[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 8 09:10:22 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9541faee by security tracker role at 2020-10-08T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2020-26886
+ RESERVED
+CVE-2020-26885
+ RESERVED
+CVE-2020-26884
+ RESERVED
CVE-2020-26883
RESERVED
CVE-2020-26882
@@ -2143,8 +2149,8 @@ CVE-2020-25869 (An information leak was discovered in MediaWiki before 1.31.10 a
NOTE: https://phabricator.wikimedia.org/T260485
CVE-2020-25868
RESERVED
-CVE-2020-25867
- RESERVED
+CVE-2020-25867 (SoPlanning before 1.47 doesn't correctly check the security key used t ...)
+ TODO: check
CVE-2020-25866 (In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dis ...)
- wireshark 3.2.7-1
[buster] - wireshark <not-affected> (Vulnerable code not present)
@@ -2391,8 +2397,8 @@ CVE-2020-25770 (An out-of-bounds read information disclosure vulnerabilities in
NOT-FOR-US: Trend Micro
CVE-2020-25769
RESERVED
-CVE-2020-25768
- RESERVED
+CVE-2020-25768 (Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 hav ...)
+ TODO: check
CVE-2020-25767
RESERVED
CVE-2020-25766 (An issue was discovered in MISP before 2.4.132. It can perform an unwa ...)
@@ -23876,8 +23882,8 @@ CVE-2020-15502 (** DISPUTED ** The DuckDuckGo application through 5.58.0 for And
NOT-FOR-US: DuckDuckGo application for Android and iOS
CVE-2019-20894 (Traefik 2.x, in certain configurations, allows HTTPS sessions to proce ...)
NOT-FOR-US: Traefik
-CVE-2020-15501
- RESERVED
+CVE-2020-15501 (** UNSUPPORTED WHEN ASSIGNED ** Smarter Coffee Maker before 2nd genera ...)
+ TODO: check
CVE-2020-15500 (An issue was discovered in server.js in TileServer GL through 3.0.0. T ...)
NOT-FOR-US: TileServer GL
CVE-2020-15499 (An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_ ...)
@@ -24511,8 +24517,8 @@ CVE-2020-15228 (In the `@actions/core` npm module before version 1.2.6,`addPath`
CVE-2020-15227 (Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 ar ...)
- php-nette <removed>
NOTE: https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94
-CVE-2020-15226
- RESERVED
+CVE-2020-15226 (In GLPI before version 9.5.2, there is a SQL Injection in the API's se ...)
+ TODO: check
CVE-2020-15225
RESERVED
CVE-2020-15224
@@ -24529,8 +24535,8 @@ CVE-2020-15219
RESERVED
CVE-2020-15218
RESERVED
-CVE-2020-15217
- RESERVED
+CVE-2020-15217 (In GLPI before version 9.5.2, there is a leakage of user information t ...)
+ TODO: check
CVE-2020-15216 (In goxmldsig (XML Digital Signatures implemented in pure Go) before ve ...)
- golang-github-russellhaering-goxmldsig <unfixed> (bug #971615)
NOTE: https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7
@@ -37048,6 +37054,7 @@ CVE-2020-10938 (GraphicsMagick before 1.3.35 has an integer overflow and resulta
CVE-2020-10937
RESERVED
CVE-2020-10936 (Sympa before 6.2.56 allows privilege escalation. ...)
+ {DLA-2401-1}
- sympa 6.2.40~dfsg-5 (bug #961491)
NOTE: https://sympa-community.github.io/security/2020-002.html
NOTE: Patch: https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.2.54-sa-2020-002-r2.patch
@@ -41414,6 +41421,7 @@ CVE-2020-9285
CVE-2020-9284
RESERVED
CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ...)
+ {DLA-2402-1}
- golang-go.crypto 1:0.0~git20200221.2aa609c-1 (bug #952462)
[buster] - golang-go.crypto <no-dsa> (Minor issue)
[stretch] - golang-go.crypto <no-dsa> (Minor issue)
@@ -55153,7 +55161,7 @@ CVE-2019-19937 (In JFrog Artifactory before 6.18, it is not possible to restrict
NOT-FOR-US: JFrog Artifactory
CVE-2019-19936
RESERVED
-CVE-2019-19935 (Froala Editor before 3.0.6 allows XSS. ...)
+CVE-2019-19935 (Froala Editor before 3.2.2 allows XSS. ...)
NOT-FOR-US: Froala Editor
CVE-2019-19934
RESERVED
@@ -56409,20 +56417,20 @@ CVE-2020-3604
RESERVED
CVE-2020-3603
RESERVED
-CVE-2020-3602
- RESERVED
-CVE-2020-3601
- RESERVED
+CVE-2020-3602 (A vulnerability in the CLI of Cisco StarOS operating system for Cisco ...)
+ TODO: check
+CVE-2020-3601 (A vulnerability in the CLI of Cisco StarOS operating system for Cisco ...)
+ TODO: check
CVE-2020-3600
RESERVED
CVE-2020-3599
RESERVED
-CVE-2020-3598
- RESERVED
-CVE-2020-3597
- RESERVED
-CVE-2020-3596
- RESERVED
+CVE-2020-3598 (A vulnerability in the web-based management interface of Cisco Vision ...)
+ TODO: check
+CVE-2020-3597 (A vulnerability in the configuration restore feature of Cisco Nexus Da ...)
