[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Oct 30 08:10:21 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0df8b067 by security tracker role at 2020-10-30T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2020-28006
+ RESERVED
+CVE-2020-28005
+ RESERVED
+CVE-2020-28004
+ RESERVED
+CVE-2020-28003
+ RESERVED
+CVE-2020-28002 (In SonarQube 8.4.2.36762, an external attacker can achieve authenticat ...)
+ TODO: check
+CVE-2020-28001
+ RESERVED
CVE-2020-28000
RESERVED
CVE-2020-27999
@@ -428,8 +440,8 @@ CVE-2020-27887 (An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An a
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2020-27886 (An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. T ...)
NOT-FOR-US: EyesOfNetwork (EON)
-CVE-2020-27885
- RESERVED
+CVE-2020-27885 (Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By ...)
+ TODO: check
CVE-2020-27884
RESERVED
CVE-2020-27883
@@ -2637,10 +2649,10 @@ CVE-2020-27017
RESERVED
CVE-2020-27016
RESERVED
-CVE-2020-27015
- RESERVED
-CVE-2020-27014
- RESERVED
+CVE-2020-27015 (Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Messag ...)
+ TODO: check
+CVE-2020-27014 (Trend Micro Antivirus for Mac 2020 (Consumer) contains a race conditio ...)
+ TODO: check
CVE-2020-27013 (Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability ...)
NOT-FOR-US: Trend Micro
CVE-2020-27012
@@ -4325,8 +4337,8 @@ CVE-2020-26207
RESERVED
CVE-2020-26206
RESERVED
-CVE-2020-26205
- RESERVED
+CVE-2020-26205 (Sal is a multi-tenanted reporting dashboard for Munki with the ability ...)
+ TODO: check
CVE-2020-26204
RESERVED
CVE-2020-26203
@@ -4679,7 +4691,7 @@ CVE-2020-26063
CVE-2020-26062
RESERVED
CVE-2020-26088 (A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock. ...)
- {DLA-2385-1}
+ {DLA-2420-1 DLA-2385-1}
- linux 5.7.17-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/26896f01467a28651f7a536143fe5ac8449d4041
@@ -5607,8 +5619,8 @@ CVE-2020-25648 (A flaw was found in the way NSS handled CCS (ChangeCipherSpec) m
NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361
CVE-2020-25647
RESERVED
-CVE-2020-25646
- RESERVED
+CVE-2020-25646 (A flaw was found in Ansible Collection community.crypto. openssl_priva ...)
+ TODO: check
CVE-2020-25645 (A flaw was found in the Linux kernel in versions before 5.9-rc7. Traff ...)
{DSA-4774-1 DLA-2417-1}
- linux 5.8.14-1
@@ -5616,13 +5628,13 @@ CVE-2020-25645 (A flaw was found in the Linux kernel in versions before 5.9-rc7.
CVE-2020-25644 (A memory leak flaw was found in WildFly OpenSSL in versions prior to 1 ...)
- wildfly <itp> (bug #752018)
CVE-2020-25643 (A flaw was found in the HDLC_PPP module of the Linux kernel in version ...)
- {DSA-4774-1 DLA-2417-1}
+ {DSA-4774-1 DLA-2420-1 DLA-2417-1}
- linux 5.8.14-1
NOTE: https://git.kernel.org/linus/66d42ed8b25b64eb63111a2b8582c5afc8bf1105
CVE-2020-25642
RESERVED
CVE-2020-25641 (A flaw was found in the Linux kernel's implementation of biovecs in ve ...)
- {DLA-2385-1}
+ {DLA-2420-1 DLA-2385-1}
- linux 5.8.10-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/7e24969022cbd61ddc586f14824fc205661bb124
@@ -6407,12 +6419,12 @@ CVE-2020-25288 (An issue was discovered in MantisBT before 2.24.3. When editing
CVE-2020-25287 (Pligg 2.0.3 allows remote authenticated users to execute arbitrary com ...)
NOT-FOR-US: Pligg CMS
CVE-2020-25285 (A race condition between hugetlb sysctl handlers in mm/hugetlb.c in th ...)
