[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jul 21 21:10:39 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0f2b272c by security tracker role at 2020-07-21T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,46 @@
+CVE-2020-15880
+ RESERVED
+CVE-2020-15879 (Bitwarden Server 1.35.1 allows SSRF because it does not consider certa ...)
+ TODO: check
+CVE-2020-15878
+ RESERVED
+CVE-2020-15877 (An issue was discovered in LibreNMS before 1.65.1. It has insufficient ...)
+ TODO: check
+CVE-2020-15876
+ RESERVED
+CVE-2020-15875
+ RESERVED
+CVE-2020-15874
+ RESERVED
+CVE-2020-15873 (In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL I ...)
+ TODO: check
+CVE-2020-15872
+ RESERVED
+CVE-2020-15871
+ RESERVED
+CVE-2020-15870
+ RESERVED
+CVE-2020-15869
+ RESERVED
+CVE-2020-15868
+ RESERVED
+CVE-2020-15867
+ RESERVED
+CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yie ...)
+ TODO: check
+CVE-2020-15865
+ RESERVED
+CVE-2020-15864
+ RESERVED
+CVE-2020-15863
+ RESERVED
CVE-2020-15862
RESERVED
CVE-2020-15861
RESERVED
CVE-2020-15860
RESERVED
-CVE-2020-15859 [net: e1000e: use-after-free while sending packets]
- RESERVED
+CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a gues ...)
- qemu <unfixed> (bug #965978)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html
NOTE: https://bugs.launchpad.net/qemu/+bug/1886362
@@ -311,12 +346,12 @@ CVE-2020-15726
RESERVED
CVE-2020-15725
RESERVED
-CVE-2020-15724
- RESERVED
-CVE-2020-15723
- RESERVED
-CVE-2020-15722
- RESERVED
+CVE-2020-15724 (In the version 12.1.0.1005 and below of 360 Total Security, when the G ...)
+ TODO: check
+CVE-2020-15723 (In the version 12.1.0.1004 and below of 360 Total Security, when the m ...)
+ TODO: check
+CVE-2020-15722 (In version 12.1.0.1004 and below of 360 Total Security,when TPI calls ...)
+ TODO: check
CVE-2020-15721 (RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XS ...)
NOT-FOR-US: RosarioSIS
CVE-2020-15720 (In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did n ...)
@@ -1728,8 +1763,8 @@ CVE-2020-15103
NOTE: https://github.com/FreeRDP/FreeRDP/pull/6381
NOTE: https://github.com/FreeRDP/FreeRDP/commit/be8c8640ead04b1e4fc9176c504bf688351c8924 (stable-2.0)
NOTE: https://github.com/FreeRDP/FreeRDP/commit/da684f5335c2b3b726a39f3c091ce804e55f4f8e (stable-2.0)
-CVE-2020-15102
- RESERVED
+CVE-2020-15102 (In PrestaShop Dashboard Productions before version 2.1.0, there is imp ...)
+ TODO: check
CVE-2020-15101 (In freewvs before 0.1.1, a directory structure of more than 1000 neste ...)
NOT-FOR-US: freewvs
CVE-2020-15100 (In freewvs before 0.1.1, a user could create a large file that freewvs ...)
@@ -4377,8 +4412,8 @@ CVE-2020-14065 (IceWarp Email Server 12.3.0.1 allows remote attackers to upload
NOT-FOR-US: IceWarp Email Server
CVE-2020-14064 (IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user ac ...)
NOT-FOR-US: IceWarp Email Server
-CVE-2020-14063
- RESERVED
+CVE-2020-14063 (A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom Jav ...)
+ TODO: check
CVE-2020-14062 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...)
{DLA-2270-1}
- jackson-databind 2.11.1-1
@@ -8250,8 +8285,8 @@ CVE-2020-12501
RESERVED
CVE-2020-12500
RESERVED
-CVE-2020-12499
- RESERVED
+CVE-2020-12499 (In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an im ...)
+ TODO: check
CVE-2020-12498 (mwe file parsing in Phoenix Contact PC Worx and PC Worx Express versio ...)
NOT-FOR-US: Phoenix
CVE-2020-12497 (PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Expres ...)
@@ -8412,8 +8447,8 @@ CVE-2020-12434
RESERVED
CVE-2020-12433
RESERVED
-CVE-2020-12432
- RESERVED
+CVE-2020-12432 (The WOPI API integration for Vereign Collabora CODE through 4.2.2 does ...)
+ TODO: check
CVE-2020-12431 (A Windows privilege change issue was discovered in Splashtop Software ...)
