[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Sep 4 21:10:26 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eae7d5d1 by security tracker role at 2020-09-04T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2020-25199
+ RESERVED
+CVE-2020-25198
+ RESERVED
+CVE-2020-25197
+ RESERVED
+CVE-2020-25196
+ RESERVED
+CVE-2020-25195
+ RESERVED
+CVE-2020-25194
+ RESERVED
+CVE-2020-25193
+ RESERVED
+CVE-2020-25192
+ RESERVED
+CVE-2020-25191
+ RESERVED
+CVE-2020-25190
+ RESERVED
+CVE-2020-25189
+ RESERVED
+CVE-2020-25188
+ RESERVED
+CVE-2020-25187
+ RESERVED
+CVE-2020-25186
+ RESERVED
+CVE-2020-25185
+ RESERVED
+CVE-2020-25184
+ RESERVED
+CVE-2020-25183
+ RESERVED
+CVE-2020-25182
+ RESERVED
+CVE-2020-25181
+ RESERVED
+CVE-2020-25180
+ RESERVED
+CVE-2020-25179
+ RESERVED
+CVE-2020-25178
+ RESERVED
+CVE-2020-25177
+ RESERVED
+CVE-2020-25176
+ RESERVED
+CVE-2020-25175
+ RESERVED
+CVE-2020-25174
+ RESERVED
+CVE-2020-25173
+ RESERVED
+CVE-2020-25172
+ RESERVED
+CVE-2020-25171
+ RESERVED
+CVE-2020-25170
+ RESERVED
+CVE-2020-25169
+ RESERVED
+CVE-2020-25168
+ RESERVED
+CVE-2020-25167
+ RESERVED
+CVE-2020-25166
+ RESERVED
+CVE-2020-25165
+ RESERVED
+CVE-2020-25164
+ RESERVED
+CVE-2020-25163
+ RESERVED
+CVE-2020-25162
+ RESERVED
+CVE-2020-25161
+ RESERVED
+CVE-2020-25160
+ RESERVED
+CVE-2020-25159
+ RESERVED
+CVE-2020-25158
+ RESERVED
+CVE-2020-25157
+ RESERVED
+CVE-2020-25156
+ RESERVED
+CVE-2020-25155
+ RESERVED
+CVE-2020-25154
+ RESERVED
+CVE-2020-25153
+ RESERVED
+CVE-2020-25152
+ RESERVED
+CVE-2020-25151
+ RESERVED
+CVE-2020-25150
+ RESERVED
CVE-2020-25149
RESERVED
CVE-2020-25148
@@ -398,8 +498,8 @@ CVE-2020-24965
RESERVED
CVE-2020-24964
RESERVED
-CVE-2020-24963
- RESERVED
+CVE-2020-24963 (An Authenticated Persistent XSS vulnerability was discovered in the Be ...)
+ TODO: check
CVE-2020-24962
RESERVED
CVE-2020-24961
@@ -1014,8 +1114,7 @@ CVE-2020-24661 (GNOME Geary before 3.36.3 mishandles pinned TLS certificate veri
NOTE: https://gitlab.gnome.org/GNOME/geary/-/issues/866
CVE-2020-24660
RESERVED
-CVE-2020-24659 [GNUTLS-SA-2020-09-04]
- RESERVED
+CVE-2020-24659 (An issue was discovered in GnuTLS before 3.6.15. A server can trigger ...)
- gnutls28 <unfixed> (bug #969547)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1071
@@ -1029,6 +1128,7 @@ CVE-2020-24656 (Maltego before 4.2.12 allows XXE attacks. ...)
CVE-2020-24655
RESERVED
CVE-2020-24654 (In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can ins ...)
