[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Jul 20 21:10:35 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
623bafda by security tracker role at 2020-07-20T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2020-15857
+ RESERVED
+CVE-2020-15856
+ RESERVED
+CVE-2020-15855
+ RESERVED
+CVE-2020-15854
+ RESERVED
+CVE-2020-15853
+ RESERVED
+CVE-2020-15852 (An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used ...)
+ TODO: check
CVE-2020-XXXX [mpv insecure lua loadpath]
- mpv 0.32.0-2 (bug #950816)
[buster] - mpv <no-dsa> (Minor issue)
@@ -1646,18 +1658,18 @@ CVE-2020-15125
RESERVED
CVE-2020-15124
RESERVED
-CVE-2020-15123
- RESERVED
+CVE-2020-15123 (In codecov (npm package) before version 3.7.1 the upload method has a ...)
+ TODO: check
CVE-2020-15122
RESERVED
-CVE-2020-15121
- RESERVED
+CVE-2020-15121 (In radare2 before version 4.5.0, malformed PDB file names in the PDB s ...)
+ TODO: check
CVE-2020-15120
RESERVED
CVE-2020-15119
RESERVED
-CVE-2020-15118
- RESERVED
+CVE-2020-15118 (In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is m ...)
+ TODO: check
CVE-2020-15117 (In Synergy before version 1.12.0, a Synergy server can be crashed by r ...)
- synergy <removed>
NOTE: https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39
@@ -1672,8 +1684,8 @@ CVE-2020-15113
RESERVED
CVE-2020-15112
RESERVED
-CVE-2020-15111
- RESERVED
+CVE-2020-15111 (In Fiber before version 1.12.6, the filename that is given in c.Attach ...)
+ TODO: check
CVE-2020-15110 (In jupyterhub-kubespawner before 0.12, certain usernames will be able ...)
NOT-FOR-US: jupyterhub-kubespawner
CVE-2020-15109
@@ -1795,10 +1807,10 @@ CVE-2020-15055
RESERVED
CVE-2020-15054
RESERVED
-CVE-2020-15053
- RESERVED
-CVE-2020-15052
- RESERVED
+CVE-2020-15053 (An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflec ...)
+ TODO: check
+CVE-2020-15052 (An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL In ...)
+ TODO: check
CVE-2020-15051 (An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS ...)
NOT-FOR-US: Artica Proxy
CVE-2020-15050 (An issue was discovered in the Video Extension in Suprema BioStar 2 be ...)
@@ -1901,8 +1913,8 @@ CVE-2020-15011 (GNU Mailman before 2.1.33 allows arbitrary content injection via
NOTE: https://bugs.launchpad.net/mailman/+bug/1877379
CVE-2020-15010
RESERVED
-CVE-2020-15009
- RESERVED
+CVE-2020-15009 (AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe i ...)
+ TODO: check
CVE-2020-15008 (A SQLi exists in the probe code of all Connectwise Automate versions b ...)
NOT-FOR-US: Connectwise
CVE-2020-15007 (A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tec ...)
@@ -3012,14 +3024,14 @@ CVE-2020-14496
RESERVED
CVE-2020-14495
RESERVED
-CVE-2020-14494
- RESERVED
+CVE-2020-14494 (OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication ...)
+ TODO: check
CVE-2020-14493
RESERVED
CVE-2020-14492
RESERVED
-CVE-2020-14491
- RESERVED
+CVE-2020-14491 (OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check perm ...)
+ TODO: check
CVE-2020-14490
RESERVED
CVE-2020-14489
@@ -3030,10 +3042,10 @@ CVE-2020-14487
RESERVED
CVE-2020-14486
RESERVED
-CVE-2020-14485
- RESERVED
-CVE-2020-14484
- RESERVED
+CVE-2020-14485 (OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to b ...)
+ TODO: check
+CVE-2020-14484 (OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to b ...)
+ TODO: check
CVE-2020-14483
RESERVED
CVE-2020-14482 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Ope ...)
@@ -9428,16 +9440,16 @@ CVE-2020-12033 (In Rockwell Automation FactoryTalk Services Platform, all versio
NOT-FOR-US: Rockwell Automation
CVE-2020-12032 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Vers ...)
NOT-FOR-US: Baxter
-CVE-2020-12031
- RESERVED
+CVE-2020-12031 (In all versions of FactoryTalk View SE, after bypassing memory corrupt ...)
+ TODO: check
CVE-2020-12030
RESERVED
-CVE-2020-12029
- RESERVED
-CVE-2020-12028
- RESERVED
-CVE-2020-12027
- RESERVED
+CVE-2020-12029 (All versions of FactoryTalk View SE do not properly validate input of ...)
+ TODO: check
+CVE-2020-12028 (In all versions of FactoryTalk View SEA remote, an authenticated attac ...)
+ TODO: check
+CVE-2020-12027 (All versions of FactoryTalk View SE disclose the hostnames and file pa ...)
+ TODO: check
CVE-2020-12026 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12025 (Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, ...)
@@ -11088,6 +11100,7 @@ CVE-2020-11727 (A cross-site scripting (XSS) vulnerability in the AlgolPlus Adva
CVE-2020-11726
RESERVED
CVE-2020-11724 (An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_sub ...)
+ {DLA-2283-1}
- nginx 1.18.0-5 (bug #964950)
NOTE: https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa (ngx_lua 0.10.17, with tests)
NOTE: https://github.com/openresty/openresty/commit/4e8b4c395f842a078e429c80dd063b2323999957 (ngx_lua 0.10.15)
@@ -14042,7 +14055,7 @@ CVE-2020-10784
RESERVED
CVE-2020-10783
RESERVED
-CVE-2020-10782 (An exposure of sensitive information flaw was found in Ansible Tower b ...)
