[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Jun 26 21:10:38 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6549e05e by security tracker role at 2020-06-26T20:10:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,97 @@
+CVE-2020-15353
+	RESERVED
+CVE-2020-15352
+	RESERVED
+CVE-2020-15351 (IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES ...)
+	TODO: check
+CVE-2020-15350
+	RESERVED
+CVE-2020-15349
+	RESERVED
+CVE-2020-15348 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManag ...)
+	TODO: check
+CVE-2020-15347 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b pa ...)
+	TODO: check
+CVE-2020-15346 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API wit ...)
+	TODO: check
+CVE-2020-15345 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_g ...)
+	TODO: check
+CVE-2020-15344 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_g ...)
+	TODO: check
+CVE-2020-15343 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_i ...)
+	TODO: check
+CVE-2020-15342 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_i ...)
+	TODO: check
+CVE-2020-15341 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated upda ...)
+	TODO: check
+CVE-2020-15340 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/A ...)
+	TODO: check
+CVE-2020-15339 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCa ...)
+	TODO: check
+CVE-2020-15338 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request M ...)
+	TODO: check
+CVE-2020-15337 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request M ...)
+	TODO: check
+CVE-2020-15336 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for / ...)
+	TODO: check
+CVE-2020-15335 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for / ...)
+	TODO: check
+CVE-2020-15334 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence inje ...)
+	TODO: check
+CVE-2020-15333 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discove ...)
+	TODO: check
+CVE-2020-15332 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/def ...)
+	TODO: check
+CVE-2020-15331 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRE ...)
+	TODO: check
+CVE-2020-15330 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in  ...)
+	TODO: check
+CVE-2020-15329 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permission ...)
+	TODO: check
+CVE-2020-15328 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blo ...)
+	TODO: check
+CVE-2020-15327 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without a ...)
+	TODO: check
+CVE-2020-15326 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate ...)
+	TODO: check
+CVE-2020-15325 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cook ...)
+	TODO: check
+CVE-2020-15324
+	RESERVED
+CVE-2020-15323
+	RESERVED
+CVE-2020-15322
+	RESERVED
+CVE-2020-15321
+	RESERVED
+CVE-2020-15320
+	RESERVED
+CVE-2020-15319
+	RESERVED
+CVE-2020-15318
+	RESERVED
+CVE-2020-15317
+	RESERVED
+CVE-2020-15316
+	RESERVED
+CVE-2020-15315
+	RESERVED
+CVE-2020-15314
+	RESERVED
+CVE-2020-15313
+	RESERVED
+CVE-2020-15312
+	RESERVED
+CVE-2020-15311 (Stash 1.0.3 allows SQL Injection via the downloadmp3.php download para ...)
+	TODO: check
+CVE-2020-15310
+	RESERVED
+CVE-2020-15309
+	RESERVED
+CVE-2020-15308 (Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-a ...)
+	TODO: check
+CVE-2020-15307
+	RESERVED
 CVE-2020-15306 (An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount a ...)
 	- openexr <unfixed>
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/738
@@ -592,10 +686,10 @@ CVE-2020-15019
 	RESERVED
 CVE-2020-15018 (playSMS through 1.4.3 is vulnerable to session fixation. ...)
 	NOT-FOR-US: playSMS
-CVE-2020-15017
-	RESERVED
-CVE-2020-15016
-	RESERVED
+CVE-2020-15017 (NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices ...)
+	TODO: check
+CVE-2020-15016 (NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-C ...)
+	TODO: check
 CVE-2020-15015 (The FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XS ...)
 	NOT-FOR-US: FileExplorer component in GleamTech FileUltimate
 CVE-2020-15014 (pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF. ...)
@@ -729,8 +823,8 @@ CVE-2020-14957
 	RESERVED
 CVE-2020-14956
 	RESERVED
-CVE-2020-14955
-	RESERVED
+CVE-2020-14955 (In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows l ...)
+	TODO: check
 CVE-2020-14953
 	RESERVED
 CVE-2020-14952
@@ -1717,8 +1811,8 @@ CVE-2020-14479
 	RESERVED
 CVE-2020-14478
 	RESERVED
-CVE-2020-14477
-	RESERVED
+CVE-2020-14477 (In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX V ...)
+	TODO: check
 CVE-2020-14476
 	RESERVED
 CVE-2020-14475 (A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0. ...)
@@ -3384,8 +3478,8 @@ CVE-2020-13893
 	RESERVED
 CVE-2020-13892 (The SportsPress plugin before 2.7.2 for WordPress allows XSS. ...)