- {DLA-2385-1}
+ {DLA-2420-1 DLA-2385-1}
- linux 5.8.10-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/17743798d81238ab13050e8e2833699b54e15467
CVE-2020-25284 (The rbd block device driver in drivers/block/rbd.c in the Linux kernel ...)
- {DLA-2385-1}
+ {DLA-2420-1 DLA-2385-1}
- linux 5.8.10-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/f44d04e696feaf13d192d942c4f14ad2e117065a
@@ -6583,6 +6595,7 @@ CVE-2020-25221 (get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x be
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2
CVE-2020-25220 (The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.1 ...)
+ {DLA-2420-1}
- linux <not-affected> (Vulnerable code not present and no partial CVE-2020-14356 fix backported)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1868453
NOTE: https://www.spinics.net/lists/stable/msg405099.html
@@ -6605,12 +6618,12 @@ CVE-2020-25214 (In the client in Overwolf 0.149.2.30, a channel can be accessed
CVE-2020-25213 (The File Manager (wp-file-manager) plugin before 6.9 for WordPress all ...)
NOT-FOR-US: File Manager (wp-file-manager) plugin for WordPress
CVE-2020-25212 (A TOCTOU mismatch in the NFS client code in the Linux kernel before 5. ...)
- {DLA-2385-1}
+ {DLA-2420-1 DLA-2385-1}
- linux 5.7.17-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/b4487b93545214a9db8cbf32e86411677b0cca21
CVE-2020-25211 (In the Linux kernel through 5.8.7, local attackers able to inject conn ...)
- {DSA-4774-1 DLA-2417-1}
+ {DSA-4774-1 DLA-2420-1 DLA-2417-1}
- linux 5.8.14-1
NOTE: https://git.kernel.org/linus/1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6
CVE-2020-25210
@@ -8194,6 +8207,7 @@ CVE-2020-24491
RESERVED
CVE-2020-24490
RESERVED
+ {DLA-2420-1}
- linux 5.7.17-1
[buster] - linux 4.19.146-1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
@@ -8361,7 +8375,7 @@ CVE-2020-24410 (Adobe Illustrator version 24.2 (and earlier) is affected by an o
NOT-FOR-US: Adobe
CVE-2020-24409 (Adobe Illustrator version 24.2 (and earlier) is affected by an out-of- ...)
NOT-FOR-US: Adobe
-CVE-2020-24408 (Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a per ...)
+CVE-2020-24408 (New description: Magento versions 2.4.0 and 2.3.5p2 (and earlier) are ...)
NOT-FOR-US: Magento
CVE-2020-24407
RESERVED
@@ -25060,7 +25074,7 @@ CVE-2020-16168 (Origin Validation Error in temi Robox OS prior to 120, temi Andr
CVE-2020-16167 (Missing Authentication for Critical Function in temi Robox OS prior to ...)
NOT-FOR-US: Temi Launcher OS
CVE-2020-16166 (The Linux kernel through 5.7.11 allows remote attackers to make observ ...)
- {DLA-2385-1}
+ {DLA-2420-1 DLA-2385-1}
- linux 5.7.17-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/f227e3ec3b5cad859ad15666874405e8c1bbc1d4
@@ -27152,7 +27166,7 @@ CVE-2017-18922 (It was discovered that websockets.c in LibVNCServer prior to 0.9
NOTE: https://github.com/LibVNC/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433
NOTE: https://www.openwall.com/lists/oss-security/2020/06/30/2
CVE-2020-15393 (In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/m ...)
- {DLA-2323-1}
+ {DLA-2420-1 DLA-2323-1}
- linux 5.7.10-1
[buster] - linux 4.19.131-1
NOTE: https://git.kernel.org/linus/28ebeb8db77035e058a510ce9bd17c2b9a009dba
@@ -29802,7 +29816,7 @@ CVE-2020-14391
- gnome-settings-daemon <not-affected> (Red Hat-specific plugin)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1873093
CVE-2020-14390 (A flaw was found in the Linux kernel in versions before 5.9-rc6. When ...)
