[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jul 28 21:10:29 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
73ebf25b by security tracker role at 2020-07-28T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,17 @@
+CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious ...)
+ TODO: check
+CVE-2020-16093
+ RESERVED
+CVE-2020-16092
+ RESERVED
CVE-2020-16091
RESERVED
CVE-2020-16090
RESERVED
CVE-2020-16089
RESERVED
-CVE-2020-16088
- RESERVED
+CVE-2020-16088 (iked in OpenIKED, as used in OpenBSD through 6.7, allows authenticatio ...)
+ TODO: check
CVE-2020-16087
RESERVED
CVE-2020-16086
@@ -395,16 +401,15 @@ CVE-2020-15902 (Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link
NOT-FOR-US: Nagios XI
CVE-2020-15901 (ajaxhelper.php in Nagios XI before 5.7.2 allows remote attackers to ex ...)
NOT-FOR-US: Nagios XI
-CVE-2020-15900 [Memory Corruption]
- RESERVED
+CVE-2020-15900 (A memory corruption issue was found in Artifex Ghostscript 9.50 and 9. ...)
- ghostscript <unfixed>
[buster] - ghostscript <not-affected> (Vulnerable code introduced later)
[stretch] - ghostscript <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702582
NOTE: Introduced by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff (9.28rc1)
NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b
-CVE-2020-15899
- RESERVED
+CVE-2020-15899 (Grin 3.0.0 before 4.0.0 has insufficient validation of data related to ...)
+ TODO: check
CVE-2020-15898
RESERVED
CVE-2020-15897
@@ -498,8 +503,7 @@ CVE-2020-15865
RESERVED
CVE-2020-15864
RESERVED
-CVE-2020-15863 [stack-based overflow in xgmac_enet_send() in hw/net/xgmac.c]
- RESERVED
+CVE-2020-15863 (hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2 ...)
{DLA-2288-1}
- qemu 1:5.0-12
[buster] - qemu <postponed> (Minor issue, can be fixed along in next DSA)
@@ -849,14 +853,14 @@ CVE-2020-15717 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper valida
NOT-FOR-US: RosarioSIS
CVE-2020-15716 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...)
NOT-FOR-US: RosarioSIS
-CVE-2020-15715
- RESERVED
-CVE-2020-15714
- RESERVED
-CVE-2020-15713
- RESERVED
-CVE-2020-15712
- RESERVED
+CVE-2020-15715 (rConfig 3.9.5 could allow a remote authenticated attacker to execute a ...)
+ TODO: check
+CVE-2020-15714 (rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated a ...)
+ TODO: check
+CVE-2020-15713 (rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated a ...)
+ TODO: check
+CVE-2020-15712 (rConfig 3.9.5 could allow a remote authenticated attacker to traverse ...)
+ TODO: check
CVE-2020-15711 (In MISP before 2.4.129, setting a favourite homepage was not CSRF prot ...)
NOT-FOR-US: MISP
CVE-2020-15710
@@ -1045,52 +1049,52 @@ CVE-2020-15630
RESERVED
CVE-2020-15629
RESERVED
-CVE-2020-15628
- RESERVED
-CVE-2020-15627
- RESERVED
-CVE-2020-15626
- RESERVED
-CVE-2020-15625
- RESERVED
-CVE-2020-15624
- RESERVED
-CVE-2020-15623
- RESERVED
-CVE-2020-15622
- RESERVED
-CVE-2020-15621
- RESERVED
-CVE-2020-15620
- RESERVED
-CVE-2020-15619
- RESERVED
-CVE-2020-15618
- RESERVED
-CVE-2020-15617
- RESERVED
-CVE-2020-15616
- RESERVED
-CVE-2020-15615
- RESERVED
-CVE-2020-15614
- RESERVED
-CVE-2020-15613
- RESERVED
-CVE-2020-15612
- RESERVED
-CVE-2020-15611
- RESERVED
-CVE-2020-15610
- RESERVED
-CVE-2020-15609
- RESERVED
-CVE-2020-15608
- RESERVED
-CVE-2020-15607
- RESERVED
-CVE-2020-15606
- RESERVED
+CVE-2020-15628 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2020-15627 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2020-15626 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2020-15625 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2020-15624 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2020-15623 (This vulnerability allows remote attackers to write arbitrary files on ...)