+ TODO: check
+CVE-2020-3596 (A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expr ...)
+ TODO: check
CVE-2020-3595
RESERVED
CVE-2020-3594
@@ -56435,8 +56443,8 @@ CVE-2020-3591
RESERVED
CVE-2020-3590
RESERVED
-CVE-2020-3589
- RESERVED
+CVE-2020-3589 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ TODO: check
CVE-2020-3588
RESERVED
CVE-2020-3587
@@ -56477,10 +56485,10 @@ CVE-2020-3570
RESERVED
CVE-2020-3569 (Multiple vulnerabilities in the Distance Vector Multicast Routing Prot ...)
NOT-FOR-US: Cisco
-CVE-2020-3568
- RESERVED
-CVE-2020-3567
- RESERVED
+CVE-2020-3568 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...)
+ TODO: check
+CVE-2020-3567 (A vulnerability in the management REST API of Cisco Industrial Network ...)
+ TODO: check
CVE-2020-3566 (A vulnerability in the Distance Vector Multicast Routing Protocol (DVM ...)
NOT-FOR-US: Cisco
CVE-2020-3565
@@ -56525,10 +56533,10 @@ CVE-2020-3546 (A vulnerability in the web-based management interface of Cisco As
NOT-FOR-US: Cisco
CVE-2020-3545 (A vulnerability in Cisco FXOS Software could allow an authenticated, l ...)
NOT-FOR-US: Cisco
-CVE-2020-3544
- RESERVED
-CVE-2020-3543
- RESERVED
+CVE-2020-3544 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
+ TODO: check
+CVE-2020-3543 (A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveil ...)
+ TODO: check
CVE-2020-3542 (A vulnerability in Cisco Webex Training could allow an authenticated, ...)
NOT-FOR-US: Cisco
CVE-2020-3541 (A vulnerability in the media engine component of Cisco Webex Meetings ...)
@@ -56541,10 +56549,10 @@ CVE-2020-3538
RESERVED
CVE-2020-3537 (A vulnerability in Cisco Jabber for Windows software could allow an au ...)
NOT-FOR-US: Cisco
-CVE-2020-3536
- RESERVED
-CVE-2020-3535
- RESERVED
+CVE-2020-3536 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ TODO: check
+CVE-2020-3535 (A vulnerability in the loading mechanism of specific DLLs in the Cisco ...)
+ TODO: check
CVE-2020-3534
RESERVED
CVE-2020-3533
@@ -56682,8 +56690,8 @@ CVE-2020-3469
RESERVED
CVE-2020-3468 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
NOT-FOR-US: Cisco
-CVE-2020-3467
- RESERVED
+CVE-2020-3467 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ TODO: check
CVE-2020-3466 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2020-3465 (A vulnerability in Cisco IOS XE Software could allow an unauthenticate ...)
@@ -56988,8 +56996,8 @@ CVE-2020-3322 (A vulnerability in Cisco Webex Network Recording Player and Cisco
NOT-FOR-US: Cisco
CVE-2020-3321 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
NOT-FOR-US: Cisco
-CVE-2020-3320
- RESERVED
+CVE-2020-3320 (A vulnerability in the web-based management interface of Cisco Firepow ...)
+ TODO: check
CVE-2020-3319 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
NOT-FOR-US: Cisco
CVE-2020-3318 (Multiple vulnerabilities in Cisco Firepower Management Center (FMC) So ...)
@@ -88094,7 +88102,7 @@ CVE-2019-11844 (An HTML Injection vulnerability has been discovered on the RICOH
CVE-2019-11843 (The MailPoet plugin before 3.23.2 for WordPress allows remote attacker ...)
NOT-FOR-US: MailPoet plugin for WordPress
CVE-2019-11841 (A message-forgery issue was discovered in crypto/openpgp/clearsign/cle ...)
- {DLA-1920-1}
+ {DLA-2402-1 DLA-1920-1}
- golang-go.crypto 1:0.0~git20200221.2aa609c-1
NOTE: https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442
NOTE: Patch fixes the second part of the CVE ("prepend arbitrary text")
@@ -88102,7 +88110,7 @@ CVE-2019-11841 (A message-forgery issue was discovered in crypto/openpgp/clearsi
NOTE: https://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html
NOTE: Upstream feels that this is not a security issue. See https://github.com/golang/go/issues/41200.
CVE-2019-11840 (An issue was discovered in supplementary Go cryptography libraries, ak ...)
- {DLA-1840-1}
+ {DLA-2402-1 DLA-1840-1}
- golang-go.crypto 1:0.0~git20200221.2aa609c-1
NOTE: https://github.com/golang/go/issues/30965
NOTE: https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
@@ -262024,9 +262032,9 @@ CVE-2015-7382 (SQL injection vulnerability in install.php in Web Reference Datab
CVE-2015-7381 (Multiple PHP remote file inclusion vulnerabilities in install.php in W ...)
NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-7380
- RESERVED
+ REJECTED
CVE-2015-7379
- RESERVED
+ REJECTED
CVE-2015-7378 (Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "P ...)
NOT-FOR-US: Panda Security
CVE-2015-7377 (Cross-site scripting (XSS) vulnerability in pie-register/pie-register. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9541faee5b4ea337a940fe7fb1cf1f27215c7612
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9541faee5b4ea337a940fe7fb1cf1f27215c7612
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201008/bf18dd44/attachment.html>
More information about the debian-security-tracker-commits
mailing list