- {DLA-2385-1}
+ {DLA-2420-1 DLA-2385-1}
- linux 5.8.10-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/50145474f6ef4a9c19205b173da6264a644c7489
@@ -29821,7 +29835,7 @@ CVE-2020-14387 [rsync-ssl does not verify the hostname in the server certificate
NOTE: Fixed by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=c3f7414c450faaf6a8281cc4a4403529aeb7d859
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1875549
CVE-2020-14386 (A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption ...)
- {DLA-2385-1}
+ {DLA-2420-1 DLA-2385-1}
- linux 5.8.7-1
[buster] - linux 4.19.146-1
NOTE: https://www.openwall.com/lists/oss-security/2020/09/03/3
@@ -29948,7 +29962,7 @@ CVE-2020-14358
CVE-2020-14357
REJECTED
CVE-2020-14356 (A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem ...)
- {DLA-2385-1}
+ {DLA-2420-1 DLA-2385-1}
- linux 5.7.10-1 (bug #966846)
[buster] - linux 4.19.146-1
NOTE: Fixed by: https://git.kernel.org/linus/ad0f75e5f57ccbceec13274e1e242f2b5a6397ed
@@ -30073,7 +30087,7 @@ CVE-2020-14332 (A flaw was found in the Ansible Engine when using module_args. T
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1857805
NOTE: https://github.com/ansible/ansible/pull/71033
CVE-2020-14331 (A flaw was found in the Linux kernel’s implementation of the inv ...)
- {DLA-2385-1}
+ {DLA-2420-1 DLA-2385-1}
- linux 5.7.17-1 (unimportant)
[buster] - linux 4.19.146-1
NOTE: https://www.openwall.com/lists/oss-security/2020/07/28/2
@@ -30104,8 +30118,7 @@ CVE-2020-14325 (Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Im
NOT-FOR-US: Red Hat CloudForm
CVE-2020-14324 (A high severity vulnerability was found in all active versions of Red ...)
NOT-FOR-US: Red Hat CloudForm
-CVE-2020-14323 [Unprivileged user can crash winbind]
- RESERVED
+CVE-2020-14323 (A null pointer dereference flaw was found in samba's Winbind service i ...)
- samba <unfixed> (bug #973399)
NOTE: https://www.samba.org/samba/security/CVE-2020-14323.html
CVE-2020-14322
@@ -30132,7 +30145,7 @@ CVE-2020-14315 (A memory corruption vulnerability is present in bspatch as shipp
NOTE: https://www.openwall.com/lists/oss-security/2020/07/09/2
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc
CVE-2020-14314 (A memory out-of-bounds read flaw was found in the Linux kernel before ...)
- {DLA-2385-1}
+ {DLA-2420-1 DLA-2385-1}
- linux 5.8.7-1
[buster] - linux 4.19.146-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853922
@@ -30173,6 +30186,7 @@ CVE-2020-14306 (An incorrect access control flaw was found in the operator, open
NOT-FOR-US: OpenShift
CVE-2020-14305 [memory corruption in Voice over IP nf_conntrack_h323 module]
RESERVED
+ {DLA-2420-1}
- linux 4.12.6-1
NOTE: https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/
CVE-2020-14304 (A memory disclosure flaw was found in the Linux kernel's ethernet driv ...)
@@ -33747,7 +33761,7 @@ CVE-2020-12890
CVE-2020-12889 (MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across us ...)
NOT-FOR-US: MISP
CVE-2020-12888 (The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles atte ...)
- {DLA-2385-1}
+ {DLA-2420-1 DLA-2385-1}
- linux 5.8.7-1
[buster] - linux 4.19.146-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1836244
@@ -34107,7 +34121,7 @@ CVE-2020-XXXX [unspecified fexsrv security issue]
[buster] - fex 20160919-2~deb10u1
[stretch] - fex 20160919-2~deb9u1
CVE-2020-12771 (An issue was discovered in the Linux kernel through 5.6.11. btree_gc_c ...)
- {DLA-2323-1}
+ {DLA-2420-1 DLA-2323-1}
- linux 5.7.6-1
[buster] - linux 4.19.131-1
NOTE: https://lkml.org/lkml/2020/4/26/87
@@ -34462,7 +34476,7 @@ CVE-2020-12656 (** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_swi
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=206651
NOTE: Issue is triggered only at module reloading / rebinding
CVE-2020-12655 (An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c ...)
