[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue May 12 21:10:26 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
26cdbb13 by security tracker role at 2020-05-12T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2020-12826 (A signal access-control issue was discovered in the Linux kernel befor ...)
+ TODO: check
+CVE-2020-12825 (libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any ...)
+ TODO: check
+CVE-2020-12824
+ RESERVED
+CVE-2020-12823 (OpenConnect 8.09 has a buffer overflow, causing a denial of service (a ...)
+ TODO: check
+CVE-2020-12822
+ RESERVED
+CVE-2020-12821
+ RESERVED
+CVE-2020-12820
+ RESERVED
+CVE-2020-12819
+ RESERVED
+CVE-2020-12818
+ RESERVED
+CVE-2020-12817
+ RESERVED
+CVE-2020-12816
+ RESERVED
+CVE-2020-12815
+ RESERVED
+CVE-2020-12814
+ RESERVED
+CVE-2020-12813
+ RESERVED
+CVE-2020-12812
+ RESERVED
+CVE-2020-12811
+ RESERVED
+CVE-2020-12810
+ RESERVED
+CVE-2020-12809
+ RESERVED
+CVE-2020-12808
+ RESERVED
+CVE-2020-12807
+ RESERVED
+CVE-2020-12806
+ RESERVED
+CVE-2020-12805
+ RESERVED
+CVE-2020-12804
+ RESERVED
+CVE-2020-12803
+ RESERVED
+CVE-2020-12802
+ RESERVED
+CVE-2020-12801
+ RESERVED
+CVE-2020-12800
+ RESERVED
CVE-2020-12799
RESERVED
CVE-2020-12798
@@ -6282,8 +6336,8 @@ CVE-2020-10743
RESERVED
CVE-2020-10742
RESERVED
-CVE-2020-10741
- RESERVED
+CVE-2020-10741 (A flaw was found in the Linux kernel loose validation of child/parent ...)
+ TODO: check
CVE-2020-10740
RESERVED
CVE-2020-10739
@@ -6387,8 +6441,7 @@ CVE-2020-10708 [race condition in kernel/audit.c may allow low privilege users t
NOTE: Disputed and negligigle imapct
CVE-2020-10707
REJECTED
-CVE-2020-10706
- RESERVED
+CVE-2020-10706 (A flaw was found in OpenShift Container Platform where OAuth tokens ar ...)
NOT-FOR-US: OpenShift
CVE-2020-10705
RESERVED
@@ -9659,7 +9712,7 @@ CVE-2020-9312
CVE-2020-9311
RESERVED
CVE-2020-9310
- RESERVED
+ REJECTED
CVE-2020-9309
RESERVED
CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts ...)
@@ -12289,24 +12342,24 @@ CVE-2020-8161
RESERVED
CVE-2020-8160
RESERVED
-CVE-2020-8159
- RESERVED
+CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2.1 th ...)
+ TODO: check
CVE-2020-8158
RESERVED
CVE-2020-8157 (UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Ke ...)
NOT-FOR-US: UniFi Cloud Key
-CVE-2020-8156
- RESERVED
-CVE-2020-8155
- RESERVED
-CVE-2020-8154
- RESERVED
-CVE-2020-8153
- RESERVED
+CVE-2020-8156 (A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed ...)
+ TODO: check
+CVE-2020-8155 (An outdated 3rd party library in the Files PDF viewer for Nextcloud Se ...)
+ TODO: check
+CVE-2020-8154 (An Insecure direct object reference vulnerability in Nextcloud Server ...)
+ TODO: check
+CVE-2020-8153 (Improper access control in Groupfolders app 4.0.3 allowed to delete hi ...)
+ TODO: check
CVE-2020-8152
RESERVED
-CVE-2020-8151
- RESERVED
+CVE-2020-8151 (There is a possible information disclosure issue in Active Resource &l ...)
