[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 30 21:10:31 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bcde472b by security tracker role at 2020-07-30T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2020-16165 (The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Inj ...)
+ TODO: check
+CVE-2020-16164 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x ...)
+ TODO: check
+CVE-2020-16163 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x ...)
+ TODO: check
+CVE-2020-16162 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x ...)
+ TODO: check
+CVE-2020-16161
+ RESERVED
+CVE-2020-16160
+ RESERVED
+CVE-2020-16159
+ RESERVED
+CVE-2020-16158
+ RESERVED
+CVE-2020-16157 (A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 vi ...)
+ TODO: check
+CVE-2020-16156
+ RESERVED
+CVE-2020-16155
+ RESERVED
+CVE-2020-16154
+ RESERVED
+CVE-2020-16153
+ RESERVED
+CVE-2020-16152
+ RESERVED
+CVE-2020-16151
+ RESERVED
+CVE-2020-16150
+ RESERVED
+CVE-2020-16149
+ RESERVED
+CVE-2020-16148
+ RESERVED
+CVE-2020-16147
+ RESERVED
+CVE-2020-16146
+ RESERVED
CVE-2020-16145
RESERVED
CVE-2020-16144
@@ -389,13 +429,14 @@ CVE-2020-15959
RESERVED
CVE-2020-15958
RESERVED
-CVE-2020-15957
- RESERVED
+CVE-2020-15957 (An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentral ...)
+ TODO: check
CVE-2020-15956
RESERVED
CVE-2020-15955
RESERVED
CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communicati ...)
+ {DLA-2300-1}
- kdepim-runtime <unfixed>
[buster] - kdepim-runtime <no-dsa> (Minor issue)
- kmail-account-wizard <unfixed>
@@ -728,6 +769,8 @@ CVE-2020-15818
CVE-2020-15817
RESERVED
CVE-2020-15862 [privilege escalation]
+ RESERVED
+ {DLA-2299-1}
- net-snmp 5.8+dfsg-4 (bug #965166)
NOTE: The commit https://github.com/net-snmp/net-snmp/commit/c2b96ee744392243782094432f657ded4e985a07
NOTE: disables NET-SNMP-EXTEND-MIB support by default. But it is still
@@ -1520,8 +1563,8 @@ CVE-2020-15513 (The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect A
NOT-FOR-US: Typo3 extension
CVE-2020-15512
RESERVED
-CVE-2020-15511
- RESERVED
+CVE-2020-15511 (HashiCorp Terraform Enterprise up to v202006-1 contained a default sig ...)
+ TODO: check
CVE-2020-15510
RESERVED
CVE-2020-15509 (Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library ...)
@@ -2348,12 +2391,12 @@ CVE-2020-15133
RESERVED
CVE-2020-15132
RESERVED
-CVE-2020-15131
- RESERVED
-CVE-2020-15130
- RESERVED
-CVE-2020-15129
- RESERVED
+CVE-2020-15131 (In SLP Validate (npm package slp-validate) before version 1.2.2, there ...)
+ TODO: check
+CVE-2020-15130 (In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnera ...)
+ TODO: check
+CVE-2020-15129 (In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists ...)
+ TODO: check
CVE-2020-15128
RESERVED
CVE-2020-15127
@@ -4269,11 +4312,11 @@ CVE-2020-14401 (An issue was discovered in LibVNCServer before 0.9.13. libvncser
{DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
NOTE: https://github.com/LibVNC/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af
-CVE-2020-14400 (An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned da ...)
+CVE-2020-14400 (** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. ...)
{DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
NOTE: https://github.com/LibVNC/libvncserver/commit/53073c8d7e232151ea2ecd8a1243124121e10e2d
-CVE-2020-14399 (An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned da ...)
+CVE-2020-14399 (** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. ...)
{DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
NOTE: https://github.com/LibVNC/libvncserver/commit/23e5cbe6b090d7f22982aee909a6a618174d3c2d
@@ -4512,8 +4555,7 @@ CVE-2020-14310
[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3
NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3f05d693d1274965ffbe4ba99080dc2c570944c6
-CVE-2020-14309
- RESERVED
+CVE-2020-14309 (There's an issue with grub2 in all versions before 2.06 when handling ...)
