[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Oct 15 09:10:29 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8384d9b6 by security tracker role at 2020-10-15T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,22 @@
-CVE-2020-27153 [shared/att: Fix possible crash on disconnect]
+CVE-2020-27160
+	RESERVED
+CVE-2020-27159
+	RESERVED
+CVE-2020-27158
+	RESERVED
+CVE-2020-27157 (Veritas APTARE versions prior to 10.5 included code that bypassed the  ...)
+	TODO: check
+CVE-2020-27156 (Veritas APTARE versions prior to 10.5 did not perform adequate authori ...)
+	TODO: check
+CVE-2020-27155
+	RESERVED
+CVE-2020-27154
+	RESERVED
+CVE-2020-27152
+	RESERVED
+CVE-2020-27151
+	RESERVED
+CVE-2020-27153 (In BlueZ before 5.55, a double free was found in the gatttool disconne ...)
 	- bluez 5.55-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1884817
 	NOTE: https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a
@@ -28575,7 +28593,7 @@ CVE-2020-13957 (Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to
 	- lucene-solr <not-affected> (Vulnerable functionality not yet present)
 CVE-2020-13956 [incorrect handling of malformed authority component in request URIs]
 	RESERVED
-	{DLA-2405-1}
+	{DSA-4772-1 DLA-2405-1}
 	- httpcomponents-client 4.5.13-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1886587
 	NOTE: Fixed by: https://github.com/apache/httpcomponents-client/commit/e628b4c5c464c2fa346385596cc78e035a91a62e (4.5.13-RC1)
@@ -44291,18 +44309,18 @@ CVE-2020-8352
 	RESERVED
 CVE-2020-8351
 	RESERVED
-CVE-2020-8350
-	RESERVED
-CVE-2020-8349
-	RESERVED
+CVE-2020-8350 (An authentication bypass vulnerability was reported in Lenovo ThinkPad ...)
+	TODO: check
+CVE-2020-8349 (An internal security review has identified an unauthenticated remote c ...)
+	TODO: check
 CVE-2020-8348 (A DOM-based cross-site scripting (XSS) vulnerability was reported in L ...)
 	NOT-FOR-US: Lenovo
 CVE-2020-8347 (A reflective cross-site scripting (XSS) vulnerability was reported in  ...)
 	NOT-FOR-US: Lenovo
 CVE-2020-8346 (A denial of service vulnerability was reported in the Lenovo Vantage c ...)
 	NOT-FOR-US: Lenovo
-CVE-2020-8345
-	RESERVED
+CVE-2020-8345 (A DLL search path vulnerability was reported in the Lenovo HardwareSca ...)
+	TODO: check
 CVE-2020-8344
 	REJECTED
 CVE-2020-8343
@@ -44315,8 +44333,8 @@ CVE-2020-8340 (A cross-site scripting (XSS) vulnerability was discovered in the
 	NOT-FOR-US: IBM
 CVE-2020-8339 (A cross-site scripting inclusion (XSSI) vulnerability was reported in  ...)
 	NOT-FOR-US: IBM
-CVE-2020-8338
-	RESERVED
+CVE-2020-8338 (A DLL search path vulnerability was reported in Lenovo Diagnostics pri ...)
+	TODO: check
 CVE-2020-8337 (An unquoted search path vulnerability was reported in versions prior t ...)
 	NOT-FOR-US: Synaptics Smart Audio UWP app
 CVE-2020-8336 (Lenovo implemented Intel CSME Anti-rollback ARB protections on some Th ...)
@@ -44327,8 +44345,8 @@ CVE-2020-8334 (The BIOS tamper detection mechanism was not triggered in Lenovo T
 	NOT-FOR-US: Lenovo
 CVE-2020-8333 (A potential vulnerability in the SMI callback function used in the EEP ...)
 	NOT-FOR-US: Lenovo
-CVE-2020-8332
-	RESERVED
+CVE-2020-8332 (A potential vulnerability in the SMI callback function used in the leg ...)
+	TODO: check
 CVE-2020-8331
 	REJECTED
 CVE-2020-8330 (A denial of service vulnerability was reported in the firmware prior t ...)
