[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue May 12 21:10:26 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
26cdbb13 by security tracker role at 2020-05-12T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2020-12826 (A signal access-control issue was discovered in the Linux kernel befor ...)
+	TODO: check
+CVE-2020-12825 (libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any ...)
+	TODO: check
+CVE-2020-12824
+	RESERVED
+CVE-2020-12823 (OpenConnect 8.09 has a buffer overflow, causing a denial of service (a ...)
+	TODO: check
+CVE-2020-12822
+	RESERVED
+CVE-2020-12821
+	RESERVED
+CVE-2020-12820
+	RESERVED
+CVE-2020-12819
+	RESERVED
+CVE-2020-12818
+	RESERVED
+CVE-2020-12817
+	RESERVED
+CVE-2020-12816
+	RESERVED
+CVE-2020-12815
+	RESERVED
+CVE-2020-12814
+	RESERVED
+CVE-2020-12813
+	RESERVED
+CVE-2020-12812
+	RESERVED
+CVE-2020-12811
+	RESERVED
+CVE-2020-12810
+	RESERVED
+CVE-2020-12809
+	RESERVED
+CVE-2020-12808
+	RESERVED
+CVE-2020-12807
+	RESERVED
+CVE-2020-12806
+	RESERVED
+CVE-2020-12805
+	RESERVED
+CVE-2020-12804
+	RESERVED
+CVE-2020-12803
+	RESERVED
+CVE-2020-12802
+	RESERVED
+CVE-2020-12801
+	RESERVED
+CVE-2020-12800
+	RESERVED
 CVE-2020-12799
 	RESERVED
 CVE-2020-12798
@@ -6282,8 +6336,8 @@ CVE-2020-10743
 	RESERVED
 CVE-2020-10742
 	RESERVED
-CVE-2020-10741
-	RESERVED
+CVE-2020-10741 (A flaw was found in the Linux kernel loose validation of child/parent  ...)
+	TODO: check
 CVE-2020-10740
 	RESERVED
 CVE-2020-10739
@@ -6387,8 +6441,7 @@ CVE-2020-10708 [race condition in kernel/audit.c may allow low privilege users t
 	NOTE: Disputed and negligigle imapct
 CVE-2020-10707
 	REJECTED
-CVE-2020-10706
-	RESERVED
+CVE-2020-10706 (A flaw was found in OpenShift Container Platform where OAuth tokens ar ...)
 	NOT-FOR-US: OpenShift
 CVE-2020-10705
 	RESERVED
@@ -9659,7 +9712,7 @@ CVE-2020-9312
 CVE-2020-9311
 	RESERVED
 CVE-2020-9310
-	RESERVED
+	REJECTED
 CVE-2020-9309
 	RESERVED
 CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts ...)
@@ -12289,24 +12342,24 @@ CVE-2020-8161
 	RESERVED
 CVE-2020-8160
 	RESERVED
-CVE-2020-8159
-	RESERVED
+CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2.1 th ...)
+	TODO: check
 CVE-2020-8158
 	RESERVED
 CVE-2020-8157 (UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Ke ...)
 	NOT-FOR-US: UniFi Cloud Key
-CVE-2020-8156
-	RESERVED
-CVE-2020-8155
-	RESERVED
-CVE-2020-8154
-	RESERVED
-CVE-2020-8153
-	RESERVED
+CVE-2020-8156 (A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed ...)
+	TODO: check
+CVE-2020-8155 (An outdated 3rd party library in the Files PDF viewer for Nextcloud Se ...)
+	TODO: check
+CVE-2020-8154 (An Insecure direct object reference vulnerability in Nextcloud Server  ...)
+	TODO: check
+CVE-2020-8153 (Improper access control in Groupfolders app 4.0.3 allowed to delete hi ...)
+	TODO: check
 CVE-2020-8152
 	RESERVED
-CVE-2020-8151
-	RESERVED
+CVE-2020-8151 (There is a possible information disclosure issue in Active Resource &l ...)
