[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Jun 29 21:10:35 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ec96ed1d by security tracker role at 2020-06-29T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,15 @@
+CVE-2020-15367
+ RESERVED
+CVE-2020-15366
+ RESERVED
CVE-2020-15365 (LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in ...)
TODO: check
CVE-2020-15364 (The Nexos theme through 1.7 for WordPress allows top-map/?search_locat ...)
NOT-FOR-US: Wordpress theme
CVE-2020-15363 (The Nexos theme through 1.7 for WordPress allows side-map/?search_orde ...)
NOT-FOR-US: Wordpress theme
-CVE-2020-15362
- RESERVED
+CVE-2020-15362 (wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection b ...)
+ TODO: check
CVE-2020-15361
RESERVED
CVE-2020-15360 (com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalatio ...)
@@ -21,11 +25,11 @@ CVE-2020-15358 (In SQLite before 3.32.3, select.c mishandles query-flattener opt
NOTE: https://www.sqlite.org/src/info/10fa79d00f8091e5
NOTE: https://www.sqlite.org/src/tktview?name=8f157e8010
CVE-2020-15356
- RESERVED
+ REJECTED
CVE-2020-15355
- RESERVED
+ REJECTED
CVE-2020-15354
- RESERVED
+ REJECTED
CVE-2013-7489 (The Beaker library through 1.11.0 for Python is affected by deserializ ...)
TODO: check
CVE-2020-15353
@@ -86,32 +90,32 @@ CVE-2020-15326 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certi
NOT-FOR-US: Zyxel
CVE-2020-15325 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cook ...)
NOT-FOR-US: Zyxel
-CVE-2020-15324
- RESERVED
-CVE-2020-15323
- RESERVED
-CVE-2020-15322
- RESERVED
-CVE-2020-15321
- RESERVED
-CVE-2020-15320
- RESERVED
-CVE-2020-15319
- RESERVED
-CVE-2020-15318
- RESERVED
-CVE-2020-15317
- RESERVED
-CVE-2020-15316
- RESERVED
-CVE-2020-15315
- RESERVED
-CVE-2020-15314
- RESERVED
-CVE-2020-15313
- RESERVED
-CVE-2020-15312
- RESERVED
+CVE-2020-15324 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/ ...)
+ TODO: check
+CVE-2020-15323 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password ...)
+ TODO: check
+CVE-2020-15322 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM ha ...)
+ TODO: check
+CVE-2020-15321 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password fo ...)
+ TODO: check
+CVE-2020-15320 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for ...)
+ TODO: check
+CVE-2020-15319 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key ...)
+ TODO: check
+CVE-2020-15318 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...)
+ TODO: check
+CVE-2020-15317 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key ...)
+ TODO: check
+CVE-2020-15316 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH k ...)
+ TODO: check
+CVE-2020-15315 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...)
+ TODO: check
+CVE-2020-15314 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key ...)
+ TODO: check
+CVE-2020-15313 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH k ...)
+ TODO: check
+CVE-2020-15312 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...)
+ TODO: check
CVE-2020-15311 (Stash 1.0.3 allows SQL Injection via the downloadmp3.php download para ...)
NOT-FOR-US: Stash
CVE-2020-15310
@@ -602,8 +606,8 @@ CVE-2020-15071
RESERVED
CVE-2020-15070
RESERVED
-CVE-2020-15069
- RESERVED
+CVE-2020-15069 (Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow an ...)
+ TODO: check
CVE-2020-15068
RESERVED
CVE-2020-15067
@@ -660,8 +664,8 @@ CVE-2020-15045
RESERVED
CVE-2020-15044
RESERVED
-CVE-2020-15043
- RESERVED
+CVE-2020-15043 (iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling ...)
+ TODO: check
CVE-2020-15042
RESERVED
CVE-2020-15041 (PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Ad ...)
@@ -2282,12 +2286,12 @@ CVE-2020-14416 (In the Linux kernel before 5.4.16, a race condition in tty->d
[stretch] - linux 4.9.210-1+deb9u1
[jessie] - linux 3.16.84-1
NOTE: https://git.kernel.org/linus/0ace17d56824165c7f4c68785d6b58971db954dd
-CVE-2020-14414
- RESERVED
-CVE-2020-14413
- RESERVED
-CVE-2020-14412
- RESERVED
+CVE-2020-14414 (NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php imprope ...)
