[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Sep 10 21:10:35 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7605463f by security tracker role at 2020-09-10T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,12 @@
-CVE-2020-25221 [mm: fix pin vs. gup mismatch with gate pages]
+CVE-2020-25225
+ RESERVED
+CVE-2020-25224
+ RESERVED
+CVE-2020-25223
+ RESERVED
+CVE-2020-25222
+ RESERVED
+CVE-2020-25221 (get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5 ...)
- linux 5.8.7-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -1023,8 +1031,8 @@ CVE-2020-24741
RESERVED
CVE-2020-24740
RESERVED
-CVE-2020-24739
- RESERVED
+CVE-2020-24739 (A CSRF vulnerability was found in iCMS v7.0.0 in the background deleti ...)
+ TODO: check
CVE-2020-24738
RESERVED
CVE-2020-24737
@@ -1365,8 +1373,8 @@ CVE-2020-24583 (An issue was discovered in Django 2.2 before 2.2.16, 3.0 before
NOTE: https://github.com/django/django/commit/934430d22aa5d90c2ba33495ff69a6a1d997d584 (3.1.1)
NOTE: https://github.com/django/django/commit/08892bffd275c79ee1f8f67639eb170aaaf1181e (3.0.10)
NOTE: https://github.com/django/django/commit/375657a71c889c588f723469bd868bd1d40c369f (2.2.16)
-CVE-2020-24582
- RESERVED
+CVE-2020-24582 (Zulip Desktop before 5.4.3 allows XSS because string escaping is misha ...)
+ TODO: check
CVE-2020-24581
RESERVED
CVE-2020-24580
@@ -1440,8 +1448,8 @@ CVE-2020-24553 (Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because tex
NOTE: https://github.com/golang/go/issues/41164 (1.14 backport)
NOTE: https://github.com/golang/go/issues/41165 (1.15 backport)
NOTE: https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-004/-inconsistent-behavior-of-gos-cgi-and-fastcgi-transport-may-lead-to-cross-site-scripting
-CVE-2020-24552
- RESERVED
+CVE-2020-24552 (Atop Technology industrial 3G/4G gateway contains Command Injection vu ...)
+ TODO: check
CVE-2020-24551
RESERVED
CVE-2020-24550
@@ -15811,8 +15819,8 @@ CVE-2020-17410
RESERVED
CVE-2020-17409
RESERVED
-CVE-2020-17408
- RESERVED
+CVE-2020-17408 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
CVE-2020-17407
RESERVED
CVE-2020-17406
@@ -20843,16 +20851,16 @@ CVE-2020-15172
RESERVED
CVE-2020-15171
RESERVED
-CVE-2020-15170
- RESERVED
+CVE-2020-15170 (apollo-adminservice before version 1.7.1 does not implement access con ...)
+ TODO: check
CVE-2020-15169
RESERVED
- rails <unfixed> (bug #970040)
NOTE: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml
NOTE: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc?pli=1
NOTE: https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e
-CVE-2020-15168
- RESERVED
+CVE-2020-15168 (node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the si ...)
+ TODO: check
CVE-2020-15167 (In Miller (command line utility) using the configuration file support ...)
- miller 5.9.1+dfsg-1 (bug #969467)
[buster] - miller <not-affected> (Introduced in 5.9.0)
@@ -21204,8 +21212,8 @@ CVE-2020-15025 (ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allow
NOTE: https://support.ntp.org/bin/view/Main/NtpBug3661
NOTE: https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea
NOTE: https://bugs.ntp.org/show_bug.cgi?id=3661
-CVE-2020-15024
- RESERVED
+CVE-2020-15024 (An issue was discovered in the Login Password feature of the Password ...)
+ TODO: check
CVE-2020-15023
RESERVED
CVE-2020-15022
@@ -23510,8 +23518,8 @@ CVE-2020-14200
RESERVED
CVE-2020-14199 (BIP-143 in the Bitcoin protocol specification mishandles the signing o ...)
NOT-FOR-US: Bitcoin protocol issue
-CVE-2020-14198
- RESERVED
+CVE-2020-14198 (Bitcoin Core 0.20.0 allows remote denial of service. ...)
+ TODO: check
CVE-2020-14197
RESERVED
CVE-2020-14196 (In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1 ...)
@@ -24257,8 +24265,8 @@ CVE-2020-13922
RESERVED
CVE-2020-13921 (**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storag ...)
NOT-FOR-US: Apache SkyWalking
-CVE-2020-13920
- RESERVED
+CVE-2020-13920 (Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX ...)
