[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Oct 5 21:10:24 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6682b38f by security tracker role at 2020-10-05T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2020-26562
+ RESERVED
CVE-2020-26561
RESERVED
CVE-2020-26560
@@ -793,8 +795,8 @@ CVE-2020-26168
RESERVED
CVE-2020-26167
RESERVED
-CVE-2020-26166
- RESERVED
+CVE-2020-26166 (The file upload functionality in qdPM 9.1 doesn't check the file descr ...)
+ TODO: check
CVE-2020-26165
RESERVED
CVE-2020-26164
@@ -1053,8 +1055,8 @@ CVE-2020-26088 (A missing CAP_NET_RAW check in NFC socket creation in net/nfc/ra
- linux 5.7.17-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/26896f01467a28651f7a536143fe5ac8449d4041
-CVE-2020-26061
- RESERVED
+CVE-2020-26061 (ClickStudios Passwordstate Password Reset Portal prior to build 8501 i ...)
+ TODO: check
CVE-2020-26060
RESERVED
CVE-2020-26059
@@ -1080,8 +1082,8 @@ CVE-2020-26050
RESERVED
CVE-2020-26049
RESERVED
-CVE-2020-26048
- RESERVED
+CVE-2020-26048 (The file manager option in CuppaCMS before 2019-11-12 allows an authen ...)
+ TODO: check
CVE-2020-26047
RESERVED
CVE-2020-26046
@@ -1998,12 +2000,10 @@ CVE-2020-25637 [double free in qemuAgentGetInterfaces() in qemu_agent.c]
NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=50864dcda191eb35732dbd80fb6ca251a6bba923 (v6.8.0)
NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=e4116eaa44cb366b59f7fe98f4b88d04c04970ad (v6.8.0)
NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=a63b48c5ecef077bf0f909a85f453a605600cf05 (v6.8.0)
-CVE-2020-25636
- RESERVED
+CVE-2020-25636 (A flaw was found in Ansible Base when using the aws_ssm connection plu ...)
- ansible <not-affected> (Vulnerable connection/aws_ssm plugin not included)
NOTE: https://github.com/ansible-collections/community.aws/issues/221
-CVE-2020-25635
- RESERVED
+CVE-2020-25635 (A flaw was found in Ansible Base when using the aws_ssm connection plu ...)
- ansible <not-affected> (Vulnerable connection/aws_ssm plugin not included)
NOTE: https://github.com/ansible-collections/community.aws/issues/222
CVE-2020-25634
@@ -5120,8 +5120,8 @@ CVE-2020-24233
RESERVED
CVE-2020-24232
RESERVED
-CVE-2020-24231
- RESERVED
+CVE-2020-24231 (Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. ...)
+ TODO: check
CVE-2020-24230
RESERVED
CVE-2020-24229
@@ -21277,8 +21277,8 @@ CVE-2020-16228 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03,
NOT-FOR-US: Philips
CVE-2020-16227 (Delta Electronics TPEditor Versions 1.97 and prior. An improper input ...)
NOT-FOR-US: Delta Electronics
-CVE-2020-16226
- RESERVED
+CVE-2020-16226 (Multiple Mitsubishi Electric products are vulnerable to impersonations ...)
+ TODO: check
CVE-2020-16225 (Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where ...)
NOT-FOR-US: Delta Electronics
CVE-2020-16224 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
@@ -23748,12 +23748,12 @@ CVE-2020-15239
RESERVED
CVE-2020-15238
RESERVED
-CVE-2020-15237
- RESERVED
-CVE-2020-15236
- RESERVED
-CVE-2020-15235
- RESERVED
+CVE-2020-15237 (In Shrine before version 3.3.0, when using the `derivation_endpoint` p ...)
+ TODO: check
+CVE-2020-15236 (In Wiki.js before version 2.5.151, directory traversal outside of Wiki ...)
+ TODO: check
+CVE-2020-15235 (In RACTF before commit f3dc89b, unauthenticated users are able to get ...)
+ TODO: check
CVE-2020-15234 (ORY Fosite is a security first OAuth2 & OpenID Connect framework f ...)
NOT-FOR-US: ORY Fosite
CVE-2020-15233 (ORY Fosite is a security first OAuth2 & OpenID Connect framework f ...)
@@ -31516,8 +31516,8 @@ CVE-2020-12304
RESERVED
CVE-2020-12303
RESERVED
-CVE-2020-12302
- RESERVED
+CVE-2020-12302 (Improper permissions in the Intel(R) Driver & Support Assistant be ...)
+ TODO: check
CVE-2020-12301 (Improper initialization in BIOS firmware for Intel(R) Server Board Fam ...)
NOT-FOR-US: Intel
CVE-2020-12300 (Uninitialized pointer in BIOS firmware for Intel(R) Server Board Famil ...)
@@ -42104,8 +42104,8 @@ CVE-2020-8673
RESERVED
CVE-2020-8672
RESERVED
-CVE-2020-8671
- RESERVED
+CVE-2020-8671 (Insufficient control flow management in BIOS firmware 8th, 9th Generat ...)
+ TODO: check
CVE-2020-8670
RESERVED
CVE-2020-8669
@@ -43160,8 +43160,8 @@ CVE-2020-8237 (Prototype pollution in json-bigint npm package < 1.0.0 may lea
NOT-FOR-US: Node json-bigint
CVE-2020-8236
RESERVED
-CVE-2020-8235
- RESERVED
+CVE-2020-8235 (Missing access control in Nextcloud Deck 1.0.4 caused an insecure dire ...)
+ TODO: check
CVE-2020-8234 (A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 w ...)