+ {DSA-4759-1}
- ark 4:20.08.1-1 (bug #969437)
NOTE: https://github.com/KDE/ark/commit/8bf8c5ef07b0ac5e914d752681e470dea403a5bd
NOTE: https://kde.org/info/security/advisory-20200827-1.txt
@@ -22844,13 +22944,13 @@ CVE-2020-14363 [Double free in libX11 locale handling code]
NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d
CVE-2020-14362
RESERVED
- {DLA-2359-1}
+ {DSA-4758-1 DLA-2359-1}
- xorg-server 2:1.20.9-1
NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/2902b78535ecc6821cc027351818b28a5c7fdbdc
CVE-2020-14361
RESERVED
- {DLA-2359-1}
+ {DSA-4758-1 DLA-2359-1}
- xorg-server 2:1.20.9-1
NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/144849ea27230962227e62a943b399e2ab304787
@@ -22901,19 +23001,19 @@ CVE-2020-14348
RESERVED
NOT-FOR-US: AMQ Online
CVE-2020-14347 (A flaw was found in the way xserver memory was not properly initialize ...)
- {DLA-2359-1}
+ {DSA-4758-1 DLA-2359-1}
- xorg-server 2:1.20.9-1 (bug #968986)
NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003051.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816
CVE-2020-14346
RESERVED
- {DLA-2359-1}
+ {DSA-4758-1 DLA-2359-1}
- xorg-server 2:1.20.9-1
NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/c940cc8b6c0a2983c1ec974f1b3f019795dd4cff
CVE-2020-14345
RESERVED
- {DLA-2359-1}
+ {DSA-4758-1 DLA-2359-1}
- xorg-server 2:1.20.9-1
NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/f7cd1276bbd4fe3a9700096dec33b52b8440788d
@@ -23851,8 +23951,8 @@ CVE-2020-14010 (The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS
NOT-FOR-US: Laborator Xenon theme for WordPress
CVE-2020-14009
RESERVED
-CVE-2020-14008
- RESERVED
+CVE-2020-14008 (Zoho ManageEngine Applications Manager 14710 and before allows an auth ...)
+ TODO: check
CVE-2020-14007 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...)
NOT-FOR-US: Solarwinds
CVE-2020-14006 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...)
@@ -30947,6 +31047,7 @@ CVE-2020-11614 (Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest
CVE-2020-11613 (Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulne ...)
NOT-FOR-US: Mids' Reborn Hero Designer
CVE-2020-11612 (The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memo ...)
+ {DLA-2364-1}
- netty 1:4.1.48-1
[jessie] - netty <ignored> (OOM DoS with fix/mitigation involving new API; too intrusive to backport due to more limited 3.x buffer API)
NOTE: https://github.com/netty/netty/issues/6168
@@ -39446,7 +39547,7 @@ CVE-2020-8434 (Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3
CVE-2020-8433
RESERVED
CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length ...)
- {DLA-2110-1 DLA-2109-1}
+ {DLA-2365-1 DLA-2364-1 DLA-2110-1 DLA-2109-1}
- netty 1:4.1.45-1 (bug #950967)
- netty-3.9 <removed>
NOTE: https://github.com/netty/netty/issues/9861
@@ -39454,7 +39555,7 @@ CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-L
NOTE: https://github.com/netty/netty/commit/629034624626b722128e0fcc6b3ec9d406cb3706 (4.1)
NOTE: https://github.com/netty/netty/commit/5f68897880467c00f29495b0aa46ed19bf7a873c (tests)
CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header th ...)
- {DLA-2110-1 DLA-2109-1}
+ {DLA-2365-1 DLA-2364-1 DLA-2110-1 DLA-2109-1}
- netty 1:4.1.45-1 (bug #950966)
- netty-3.9 <removed>
NOTE: https://github.com/netty/netty/issues/9866
@@ -41213,8 +41314,8 @@ CVE-2020-7732
RESERVED
CVE-2020-7731
RESERVED
-CVE-2020-7730
- RESERVED
+CVE-2020-7730 (The package bestzip before 2.1.7 are vulnerable to Command Injection v ...)
+ TODO: check
CVE-2020-7729 (The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execut ...)
TODO: check
CVE-2020-7728
@@ -42147,8 +42248,8 @@ CVE-2020-7301 (Cross Site scripting vulnerability in McAfee Data Loss Prevention
NOT-FOR-US: McAfee
CVE-2020-7300 (Improper Authorization vulnerability in McAfee Data Loss Prevention (D ...)
NOT-FOR-US: McAfee
-CVE-2020-7299
- RESERVED
+CVE-2020-7299 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...)
+ TODO: check
CVE-2020-7298 (Unexpected behavior violation in McAfee Total Protection (MTP) prior t ...)