+ TODO: check
+CVE-2020-15622 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2020-15621 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2020-15620 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2020-15619 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2020-15618 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2020-15617 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2020-15616 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2020-15615 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15614 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15613 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15612 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15611 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15610 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15609 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15608 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15607 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15606 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
CVE-2020-15605
RESERVED
CVE-2020-15604
@@ -1518,46 +1522,46 @@ CVE-2020-15437
RESERVED
CVE-2020-15436
RESERVED
-CVE-2020-15435
- RESERVED
-CVE-2020-15434
- RESERVED
-CVE-2020-15433
- RESERVED
-CVE-2020-15432
- RESERVED
-CVE-2020-15431
- RESERVED
-CVE-2020-15430
- RESERVED
-CVE-2020-15429
- RESERVED
-CVE-2020-15428
- RESERVED
-CVE-2020-15427
- RESERVED
-CVE-2020-15426
- RESERVED
-CVE-2020-15425
- RESERVED
-CVE-2020-15424
- RESERVED
-CVE-2020-15423
- RESERVED
-CVE-2020-15422
- RESERVED
-CVE-2020-15421
- RESERVED
-CVE-2020-15420
- RESERVED
-CVE-2020-15419
- RESERVED
-CVE-2020-15418
- RESERVED
-CVE-2020-15417
- RESERVED
-CVE-2020-15416
- RESERVED
+CVE-2020-15435 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15434 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15433 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15432 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15431 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15430 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15429 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15428 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15427 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15426 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15425 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15424 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15423 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15422 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15421 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15420 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-15419 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2020-15418 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2020-15417 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2020-15416 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+ TODO: check
CVE-2020-15415 (On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, c ...)
NOT-FOR-US: DrayTek
CVE-2020-15414
@@ -1572,8 +1576,8 @@ CVE-2020-15410
RESERVED
CVE-2020-15409
RESERVED
-CVE-2020-15408
- RESERVED
+CVE-2020-15408 (An issue was discovered in Pulse Secure Pulse Connect Secure before 9. ...)
+ TODO: check
CVE-2020-15407
RESERVED
CVE-2020-15406
@@ -2194,7 +2198,7 @@ CVE-2020-15121 (In radare2 before version 4.5.0, malformed PDB file names in the
NOTE: https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
NOTE: https://github.com/radareorg/radare2/issues/16945
NOTE: https://github.com/radareorg/radare2/pull/16966
-CVE-2020-15120 (An authenticated member of one project can modify and delete members o ...)
+CVE-2020-15120 (In "I hate money" before version 4.1.5, an authenticated member of one ...)
NOT-FOR-US: ihatemoney
CVE-2020-15119
RESERVED
@@ -5311,20 +5315,20 @@ CVE-2020-13921
RESERVED
CVE-2020-13920
RESERVED
-CVE-2020-13919
- RESERVED
-CVE-2020-13918
- RESERVED
-CVE-2020-13917
- RESERVED
-CVE-2020-13916
- RESERVED
-CVE-2020-13915
- RESERVED
-CVE-2020-13914
- RESERVED
-CVE-2020-13913
- RESERVED
+CVE-2020-13919 (emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow ...)
+ TODO: check
+CVE-2020-13918 (Incorrect access control in webs in Ruckus Wireless Unleashed through ...)
+ TODO: check
+CVE-2020-13917 (rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remot ...)
+ TODO: check
+CVE-2020-13916 (A stack buffer overflow in webs in Ruckus Wireless Unleashed through 2 ...)
+ TODO: check
+CVE-2020-13915 (Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed throu ...)
+ TODO: check
+CVE-2020-13914 (webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a rem ...)
+ TODO: check
+CVE-2020-13913 (An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102 ...)
+ TODO: check
CVE-2020-13912 (SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users ...)
NOT-FOR-US: SolarWinds Advanced Monitoring Agent
CVE-2020-13911 (Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a ...)
@@ -13375,7 +13379,7 @@ CVE-2020-11111 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the in
NOTE: https://github.com/FasterXML/jackson-databind/issues/2664
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
-CVE-2020-11110 (Grafana through 6.7.1 allows stored XSS. ...)
+CVE-2020-11110 (Grafana through 6.7.1 allows stored XSS due to insufficient input prot ...)
- grafana <removed>
CVE-2020-11109
RESERVED
@@ -14068,22 +14072,22 @@ CVE-2020-10932 (An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x
[stretch] - mbedtls <no-dsa> (Minor issue)
NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04
-CVE-2020-10930
- RESERVED
-CVE-2020-10929
- RESERVED
-CVE-2020-10928
- RESERVED
-CVE-2020-10927
- RESERVED
-CVE-2020-10926
- RESERVED
-CVE-2020-10925
- RESERVED
-CVE-2020-10924
- RESERVED
-CVE-2020-10923
- RESERVED
+CVE-2020-10930 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
+ TODO: check
+CVE-2020-10929 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2020-10928 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2020-10927 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2020-10926 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2020-10925 (This vulnerability allows network-adjacent attackers to compromise the ...)