- {DLA-2323-1}
+ {DLA-2420-1 DLA-2323-1}
- linux 5.6.14-1
[buster] - linux 4.19.131-1
NOTE: https://git.kernel.org/linus/d0c7feaf87678371c2c09b3709400be416b2dc62 (5.7-rc1)
@@ -35272,14 +35286,14 @@ CVE-2020-12353
RESERVED
CVE-2020-12352
RESERVED
- {DSA-4774-1 DLA-2417-1}
+ {DSA-4774-1 DLA-2420-1 DLA-2417-1}
- linux 5.9.1-1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
NOTE: https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq
NOTE: Fixed by: https://git.kernel.org/linus/eddb7732119d53400f48a02536a84c509692faa8
CVE-2020-12351
RESERVED
- {DSA-4774-1 DLA-2417-1}
+ {DSA-4774-1 DLA-2420-1 DLA-2417-1}
- linux 5.9.1-1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
NOTE: https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq
@@ -53585,20 +53599,20 @@ CVE-2020-5660
RESERVED
CVE-2020-5659
RESERVED
-CVE-2020-5658
- RESERVED
-CVE-2020-5657
- RESERVED
-CVE-2020-5656
- RESERVED
-CVE-2020-5655
- RESERVED
-CVE-2020-5654
- RESERVED
-CVE-2020-5653
- RESERVED
-CVE-2020-5652
- RESERVED
+CVE-2020-5658 (Resource Management Errors vulnerability in TCP/IP function included i ...)
+ TODO: check
+CVE-2020-5657 (Improper neutralization of argument delimiters in a command ('Argument ...)
+ TODO: check
+CVE-2020-5656 (Improper access control vulnerability in TCP/IP function included in t ...)
+ TODO: check
+CVE-2020-5655 (NULL pointer dereferences vulnerability in TCP/IP function included in ...)
+ TODO: check
+CVE-2020-5654 (Session fixation vulnerability in TCP/IP function included in the firm ...)
+ TODO: check
+CVE-2020-5653 (Buffer overflow vulnerability in TCP/IP function included in the firmw ...)
+ TODO: check
+CVE-2020-5652 (Uncontrolled resource consumption vulnerability in Ethernet Port on ME ...)
+ TODO: check
CVE-2020-5651 (SQL injection vulnerability in Simple Download Monitor 3.8.8 and earli ...)
NOT-FOR-US: Simple Download Monitor
CVE-2020-5650 (Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 an ...)
@@ -64452,7 +64466,7 @@ CVE-2019-19449 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem i
- linux <unfixed>
NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19449
CVE-2019-19448 (In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesy ...)
- {DLA-2385-1}
+ {DLA-2420-1 DLA-2385-1}
- linux 5.7.17-1
[buster] - linux 4.19.146-1
NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448
@@ -65842,10 +65856,12 @@ CVE-2019-19075 (A memory leak in the ca8210_probe() function in drivers/net/ieee
[buster] - linux 4.19.87-1
NOTE: https://git.kernel.org/linus/6402939ec86eaf226c8b8ae00ed983936b164908
CVE-2019-19074 (A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ ...)
+ {DLA-2420-1}
- linux 5.4.6-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/728c1e2a05e4b5fc52fab3421dce772a806612a2
CVE-2019-19073 (Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux ...)
+ {DLA-2420-1}
- linux 5.4.6-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/853acf7caf10b828102d92d05b5c101666a6142b
@@ -99366,6 +99382,7 @@ CVE-2019-9447 (In the Android kernel in the FingerTipS touchscreen driver there
CVE-2019-9446 (In the Android kernel in the FingerTipS touchscreen driver there is a ...)
NOT-FOR-US: Android kernel
CVE-2019-9445 (In the Android kernel in F2FS driver there is a possible out of bounds ...)
+ {DLA-2420-1}
- linux 5.2.6-1
[buster] - linux 4.19.98-1
[jessie] - linux <ignored> (f2fs is not supportable)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0df8b0678aeb9a99b700607113dda021cedeb553
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0df8b0678aeb9a99b700607113dda021cedeb553
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201030/1a58a484/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list