@@ -46681,8 +46699,8 @@ CVE-2020-7385
 	RESERVED
 CVE-2020-7384
 	RESERVED
-CVE-2020-7383
-	RESERVED
+CVE-2020-7383 (A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that m ...)
+	TODO: check
 CVE-2020-7382 (Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted  ...)
 	NOT-FOR-US: Rapid7 Nexpose installer
 CVE-2020-7381 (In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose inst ...)
@@ -49496,34 +49514,34 @@ CVE-2020-6377 (Use after free in audio in Google Chrome prior to 79.0.3945.117 a
 	{DSA-4606-1}
 	- chromium 79.0.3945.130-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6376
-	RESERVED
-CVE-2020-6375
-	RESERVED
-CVE-2020-6374
-	RESERVED
-CVE-2020-6373
-	RESERVED
-CVE-2020-6372
-	RESERVED
-CVE-2020-6371
-	RESERVED
+CVE-2020-6376 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+	TODO: check
+CVE-2020-6375 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+	TODO: check
+CVE-2020-6374 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+	TODO: check
+CVE-2020-6373 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+	TODO: check
+CVE-2020-6372 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+	TODO: check
+CVE-2020-6371 (User enumeration vulnerability can be exploited to get a list of user  ...)
+	TODO: check
 CVE-2020-6370
 	RESERVED
 CVE-2020-6369
 	RESERVED
-CVE-2020-6368
-	RESERVED
+CVE-2020-6368 (SAP Business Planning and Consolidation, versions - 750, 751, 752, 753 ...)
+	TODO: check
 CVE-2020-6367
 	RESERVED
 CVE-2020-6366
 	RESERVED
-CVE-2020-6365
-	RESERVED
-CVE-2020-6364
-	RESERVED
-CVE-2020-6363
-	RESERVED
+CVE-2020-6365 (SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40,  ...)
+	TODO: check
+CVE-2020-6364 (SAP Solution Manager and SAP Focused Run (update provided in WILY_INTR ...)
+	TODO: check
+CVE-2020-6363 (SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several ...)
+	TODO: check
 CVE-2020-6362
 	RESERVED
 CVE-2020-6361 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
@@ -49602,16 +49620,16 @@ CVE-2020-6325
 	RESERVED
 CVE-2020-6324 (SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700 ...)
 	NOT-FOR-US: SAP
-CVE-2020-6323
-	RESERVED
+CVE-2020-6323 (SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50 ...)
+	TODO: check
 CVE-2020-6322 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
 	NOT-FOR-US: SAP
 CVE-2020-6321 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
 	NOT-FOR-US: SAP
 CVE-2020-6320 (SAP Marketing (Servlet), version-130,140,150, allows an authenticated  ...)
 	NOT-FOR-US: SAP
-CVE-2020-6319
-	RESERVED
+CVE-2020-6319 (SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7. ...)
+	TODO: check
 CVE-2020-6318 (A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABA ...)
 	NOT-FOR-US: SAP
 CVE-2020-6317
@@ -49704,8 +49722,8 @@ CVE-2020-6274
 	RESERVED
 CVE-2020-6273 (SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 1 ...)
 	NOT-FOR-US: SAP
-CVE-2020-6272
-	RESERVED
+CVE-2020-6272 (SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not suffici ...)
+	TODO: check
 CVE-2020-6271 (SAP Solution Manager (Problem Context Manager), version 7.2, does not  ...)
 	NOT-FOR-US: SAP
 CVE-2020-6270 (SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 75 ...)
@@ -51079,8 +51097,8 @@ CVE-2020-5644
 	RESERVED
 CVE-2020-5643
 	RESERVED
-CVE-2020-5642
-	RESERVED
+CVE-2020-5642 (Cross-site request forgery (CSRF) vulnerability in Live Chat - Live su ...)
+	TODO: check
 CVE-2020-5641
 	RESERVED
 CVE-2020-5640



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8384d9b6a09e08122f8370abb3ffccf9ff3e4a4e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8384d9b6a09e08122f8370abb3ffccf9ff3e4a4e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201015/23c66750/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list