[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Sep 3 21:10:41 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7d1882f1 by security tracker role at 2020-09-03T20:10:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,52 @@
-CVE-2020-25125 [AEAD preference list overflow]
+CVE-2020-25124 (The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.p ...)
+ TODO: check
+CVE-2020-25123 (The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smili ...)
+ TODO: check
+CVE-2020-25122 (The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Ran ...)
+ TODO: check
+CVE-2020-25121 (The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription E ...)
+ TODO: check
+CVE-2020-25120 (The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php? ...)
+ TODO: check
+CVE-2020-25119 (The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help ...)
+ TODO: check
+CVE-2020-25118 (The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Setting ...)
+ TODO: check
+CVE-2020-25117 (The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title t ...)
+ TODO: check
+CVE-2020-25116 (The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title t ...)
+ TODO: check
+CVE-2020-25115 (The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or ...)
+ TODO: check
+CVE-2020-25114
+ RESERVED
+CVE-2020-25113
+ RESERVED
+CVE-2020-25112
+ RESERVED
+CVE-2020-25111
+ RESERVED
+CVE-2020-25110
+ RESERVED
+CVE-2020-25109
+ RESERVED
+CVE-2020-25108
+ RESERVED
+CVE-2020-25107
+ RESERVED
+CVE-2020-25106
+ RESERVED
+CVE-2020-25105 (eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recove ...)
+ TODO: check
+CVE-2020-25104 (eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted f ...)
+ TODO: check
+CVE-2020-25103
+ RESERVED
+CVE-2020-25102 (silverstripe-advancedreports (aka the Advanced Reports module for Silv ...)
+ TODO: check
+CVE-2020-25101
+ RESERVED
+CVE-2020-25125 (GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, le ...)
- gnupg2 <not-affected> (Only affects versions 2.2.21 and 2.2.22)
NOTE: https://dev.gnupg.org/T5050
NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html
@@ -68,8 +116,8 @@ CVE-2020-25073 (FreedomBox through 20.13 allows remote attackers to obtain sensi
- plinth <unfixed>
[buster] - plinth <no-dsa> (Minor issue)
NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/1935
-CVE-2020-25068
- RESERVED
+CVE-2020-25068 (Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vuln ...)
+ TODO: check
CVE-2020-25067 (NETGEAR R8300 devices before 1.0.2.134 are affected by command injecti ...)
NOT-FOR-US: Netgear
CVE-2020-25066
@@ -120,8 +168,8 @@ CVE-2020-25044 (Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulne
NOT-FOR-US: Kaspersky
CVE-2020-25043 (The installer of Kaspersky VPN Secure Connection prior to 5.0 was vuln ...)
NOT-FOR-US: Kaspersky
-CVE-2020-25042
- RESERVED
+CVE-2020-25042 (An arbitrary file upload issue exists in Mara CMS 7.5. In order to exp ...)
+ TODO: check
CVE-2020-25041
RESERVED
CVE-2020-25040
@@ -310,10 +358,10 @@ CVE-2020-24951
RESERVED
CVE-2020-24950
RESERVED
-CVE-2020-24949
- RESERVED
-CVE-2020-24948
- RESERVED
+CVE-2020-24949 (Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php all ...)
+ TODO: check
+CVE-2020-24948 (The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 doe ...)
+ TODO: check
CVE-2020-24947
RESERVED
CVE-2020-24946
@@ -456,8 +504,8 @@ CVE-2020-24878
RESERVED
CVE-2020-24877
RESERVED
-CVE-2020-24876
- RESERVED
+CVE-2020-24876 (Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 ...)
+ TODO: check
CVE-2020-24875
RESERVED
CVE-2020-24874
@@ -482,8 +530,8 @@ CVE-2020-24865
RESERVED
CVE-2020-24864
RESERVED
-CVE-2020-24863
- RESERVED
+CVE-2020-24863 (A memory corruption vulnerability was found in the kernel function ker ...)
+ TODO: check
CVE-2020-24862
RESERVED
CVE-2020-25016 (A safety violation was discovered in the rgb crate before 0.8.20 for R ...)
@@ -1482,8 +1530,8 @@ CVE-2020-24387
RESERVED
CVE-2020-24386
RESERVED
-CVE-2020-24385
- RESERVED
+CVE-2020-24385 (In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD be ...)
+ TODO: check
CVE-2020-24384
RESERVED
CVE-2020-24383
@@ -1877,7 +1925,8 @@ CVE-2020-24214
RESERVED
CVE-2020-24213
RESERVED
-CVE-2020-24212 (**REJECTED**Kaldin 4.0 is affected by: Insecure Permissions. The impac ...)