{DSA-4735-1}
- grub2 2.04-9
[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
@@ -4857,16 +4899,16 @@ CVE-2020-14164 (The WYSIWYG editor resource in Jira Server and Data Center befor
NOT-FOR-US: Atlassian
CVE-2020-14163 (An issue was discovered in ecma/operations/ecma-container-object.c in ...)
NOT-FOR-US: JerryScript
-CVE-2020-14162
- RESERVED
+CVE-2020-14162 (An issue was discovered in Pi-Hole through 5.0. The local www-data use ...)
+ TODO: check
CVE-2020-14161
RESERVED
CVE-2020-14160
RESERVED
CVE-2020-14159 (By using an Automate API in ConnectWise Automate before 2020.5.178, a ...)
NOT-FOR-US: ConnectWise
-CVE-2020-14158
- RESERVED
+CVE-2020-14158 (The ABUS Secvest FUMO50110 hybrid module does not have any security me ...)
+ TODO: check
CVE-2020-14157 (The wireless-communication feature of the ABUS Secvest FUBE50001 devic ...)
NOT-FOR-US: ABUS
CVE-2020-14156 (user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020 ...)
@@ -8348,7 +8390,7 @@ CVE-2020-12764 (Gnuteca 3.8 allows file.php?folder=/&file= Directory Travers
CVE-2020-12763 (TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable t ...)
NOT-FOR-US: TRENDnet ProView
CVE-2020-12762 (json-c through 0.14 has an integer overflow and out-of-bounds write vi ...)
- {DLA-2228-2 DLA-2228-1}
+ {DLA-2301-1 DLA-2228-2 DLA-2228-1}
- json-c 0.13.1+dfsg-8 (bug #960326)
NOTE: https://github.com/json-c/json-c/pull/592
NOTE: https://github.com/json-c/json-c/commit/099016b7e8d70a6d5dd814e788bba08d33d48426
@@ -8747,8 +8789,8 @@ CVE-2020-12622
RESERVED
CVE-2020-12621
RESERVED
-CVE-2020-12620
- RESERVED
+CVE-2020-12620 (Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.con ...)
+ TODO: check
CVE-2020-12619
RESERVED
CVE-2020-12618
@@ -15115,8 +15157,7 @@ CVE-2020-10715
CVE-2020-10714
RESERVED
NOT-FOR-US: WildFly Elytron
-CVE-2020-10713
- RESERVED
+CVE-2020-10713 (A flaw was found in grub2, prior to version 2.06. An attacker may use ...)
{DSA-4735-1}
- grub2 2.04-9
[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
@@ -21067,26 +21108,26 @@ CVE-2020-8224
RESERVED
CVE-2020-8223
RESERVED
-CVE-2020-8222
- RESERVED
-CVE-2020-8221
- RESERVED
-CVE-2020-8220
- RESERVED
-CVE-2020-8219
- RESERVED
-CVE-2020-8218
- RESERVED
-CVE-2020-8217
- RESERVED
-CVE-2020-8216
- RESERVED
+CVE-2020-8222 (A path traversal vulnerability exists in Pulse Connect Secure <9.1R ...)
+ TODO: check
+CVE-2020-8221 (A path traversal vulnerability exists in Pulse Connect Secure <9.1R ...)
+ TODO: check
+CVE-2020-8220 (A denial of service vulnerability exists in Pulse Connect Secure <9 ...)
+ TODO: check
+CVE-2020-8219 (An insufficient permission check vulnerability exists in Pulse Connect ...)
+ TODO: check
+CVE-2020-8218 (A code injection vulnerability exists in Pulse Connect Secure <9.1R ...)
+ TODO: check
+CVE-2020-8217 (A cross site scripting (XSS) vulnerability in Pulse Connect Secure < ...)
+ TODO: check
+CVE-2020-8216 (An information disclosure vulnerability in meeting of Pulse Connect Se ...)
+ TODO: check
CVE-2020-8215 (A buffer overflow is present in canvas version <= 1.6.9, which coul ...)
TODO: check
CVE-2020-8214 (A path traversal vulnerability in servey version < 3 allows an atta ...)
NOT-FOR-US: servey
-CVE-2020-8213
- RESERVED
+CVE-2020-8213 (An information exposure vulnerability exists in UniFi Protect v1.13.3 ...)
+ TODO: check
CVE-2020-8212
RESERVED
CVE-2020-8211
@@ -21099,19 +21140,19 @@ CVE-2020-8208
RESERVED
CVE-2020-8207 (Improper access control in Citrix Workspace app for Windows 1912 CU1 a ...)