+ TODO: check
+CVE-2020-14413 (NeDi 1.9C is vulnerable to XSS because of an incorrect implementation ...)
+ TODO: check
+CVE-2020-14412 (NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.p ...)
+ TODO: check
CVE-2020-14411
RESERVED
CVE-2020-14410
@@ -2715,6 +2719,7 @@ CVE-2019-20839 (libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffe
- libvncserver 0.9.13+dfsg-1
NOTE: https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1
CVE-2018-21247 (An issue was discovered in LibVNCServer before 0.9.13. There is an inf ...)
+ {DSA-4383-1 DLA-1617-1}
- libvncserver 0.9.11+dfsg-1.2
NOTE: https://github.com/LibVNC/libvncserver/issues/253
NOTE: https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858
@@ -2898,8 +2903,7 @@ CVE-2020-14147 (An integer overflow in the getnum function in lua_struct.c in Re
NOTE: Fixed upstream in 6.0~rc2 and 5.0.8
CVE-2020-14146 (KumbiaPHP through 1.1.1, in Development mode, allows XSS via the publi ...)
NOT-FOR-US: KumbiaPHP
-CVE-2020-14145
- RESERVED
+CVE-2020-14145 (The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepan ...)
- openssh <unfixed> (unimportant)
NOTE: https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/
NOTE: https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf
@@ -3073,16 +3077,16 @@ CVE-2020-14074 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-base
NOT-FOR-US: TRENDnet
CVE-2020-14073 (XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map proper ...)
NOT-FOR-US: PRTG Network Monitor
-CVE-2020-14072
- RESERVED
-CVE-2020-14071
- RESERVED
-CVE-2020-14070
- RESERVED
-CVE-2020-14069
- RESERVED
-CVE-2020-14068
- RESERVED
+CVE-2020-14072 (An issue was discovered in MK-AUTH 19.01. It allows command execution ...)
+ TODO: check
+CVE-2020-14071 (An issue was discovered in MK-AUTH 19.01. XSS vulnerabilities in admin ...)
+ TODO: check
+CVE-2020-14070 (An issue was discovered in MK-AUTH 19.01. There is authentication bypa ...)
+ TODO: check
+CVE-2020-14069 (An issue was discovered in MK-AUTH 19.01. There are SQL injection issu ...)
+ TODO: check
+CVE-2020-14068 (An issue was discovered in MK-AUTH 19.01. The web login functionality ...)
+ TODO: check
CVE-2020-14067 (The install_from_hash functionality in Navigate CMS 2.9 does not consi ...)
NOT-FOR-US: Navigate CMS
CVE-2020-14066
@@ -3273,8 +3277,7 @@ CVE-2020-14004 (An issue was discovered in Icinga2 before v2.12.0-rc1. The prepa
NOTE: https://github.com/Icinga/icinga2/commit/2f0f2e8c355b75fa4407d23f85feea037d2bc4b6
CVE-2020-14003
RESERVED
-CVE-2020-14002 [Dynamic host key policy leaks information about known host keys]
- RESERVED
+CVE-2020-14002 (PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an in ...)
- putty 0.74-1
[buster] - putty <no-dsa> (Minor issue)
[stretch] - putty <no-dsa> (Minor issue)
@@ -3519,8 +3522,8 @@ CVE-2020-13898 (An issue was discovered in janus-gateway (aka Janus WebRTC Serve
NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/2ed485d04630b9ee9de7c96517135654b7f32120
CVE-2020-13897 (HESK before 3.1.10 allows reflected XSS. ...)
NOT-FOR-US: HESK
-CVE-2020-13896
- RESERVED
+CVE-2020-13896 (The web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows remot ...)
+ TODO: check
CVE-2020-13894 (handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows ...)
NOT-FOR-US: DEXT5 Editor
CVE-2020-13893
@@ -4190,8 +4193,8 @@ CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL poi
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=77f55eac6c433e23e82a1b88b2d74f385c4c7d82
CVE-2020-13658
RESERVED
-CVE-2020-13657
- RESERVED
+CVE-2020-13657 (An elevation of privilege vulnerability exists in Avast Free Antivirus ...)