NOT-FOR-US: McAfee
CVE-2020-7297
@@ -42300,7 +42401,7 @@ CVE-2019-20382 (QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc
NOTE: https://www.openwall.com/lists/oss-security/2020/03/05/1
NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0
CVE-2020-7238 (Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles ...)
- {DLA-2110-1 DLA-2109-1}
+ {DLA-2364-1 DLA-2110-1 DLA-2109-1}
- netty 1:4.1.45-1 (bug #950967)
- netty-3.9 <removed>
[stretch] - netty-3.9 <not-affected> (Incomplete fix for CVE-2019-16869 was not applied)
@@ -42566,8 +42667,8 @@ CVE-2020-7121
RESERVED
CVE-2020-7120
RESERVED
-CVE-2020-7119
- RESERVED
+CVE-2020-7119 (A vulnerability exists in the Aruba ClearPass C1000 S-1200 R4 HW-Based ...)
+ TODO: check
CVE-2020-7118
RESERVED
CVE-2020-7117 (The ClearPass Policy Manager WebUI administrative interface has an aut ...)
@@ -45005,7 +45106,8 @@ CVE-2020-6281 (SAP Business Objects Business Intelligence Platform (BI Launchpad
NOT-FOR-US: SAP
CVE-2020-6280 (SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, ...)
NOT-FOR-US: SAP
-CVE-2020-6279 (OData APIs and JobApplicationInterview and JobApplication export permi ...)
+CVE-2020-6279
+ REJECTED
NOT-FOR-US: SAP
CVE-2020-6278 (SAP Business Objects Business Intelligence Platform (BI Launchpad and ...)
NOT-FOR-US: SAP
@@ -48959,8 +49061,8 @@ CVE-2020-4704
RESERVED
CVE-2020-4703
RESERVED
-CVE-2020-4702
- RESERVED
+CVE-2020-4702 (IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-s ...)
+ TODO: check
CVE-2020-4701
RESERVED
CVE-2020-4700
@@ -49099,8 +49201,8 @@ CVE-2020-4634
RESERVED
CVE-2020-4633
RESERVED
-CVE-2020-4632
- RESERVED
+CVE-2020-4632 (IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-sid ...)
+ TODO: check
CVE-2020-4631 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-de ...)
NOT-FOR-US: IBM
CVE-2020-4630
@@ -49273,8 +49375,8 @@ CVE-2020-4547
RESERVED
CVE-2020-4546 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...)
NOT-FOR-US: IBM
-CVE-2020-4545
- RESERVED
+CVE-2020-4545 (IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbi ...)
+ TODO: check
CVE-2020-4544
RESERVED
CVE-2020-4543
@@ -67728,7 +67830,7 @@ CVE-2019-16871 (Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff
CVE-2019-16870
RESERVED
CVE-2019-16869 (Netty before 4.1.42.Final mishandles whitespace before the colon in HT ...)
- {DSA-4597-1 DLA-2110-1 DLA-1941-1}
+ {DSA-4597-1 DLA-2365-1 DLA-2110-1 DLA-1941-1}
- netty 1:4.1.33-2 (bug #941266)
- netty-3.9 <removed>
NOTE: https://github.com/netty/netty/issues/9571
@@ -105934,8 +106036,7 @@ CVE-2019-3882 (A flaw was found in the Linux kernel's vfio interface implementat
NOTE: https://lore.kernel.org/lkml/155414977872.12780.13728555131525362206.stgit@gimli.home/T/#u
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1689426
NOTE: Fixed by: https://git.kernel.org/linus/492855939bdb59c6f947b0b5b44af9ad82b7e38c
-CVE-2019-3881 [tmp_home_path insecure]
- RESERVED
+CVE-2019-3881 (Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with ...)
- bundler 1.16.1-2 (bug #881749; bug #796383)
[stretch] - bundler <no-dsa> (Minor issue)
[jessie] - bundler <not-affected> (This version just uses mktmpdir which creates temporary directories with 0700 permissions by default.)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eae7d5d1dcf3af69155043c8da2104e4e4b6999e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eae7d5d1dcf3af69155043c8da2104e4e4b6999e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200904/4315ddef/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list