NOT-FOR-US: Citrix
-CVE-2020-8206
- RESERVED
+CVE-2020-8206 (An improper authentication vulnerability exists in Pulse Connect Secur ...)
+ TODO: check
CVE-2020-8205 (The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable ...)
NOT-FOR-US: Node uppy
-CVE-2020-8204
- RESERVED
+CVE-2020-8204 (A cross site scripting (XSS) vulnerability exists in Pulse Connect Sec ...)
+ TODO: check
CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash <= ...)
- node-lodash 4.17.19+dfsg-1 (bug #965283)
[buster] - node-lodash <no-dsa> (Minor issue; can be fixed via point release)
[stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://hackerone.com/reports/712065
-CVE-2020-8202
- RESERVED
+CVE-2020-8202 (Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 a ...)
+ TODO: check
CVE-2020-8201
RESERVED
CVE-2020-8200
@@ -21130,8 +21171,8 @@ CVE-2020-8194 (Reflected code injection in Citrix ADC and Citrix Gateway version
NOT-FOR-US: Citrix
CVE-2020-8193 (Improper access control in Citrix ADC and Citrix Gateway versions befo ...)
NOT-FOR-US: Citrix
-CVE-2020-8192
- RESERVED
+CVE-2020-8192 (A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0 ...)
+ TODO: check
CVE-2020-8191 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...)
NOT-FOR-US: Citrix
CVE-2020-8190 (Incorrect file permissions in Citrix ADC and Citrix Gateway before ver ...)
@@ -22168,12 +22209,12 @@ CVE-2020-7831
RESERVED
CVE-2020-7830
RESERVED
-CVE-2020-7829
- RESERVED
-CVE-2020-7828
- RESERVED
-CVE-2020-7827
- RESERVED
+CVE-2020-7829 (DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vuln ...)
+ TODO: check
+CVE-2020-7828 (DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vuln ...)
+ TODO: check
+CVE-2020-7827 (DaviewIndy 8.98.7 and earlier version contain Use-After-Free vulnerabi ...)
+ TODO: check
CVE-2020-7826 (EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a ...)
NOT-FOR-US: EyeSurfer BflyInstallerX.ocx
CVE-2020-7825 (A vulnerability exists that could allow the execution of operating sys ...)
@@ -22428,8 +22469,8 @@ CVE-2020-7701
RESERVED
CVE-2020-7700
RESERVED
-CVE-2020-7699
- RESERVED
+CVE-2020-7699 (This affects the package express-fileupload before 1.1.8. If the parse ...)
+ TODO: check
CVE-2020-7698 (This affects the package Gerapy from 0 and before 0.9.3. The input bei ...)
TODO: check
CVE-2020-7697 (This affects all versions of package mock2easy. a malicious user could ...)
@@ -23535,8 +23576,8 @@ CVE-2020-7207
RESERVED
CVE-2020-7206 (HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has ...)
TODO: check
-CVE-2020-7205
- RESERVED
+CVE-2020-7205 (A potential security vulnerability has been identified in HPE Intellig ...)
+ TODO: check
CVE-2020-7204
RESERVED
CVE-2020-7203
@@ -27509,8 +27550,8 @@ CVE-2020-5612 (Cross-site scripting vulnerability in KonaWiki 2.2.0 and earlier
TODO: check
CVE-2020-5611 (Cross-site request forgery (CSRF) vulnerability in Social Sharing Plug ...)
TODO: check
-CVE-2020-5610
- RESERVED
+CVE-2020-5610 (Global TechStream (GTS) for TOYOTA dealers version 15.10.032 and earli ...)
+ TODO: check
CVE-2020-5609
RESERVED
CVE-2020-5608
@@ -31045,10 +31086,10 @@ CVE-2020-4188 (IBM Security Guardium 10.6 and 11.1 may use insufficiently random
NOT-FOR-US: IBM
CVE-2020-4187 (IBM Security Guardium 11.1 could disclose sensitive information on the ...)
NOT-FOR-US: IBM
-CVE-2020-4186
- RESERVED
-CVE-2020-4185
- RESERVED
+CVE-2020-4186 (IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive in ...)
+ TODO: check
+CVE-2020-4185 (IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected c ...)