+CVE-2020-24212
+ REJECTED
NOT-FOR-US: Kaldin
CVE-2020-24211
RESERVED
@@ -1915,8 +1964,8 @@ CVE-2020-24195
RESERVED
CVE-2020-24194
RESERVED
-CVE-2020-24193
- RESERVED
+CVE-2020-24193 (A SQL injection vulnerability in login in Sourcecodetester Daily Track ...)
+ TODO: check
CVE-2020-24192
RESERVED
CVE-2020-24191
@@ -1977,16 +2026,16 @@ CVE-2020-24164
RESERVED
CVE-2020-24163
RESERVED
-CVE-2020-24162
- RESERVED
-CVE-2020-24161
- RESERVED
-CVE-2020-24160
- RESERVED
-CVE-2020-24159
- RESERVED
-CVE-2020-24158
- RESERVED
+CVE-2020-24162 (The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App ...)
+ TODO: check
+CVE-2020-24161 (Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacki ...)
+ TODO: check
+CVE-2020-24160 (Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vu ...)
+ TODO: check
+CVE-2020-24159 (NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can ...)
+ TODO: check
+CVE-2020-24158 (360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which ...)
+ TODO: check
CVE-2020-24157
RESERVED
CVE-2020-24156
@@ -2425,7 +2474,8 @@ CVE-2020-23940
RESERVED
CVE-2020-23939
RESERVED
-CVE-2020-23938 (***REJECTED***Out of bounds read (CWE-125) in AnnLab V3 Lite 4.0.8.3 c ...)
+CVE-2020-23938
+ REJECTED
NOT-FOR-US: AnnLab V3 Lite
CVE-2020-23937
RESERVED
@@ -2673,14 +2723,14 @@ CVE-2020-23816
RESERVED
CVE-2020-23815
RESERVED
-CVE-2020-23814
- RESERVED
+CVE-2020-23814 (Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 ...)
+ TODO: check
CVE-2020-23813
RESERVED
CVE-2020-23812
RESERVED
-CVE-2020-23811
- RESERVED
+CVE-2020-23811 (xxl-job 2.2.0 allows Information Disclosure of username, model, and pa ...)
+ TODO: check
CVE-2020-23810
RESERVED
CVE-2020-23809
@@ -18144,7 +18194,7 @@ CVE-2020-16150 (A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in lib
- mbedtls <unfixed>
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1
CVE-2020-16149
- RESERVED
+ REJECTED
CVE-2020-16148
RESERVED
CVE-2020-16147
@@ -22665,8 +22715,7 @@ CVE-2020-14375
RESERVED
CVE-2020-14374
RESERVED
-CVE-2020-14373
- RESERVED
+CVE-2020-14373 (A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of g ...)
- ghostscript 9.26~dfsg-1
[stretch] - ghostscript 9.26~dfsg-0+deb9u1
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ece5cbbd9979cd35737b00e68267762d72feb2ea
@@ -23811,8 +23860,8 @@ CVE-2020-13974 (** DISPUTED ** An issue was discovered in the Linux kernel throu
NOTE: https://git.kernel.org/linus/b86dab054059b970111b5516ae548efaae5b3aae
CVE-2020-13973 (OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls ...)
NOT-FOR-US: OWASP json-sanitizer
-CVE-2020-13972
- RESERVED
+CVE-2020-13972 (Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own dom ...)
+ TODO: check
CVE-2020-13971 (In Shopware before 6.2.3, authenticated users are allowed to use the M ...)
NOT-FOR-US: Shopware
CVE-2020-13970 (Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery ( ...)
@@ -24229,7 +24278,7 @@ CVE-2020-13804 (An issue was discovered in Foxit Reader and PhantomPDF before 9.
NOT-FOR-US: Foxit Reader
CVE-2020-13803 (An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for M ...)
NOT-FOR-US: Foxit Reader
-CVE-2020-13802 (The rebar3 tool 3.0.0-beta.3 through 3.13.2 for Erlang allows remote c ...)
+CVE-2020-13802 (Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command in ...)
TODO: check, whether this affects src:rebar (but the security implications seems a little far-fetched anyway)
CVE-2020-13801
RESERVED
@@ -28744,8 +28793,8 @@ CVE-2020-12059 (An issue was discovered in Ceph through 13.2.9. A POST request w
NOTE: Consider 14.x series as fixed due to the use of the new style xml parsing.
CVE-2019-20787 (Teeworlds before 0.7.4 has an integer overflow when computing a tilema ...)
NOTE: Duplicate of CVE-2019-10877
-CVE-2020-12058
- RESERVED
+CVE-2020-12058 (Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 al ...)
+ TODO: check
CVE-2020-12057
RESERVED
CVE-2020-12056
@@ -31175,8 +31224,8 @@ CVE-2020-11581 (An issue was discovered in Pulse Secure Pulse Connect Secure (PC
NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2020-11580 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...)