 	NOT-FOR-US: SportsPress plugin for WordPress
-CVE-2020-13891
-	RESERVED
+CVE-2020-13891 (An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS ...)
+	TODO: check
 CVE-2020-13890 (The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an A ...)
 	NOT-FOR-US: Bootstrap theme
 CVE-2020-13889 (showAlert() in the administration panel in Bludit 3.12.0 allows XSS. ...)
@@ -8007,8 +8101,7 @@ CVE-2020-11998
 	RESERVED
 CVE-2020-11997
 	RESERVED
-CVE-2020-11996
-	RESERVED
+CVE-2020-11996 (A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat  ...)
 	- tomcat9 9.0.36-1
 	- tomcat8 <removed>
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/25/6
@@ -12562,8 +12655,7 @@ CVE-2020-10771
 	NOT-FOR-US: Infinispan
 CVE-2020-10770
 	RESERVED
-CVE-2020-10769
-	RESERVED
+CVE-2020-10769 (A buffer over-read flaw was found in RH kernel versions before 5.0 in  ...)
 	- linux 4.19.20-1
 	[stretch] - linux 4.9.161-1
 	[jessie] - linux 3.16.68-1
@@ -12644,8 +12736,7 @@ CVE-2020-10754 (It was found that nmcli, a command line interface to NetworkMana
 	NOTE: Only affects builds enabling ifcfg-rh settings plugin, source-wise only
 	NOTE: affected but not the Debian binary builds (and is RedHat/Fedora specific
 	NOTE: plugin).
-CVE-2020-10753 [rgw: sanitize newlines in s3 CORSConfiguration's ExposeHeader]
-	RESERVED
+CVE-2020-10753 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...)
 	- ceph <unfixed>
 	NOTE: https://github.com/ceph/ceph/pull/35773
 	NOTE: Fix: https://github.com/ceph/ceph/commit/1524d3c0c5cb11775313ea1e2bb36a93257947f2
@@ -12732,8 +12823,7 @@ CVE-2020-10729 [two random password lookups in same task return same value]
 CVE-2020-10728
 	RESERVED
 	NOT-FOR-US: automationbroker/apb
-CVE-2020-10727
-	RESERVED
+CVE-2020-10727 (A flaw was found in ActiveMQ Artemis management API from version 2.7.0 ...)
 	NOT-FOR-US: ApacheMQ Artemis
 CVE-2020-10726 (A vulnerability was found in DPDK versions 19.11 and above. A maliciou ...)
 	- dpdk 19.11.2-1 (bug #960936)
@@ -13109,16 +13199,16 @@ CVE-2020-10630 (SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software d
 	NOT-FOR-US: SAE IT-systems FW-50 Remote Telemetry Unit
 CVE-2020-10629 (WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. S ...)
 	NOT-FOR-US: WebAccess/NMS
-CVE-2020-10628
-	RESERVED
+CVE-2020-10628 (ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R1 ...)
+	TODO: check
 CVE-2020-10627
 	RESERVED
 CVE-2020-10626 (In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled sear ...)
 	NOT-FOR-US: Fazecast jSerialComm
 CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remo ...)
 	NOT-FOR-US: WebAccess/NMS
-CVE-2020-10624
-	RESERVED
+CVE-2020-10624 (ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R1 ...)
+	TODO: check
 CVE-2020-10623 (Multiple vulnerabilities could allow an attacker with low privileges t ...)
 	NOT-FOR-US: WebAccess/NMS
 CVE-2020-10622 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vu ...)
@@ -16690,8 +16780,8 @@ CVE-2020-9049
 	RESERVED
 CVE-2020-9048
 	RESERVED
-CVE-2020-9047
-	RESERVED
+CVE-2020-9047 (A vulnerability exists that could allow the execution of unauthorized  ...)
+	TODO: check
 CVE-2020-9046 (A vulnerability in all versions of Kantech EntraPass Editions could po ...)
 	NOT-FOR-US: Kantech
 CVE-2020-9045 (During installation or upgrade to Software House C•CURE 9000 v2. ...)
@@ -27683,8 +27773,8 @@ CVE-2020-4567
 	RESERVED
 CVE-2020-4566
 	RESERVED
-CVE-2020-4565
-	RESERVED
+CVE-2020-4565 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacke ...)
+	TODO: check
 CVE-2020-4564
 	RESERVED
 CVE-2020-4563
@@ -28367,8 +28457,8 @@ CVE-2020-4225
 	RESERVED
 CVE-2020-4224 (IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive inform ...)
 	NOT-FOR-US: IBM
-CVE-2020-4223
-	RESERVED
+CVE-2020-4223 (IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cros ...)
+	TODO: check
 CVE-2020-4222 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...)
 	NOT-FOR-US: IBM Spectrum Protect Plus
 CVE-2020-4221
@@ -82541,8 +82631,8 @@ CVE-2019-4652 (IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure fil
 	NOT-FOR-US: IBM Spectrum Protect Plus
 CVE-2019-4651 (IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injectio ...)
 	NOT-FOR-US: IBM
-CVE-2019-4650
-	RESERVED
+CVE-2019-4650 (IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A  ...)
+	TODO: check
 CVE-2019-4649
 	RESERVED
 CVE-2019-4648



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6549e05e16ac8134d83d4ac850ad835a387b0c67

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6549e05e16ac8134d83d4ac850ad835a387b0c67
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200626/70146bbc/attachment.html>

More information about the debian-security-tracker-commits mailing list