NOT-FOR-US: Splashtop Software Updater
CVE-2020-12430 (An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_dri ...)
@@ -14842,8 +14877,8 @@ CVE-2020-10568 (The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 fo
NOT-FOR-US: sitepress-multilingual-cms (WPML) plugin for WordPress
CVE-2020-10567 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...)
NOT-FOR-US: Responsive Filemanager
-CVE-2018-21036
- RESERVED
+CVE-2018-21036 (Sails.js before v1.0.0-46 allows attackers to cause a denial of servic ...)
+ TODO: check
CVE-2020-10566 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-1 ...)
NOT-FOR-US: FreeBSD
CVE-2020-10565 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-1 ...)
@@ -21103,7 +21138,7 @@ CVE-2019-20419 (Affected versions of Atlassian Jira Server and Data Center allow
NOT-FOR-US: Atlassian
CVE-2019-20418 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
NOT-FOR-US: Atlassian
-CVE-2019-20417 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+CVE-2019-20417 (NOTE: This candidate is a duplicate of CVE-2019-15011. All CVE users s ...)
NOT-FOR-US: Atlassian
CVE-2019-20416 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
NOT-FOR-US: Atlassian
@@ -22584,7 +22619,7 @@ CVE-2020-7265 (Privilege Escalation vulnerability in McAfee Endpoint Security (E
NOT-FOR-US: McAfee
CVE-2020-7264 (Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) f ...)
NOT-FOR-US: McAfee
-CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in ENS for W ...)
+CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in McAfee En ...)
NOT-FOR-US: ENS for Windows
CVE-2020-7262 (Improper Access Control vulnerability in McAfee Advanced Threat Defens ...)
NOT-FOR-US: McAfee
@@ -39424,7 +39459,7 @@ CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and allow
CVE-2019-18861
RESERVED
CVE-2019-18860 (Squid before 4.9, when certain web browsers are used, mishandles HTML ...)
- {DLA-2278-1}
+ {DSA-4732-1 DLA-2278-1}
- squid 4.9-1 (low)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/pull/504
@@ -40052,6 +40087,7 @@ CVE-2020-1505
RESERVED
CVE-2020-1504
RESERVED
+ {DSA-4732-1}
CVE-2020-1503
RESERVED
CVE-2020-1502
@@ -211186,10 +211222,10 @@ CVE-2016-7066 (It was found that the improper default permissions on /tmp/auth d
NOT-FOR-US: admin-cli / jboss-cli in Red Hat
CVE-2016-7065 (The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) ...)
NOT-FOR-US: Red Hat JBoss EAP
-CVE-2016-7064
- RESERVED
-CVE-2016-7063
- RESERVED
+CVE-2016-7064 (A flaw was found in pritunl-client before version 1.0.1116.6. A lack o ...)
+ TODO: check
+CVE-2016-7063 (A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrar ...)
+ TODO: check
CVE-2016-7062 (rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Co ...)
NOT-FOR-US: Red Hat rhscon-core
CVE-2016-7061 (An information disclosure vulnerability was found in JBoss Enterprise ...)
@@ -243921,7 +243957,7 @@ CVE-2015-5239 (Integer overflow in the VNC display driver in QEMU before 2.1.0 a
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
NOTE: Upstream fix: http://git.qemu.org/?p=qemu.git;a=commit;h=f9a70e79391f6d7c2a912d785239ee8effc1922d (v2.1.0-rc0)
CVE-2015-5238
- RESERVED
+ REJECTED
CVE-2015-5237 (protobuf allows remote authenticated attackers to cause a heap-based b ...)
- protobuf <unfixed> (unimportant)
NOTE: https://github.com/google/protobuf/issues/760
@@ -346120,7 +346156,7 @@ CVE-2010-1146 (The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem
[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
CVE-2010-1145
REJECTED
-CVE-2010-0751 (The ip_evictor function in ip_fragment.c in libnids 1.24, as used in d ...)
+CVE-2010-0751 (The ip_evictor function in ip_fragment.c in libnids before 1.24, as us ...)
- libnids 1.23-1.2 (low; bug #576281)
[lenny] - libnids <no-dsa> (Minor issue)
NOTE: dsniff is the only software in Debian using this lib so the impact is pretty minor
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f2b272cce12ac2ce9c9eef46cd340b5fa47deef
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f2b272cce12ac2ce9c9eef46cd340b5fa47deef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200721/d8e60fd1/attachment.html>
More information about the debian-security-tracker-commits
mailing list