+ TODO: check
CVE-2020-8150
RESERVED
CVE-2020-8149
@@ -16897,52 +16950,52 @@ CVE-2020-6264
RESERVED
CVE-2020-6263
RESERVED
-CVE-2020-6262
- RESERVED
+CVE-2020-6262 (Service Data Download in SAP Application Server ABAP (ST-PI, before ve ...)
+ TODO: check
CVE-2020-6261
RESERVED
CVE-2020-6260
RESERVED
-CVE-2020-6259
- RESERVED
-CVE-2020-6258
- RESERVED
-CVE-2020-6257
- RESERVED
-CVE-2020-6256
- RESERVED
+CVE-2020-6259 (Under certain conditions SAP Adaptive Server Enterprise, versions 15.7 ...)
+ TODO: check
+CVE-2020-6258 (SAP Identity Management, version 8.0, does not perform necessary autho ...)
+ TODO: check
+CVE-2020-6257 (SAP Business Objects Business Intelligence Platform (CMC and BI Launch ...)
+ TODO: check
+CVE-2020-6256 (SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 8 ...)
+ TODO: check
CVE-2020-6255
RESERVED
-CVE-2020-6254
- RESERVED
-CVE-2020-6253
- RESERVED
-CVE-2020-6252
- RESERVED
-CVE-2020-6251
- RESERVED
-CVE-2020-6250
- RESERVED
-CVE-2020-6249
- RESERVED
-CVE-2020-6248
- RESERVED
-CVE-2020-6247
- RESERVED
+CVE-2020-6254 (SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficien ...)
+ TODO: check
+CVE-2020-6253 (Under certain conditions, SAP Adaptive Server Enterprise (Web Services ...)
+ TODO: check
+CVE-2020-6252 (Under certain conditions SAP Adaptive Server Enterprise (Cockpit), ver ...)
+ TODO: check
+CVE-2020-6251 (Under certain conditions or error scenarios SAP Business Objects Busin ...)
+ TODO: check
+CVE-2020-6250 (SAP Adaptive Server Enterprise, version 16.0, allows an authenticated ...)
+ TODO: check
+CVE-2020-6249 (The use of an admin backend report within SAP Master Data Governance, ...)
+ TODO: check
+CVE-2020-6248 (SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not ...)
+ TODO: check
+CVE-2020-6247 (SAP Business Objects Business Intelligence Platform, version 4.2, allo ...)
+ TODO: check
CVE-2020-6246
RESERVED
-CVE-2020-6245
- RESERVED
-CVE-2020-6244
- RESERVED
-CVE-2020-6243
- RESERVED
-CVE-2020-6242
- RESERVED
-CVE-2020-6241
- RESERVED
-CVE-2020-6240
- RESERVED
+CVE-2020-6245 (SAP Business Objects Business Intelligence Platform, version 4.2, allo ...)
+ TODO: check
+CVE-2020-6244 (SAP Business Client, version 7.0, allows an attacker after a successfu ...)
+ TODO: check
+CVE-2020-6243 (Under certain conditions, SAP Adaptive Server Enterprise (XP Server on ...)
+ TODO: check
+CVE-2020-6242 (SAP Business Objects Business Intelligence Platform (Live Data Connect ...)
+ TODO: check
+CVE-2020-6241 (SAP Adaptive Server Enterprise, version 16.0, allows an authenticated ...)
+ TODO: check
+CVE-2020-6240 (SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 75 ...)
+ TODO: check
CVE-2020-6239
RESERVED
CVE-2020-6238 (SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process ...)
@@ -17711,12 +17764,12 @@ CVE-2020-5900
RESERVED
CVE-2020-5899
RESERVED
-CVE-2020-5898
- RESERVED
-CVE-2020-5897
- RESERVED
-CVE-2020-5896
- RESERVED
+CVE-2020-5898 (In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver d ...)
+ TODO: check
+CVE-2020-5897 (In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability ...)
+ TODO: check
+CVE-2020-5896 (On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Se ...)
