[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jul 17 21:10:28 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bcb1a11b by security tracker role at 2020-07-17T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2020-15815
+ RESERVED
+CVE-2020-15814
+ RESERVED
+CVE-2020-15813 (Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers ...)
+ TODO: check
+CVE-2020-15812
+ RESERVED
+CVE-2020-15811
+ RESERVED
+CVE-2020-15810
+ RESERVED
+CVE-2020-15809
+ RESERVED
+CVE-2020-15808
+ RESERVED
+CVE-2020-15807 (GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted ...)
+ TODO: check
+CVE-2020-15806
+ RESERVED
CVE-2020-15805
RESERVED
CVE-2020-15804
@@ -368,7 +388,7 @@ CVE-2020-15647
RESERVED
CVE-2020-15646
RESERVED
- {DSA-4718-1 DLA-2247-1}
+ {DSA-4718-1}
- thunderbird 1:68.10.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-15646
CVE-2020-15645
@@ -513,8 +533,7 @@ CVE-2020-15588
RESERVED
CVE-2020-15587
RESERVED
-CVE-2020-15586
- RESERVED
+CVE-2020-15586 (Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net ...)
- golang-1.15 <unfixed>
- golang-1.14 <unfixed>
- golang-1.11 <removed>
@@ -734,8 +753,8 @@ CVE-2020-15499
RESERVED
CVE-2020-15498
RESERVED
-CVE-2020-15497
- RESERVED
+CVE-2020-15497 (jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 ...)
+ TODO: check
CVE-2020-15496
RESERVED
CVE-2020-15495
@@ -2004,8 +2023,7 @@ CVE-2020-14929 (Alpine before 2.23 silently proceeds to use an insecure connecti
[stretch] - alpine <no-dsa> (Minor issue)
NOTE: http://mailman13.u.washington.edu/pipermail/alpine-info/2020-June/008989.html
NOTE: https://repo.or.cz/alpine.git/commitdiff/000edd9036b6aea5e6a06900ecd6c58faec665ab
-CVE-2020-14928
- RESERVED
+CVE-2020-14928 (evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering is ...)
{DSA-4725-1 DLA-2281-1}
- evolution-data-server 3.36.4-1
NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226
@@ -4308,8 +4326,7 @@ CVE-2020-14040 (The x/text package before 0.3.3 for Go has a vulnerability in en
NOTE: https://github.com/golang/go/issues/39491
NOTE: https://go.googlesource.com/text/+/23ae387dee1f90d29a23c0e87ee0b46038fbed0e
NOTE: https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0
-CVE-2020-14039
- RESERVED
+CVE-2020-14039 (In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may ...)
- golang-1.15 <not-affected> (Windows-specific)
- golang-1.14 <not-affected> (Windows-specific)
- golang-1.11 <not-affected> (Windows-specific)
@@ -4441,8 +4458,8 @@ CVE-2020-14002 (PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to
[stretch] - putty <no-dsa> (Minor issue)
[jessie] - putty <no-dsa> (Minor issue)
NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=08f1e2a5066ea95559945af339a60ca14560d764 (0.74)
-CVE-2020-14001
- RESERVED
+CVE-2020-14001 (The kramdown gem before 2.3.0 for Ruby processes the template option i ...)
+ TODO: check
CVE-2020-14000 (MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.2 ...)
TODO: check
CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Libr ...)
@@ -4581,12 +4598,14 @@ CVE-2020-13937
CVE-2020-13936
RESERVED
CVE-2020-13935 (The payload length in a WebSocket frame was not correctly validated in ...)
+ {DSA-4727-1}
- tomcat9 9.0.37-1
- tomcat8 <removed>
NOTE: https://www.openwall.com/lists/oss-security/2020/07/14/3
NOTE: https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5 (8.5.57)
NOTE: https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d (9.0.37)
CVE-2020-13934 (An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0. ...)
+ {DSA-4727-1}
- tomcat9 9.0.37-1
- tomcat8 <removed>
NOTE: https://www.openwall.com/lists/oss-security/2020/07/14/4
@@ -8290,7 +8309,7 @@ CVE-2020-12422 (In non-standard configurations, a JPEG image created by JavaScri
- firefox 78.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12422
CVE-2020-12421 (When performing add-on updates, certificate chains terminating in non- ...)