NOT-FOR-US: Pulse Secure Pulse Connect Secure
-CVE-2020-11579
- RESERVED
+CVE-2020-11579 (An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. instal ...)
+ TODO: check
CVE-2020-11578
RESERVED
CVE-2020-11577
@@ -33727,8 +33776,7 @@ CVE-2020-10722 (A vulnerability was found in DPDK versions 18.05 and above. A mi
- dpdk 19.11.2-1 (bug #960936)
CVE-2020-10721
RESERVED
-CVE-2020-10720
- RESERVED
+CVE-2020-10720 (A flaw was found in the Linux kernel's implementation of GRO in versio ...)
- linux 5.2.6-1
[buster] - linux 4.19.67-1
[stretch] - linux 4.9.184-1
@@ -37391,8 +37439,8 @@ CVE-2020-9237 (Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.
NOT-FOR-US: Huawei
CVE-2020-9236
RESERVED
-CVE-2020-9235
- RESERVED
+CVE-2020-9235 (Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E ...)
+ TODO: check
CVE-2020-9234
RESERVED
CVE-2020-9233 (FusionCompute 8.0.0 have an insufficient authentication vulnerability. ...)
@@ -37463,8 +37511,8 @@ CVE-2020-9201
RESERVED
CVE-2020-9200
RESERVED
-CVE-2020-9199
- RESERVED
+CVE-2020-9199 (B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a ...)
+ TODO: check
CVE-2020-9198
RESERVED
CVE-2020-9197
@@ -37695,8 +37743,8 @@ CVE-2020-9085
RESERVED
CVE-2020-9084
RESERVED
-CVE-2020-9083
- RESERVED
+CVE-2020-9083 (HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163(C00E ...)
+ TODO: check
CVE-2020-9082
RESERVED
CVE-2020-9081
@@ -41083,8 +41131,8 @@ CVE-2020-7731
RESERVED
CVE-2020-7730
RESERVED
-CVE-2020-7729
- RESERVED
+CVE-2020-7729 (The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execut ...)
+ TODO: check
CVE-2020-7728
RESERVED
CVE-2020-7727 (All versions of package gedi are vulnerable to Prototype Pollution via ...)
@@ -41105,7 +41153,7 @@ CVE-2020-7720 (The package node-forge before 0.10.0 is vulnerable to Prototype P
- node-node-forge <unfixed>
NOTE: https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677
NOTE: https://github.com/digitalbazaar/forge/commit/6a1e3ef74f6eb345bcff1b82184201d1e28b6756
-CVE-2020-7719 (All versions of package locutus are vulnerable to Prototype Pollution ...)
+CVE-2020-7719 (Versions of package locutus before 2.0.12 are vulnerable to prototype ...)
TODO: check
CVE-2020-7718 (All versions of package gammautils are vulnerable to Prototype Polluti ...)
TODO: check
@@ -41849,10 +41897,10 @@ CVE-2020-7384
RESERVED
CVE-2020-7383
RESERVED
-CVE-2020-7382
- RESERVED
-CVE-2020-7381
- RESERVED
+CVE-2020-7382 (Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted ...)
+ TODO: check
+CVE-2020-7381 (In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose inst ...)
+ TODO: check
CVE-2020-7380
RESERVED
CVE-2020-7379
@@ -48954,8 +49002,8 @@ CVE-2020-4640
RESERVED
CVE-2020-4639
RESERVED
-CVE-2020-4638
- RESERVED
+CVE-2020-4638 (IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulner ...)
+ TODO: check
CVE-2020-4637
RESERVED
CVE-2020-4636
@@ -49556,8 +49604,8 @@ CVE-2020-4339
RESERVED
CVE-2020-4338 (IBM MQ 9.1.4 could allow a local attacker to obtain sensitive informat ...)
NOT-FOR-US: IBM
-CVE-2020-4337
- RESERVED
+CVE-2020-4337 (IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker ...)
+ TODO: check
CVE-2020-4336
RESERVED
CVE-2020-4335
@@ -87443,8 +87491,8 @@ CVE-2019-10681
RESERVED
CVE-2019-10680
RESERVED
-CVE-2019-10679
- RESERVED
+CVE-2019-10679 (Thomson Reuters Eikon 4.0.42144 allows all local users to modify the s ...)
+ TODO: check
CVE-2019-10678 (Domoticz before 4.10579 neglects to categorize \n and \r as insecure a ...)
- domoticz <itp> (bug #899058)
CVE-2019-10677 (Multiple Cross-Site Scripting (XSS) issues in the web interface on DAS ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d1882f168d3b7d2ad40187d149b0677f9ffc094
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d1882f168d3b7d2ad40187d149b0677f9ffc094
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200903/ce2e7f17/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list