[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Sep 4 09:10:28 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
90064e3d by security tracker role at 2020-09-04T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2020-25149
+ RESERVED
+CVE-2020-25148
+ RESERVED
+CVE-2020-25147
+ RESERVED
+CVE-2020-25146
+ RESERVED
+CVE-2020-25145
+ RESERVED
+CVE-2020-25144
+ RESERVED
+CVE-2020-25143
+ RESERVED
+CVE-2020-25142
+ RESERVED
+CVE-2020-25141
+ RESERVED
+CVE-2020-25140
+ RESERVED
+CVE-2020-25139
+ RESERVED
+CVE-2020-25138
+ RESERVED
+CVE-2020-25137
+ RESERVED
+CVE-2020-25136
+ RESERVED
+CVE-2020-25135
+ RESERVED
+CVE-2020-25134
+ RESERVED
+CVE-2020-25133
+ RESERVED
+CVE-2020-25132
+ RESERVED
+CVE-2020-25131
+ RESERVED
+CVE-2020-25130
+ RESERVED
+CVE-2020-25129
+ RESERVED
+CVE-2020-25128
+ RESERVED
+CVE-2020-25127
+ RESERVED
+CVE-2020-25126
+ RESERVED
CVE-2020-25124 (The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.p ...)
NOT-FOR-US: vBulletin
CVE-2020-25123 (The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smili ...)
@@ -210,12 +258,12 @@ CVE-2020-25025 (The l10nmgr (aka Localization Manager) extension before 7.4.0, 8
NOT-FOR-US: Typo extension
CVE-2020-25024
RESERVED
-CVE-2020-25023
- RESERVED
-CVE-2020-25022
- RESERVED
-CVE-2020-25021
- RESERVED
+CVE-2020-25023 (An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrC ...)
+ TODO: check
+CVE-2020-25022 (An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallba ...)
+ TODO: check
+CVE-2020-25021 (An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCi ...)
+ TODO: check
CVE-2020-25020 (MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectRe ...)
NOT-FOR-US: MPXJ
CVE-2020-25019 (jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the E ...)
@@ -242,12 +290,12 @@ CVE-2020-25008
RESERVED
CVE-2020-25007
RESERVED
-CVE-2020-25006
- RESERVED
-CVE-2020-25005
- RESERVED
-CVE-2020-25004
- RESERVED
+CVE-2020-25006 (Heybbs v1.2 has a SQL injection vulnerability in login.php file via th ...)
+ TODO: check
+CVE-2020-25005 (Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ...)
+ TODO: check
+CVE-2020-25004 (Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ...)
+ TODO: check
CVE-2020-25003
RESERVED
CVE-2020-25002
@@ -256,14 +304,14 @@ CVE-2020-25001
RESERVED
CVE-2020-25000
RESERVED
-CVE-2020-24999
- RESERVED
+CVE-2020-24999 (There is an invalid memory access in the function fprintf located in E ...)
+ TODO: check
CVE-2020-24998
RESERVED
CVE-2020-24997
RESERVED
-CVE-2020-24996
- RESERVED
+CVE-2020-24996 (There is an invalid memory access in the function TextString::~TextStr ...)
+ TODO: check
CVE-2020-24995
RESERVED
CVE-2020-24994
@@ -294,14 +342,14 @@ CVE-2020-24982
RESERVED
CVE-2020-24981
RESERVED
-CVE-2020-24980
- RESERVED
-CVE-2020-24979
- RESERVED
-CVE-2020-24978
- RESERVED
-CVE-2020-24977
- RESERVED
+CVE-2020-24980 (An assertion failure was found in src/parse-gram.c in GNU bison 3.7.1. ...)
+ TODO: check
+CVE-2020-24979 (A Buffer Overflow vulnerability was found in src/symtab.c in GNU bison ...)
+ TODO: check
+CVE-2020-24978 (In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline ...)
+ TODO: check
+CVE-2020-24977 (GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflo ...)
+ TODO: check
CVE-2020-24976
RESERVED
CVE-2020-24975
@@ -374,10 +422,10 @@ CVE-2020-24943
RESERVED
CVE-2020-24942
RESERVED
-CVE-2020-24941
- RESERVED
-CVE-2020-24940
- RESERVED
+CVE-2020-24941 (An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24. ...)
+ TODO: check
+CVE-2020-24940 (An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23. ...)
+ TODO: check
CVE-2020-24939
RESERVED
CVE-2020-24938
@@ -2683,8 +2731,8 @@ CVE-2020-23836 (A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.p
NOT-FOR-US: OSWAPP Warehouse Inventory System
CVE-2020-23835 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php ...)
