERVED
+CVE-2020-3351 (A vulnerability in Cisco SD-WAN Solution Software could allow an unaut ...)
+ TODO: check
CVE-2020-3350 (A vulnerability in the endpoint software of Cisco AMP for Endpoints an ...)
NOT-FOR-US: Cisco
-CVE-2020-3349
- RESERVED
-CVE-2020-3348
- RESERVED
+CVE-2020-3349 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2020-3348 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2020-3347 (A vulnerability in Cisco Webex Meetings Desktop App for Windows could ...)
NOT-FOR-US: Cisco
CVE-2020-3346
RESERVED
-CVE-2020-3345
- RESERVED
+CVE-2020-3345 (A vulnerability in certain web pages of Cisco Webex Meetings and Cisco ...)
+ TODO: check
CVE-2020-3344 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...)
NOT-FOR-US: Cisco
CVE-2020-3343 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...)
@@ -32915,12 +32929,12 @@ CVE-2020-3334 (A vulnerability in the ARP packet processing of Cisco Adaptive Se
NOT-FOR-US: Cisco
CVE-2020-3333 (A vulnerability in the API of Cisco Application Services Engine Softwa ...)
NOT-FOR-US: Cisco
-CVE-2020-3332
- RESERVED
-CVE-2020-3331
- RESERVED
-CVE-2020-3330
- RESERVED
+CVE-2020-3332 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ TODO: check
+CVE-2020-3331 (A vulnerability in the web-based management interface of Cisco RV110W ...)
+ TODO: check
+CVE-2020-3330 (A vulnerability in the Telnet service of Cisco Small Business RV110W W ...)
+ TODO: check
CVE-2020-3329 (A vulnerability in role-based access control of Cisco Integrated Manag ...)
NOT-FOR-US: Cisco
CVE-2020-3328
@@ -32937,8 +32951,8 @@ CVE-2020-3325
RESERVED
CVE-2020-3324
RESERVED
-CVE-2020-3323
- RESERVED
+CVE-2020-3323 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ TODO: check
CVE-2020-3322 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
NOT-FOR-US: Cisco
CVE-2020-3321 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
@@ -33189,8 +33203,8 @@ CVE-2020-3199 (Multiple vulnerabilities in the Cisco IOx application environment
NOT-FOR-US: Cisco
CVE-2020-3198 (Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 I ...)
NOT-FOR-US: Cisco
-CVE-2020-3197
- RESERVED
+CVE-2020-3197 (A vulnerability in the API subsystem of Cisco Meetings App could allow ...)
+ TODO: check
CVE-2020-3196 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
NOT-FOR-US: Cisco
CVE-2020-3195 (A vulnerability in the Open Shortest Path First (OSPF) implementation ...)
@@ -33223,8 +33237,8 @@ CVE-2020-3182 (A vulnerability in the multicast DNS (mDNS) protocol configuratio
NOT-FOR-US: Cisco
CVE-2020-3181 (A vulnerability in the malware detection functionality in Cisco Advanc ...)
NOT-FOR-US: Cisco
-CVE-2020-3180
- RESERVED
+CVE-2020-3180 (A vulnerability in Cisco SD-WAN Solution Software could allow an unaut ...)
+ TODO: check
CVE-2020-3179 (A vulnerability in the generic routing encapsulation (GRE) tunnel deca ...)
NOT-FOR-US: Cisco
CVE-2020-3178 (Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Softwar ...)
@@ -33283,28 +33297,28 @@ CVE-2020-3152
RESERVED
CVE-2020-3151
RESERVED
-CVE-2020-3150
- RESERVED
+CVE-2020-3150 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ TODO: check
CVE-2020-3149 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
CVE-2020-3148 (A vulnerability in the web-based interface of Cisco Prime Network Regi ...)
NOT-FOR-US: Cisco
CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches could a ...)
NOT-FOR-US: Cisco
-CVE-2020-3146
- RESERVED
-CVE-2020-3145
- RESERVED
-CVE-2020-3144
- RESERVED
+CVE-2020-3146 (Multiple vulnerabilities in the web-based management interface of the ...)
+ TODO: check
+CVE-2020-3145 (Multiple vulnerabilities in the web-based management interface of the ...)
+ TODO: check
+CVE-2020-3144 (A vulnerability in the web-based management interface of the Cisco RV1 ...)
+ TODO: check
CVE-2020-3143
RESERVED
CVE-2020-3142 (A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Me ...)
NOT-FOR-US: Cisco
CVE-2020-3141
RESERVED
-CVE-2020-3140
- RESERVED
+CVE-2020-3140 (A vulnerability in the web management interface of Cisco Prime License ...)
+ TODO: check
CVE-2020-3139 (A vulnerability in the out of band (OOB) management interface IP table ...)
NOT-FOR-US: Cisco
CVE-2020-3138 (A vulnerability in the upgrade component of Cisco Enterprise NFV Infra ...)
@@ -84034,10 +84048,10 @@ CVE-2019-4750 (IBM Cloud App Management 2019.3.0 and 2019.4.0 is vulnerable to c
NOT-FOR-US: IBM
CVE-2019-4749 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
NOT-FOR-US: IBM
-CVE-2019-4748
- RESERVED
-CVE-2019-4747
- RESERVED
+CVE-2019-4748 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...)
+ TODO: check
+CVE-2019-4747 (IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vul ...)
+ TODO: check
CVE-2019-4746 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulner ...)
NOT-FOR-US: IBM
CVE-2019-4745 (IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to d ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c40d36f58cbd3f8d21ab0f48cc264a2e6cdae7a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c40d36f58cbd3f8d21ab0f48cc264a2e6cdae7a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200716/2c2fa9d9/attachment.html>
More information about the debian-security-tracker-commits
mailing list