[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Jul 27 21:10:33 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
49d5fb3e by security tracker role at 2020-07-27T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2020-15956
+	RESERVED
+CVE-2020-15955
+	RESERVED
 CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communicati ...)
 	TODO: check
 CVE-2020-15953 (LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other  ...)
@@ -860,10 +864,10 @@ CVE-2020-15595
 	RESERVED
 CVE-2020-15594
 	RESERVED
-CVE-2020-15593
-	RESERVED
-CVE-2020-15592
-	RESERVED
+CVE-2020-15593 (SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It u ...)
+	TODO: check
+CVE-2020-15592 (SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privil ...)
+	TODO: check
 CVE-2020-15591
 	RESERVED
 CVE-2020-15590
@@ -1915,8 +1919,8 @@ CVE-2020-15121 (In radare2 before version 4.5.0, malformed PDB file names in the
 	NOTE: https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
 	NOTE: https://github.com/radareorg/radare2/issues/16945
 	NOTE: https://github.com/radareorg/radare2/pull/16966
-CVE-2020-15120
-	RESERVED
+CVE-2020-15120 (An authenticated member of one project can modify and delete members o ...)
+	TODO: check
 CVE-2020-15119
 	RESERVED
 CVE-2020-15118 (In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is m ...)
@@ -1955,8 +1959,7 @@ CVE-2020-15105 (Django Two-Factor Authentication before 1.12, stores the user's
 	NOT-FOR-US: Django Two-Factor Authentication
 CVE-2020-15104 (In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when valid ...)
 	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
-CVE-2020-15103
-	RESERVED
+CVE-2020-15103 (In FreeRDP less than or equal to 2.1.2, an integer overflow exists due ...)
 	- freerdp2 <unfixed> (bug #965979)
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
@@ -13092,8 +13095,8 @@ CVE-2020-11111 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the in
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2664
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
-CVE-2020-11110
-	RESERVED
+CVE-2020-11110 (Grafana through 6.7.1 allows stored XSS. ...)
+	TODO: check
 CVE-2020-11109
 	RESERVED
 CVE-2020-11108 (The Gravity updater in Pi-hole through 4.4 allows an authenticated adv ...)
@@ -14992,8 +14995,8 @@ CVE-2020-10611 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122
 	NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway
 CVE-2020-10610 (In OSIsoft PI System multiple products and versions, a local attacker  ...)
 	NOT-FOR-US: OSIsoft PI System
-CVE-2020-10609
-	RESERVED
+CVE-2020-10609 (Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may all ...)
+	TODO: check
 CVE-2020-10608 (In OSIsoft PI System multiple products and versions, a local attacker  ...)
 	NOT-FOR-US: OSIsoft PI System
 CVE-2020-10607 (In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer ...)
@@ -18180,8 +18183,8 @@ CVE-2020-9253
 	RESERVED
 CVE-2020-9252 (HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI M ...)
 	NOT-FOR-US: Huawei
-CVE-2020-9251
-	RESERVED
+CVE-2020-9251 (HUAWEI Mate 20 smartphones with versions earlier than 10.1.0.160(C00E1 ...)
+	TODO: check
 CVE-2020-9250
 	RESERVED
 CVE-2020-9249
@@ -18528,8 +18531,8 @@ CVE-2020-9079
 	RESERVED
 CVE-2020-9078
 	RESERVED
-CVE-2020-9077
-	RESERVED
+CVE-2020-9077 (HUAWEI P30 smart phones with versions earlier than 10.1.0.160(C00E160R ...)
+	TODO: check
 CVE-2020-9076 (HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9075 (Huawei products Secospace USG6300;USG6300E with versions of V500R001C3 ...)
@@ -21915,10 +21918,10 @@ CVE-2020-7697
 	RESERVED
 CVE-2020-7696 (This affects all versions of package react-native-fast-image. When an  ...)
 	TODO: check
-CVE-2020-7695
-	RESERVED
-CVE-2020-7694
-	RESERVED
+CVE-2020-7695 (This affects all versions of package uvicorn. Uvicorn's implementation ...)
+	TODO: check
+CVE-2020-7694 (This affects all versions of package uvicorn. The request logger provi ...)
+	TODO: check
 CVE-2020-7693 (Incorrect handling of Upgrade header with the value websocket leads in ...)
 	- node-socks <itp> (bug #922921)
 CVE-2020-7692 (PKCE support is not implemented in accordance with the RFC for OAuth 2 ...)
@@ -23508,10 +23511,10 @@ CVE-2020-7019
 	RESERVED
 CVE-2020-7018
 	RESERVED
-CVE-2020-7017
-	RESERVED
-CVE-2020-7016
-	RESERVED
+CVE-2020-7017 (In Kibana versions before 6.8.11 and 7.8.1 the region map visualizatio ...)