+	TODO: check
 CVE-2020-8150
 	RESERVED
 CVE-2020-8149
@@ -16897,52 +16950,52 @@ CVE-2020-6264
 	RESERVED
 CVE-2020-6263
 	RESERVED
-CVE-2020-6262
-	RESERVED
+CVE-2020-6262 (Service Data Download in SAP Application Server ABAP (ST-PI, before ve ...)
+	TODO: check
 CVE-2020-6261
 	RESERVED
 CVE-2020-6260
 	RESERVED
-CVE-2020-6259
-	RESERVED
-CVE-2020-6258
-	RESERVED
-CVE-2020-6257
-	RESERVED
-CVE-2020-6256
-	RESERVED
+CVE-2020-6259 (Under certain conditions SAP Adaptive Server Enterprise, versions 15.7 ...)
+	TODO: check
+CVE-2020-6258 (SAP Identity Management, version 8.0, does not perform necessary autho ...)
+	TODO: check
+CVE-2020-6257 (SAP Business Objects Business Intelligence Platform (CMC and BI Launch ...)
+	TODO: check
+CVE-2020-6256 (SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 8 ...)
+	TODO: check
 CVE-2020-6255
 	RESERVED
-CVE-2020-6254
-	RESERVED
-CVE-2020-6253
-	RESERVED
-CVE-2020-6252
-	RESERVED
-CVE-2020-6251
-	RESERVED
-CVE-2020-6250
-	RESERVED
-CVE-2020-6249
-	RESERVED
-CVE-2020-6248
-	RESERVED
-CVE-2020-6247
-	RESERVED
+CVE-2020-6254 (SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficien ...)
+	TODO: check
+CVE-2020-6253 (Under certain conditions, SAP Adaptive Server Enterprise (Web Services ...)
+	TODO: check
+CVE-2020-6252 (Under certain conditions SAP Adaptive Server Enterprise (Cockpit), ver ...)
+	TODO: check
+CVE-2020-6251 (Under certain conditions or error scenarios SAP Business Objects Busin ...)
+	TODO: check
+CVE-2020-6250 (SAP Adaptive Server Enterprise, version 16.0, allows an authenticated  ...)
+	TODO: check
+CVE-2020-6249 (The use of an admin backend report within SAP Master Data Governance,  ...)
+	TODO: check
+CVE-2020-6248 (SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not ...)
+	TODO: check
+CVE-2020-6247 (SAP Business Objects Business Intelligence Platform, version 4.2, allo ...)
+	TODO: check
 CVE-2020-6246
 	RESERVED
-CVE-2020-6245
-	RESERVED
-CVE-2020-6244
-	RESERVED
-CVE-2020-6243
-	RESERVED
-CVE-2020-6242
-	RESERVED
-CVE-2020-6241
-	RESERVED
-CVE-2020-6240
-	RESERVED
+CVE-2020-6245 (SAP Business Objects Business Intelligence Platform, version 4.2, allo ...)
+	TODO: check
+CVE-2020-6244 (SAP Business Client, version 7.0, allows an attacker after a successfu ...)
+	TODO: check
+CVE-2020-6243 (Under certain conditions, SAP Adaptive Server Enterprise (XP Server on ...)
+	TODO: check
+CVE-2020-6242 (SAP Business Objects Business Intelligence Platform (Live Data Connect ...)
+	TODO: check
+CVE-2020-6241 (SAP Adaptive Server Enterprise, version 16.0, allows an authenticated  ...)
+	TODO: check
+CVE-2020-6240 (SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 75 ...)
+	TODO: check
 CVE-2020-6239
 	RESERVED
 CVE-2020-6238 (SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process  ...)
@@ -17711,12 +17764,12 @@ CVE-2020-5900
 	RESERVED
 CVE-2020-5899
 	RESERVED
-CVE-2020-5898
-	RESERVED
-CVE-2020-5897
-	RESERVED
-CVE-2020-5896
-	RESERVED
+CVE-2020-5898 (In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver d ...)
+	TODO: check
+CVE-2020-5897 (In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability  ...)
+	TODO: check
+CVE-2020-5896 (On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Se ...)
+	TODO: check
 CVE-2020-5895 (On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and ...)