- {DSA-4718-1 DSA-4713-1 DLA-2247-1}
+ {DSA-4718-1 DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
- thunderbird 1:68.10.0-1
@@ -8298,7 +8317,7 @@ CVE-2020-12421 (When performing add-on updates, certificate chains terminating i
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12421
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12421
CVE-2020-12420 (When trying to connect to a STUN server, a race condition could have c ...)
- {DSA-4718-1 DSA-4713-1 DLA-2247-1}
+ {DSA-4718-1 DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
- thunderbird 1:68.10.0-1
@@ -8306,7 +8325,7 @@ CVE-2020-12420 (When trying to connect to a STUN server, a race condition could
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12420
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12420
CVE-2020-12419 (When processing callbacks that occurred during window flushing in the ...)
- {DSA-4718-1 DSA-4713-1 DLA-2247-1}
+ {DSA-4718-1 DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
- thunderbird 1:68.10.0-1
@@ -8314,7 +8333,7 @@ CVE-2020-12419 (When processing callbacks that occurred during window flushing i
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12419
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12419
CVE-2020-12418 (Manipulating individual parts of a URL object could have caused an out ...)
- {DSA-4718-1 DSA-4713-1 DLA-2247-1}
+ {DSA-4718-1 DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
- thunderbird 1:68.10.0-1
@@ -8322,7 +8341,7 @@ CVE-2020-12418 (Manipulating individual parts of a URL object could have caused
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12418
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12418
CVE-2020-12417 (Due to confusion about ValueTags on JavaScript Objects, an object may ...)
- {DSA-4718-1 DSA-4713-1 DLA-2247-1}
+ {DSA-4718-1 DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
- thunderbird 1:68.10.0-1
@@ -8347,7 +8366,7 @@ CVE-2020-12411 (Mozilla developers reported memory safety bugs present in Firefo
- firefox 77.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12411
CVE-2020-12410 (Mozilla developers reported memory safety bugs present in Firefox 76 a ...)
- {DSA-4702-1 DSA-4695-1 DLA-2243-1}
+ {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- thunderbird 1:68.9.0-1
@@ -8364,7 +8383,7 @@ CVE-2020-12407 (Mozilla Developer Nicolas Silva found that when using WebRender,
- firefox 77.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12407
CVE-2020-12406 (Mozilla Developer Iain Ireland discovered a missing type check during ...)
- {DSA-4702-1 DSA-4695-1 DLA-2243-1}
+ {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- thunderbird 1:68.9.0-1
@@ -8372,7 +8391,7 @@ CVE-2020-12406 (Mozilla Developer Iain Ireland discovered a missing type check d
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12406
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12406
CVE-2020-12405 (When browsing a malicious page, a race condition in our SharedWorkerSe ...)
- {DSA-4702-1 DSA-4695-1 DLA-2243-1}
+ {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- thunderbird 1:68.9.0-1
@@ -8385,7 +8404,7 @@ CVE-2020-12404 (For native-to-JS bridging the app requires a unique token to be
CVE-2020-12403
RESERVED
CVE-2020-12402 (During RSA key generation, bignum implementations used a variation of ...)
- {DLA-2266-1}
+ {DSA-4726-1 DLA-2266-1}
- nss 2:3.53.1-1 (bug #963152)
NOTE: https://hg.mozilla.org/projects/nss/rev/699541a7793bbe9b20f1d73dc49e25c6054aa4c1
NOTE: Fixed upstream in 3.53.1
@@ -8394,7 +8413,7 @@ CVE-2020-12401
CVE-2020-12400
RESERVED
CVE-2020-12399 (NSS has shown timing differences when performing DSA signatures, which ...)
- {DSA-4702-1 DSA-4695-1 DLA-2266-1 DLA-2243-1}
+ {DSA-4726-1 DSA-4702-1 DSA-4695-1 DLA-2266-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- nss 2:3.53-1 (bug #961752)
@@ -8405,7 +8424,7 @@ CVE-2020-12399 (NSS has shown timing differences when performing DSA signatures,
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12399
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12399
CVE-2020-12398 (If Thunderbird is configured to use STARTTLS for an IMAP server, and t ...)