+ TODO: check
+CVE-2020-10924 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+ TODO: check
+CVE-2020-10923 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+ TODO: check
CVE-2020-10922 (This vulnerability allows remote attackers to create a denial-of-servi ...)
NOT-FOR-US: C-MORE HMI
CVE-2020-10921 (This vulnerability allows remote attackers to issue commands on affect ...)
@@ -15048,7 +15052,7 @@ CVE-2020-10684 (A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x an
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1815519
NOTE: https://github.com/ansible/ansible/pull/68431
NOTE: https://github.com/ansible/ansible/commit/a9d2ceafe429171c0e2ad007058b88bae57c74ce
-CVE-2020-10683 (dom4j before 2.1.3 allows external DTDs and External Entities by defau ...)
+CVE-2020-10683 (dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and Ext ...)
{DLA-2191-1}
- dom4j <unfixed> (bug #958055)
[buster] - dom4j <no-dsa> (Minor issue)
@@ -22221,8 +22225,8 @@ CVE-2020-7687 (This affects all versions of package fast-http. There is no path
TODO: check
CVE-2020-7686 (This affects all versions of package rollup-plugin-dev-server. There i ...)
TODO: check
-CVE-2020-7685
- RESERVED
+CVE-2020-7685 (This affects all versions of package UmbracoForms. When using the defa ...)
+ TODO: check
CVE-2020-7684 (This affects all versions of package rollup-plugin-serve. There is no ...)
TODO: check
CVE-2020-7683 (This affects all versions of package rollup-plugin-server. There is no ...)
@@ -27807,8 +27811,8 @@ CVE-2020-5379
RESERVED
CVE-2020-5378
RESERVED
-CVE-2020-5377
- RESERVED
+CVE-2020-5377 (Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior ...)
+ TODO: check
CVE-2020-5376
RESERVED
CVE-2020-5375
@@ -30236,8 +30240,8 @@ CVE-2020-4467 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote at
NOT-FOR-US: IBM
CVE-2020-4466 (IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authentica ...)
NOT-FOR-US: IBM
-CVE-2020-4465
- RESERVED
+CVE-2020-4465 (IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and ...)
+ TODO: check
CVE-2020-4464 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional co ...)
NOT-FOR-US: IBM
CVE-2020-4463
@@ -30416,8 +30420,8 @@ CVE-2020-4377
RESERVED
CVE-2020-4376 (IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could ...)
NOT-FOR-US: IBM
-CVE-2020-4375
- RESERVED
+CVE-2020-4375 (IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 ...)
+ TODO: check
CVE-2020-4374
RESERVED
CVE-2020-4373
@@ -30528,12 +30532,12 @@ CVE-2020-4321
RESERVED
CVE-2020-4320 (IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9 ...)
NOT-FOR-US: IBM
-CVE-2020-4319
- RESERVED
-CVE-2020-4318
- RESERVED
-CVE-2020-4317
- RESERVED
+CVE-2020-4319 (IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and ...)
+ TODO: check
+CVE-2020-4318 (IBM Intelligent Operations Center for Emergency Management, Intelligen ...)
+ TODO: check
+CVE-2020-4317 (IBM Intelligent Operations Center for Emergency Management, Intelligen ...)
+ TODO: check
CVE-2020-4316 (IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure ...)
NOT-FOR-US: IBM
CVE-2020-4315
@@ -84927,8 +84931,8 @@ CVE-2019-4733
RESERVED
CVE-2019-4732 (IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7. ...)
NOT-FOR-US: IBM
-CVE-2019-4731
- RESERVED
+CVE-2019-4731 (IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highl ...)
+ TODO: check
CVE-2019-4730
RESERVED
CVE-2019-4729 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...)
@@ -119515,7 +119519,7 @@ CVE-2018-11696 (An issue was discovered in LibSass through 3.5.4. A NULL pointer
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/2665
NOTE: https://github.com/sass/libsass/commit/38f4c3699d06b64128bebc7cf1e8b3125be74dc4
-CVE-2018-11695 (An issue was discovered in LibSass through 3.5.2. A NULL pointer deref ...)
+CVE-2018-11695 (An issue was discovered in LibSass <3.5.3. A NULL pointer dereferen ...)
- libsass 3.5.4-1 (low)
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/2664
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73ebf25bdc13edb2e79818734769eef7563e8c4b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73ebf25bdc13edb2e79818734769eef7563e8c4b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200728/454a3f8a/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list