 	TODO: check
 CVE-2020-5894 (On versions 3.0.0-3.3.0, the NGINX Controller webserver does not inval ...)
@@ -19167,8 +19220,8 @@ CVE-2020-5249 (In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application usin
 	- puma 3.12.4-1 (bug #953122)
 	NOTE: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
 	NOTE: https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3
-CVE-2020-5248
-	RESERVED
+CVE-2020-5248 (GLPI before before version 9.4.6 has a vulnerability involving a defau ...)
+	TODO: check
 CVE-2020-5247 (In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application us ...)
 	- puma 3.12.4-1 (bug #952766)
 	NOTE: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
@@ -21481,8 +21534,8 @@ CVE-2020-4348
 	RESERVED
 CVE-2020-4347 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subjec ...)
 	NOT-FOR-US: IBM
-CVE-2020-4346
-	RESERVED
+CVE-2020-4346 (IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server ha ...)
+	TODO: check
 CVE-2020-4345
 	RESERVED
 CVE-2020-4344
@@ -21783,8 +21836,8 @@ CVE-2020-4197 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be store
 	NOT-FOR-US: IBM
 CVE-2020-4196 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...)
 	NOT-FOR-US: IBM
-CVE-2020-4195
-	RESERVED
+CVE-2020-4195 (IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote a ...)
+	TODO: check
 CVE-2020-4194
 	RESERVED
 CVE-2020-4193
@@ -28405,8 +28458,7 @@ CVE-2020-1941
 	RESERVED
 CVE-2020-1940 (The optional initial password change and password expiration features  ...)
 	NOT-FOR-US: Apache Jackrabbit Oak
-CVE-2020-1939
-	RESERVED
+CVE-2020-1939 (The Apache NuttX (Incubating) project provides an optional separate "a ...)
 	NOT-FOR-US: Apache NuttX
 CVE-2020-1938 (When using the Apache JServ Protocol (AJP), care must be taken when tr ...)
 	{DSA-4680-1 DSA-4673-1 DLA-2209-1 DLA-2133-1}
@@ -29207,8 +29259,7 @@ CVE-2019-19365
 	RESERVED
 CVE-2020-1764 (A hard-coded cryptographic key vulnerability in the default configurat ...)
 	NOT-FOR-US: Kiali
-CVE-2020-1763
-	RESERVED
+CVE-2020-1763 (An out-of-bounds buffer read flaw was found in the pluto daemon of lib ...)
 	- libreswan <unfixed> (bug #960458)
 	NOTE: Introduced by: https://github.com/libreswan/libreswan/commit/fa004e7d4b83fbeaa8d0f6d8430a96aed97a97b9 (v3.27)
 	NOTE: Fixed by: https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8
@@ -29284,8 +29335,7 @@ CVE-2020-1747 (A vulnerability was discovered in the PyYAML library in versions
 	[stretch] - pyyaml <not-affected> (Loader/Constructor classes are unsafe in this version)
 	[jessie] - pyyaml <not-affected> (Loader/Constructor classes are unsafe in this version)
 	NOTE: https://github.com/yaml/pyyaml/pull/386
-CVE-2020-1746 [Information disclosure issue in ldap_attr and ldap_entry modules]
-	RESERVED
+CVE-2020-1746 (A flaw was found in the Ansible Engine affecting Ansible Engine versio ...)
 	- ansible <unfixed>
 	[stretch] - ansible <not-affected> (Vulnerable code introduced later)
 	[jessie] - ansible <not-affected> (Vulnerable code introduced later)
@@ -76142,8 +76192,8 @@ CVE-2019-4480
 	RESERVED
 CVE-2019-4479
 	RESERVED
-CVE-2019-4478
-	RESERVED
+CVE-2019-4478 (IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authentica ...)
+	TODO: check
 CVE-2019-4477 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a  ...)
 	NOT-FOR-US: IBM
 CVE-2019-4476



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26cdbb13377972440a80b415eaf85be7f773b6c0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26cdbb13377972440a80b415eaf85be7f773b6c0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200512/d5862053/attachment.html>


More information about the debian-security-tracker-commits mailing list