- {DSA-4702-1}
+ {DSA-4702-1 DLA-2247-1}
- thunderbird 1:68.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12398
CVE-2020-12397 (By encoding Unicode whitespace characters within the From email header ...)
@@ -9383,7 +9402,7 @@ CVE-2020-11998
CVE-2020-11997
RESERVED
CVE-2020-11996 (A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat ...)
- {DLA-2279-1}
+ {DSA-4727-1 DLA-2279-1}
- tomcat9 9.0.36-1
- tomcat8 <removed>
NOTE: https://www.openwall.com/lists/oss-security/2020/06/25/6
@@ -17103,7 +17122,7 @@ CVE-2020-9486
CVE-2020-9485 (An issue was found in Apache Airflow versions 1.10.10 and below. A sto ...)
TODO: check
CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to ...)
- {DLA-2279-1 DLA-2217-1 DLA-2209-1}
+ {DSA-4727-1 DLA-2279-1 DLA-2217-1 DLA-2209-1}
- tomcat9 9.0.35-1 (bug #961209)
- tomcat8 <removed>
- tomcat7 <removed>
@@ -21216,10 +21235,10 @@ CVE-2020-7828
RESERVED
CVE-2020-7827
RESERVED
-CVE-2020-7826
- RESERVED
-CVE-2020-7825
- RESERVED
+CVE-2020-7826 (EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a ...)
+ TODO: check
+CVE-2020-7825 (A vulnerability exists that could allow the execution of operating sys ...)
+ TODO: check
CVE-2020-7824
RESERVED
CVE-2020-7823
@@ -21476,8 +21495,8 @@ CVE-2020-7698
RESERVED
CVE-2020-7697
RESERVED
-CVE-2020-7696
- RESERVED
+CVE-2020-7696 (This affects all versions of package react-native-fast-image. When an ...)
+ TODO: check
CVE-2020-7695
RESERVED
CVE-2020-7694
@@ -21503,8 +21522,8 @@ CVE-2020-7686
RESERVED
CVE-2020-7685
RESERVED
-CVE-2020-7684
- RESERVED
+CVE-2020-7684 (This affects all versions of package rollup-plugin-serve. There is no ...)
+ TODO: check
CVE-2020-7683
RESERVED
CVE-2020-7682
@@ -28023,10 +28042,10 @@ CVE-2020-5133
RESERVED
CVE-2020-5132
RESERVED
-CVE-2020-5131
- RESERVED
-CVE-2020-5130
- RESERVED
+CVE-2020-5131 (SonicWall NetExtender Windows client vulnerable to arbitrary file writ ...)
+ TODO: check
+CVE-2020-5130 (SonicOS SSLVPN LDAP login request allows remote attackers to cause ext ...)
+ TODO: check
CVE-2020-5129 (A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows a ...)
NOT-FOR-US: SonicWall
CVE-2019-20197 (In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary ...)
@@ -29511,8 +29530,8 @@ CVE-2020-4466
RESERVED
CVE-2020-4465
RESERVED
-CVE-2020-4464
- RESERVED
+CVE-2020-4464 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional co ...)
+ TODO: check
CVE-2020-4463
RESERVED
CVE-2020-4462 (IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and ...)
@@ -39559,51 +39578,38 @@ CVE-2020-1657
RESERVED
CVE-2020-1656
RESERVED
-CVE-2020-1655
- RESERVED
+CVE-2020-1655 (When a device running Juniper Networks Junos OS with MPC7, MPC8, or MP ...)
NOT-FOR-US: Juniper
-CVE-2020-1654
- RESERVED
+CVE-2020-1654 (On Juniper Networks SRX Series with ICAP (Internet Content Adaptation ...)
NOT-FOR-US: Juniper
-CVE-2020-1653
- RESERVED
+CVE-2020-1653 (On Juniper Networks Junos OS devices, a stream of TCP packets sent to ...)