+ TODO: check
CVE-2020-13656 (In Morgan Stanley Hobbes through 2020-05-21, the array implementation ...)
NOT-FOR-US: Hobbes
CVE-2020-13655
@@ -4718,8 +4721,8 @@ CVE-2020-13425 (TrackR devices through 2020-05-06 allow attackers to trigger the
NOT-FOR-US: TrackR
CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows Authenticated Lo ...)
NOT-FOR-US: Joomla addon
-CVE-2020-13423
- RESERVED
+CVE-2020-13423 (Form Builder 2.1.0 for Magento has multiple XSS issues that can be exp ...)
+ TODO: check
CVE-2020-13422
RESERVED
CVE-2020-13421
@@ -6620,8 +6623,8 @@ CVE-2018-21233 (TensorFlow before 1.7.0 has an integer overflow that causes an o
- tensorflow <itp> (bug #804612)
CVE-2020-12636
RESERVED
-CVE-2020-12635
- RESERVED
+CVE-2020-12635 (XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento ...)
+ TODO: check
CVE-2020-12634
RESERVED
CVE-2020-12633
@@ -8050,40 +8053,40 @@ CVE-2020-12049 (An issue was discovered in dbus >= 1.3.0 before 1.12.18. The
NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/issues/294
NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/272d484283883fa9ff95b69d924fff6cd34842f5
NOTE: Test: https://gitlab.freedesktop.org/dbus/dbus/-/commit/8bc1381819e5a845331650bfa28dacf6d2ac1748
-CVE-2020-12048
- RESERVED
-CVE-2020-12047
- RESERVED
+CVE-2020-12048 (Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hem ...)
+ TODO: check
+CVE-2020-12047 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), whe ...)
+ TODO: check
CVE-2020-12046 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmwar ...)
NOT-FOR-US: Opto 22 SoftPAC Project
-CVE-2020-12045
- RESERVED
+CVE-2020-12045 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when ...)
+ TODO: check
CVE-2020-12044
RESERVED
-CVE-2020-12043
- RESERVED
+CVE-2020-12043 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when ...)
+ TODO: check
CVE-2020-12042 (Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within ...)
NOT-FOR-US: Opto 22 SoftPAC Project
-CVE-2020-12041
- RESERVED
-CVE-2020-12040
- RESERVED
-CVE-2020-12039
- RESERVED
+CVE-2020-12041 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) teln ...)
+ TODO: check
+CVE-2020-12040 (Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spec ...)
+ TODO: check
+CVE-2020-12039 (Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v' ...)
+ TODO: check
CVE-2020-12038 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...)
NOT-FOR-US: Rockwell Automation
-CVE-2020-12037
- RESERVED
-CVE-2020-12036
- RESERVED
-CVE-2020-12035
- RESERVED
+CVE-2020-12037 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...)
+ TODO: check
+CVE-2020-12036 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...)
+ TODO: check
+CVE-2020-12035 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...)
+ TODO: check
CVE-2020-12034 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...)
NOT-FOR-US: Rockwell Automation
CVE-2020-12033 (In Rockwell Automation FactoryTalk Services Platform, all versions, th ...)
NOT-FOR-US: Rockwell Automation
-CVE-2020-12032
- RESERVED
+CVE-2020-12032 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Vers ...)
+ TODO: check
CVE-2020-12031
RESERVED
CVE-2020-12030
@@ -8098,40 +8101,40 @@ CVE-2020-12026 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12025
RESERVED
-CVE-2020-12024
- RESERVED
+CVE-2020-12024 (Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix ...)
+ TODO: check
CVE-2020-12023 (Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, Intel ...)
NOT-FOR-US: Philips
CVE-2020-12022 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An i ...)
NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12021 (In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous vers ...)
NOT-FOR-US: OSIsoft PI Web
-CVE-2020-12020
- RESERVED
+CVE-2020-12020 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix E ...)
+ TODO: check
CVE-2020-12019 (WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based ...)
NOT-FOR-US: WebAccess Node
CVE-2020-12018 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An o ...)
NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12017 (GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmw ...)
NOT-FOR-US: GE Grid Solutions Reason RT Clocks
-CVE-2020-12016
- RESERVED
+CVE-2020-12016 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Vers ...)
+ TODO: check
CVE-2020-12015
RESERVED
CVE-2020-12014 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Inpu ...)
NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12013
RESERVED
-CVE-2020-12012
- RESERVED
+CVE-2020-12012 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Vers ...)
+ TODO: check
CVE-2020-12011
RESERVED
CVE-2020-12010 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12009
RESERVED
-CVE-2020-12008
- RESERVED
+CVE-2020-12008 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Vers ...)
+ TODO: check
CVE-2020-12007
RESERVED
CVE-2020-12006 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
@@ -18015,8 +18018,8 @@ CVE-2020-8575
RESERVED
CVE-2020-8574
RESERVED
-CVE-2020-8573
- RESERVED
+CVE-2020-8573 (The NetApp HCI H610S Baseboard Management Controller (BMC) is shipped ...)
+ TODO: check
CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior to vers ...)
NOT-FOR-US: Element OS
CVE-2020-8571 (StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11 ...)
@@ -19303,18 +19306,18 @@ CVE-2020-8026
RESERVED
CVE-2020-8025
RESERVED
-CVE-2020-8024
- RESERVED
+CVE-2020-8024 (A Incorrect Default Permissions vulnerability in the packaging of hyla ...)
+ TODO: check
CVE-2020-8023
RESERVED
-CVE-2020-8022
- RESERVED
+CVE-2020-8022 (A Incorrect Default Permissions vulnerability in the packaging of tomc ...)
+ TODO: check
CVE-2020-8021 (a Improper Access Control vulnerability in of Open Build Service allow ...)
TODO: check
CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation vulnerab ...)
TODO: check
-CVE-2020-8019
- RESERVED
+CVE-2020-8019 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...)
+ TODO: check
CVE-2020-8018 (A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST- ...)
NOT-FOR-US: Some SLES images
CVE-2020-8017 (A Race Condition Enabling Link Following vulnerability in the cron job ...)
@@ -19323,8 +19326,8 @@ CVE-2020-8016 (A Race Condition Enabling Link Following vulnerability in the pac
NOT-FOR-US: SuSE packaging of TexLive
CVE-2020-8015 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...)
NOT-FOR-US: SuSE packaging of TexLive
-CVE-2020-8014
- RESERVED
+CVE-2020-8014 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...)
+ TODO: check
CVE-2020-8013 (A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of S ...)
NOT-FOR-US: chkstat
CVE-2020-8012 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...)
@@ -24137,11 +24140,13 @@ CVE-2020-6064 (An exploitable out-of-bounds write vulnerability exists in the un
CVE-2020-6063 (An exploitable out-of-bounds write vulnerability exists in the uncompr ...)
NOT-FOR-US: Accusoft ImageGear
CVE-2020-6062 (An exploitable denial-of-service vulnerability exists in the way CoTUR ...)
+ {DSA-4711-1}
- coturn 4.5.1.1-1.2 (bug #951876)
[jessie] - coturn <not-affected> (Vulnerable code introduced later)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985
NOTE: https://github.com/coturn/coturn/commit/e09bcd9f7af5b32c81b37f51835b384b5a7d03a8
CVE-2020-6061 (An exploitable heap overflow vulnerability exists in the way CoTURN 4. ...)
+ {DSA-4711-1}
- coturn 4.5.1.1-1.2 (bug #951876)
[jessie] - coturn <not-affected> (Vulnerable code introduced later)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984
@@ -27857,8 +27862,8 @@ CVE-2020-4559
RESERVED
CVE-2020-4558
RESERVED
-CVE-2020-4557
- RESERVED
+CVE-2020-4557 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business ...)
+ TODO: check
CVE-2020-4556
RESERVED
CVE-2020-4555
@@ -28067,8 +28072,8 @@ CVE-2020-4454
RESERVED
CVE-2020-4453
RESERVED
-CVE-2020-4452
- RESERVED
+CVE-2020-4452 (IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expec ...)
+ TODO: check
CVE-2020-4451
RESERVED
CVE-2020-4450 (IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a ...)