+CVE-2020-10782 (An exposure of sensitive information flaw was found in Ansible version ...)
NOT-FOR-US: Ansible Tower
CVE-2020-10781 [zram sysfs resource consumption]
RESERVED
@@ -20248,10 +20261,10 @@ CVE-2020-8217
RESERVED
CVE-2020-8216
RESERVED
-CVE-2020-8215
- RESERVED
-CVE-2020-8214
- RESERVED
+CVE-2020-8215 (A buffer overflow is present in canvas version <= 1.6.9, which coul ...)
+ TODO: check
+CVE-2020-8214 (A path traversal vulnerability in servey version < 3 allows an atta ...)
+ TODO: check
CVE-2020-8213
RESERVED
CVE-2020-8212
@@ -20268,8 +20281,8 @@ CVE-2020-8207
RESERVED
CVE-2020-8206
RESERVED
-CVE-2020-8205
- RESERVED
+CVE-2020-8205 (The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable ...)
+ TODO: check
CVE-2020-8204
RESERVED
CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash <= ...)
@@ -20380,19 +20393,20 @@ CVE-2020-8166 (A CSRF forgery vulnerability exists in rails < 5.2.5, rails &l
NOTE: https://github.com/rails/rails/commit/d124f19287f4892c72ca54da728a781591c6fca1
NOTE: per-form CSRF token introduced in 5.x: https://github.com/rails/rails/commit/3e98819e20bc113343d4d4c0df614865ad5a9d3a
CVE-2020-8165 (A deserialization of untrusted data vulnernerability exists in rails & ...)
- {DLA-2251-1}
+ {DLA-2282-1 DLA-2251-1}
- rails 2:5.2.4.3+dfsg-1
NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
NOTE: https://github.com/rails/rails/commit/f7e077f85e61fc0b7381963eda0ceb0e457546b5 (MemCache backend)
NOTE: https://github.com/rails/rails/commit/467e3399c9007996c03ffe3212689d48dd25ae99 (Redis backend)
NOTE: Redis backend introduced in 5.2: https://github.com/rails/rails/commit/9f8ec3535247ac41a9c92e84ddc7a3b771bc318b
CVE-2020-8164 (A deserialization of untrusted data vulnerability exists in rails < ...)
- {DLA-2251-1}
+ {DLA-2282-1 DLA-2251-1}
[experimental] - rails 2:6.0.3.1+dfsg-1
- rails 2:5.2.4.3+dfsg-1
NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
NOTE: https://github.com/rails/rails/commit/7a3ee4fea90b7555f8d09c6c05c15fe7ab5a06ec
CVE-2020-8163 (The is a code injection vulnerability in versions of Rails prior to 5. ...)
+ {DLA-2282-1}
- rails 2:5.2.0+dfsg-2
NOTE: https://weblog.rubyonrails.org/2020/5/15/Rails-4-2-11-2-has-been-released/
NOTE: https://weblog.rubyonrails.org/2020/5/16/rails-4-2-11-3-has-been-released/
@@ -21634,8 +21648,8 @@ CVE-2020-7682
RESERVED
CVE-2020-7681
RESERVED
-CVE-2020-7680
- RESERVED
+CVE-2020-7680 (docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). ...)
+ TODO: check
CVE-2020-7679 (In all versions of package casperjs, the mergeObjects utility function ...)
NOT-FOR-US: Node casperjs
CVE-2020-7678
@@ -23487,10 +23501,10 @@ CVE-2020-6874
RESERVED
CVE-2020-6873
RESERVED
-CVE-2020-6872
- RESERVED
-CVE-2020-6871
- RESERVED
+CVE-2020-6872 (The server management software module of ZTE has a storage XSS vulnera ...)
+ TODO: check
+CVE-2020-6871 (The server management software module of ZTE has an authentication iss ...)
+ TODO: check
CVE-2020-6870 (The version V12.17.20T115 of ZTE U31R20 product is impacted by a desig ...)
NOT-FOR-US: ZTE
CVE-2020-6869 (All versions up to 10.06 of ZTEMarket APK are impacted by an informati ...)
@@ -29501,8 +29515,8 @@ CVE-2020-4529 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to serv
NOT-FOR-US: IBM
CVE-2020-4528
RESERVED
-CVE-2020-4527
- RESERVED
+CVE-2020-4527 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...)
+ TODO: check
CVE-2020-4526
RESERVED
CVE-2020-4525
@@ -29623,8 +29637,8 @@ CVE-2020-4468 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote at
NOT-FOR-US: IBM
CVE-2020-4467 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...)
NOT-FOR-US: IBM
-CVE-2020-4466
- RESERVED
+CVE-2020-4466 (IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authentica ...)
+ TODO: check
CVE-2020-4465
RESERVED
CVE-2020-4464 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional co ...)
@@ -29833,8 +29847,8 @@ CVE-2020-4363 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
NOT-FOR-US: IBM
CVE-2020-4362 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is ...)
NOT-FOR-US: IBM
-CVE-2020-4361
- RESERVED
+CVE-2020-4361 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...)
+ TODO: check
CVE-2020-4360 (IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting ...)
NOT-FOR-US: IBM
CVE-2020-4359
@@ -32774,8 +32788,7 @@ CVE-2020-3483
RESERVED
CVE-2020-3482
RESERVED
-CVE-2020-3481
- RESERVED
+CVE-2020-3481 (A vulnerability in the EGG archive parsing module in Clam AntiVirus (C ...)
- clamav 0.102.4+dfsg-1
[buster] - clamav <no-dsa> (ClamAV is updated via -updates)
NOTE: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/623bafdab0057bf225fe7cc66733637329d0e950
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/623bafdab0057bf225fe7cc66733637329d0e950
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200720/922fa9d7/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list