NOT-FOR-US: EdgeMax EdgeSwitch firmware
CVE-2020-8233 (A command injection vulnerability exists in EdgeSwitch firmware <v1 ...)
@@ -43182,8 +43182,8 @@ CVE-2020-8229 (A memory leak in the OCUtil.dll library used by Nextcloud Desktop
NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-034
NOTE: Windows-specific code in shell_integration/windows/OCUtil
NOTE: https://hackerone.com/reports/588562
-CVE-2020-8228
- RESERVED
+CVE-2020-8228 (A missing rate limit in the Preferred Providers app 1.7.0 allowed an a ...)
+ TODO: check
CVE-2020-8227 (Missing sanitization of a server response in Nextcloud Desktop Client ...)
- nextcloud-desktop 3.0.1-1
[buster] - nextcloud-desktop <no-dsa> (Minor issue)
@@ -43199,8 +43199,8 @@ CVE-2020-8224 (A code injection in Nextcloud Desktop Client 2.6.4 allowed to loa
- nextcloud-desktop <not-affected> (Windows-specific)
NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-030
NOTE: https://hackerone.com/reports/622170
-CVE-2020-8223
- RESERVED
+CVE-2020-8223 (A logic error in Nextcloud Server 19.0.0 caused a privilege escalation ...)
+ TODO: check
CVE-2020-8222 (A path traversal vulnerability exists in Pulse Connect Secure <9.1R ...)
NOT-FOR-US: Pulse
CVE-2020-8221 (A path traversal vulnerability exists in Pulse Connect Secure <9.1R ...)
@@ -43295,8 +43295,8 @@ CVE-2020-8184 (A reliance on cookies without validation/integrity check security
NOTE: Fixed by: https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c
CVE-2020-8183
RESERVED
-CVE-2020-8182
- RESERVED
+CVE-2020-8182 (Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to ...)
+ TODO: check
CVE-2020-8181 (A missing file type check in Nextcloud Contacts 3.2.0 allowed a malici ...)
NOT-FOR-US: Nextcloud Contacts
CVE-2020-8180 (A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a cod ...)
@@ -44569,8 +44569,8 @@ CVE-2020-7711 (This affects all versions of package github.com/russellhaering/go
NOTE: https://github.com/russellhaering/goxmldsig/issues/48
CVE-2020-7710 (This affects all versions of package safe-eval. It is possible for an ...)
NOT-FOR-US: Node safe-eval
-CVE-2020-7709
- RESERVED
+CVE-2020-7709 (This affects the package json-pointer before 0.6.1. Multiple reference ...)
+ TODO: check
CVE-2020-7708 (The package irrelon-path before 4.7.0; the package @irrelon/path befor ...)
NOT-FOR-US: Node irrelon-path
CVE-2020-7707 (The package property-expr before 2.0.3 are vulnerable to Prototype Pol ...)
@@ -46503,8 +46503,8 @@ CVE-2020-6877
RESERVED
CVE-2020-6876
RESERVED
-CVE-2020-6875
- RESERVED
+CVE-2020-6875 (A ZTE product is impacted by the improper access control vulnerability ...)
+ TODO: check
CVE-2020-6874 (A ZTE product is impacted by the cryptographic issues vulnerability. T ...)
NOT-FOR-US: ZTE
CVE-2020-6873 (A ZTE product has a DoS vulnerability. Because the equipment couldn ...)
@@ -52675,8 +52675,8 @@ CVE-2020-4495
RESERVED
CVE-2020-4494 (IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows ...)
NOT-FOR-US: IBM
-CVE-2020-4493
- RESERVED
+CVE-2020-4493 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to ...)
+ TODO: check
CVE-2020-4492 (IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2 ...)
NOT-FOR-US: IBM
CVE-2020-4491
@@ -65506,8 +65506,8 @@ CVE-2020-0573
RESERVED
CVE-2020-0572
RESERVED
-CVE-2020-0571
- RESERVED
+CVE-2020-0571 (Improper conditions check in BIOS firmware for 8th Generation Intel(R) ...)
+ TODO: check
CVE-2020-0570 (Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5 ...)
- qtbase-opensource-src 5.12.5+dfsg-8
[buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u3
@@ -78319,8 +78319,7 @@ CVE-2019-14559 [memory leak in ArpOnFrameRcvdDpc]
[jessie] - edk2 <end-of-life> (non-free)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2550
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2031
-CVE-2019-14558
- RESERVED
+CVE-2019-14558 (Insufficient control flow management in BIOS firmware for 8th, 9th, 10 ...)
- edk2 0~20200229.4c0f6e34-1
[buster] - edk2 0~20181115.85588389-3+deb10u1
[stretch] - edk2 <ignored> (Minor issue)
@@ -78328,10 +78327,10 @@ CVE-2019-14558
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1611
NOTE: https://github.com/tianocore/edk2/commit/764e8ba1389a617639d79d2c4f0d53f4ea4a7387
NOTE: https://github.com/tianocore/edk2/commit/f1d78c489a39971b5aac5d2fc8a39bfa925c3c5d
-CVE-2019-14557
- RESERVED
-CVE-2019-14556
- RESERVED
+CVE-2019-14557 (Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation Intel(R ...)
+ TODO: check
+CVE-2019-14556 (Improper initialization in BIOS firmware for 8th, 9th, 10th Generation ...)
+ TODO: check
CVE-2019-14555
RESERVED
CVE-2019-14554
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6682b38f3038bf7a8ac9fced4128585f0646e231
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6682b38f3038bf7a8ac9fced4128585f0646e231
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201005/b897c2ad/attachment.html>
More information about the debian-security-tracker-commits
mailing list