NOT-FOR-US: Juniper
-CVE-2020-1652
- RESERVED
-CVE-2020-1651
- RESERVED
+CVE-2020-1652 (OpenNMS is accessible via port 9443 ...)
+ TODO: check
+CVE-2020-1651 (On Juniper Networks MX series, receipt of a stream of specific Layer 2 ...)
NOT-FOR-US: Juniper
-CVE-2020-1650
- RESERVED
+CVE-2020-1650 (On Juniper Networks Junos MX Series with service card configured, rece ...)
NOT-FOR-US: Juniper
-CVE-2020-1649
- RESERVED
+CVE-2020-1649 (When a device running Juniper Networks Junos OS with MPC7, MPC8, or MP ...)
NOT-FOR-US: Juniper
-CVE-2020-1648
- RESERVED
+CVE-2020-1648 (On Juniper Networks Junos OS and Junos OS Evolved devices, processing ...)
NOT-FOR-US: Juniper
-CVE-2020-1647
- RESERVED
+CVE-2020-1647 (On Juniper Networks SRX Series with ICAP (Internet Content Adaptation ...)
NOT-FOR-US: Juniper
-CVE-2020-1646
- RESERVED
+CVE-2020-1646 (On Juniper Networks Junos OS and Junos OS Evolved devices, processing ...)
NOT-FOR-US: Juniper
-CVE-2020-1645
- RESERVED
+CVE-2020-1645 (When DNS filtering is enabled on Juniper Networks Junos MX Series with ...)
NOT-FOR-US: Juniper
-CVE-2020-1644
- RESERVED
+CVE-2020-1644 (On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt ...)
NOT-FOR-US: Juniper
-CVE-2020-1643
- RESERVED
+CVE-2020-1643 (Execution of the "show ospf interface extensive" or "show ospf interfa ...)
NOT-FOR-US: Juniper
CVE-2020-1642
RESERVED
-CVE-2020-1641
- RESERVED
+CVE-2020-1641 (A Race Condition vulnerability in Juniper Networks Junos OS LLDP imple ...)
NOT-FOR-US: Juniper
-CVE-2020-1640
- RESERVED
+CVE-2020-1640 (An improper use of a validation framework when processing incoming gen ...)
+ TODO: check
CVE-2020-1639 (When an attacker sends a specific crafted Ethernet Operation, Administ ...)
NOT-FOR-US: Juniper
CVE-2020-1638 (The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and J ...)
@@ -47286,6 +47292,7 @@ CVE-2019-17024 (Mozilla developers reported memory safety bugs present in Firefo
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17024
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17024
CVE-2019-17023 (After a HelloRetryRequest has been sent, the client may negotiate a lo ...)
+ {DSA-4726-1}
- firefox 72.0-1
- nss 2:3.49-1
[jessie] - nss <not-affected> (Vulnerable code was introduced later)
@@ -47395,7 +47402,7 @@ CVE-2019-17007 [nss: Handling of Netscape Certificate Sequences in CERT_DecodeCe
NOTE: but then reverted until the 2:3.45-1 upload).
CVE-2019-17006 [Check length of inputs for cryptographic primitives]
RESERVED
- {DLA-2058-1}
+ {DSA-4726-1 DLA-2058-1}
- nss 2:3.47-1
NOTE: Fixed upstream in NSS 3.46.
NOTE: Upstream bug (currently non-public): https://bugzilla.mozilla.org/show_bug.cgi?id=1539788
@@ -85394,8 +85401,8 @@ CVE-2019-4093 (IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could all
NOT-FOR-US: IBM
CVE-2019-4092 (IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to ...)
NOT-FOR-US: IBM
-CVE-2019-4091
- RESERVED
+CVE-2019-4091 ("HCL Marketing Platform is vulnerable to cross-site scripting during a ...)
+ TODO: check
CVE-2019-4090
RESERVED
CVE-2019-4089
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcb1a11bb0d53c303fe2202baaf3d2a70e6ce02a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcb1a11bb0d53c303fe2202baaf3d2a70e6ce02a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200717/a50b83bb/attachment.html>
More information about the debian-security-tracker-commits
mailing list