@@ -28839,6 +28844,7 @@ CVE-2020-4068 (In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely
TODO: check
CVE-2020-4067 [STUN response buffer not initialized properly]
RESERVED
+ {DSA-4711-1}
- coturn 4.5.1.3-1
NOTE: https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm
NOTE: https://github.com/coturn/coturn/commit/170da1140797748ae85565b5a93a2e35e7b07b6a
@@ -34775,8 +34781,8 @@ CVE-2020-2023 (Kata Containers doesn't restrict containers from accessing the gu
NOT-FOR-US: Kata Containers
CVE-2020-2022
RESERVED
-CVE-2020-2021
- RESERVED
+CVE-2020-2021 (When Security Assertion Markup Language (SAML) authentication is enabl ...)
+ TODO: check
CVE-2020-2020
RESERVED
CVE-2020-2019
@@ -36916,8 +36922,8 @@ CVE-2019-19162 (A use-after-free vulnerability in the TOBESOFT XPLATFORM version
NOT-FOR-US: TOBESOFT XPLATFORM
CVE-2019-19161
RESERVED
-CVE-2019-19160
- RESERVED
+CVE-2019-19160 (Reportexpress ProPlus contains a vulnerability that could allow an arb ...)
+ TODO: check
CVE-2019-19159
RESERVED
CVE-2019-19158
@@ -41684,28 +41690,28 @@ CVE-2019-18258
RESERVED
CVE-2019-18257 (In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple ...)
NOT-FOR-US: Advantech
-CVE-2019-18256
- RESERVED
+CVE-2019-18256 (BIOTRONIK CardioMessenger II, The affected products use individual per ...)
+ TODO: check
CVE-2019-18255
RESERVED
-CVE-2019-18254
- RESERVED
+CVE-2019-18254 (BIOTRONIK CardioMessenger II, The affected products do not encrypt sen ...)
+ TODO: check
CVE-2019-18253 (An attacker could use specially crafted paths in a specific request to ...)
NOT-FOR-US: Relion
-CVE-2019-18252
- RESERVED
+CVE-2019-18252 (BIOTRONIK CardioMessenger II, The affected products allow credential r ...)
+ TODO: check
CVE-2019-18251 (In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervis ...)
NOT-FOR-US: Omron
CVE-2019-18250 (In all versions of ABB Power Generation Information Manager (PGIM) and ...)
NOT-FOR-US: ABB
CVE-2019-18249 (Reliable Controls MACH-ProWebCom/Sys, all versions prior to 2.15 (Firm ...)
NOT-FOR-US: Reliable Controls
-CVE-2019-18248
- RESERVED
+CVE-2019-18248 (BIOTRONIK CardioMessenger II, The affected products transmit credentia ...)
+ TODO: check
CVE-2019-18247 (An attacker may use a specially crafted message to force Relion 650 se ...)
NOT-FOR-US: Relion
-CVE-2019-18246
- RESERVED
+CVE-2019-18246 (BIOTRONIK CardioMessenger II, The affected products do not properly en ...)
+ TODO: check
CVE-2019-18245 (Reliable Controls LicenseManager versions 3.4 and prior may allow an a ...)
NOT-FOR-US: Reliable Controls LicenseManager
CVE-2019-18244 (OSIsoft PI Vision, PI Vision 2017 R2, PI Vision 2017 R2 SP1, PI Vision ...)
@@ -84962,8 +84968,8 @@ CVE-2019-3683 (The keystone-json-assignment package in SUSE Openstack Cloud 8 be
NOT-FOR-US: SuSE Openstack Cloud
CVE-2019-3682 (The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7 ...)
NOT-FOR-US: SuSE
-CVE-2019-3681
- RESERVED
+CVE-2019-3681 (A External Control of File Name or Path vulnerability in osc of SUSE L ...)
+ TODO: check
CVE-2019-3680
RESERVED
CVE-2019-3679
@@ -131876,8 +131882,8 @@ CVE-2018-6448
RESERVED
CVE-2018-6447
RESERVED
-CVE-2018-6446
- RESERVED
+CVE-2018-6446 (A vulnerability in Brocade Network Advisor Version Before 14.3.1 could ...)
+ TODO: check
CVE-2018-6445 (A Vulnerability in Brocade Network Advisor versions before 14.0.3 coul ...)
NOT-FOR-US: Brocade
CVE-2018-6444 (A Vulnerability in Brocade Network Advisor versions before 14.1.0 coul ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec96ed1d0f771cbfdf831d48cabcf1e40aba710f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec96ed1d0f771cbfdf831d48cabcf1e40aba710f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200629/617b8e1e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list