+ TODO: check
CVE-2020-4184
RESERVED
CVE-2020-4183 (IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This ...)
@@ -32913,17 +32954,13 @@ CVE-2020-3703
RESERVED
CVE-2020-3702
RESERVED
-CVE-2020-3701
- RESERVED
+CVE-2020-3701 (Use after free issue while processing error notification from camx dri ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3700
- RESERVED
+CVE-2020-3700 (Possible out of bounds read due to a missing bounds check and could le ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3699
- RESERVED
+CVE-2020-3699 (Possible out of bound access while processing assoc response from host ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3698
- RESERVED
+CVE-2020-3698 (Out of bound write while QoS DSCP mapping due to improper input valida ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3697
RESERVED
@@ -32943,8 +32980,7 @@ CVE-2020-3690
RESERVED
CVE-2020-3689
RESERVED
-CVE-2020-3688
- RESERVED
+CVE-2020-3688 (Possible buffer overflow while parsing mp4 clip with corrupted sample ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3687
RESERVED
@@ -32978,8 +33014,8 @@ CVE-2020-3673
RESERVED
CVE-2020-3672
RESERVED
-CVE-2020-3671
- RESERVED
+CVE-2020-3671 (Use-after-free issue could occur due to dangling pointer when generati ...)
+ TODO: check
CVE-2020-3670
RESERVED
CVE-2020-3669
@@ -57889,8 +57925,7 @@ CVE-2019-14132 (Buffer over-write when this 0-byte buffer is typecasted to some
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14131 (Out of bound write can occur in radio measurement request if STA recei ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14130
- RESERVED
+CVE-2019-14130 (Memory corruption can occurs in trusted application if offset size fro ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14129
RESERVED
@@ -57902,11 +57937,9 @@ CVE-2019-14126
RESERVED
CVE-2019-14125
RESERVED
-CVE-2019-14124
- RESERVED
+CVE-2019-14124 (Memory failure in content protection module due to not having pointer ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14123
- RESERVED
+CVE-2019-14123 (Possible buffer overflow and over read possible due to missing bounds ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14122 (Memory failure in SKB if it fails to to add the requested padding to t ...)
NOT-FOR-US: Qualcomm components for Android
@@ -57950,14 +57983,12 @@ CVE-2019-14103
RESERVED
CVE-2019-14102
RESERVED
-CVE-2019-14101
- RESERVED
+CVE-2019-14101 (Out of bounds read can happen in diag event set mask command handler w ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14100
- RESERVED
+CVE-2019-14100 (Register write via debugfs is disabled by default to prevent register ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14099
- RESERVED
+CVE-2019-14099 (Device misbehavior may be observed when incorrect offset, length or nu ...)
+ TODO: check
CVE-2019-14098 (Possible buffer overflow in data offload handler due to lack of check ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14097 (Possible buffer overflow in WLAN Parser due to lack of length check wh ...)
@@ -57968,8 +57999,7 @@ CVE-2019-14095 (Buffer overflow occurs while processing LMP packet in which name
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14094 (Integer overflow in diag command handler when user inputs a large valu ...)
NOT-FOR-US: Snapdragon
-CVE-2019-14093
- RESERVED
+CVE-2019-14093 (Array out of bound access can occur in display module due to lack of b ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14092 (System Services exports services without permission protect and can le ...)
NOT-FOR-US: Snapdragon
@@ -58081,8 +58111,7 @@ CVE-2019-14039 (Out of bound read in adm call back function due to incorrect bou
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14038 (Buffer over-read in ADSP parse function due to lack of check for avail ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14037
- RESERVED
+CVE-2019-14037 (Close and bind operations done on a socket can lead to a Use-After-Fre ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14036 (Possible buffer overflow issue in error processing due to improper val ...)
NOT-FOR-US: Qualcomm components for Android
@@ -68811,8 +68840,7 @@ CVE-2019-10582 (Use after free issue due to using of invalidated iterator to del
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10581 (NULL is assigned to local instance of audio device pointer after free ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10580
- RESERVED
+CVE-2019-10580 (When kernel thread unregistered listener, Use after free issue happene ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10579 (Buffer over-read can occur while playing the video clip which is not s ...)
NOT-FOR-US: Qualcomm components for Android
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcde472b975ea720cbf0bded96a2d76589555e5a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcde472b975ea720cbf0bded96a2d76589555e5a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200730/773e14e2/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list