+	TODO: check
+CVE-2020-7016 (Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (D ...)
+	TODO: check
 CVE-2020-7015 (Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in t ...)
 	- kibana <itp> (bug #700337)
 CVE-2020-7014 (The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch ve ...)
@@ -29875,8 +29878,8 @@ CVE-2020-4500
 	RESERVED
 CVE-2020-4499
 	RESERVED
-CVE-2020-4498
-	RESERVED
+CVE-2020-4498 (IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged use ...)
+	TODO: check
 CVE-2020-4497
 	RESERVED
 CVE-2020-4496
@@ -30055,14 +30058,14 @@ CVE-2020-4410
 	RESERVED
 CVE-2020-4409
 	RESERVED
-CVE-2020-4408
-	RESERVED
+CVE-2020-4408 (The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRada ...)
+	TODO: check
 CVE-2020-4407
 	RESERVED
 CVE-2020-4406 (IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows ...)
 	NOT-FOR-US: IBM
-CVE-2020-4405
-	RESERVED
+CVE-2020-4405 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially se ...)
+	TODO: check
 CVE-2020-4404
 	RESERVED
 CVE-2020-4403
@@ -31681,11 +31684,11 @@ CVE-2020-3937 (SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 201912
 	NOT-FOR-US: SysJust Syuan-Gu-Da-Shih
 CVE-2020-3936 (UltraLog Express device management interface does not properly filter  ...)
 	NOT-FOR-US: UltraLog Express
-CVE-2020-3935 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Manage ...)
+CVE-2020-3935 (TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance ...)
 	NOT-FOR-US: Secom Co. Dr.ID
-CVE-2020-3934 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Manage ...)
+CVE-2020-3934 (TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance ...)
 	NOT-FOR-US: Secom Co. Dr.ID
-CVE-2020-3933 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Manage ...)
+CVE-2020-3933 (TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance ...)
 	NOT-FOR-US: Secom Co. Dr.ID
 CVE-2020-3932 (A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may ...)
 	NOT-FOR-US: Draytek VigorAP910C
@@ -37603,7 +37606,7 @@ CVE-2020-1810 (There is a weak algorithm vulnerability in some Huawei products.
 	NOT-FOR-US: Huawei
 CVE-2020-1809 (HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E1 ...)
 	NOT-FOR-US: Huawei
-CVE-2020-1808 (Huawei smartphones Honor View 20;Honor 20;Honor 20 PRO;Honor Magic2 wi ...)
+CVE-2020-1808 (Honor 20;HONOR 20 PRO;Honor Magic2;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI  ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1807 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E7 ...)
 	NOT-FOR-US: Huawei
@@ -40402,8 +40405,8 @@ CVE-2020-1459
 	RESERVED
 CVE-2020-1458 (A remote code execution vulnerability exists when Microsoft Office imp ...)
 	NOT-FOR-US: Microsoft
-CVE-2020-1457
-	RESERVED
+CVE-2020-1457 (A remote code execution vulnerability exists in the way that Microsoft ...)
+	TODO: check
 CVE-2020-1456 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1455
@@ -40466,8 +40469,8 @@ CVE-2020-1427 (An elevation of privilege vulnerability exists in the way that th
 	NOT-FOR-US: Microsoft
 CVE-2020-1426 (An information disclosure vulnerability exists when the Windows kernel ...)
 	NOT-FOR-US: Microsoft
-CVE-2020-1425
-	RESERVED
+CVE-2020-1425 (A remoted code execution vulnerability exists in the way that Microsof ...)
+	TODO: check
 CVE-2020-1424 (An elevation of privilege vulnerability exists when the Windows Update ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1423 (An elevation of privilege vulnerability exists in the way that the Win ...)
@@ -169122,7 +169125,7 @@ CVE-2017-11740 (In Zoho ManageEngine Application Manager 13.1 Build 13100, the a
 	NOT-FOR-US: Zoho ManageEngine Application Manager
 CVE-2017-11739 (In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenti ...)
 	NOT-FOR-US: Zoho ManageEngine Application Manager
-CVE-2017-11738 (In Zoho ManageEngine Application Manager 13.1 Build 13100, the 'haid'  ...)
+CVE-2017-11738 (In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, th ...)
 	NOT-FOR-US: Zoho ManageEngine Application Manager
 CVE-2017-11737 (interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS ...)
 	- rspamd 1.7.6-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49d5fb3eb634ce14dbe2f05c0612eb0ccbc531a7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49d5fb3eb634ce14dbe2f05c0612eb0ccbc531a7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200727/8261e7dd/attachment.html>

More information about the debian-security-tracker-commits mailing list