NOT-FOR-US: SourceCodester Tailor Management System
-CVE-2020-23834
- RESERVED
+CVE-2020-23834 (Insecure Service File Permissions in the bd service in Real Time Logic ...)
+ TODO: check
CVE-2020-23833
RESERVED
CVE-2020-23832
@@ -28356,10 +28404,10 @@ CVE-2020-12250
RESERVED
CVE-2020-12249
RESERVED
-CVE-2020-12248
- RESERVED
-CVE-2020-12247
- RESERVED
+CVE-2020-12248 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...)
+ TODO: check
+CVE-2020-12247 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...)
+ TODO: check
CVE-2020-12246 (Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other & ...)
NOT-FOR-US: Beeline Smart Box
CVE-2020-12245 (Grafana before 6.7.3 allows table-panel XSS via column.title or cellLi ...)
@@ -31449,8 +31497,8 @@ CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c i
- linux 5.5.17-1
[buster] - linux 4.19.118-1
NOTE: https://lore.kernel.org/netdev/20200401100639.20199-1-rpalethorpe@suse.com/
-CVE-2020-11493
- RESERVED
+CVE-2020-11493 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...)
+ TODO: check
CVE-2020-11492 (An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. ...)
NOT-FOR-US: Docker Desktop on Windows
CVE-2020-11491 (Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticat ...)
@@ -52391,28 +52439,28 @@ CVE-2020-3549
RESERVED
CVE-2020-3548
RESERVED
-CVE-2020-3547
- RESERVED
-CVE-2020-3546
- RESERVED
-CVE-2020-3545
- RESERVED
+CVE-2020-3547 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
+ TODO: check
+CVE-2020-3546 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
+ TODO: check
+CVE-2020-3545 (A vulnerability in Cisco FXOS Software could allow an authenticated, l ...)
+ TODO: check
CVE-2020-3544
RESERVED
CVE-2020-3543
RESERVED
-CVE-2020-3542
- RESERVED
-CVE-2020-3541
- RESERVED
+CVE-2020-3542 (A vulnerability in Cisco Webex Training could allow an authenticated, ...)
+ TODO: check
+CVE-2020-3541 (A vulnerability in the media engine component of Cisco Webex Meetings ...)
+ TODO: check
CVE-2020-3540
RESERVED
CVE-2020-3539
RESERVED
CVE-2020-3538
RESERVED
-CVE-2020-3537
- RESERVED
+CVE-2020-3537 (A vulnerability in Cisco Jabber for Windows software could allow an au ...)
+ TODO: check
CVE-2020-3536
RESERVED
CVE-2020-3535
@@ -52425,8 +52473,8 @@ CVE-2020-3532
RESERVED
CVE-2020-3531
RESERVED
-CVE-2020-3530
- RESERVED
+CVE-2020-3530 (A vulnerability in task group assignment for a specific CLI command in ...)
+ TODO: check
CVE-2020-3529
RESERVED
CVE-2020-3528
@@ -52489,14 +52537,14 @@ CVE-2020-3500 (A vulnerability in the IPv6 implementation of Cisco StarOS could
NOT-FOR-US: Cisco
CVE-2020-3499
RESERVED
-CVE-2020-3498
- RESERVED
+CVE-2020-3498 (A vulnerability in Cisco Jabber software could allow an authenticated, ...)
+ TODO: check
CVE-2020-3497
RESERVED
CVE-2020-3496 (A vulnerability in the IPv6 packet processing engine of Cisco Small Bu ...)
NOT-FOR-US: Cisco
-CVE-2020-3495
- RESERVED
+CVE-2020-3495 (A vulnerability in Cisco Jabber for Windows could allow an authenticat ...)
+ TODO: check
CVE-2020-3494
RESERVED
CVE-2020-3493
@@ -52532,8 +52580,8 @@ CVE-2020-3480
RESERVED
CVE-2020-3479
RESERVED
-CVE-2020-3478
- RESERVED
+CVE-2020-3478 (A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure ...)
+ TODO: check
CVE-2020-3477
RESERVED
CVE-2020-3476
@@ -52542,8 +52590,8 @@ CVE-2020-3475
RESERVED
CVE-2020-3474
RESERVED
-CVE-2020-3473
- RESERVED
+CVE-2020-3473 (A vulnerability in task group assignment for a specific CLI command in ...)
+ TODO: check
CVE-2020-3472 (A vulnerability in the contacts feature of Cisco Webex Meetings could ...)