+ TODO: check
CVE-2020-5895 (On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and ...)
TODO: check
CVE-2020-5894 (On versions 3.0.0-3.3.0, the NGINX Controller webserver does not inval ...)
@@ -19167,8 +19220,8 @@ CVE-2020-5249 (In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application usin
- puma 3.12.4-1 (bug #953122)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
NOTE: https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3
-CVE-2020-5248
- RESERVED
+CVE-2020-5248 (GLPI before before version 9.4.6 has a vulnerability involving a defau ...)
+ TODO: check
CVE-2020-5247 (In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application us ...)
- puma 3.12.4-1 (bug #952766)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
@@ -21481,8 +21534,8 @@ CVE-2020-4348
RESERVED
CVE-2020-4347 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subjec ...)
NOT-FOR-US: IBM
-CVE-2020-4346
- RESERVED
+CVE-2020-4346 (IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server ha ...)
+ TODO: check
CVE-2020-4345
RESERVED
CVE-2020-4344
@@ -21783,8 +21836,8 @@ CVE-2020-4197 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be store
NOT-FOR-US: IBM
CVE-2020-4196 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...)
NOT-FOR-US: IBM
-CVE-2020-4195
- RESERVED
+CVE-2020-4195 (IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote a ...)
+ TODO: check
CVE-2020-4194
RESERVED
CVE-2020-4193
@@ -28405,8 +28458,7 @@ CVE-2020-1941
RESERVED
CVE-2020-1940 (The optional initial password change and password expiration features ...)
NOT-FOR-US: Apache Jackrabbit Oak
-CVE-2020-1939
- RESERVED
+CVE-2020-1939 (The Apache NuttX (Incubating) project provides an optional separate "a ...)
NOT-FOR-US: Apache NuttX
CVE-2020-1938 (When using the Apache JServ Protocol (AJP), care must be taken when tr ...)
{DSA-4680-1 DSA-4673-1 DLA-2209-1 DLA-2133-1}
@@ -29207,8 +29259,7 @@ CVE-2019-19365
RESERVED
CVE-2020-1764 (A hard-coded cryptographic key vulnerability in the default configurat ...)
NOT-FOR-US: Kiali
-CVE-2020-1763
- RESERVED
+CVE-2020-1763 (An out-of-bounds buffer read flaw was found in the pluto daemon of lib ...)
- libreswan <unfixed> (bug #960458)
NOTE: Introduced by: https://github.com/libreswan/libreswan/commit/fa004e7d4b83fbeaa8d0f6d8430a96aed97a97b9 (v3.27)
NOTE: Fixed by: https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8
@@ -29284,8 +29335,7 @@ CVE-2020-1747 (A vulnerability was discovered in the PyYAML library in versions
[stretch] - pyyaml <not-affected> (Loader/Constructor classes are unsafe in this version)
[jessie] - pyyaml <not-affected> (Loader/Constructor classes are unsafe in this version)
NOTE: https://github.com/yaml/pyyaml/pull/386
-CVE-2020-1746 [Information disclosure issue in ldap_attr and ldap_entry modules]
- RESERVED
+CVE-2020-1746 (A flaw was found in the Ansible Engine affecting Ansible Engine versio ...)
- ansible <unfixed>
[stretch] - ansible <not-affected> (Vulnerable code introduced later)
[jessie] - ansible <not-affected> (Vulnerable code introduced later)
@@ -76142,8 +76192,8 @@ CVE-2019-4480
RESERVED
CVE-2019-4479
RESERVED
-CVE-2019-4478
- RESERVED
+CVE-2019-4478 (IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authentica ...)
+ TODO: check
CVE-2019-4477 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
NOT-FOR-US: IBM
CVE-2019-4476
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26cdbb13377972440a80b415eaf85be7f773b6c0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26cdbb13377972440a80b415eaf85be7f773b6c0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200512/d5862053/attachment.html>
More information about the debian-security-tracker-commits
mailing list