NOT-FOR-US: Cisco
CVE-2020-3471
@@ -52582,12 +52630,12 @@ CVE-2020-3455
RESERVED
CVE-2020-3454 (A vulnerability in the Call Home feature of Cisco NX-OS Software could ...)
NOT-FOR-US: Cisco
-CVE-2020-3453
- RESERVED
+CVE-2020-3453 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2020-3452 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
NOT-FOR-US: Cisco
-CVE-2020-3451
- RESERVED
+CVE-2020-3451 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2020-3450 (A vulnerability in the web-based management interface of Cisco Vision ...)
NOT-FOR-US: Cisco
CVE-2020-3449 (A vulnerability in the Border Gateway Protocol (BGP) additional paths ...)
@@ -52628,8 +52676,8 @@ CVE-2020-3432
RESERVED
CVE-2020-3431
RESERVED
-CVE-2020-3430
- RESERVED
+CVE-2020-3430 (A vulnerability in the application protocol handling features of Cisco ...)
+ TODO: check
CVE-2020-3429
RESERVED
CVE-2020-3428
@@ -52758,8 +52806,8 @@ CVE-2020-3367
RESERVED
CVE-2020-3366
RESERVED
-CVE-2020-3365
- RESERVED
+CVE-2020-3365 (A vulnerability in the directory permissions of Cisco Enterprise NFV I ...)
+ TODO: check
CVE-2020-3364 (A vulnerability in the access control list (ACL) functionality of the ...)
NOT-FOR-US: Cisco
CVE-2020-3363 (A vulnerability in the IPv6 packet processing engine of Cisco Small Bu ...)
@@ -56719,8 +56767,8 @@ CVE-2020-1913
RESERVED
CVE-2020-1912
RESERVED
-CVE-2020-1911
- RESERVED
+CVE-2020-1911 (A type confusion vulnerability when resolving properties of JavaScript ...)
+ TODO: check
CVE-2020-1910
RESERVED
CVE-2020-1909
@@ -56753,24 +56801,24 @@ CVE-2020-1896
RESERVED
CVE-2020-1895 (A large heap overflow could occur in Instagram for Android when attemp ...)
NOT-FOR-US: Instagram for Android
-CVE-2020-1894
- RESERVED
+CVE-2020-1894 (A stack write overflow in WhatsApp for Android prior to v2.20.35, What ...)
+ TODO: check
CVE-2020-1893 (Insufficient boundary checks when decoding JSON in TryParse reads out ...)
- hhvm <removed>
CVE-2020-1892 (Insufficient boundary checks when decoding JSON in JSON_parser allows ...)
- hhvm <removed>
-CVE-2020-1891
- RESERVED
-CVE-2020-1890
- RESERVED
-CVE-2020-1889
- RESERVED
+CVE-2020-1891 (A user controlled parameter used in video call in WhatsApp for Android ...)
+ TODO: check
+CVE-2020-1890 (A URL validation issue in WhatsApp for Android prior to v2.20.11 and W ...)
+ TODO: check
+CVE-2020-1889 (A security feature bypass issue in WhatsApp Desktop versions prior to ...)
+ TODO: check
CVE-2020-1888 (Insufficient boundary checks when decoding JSON in handleBackslash rea ...)
- hhvm <removed>
CVE-2020-1887 (Incorrect validation of the TLS SNI hostname in osquery versions after ...)
- osquery <itp> (bug #803502)
-CVE-2020-1886
- RESERVED
+CVE-2020-1886 (A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsA ...)
+ TODO: check
CVE-2020-1885 (Writing to an unprivileged file from a privileged OVRRedir.exe process ...)
NOT-FOR-US: Oculus Desktop
CVE-2019-19512
@@ -83727,8 +83775,8 @@ CVE-2019-11930 (An invalid free in mb_detect_order can cause the application to
- hhvm <removed>
CVE-2019-11929 (Insufficient boundary checks when formatting numbers in number_format ...)
- hhvm <removed>
-CVE-2019-11928
- RESERVED
+CVE-2019-11928 (An input validation issue in WhatsApp Desktop versions prior to v0.3.4 ...)
+ TODO: check
CVE-2019-11927 (An integer overflow in WhatsApp media parsing libraries allows a remot ...)
NOT-FOR-US: WhatsApp
CVE-2019-11926 (Insufficient boundary checks when processing M_SOFx markers from JPEG ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90064e3da3834302087e36e42bf17e60347d3bc8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90064e3da3834302087e36e42bf17e60347d3bc8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200904/6d68901b/attachment.html>
More information about the debian-security-tracker-commits
mailing list