+ TODO: check
CVE-2020-13919 (emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow ...)
NOT-FOR-US: Ruckus Wireless Unleashed
CVE-2020-13918 (Incorrect access control in webs in Ruckus Wireless Unleashed through ...)
@@ -29203,8 +29211,8 @@ CVE-2020-12000 (The affected product is vulnerable to the handling of serialized
NOT-FOR-US: Inductive Automation Ignition
CVE-2020-11999 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...)
NOT-FOR-US: FactoryTalk
-CVE-2020-11998
- RESERVED
+CVE-2020-11998 (A regression has been introduced in the commit preventing JMX re-bind. ...)
+ TODO: check
CVE-2020-11997
RESERVED
CVE-2020-11996 (A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat ...)
@@ -33826,8 +33834,7 @@ CVE-2020-10774
RESERVED
- linux <not-affected> (Red Hat-specific patch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1846964
-CVE-2020-10773 [kernel stack information leak on s390/s390x]
- RESERVED
+CVE-2020-10773 (A stack information leak flaw was found in s390/s390x in the Linux ker ...)
- linux 5.3.9-1
[buster] - linux 4.19.87-1
[stretch] - linux 4.9.210-1
@@ -36467,44 +36474,44 @@ CVE-2020-9745
RESERVED
CVE-2020-9744
RESERVED
-CVE-2020-9743
- RESERVED
-CVE-2020-9742
- RESERVED
-CVE-2020-9741
- RESERVED
-CVE-2020-9740
- RESERVED
+CVE-2020-9743 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
+ TODO: check
+CVE-2020-9742 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and ...)
+ TODO: check
+CVE-2020-9741 (The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and ...)
+ TODO: check
+CVE-2020-9740 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
+ TODO: check
CVE-2020-9739
RESERVED
-CVE-2020-9738
- RESERVED
-CVE-2020-9737
- RESERVED
-CVE-2020-9736
- RESERVED
-CVE-2020-9735
- RESERVED
-CVE-2020-9734
- RESERVED
-CVE-2020-9733
- RESERVED
-CVE-2020-9732
- RESERVED
-CVE-2020-9731
- RESERVED
-CVE-2020-9730
- RESERVED
-CVE-2020-9729
- RESERVED
-CVE-2020-9728
- RESERVED
-CVE-2020-9727
- RESERVED
-CVE-2020-9726
- RESERVED
-CVE-2020-9725
- RESERVED
+CVE-2020-9738 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
+ TODO: check
+CVE-2020-9737 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
+ TODO: check
+CVE-2020-9736 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
+ TODO: check
+CVE-2020-9735 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
+ TODO: check
+CVE-2020-9734 (The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and ...)
+ TODO: check
+CVE-2020-9733 (An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (a ...)
+ TODO: check
+CVE-2020-9732 (The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and ...)
+ TODO: check
+CVE-2020-9731 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...)
+ TODO: check
+CVE-2020-9730 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...)
+ TODO: check
+CVE-2020-9729 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...)
+ TODO: check
+CVE-2020-9728 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...)
+ TODO: check
+CVE-2020-9727 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...)
+ TODO: check
+CVE-2020-9726 (Adobe FrameMaker version 2019.0.6 (and earlier versions) has an out-of ...)
+ TODO: check
+CVE-2020-9725 (Adobe FrameMaker version 2019.0.6 (and earlier versions) lacks proper ...)
+ TODO: check
CVE-2020-9724 (Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library ...)
NOT-FOR-US: Adobe
CVE-2020-9723 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
@@ -38838,8 +38845,8 @@ CVE-2020-8760
RESERVED
CVE-2020-8759 (Improper access control in the installer for Intel(R) SSD DCT versions ...)
NOT-FOR-US: Intel
-CVE-2020-8758
- RESERVED
+CVE-2020-8758 (Improper buffer restrictions in network subsystem in provisioned Intel ...)
+ TODO: check
CVE-2020-8757
RESERVED
CVE-2020-8756
@@ -40393,7 +40400,7 @@ CVE-2020-8118 (An authenticated server-side request forgery in Nextcloud server
- nextcloud-server <itp> (bug #941708)
CVE-2020-8117 (Improper preservation of permissions in Nextcloud Server 14.0.3 causes ...)
- nextcloud-server <itp> (bug #941708)
-CVE-2020-8116 (Prototype pollution vulnerability in dot-prop npm package version 5.1. ...)
+CVE-2020-8116 (Prototype pollution vulnerability in dot-prop npm package versions bef ...)
- node-dot-prop 5.2.0-1
[buster] - node-dot-prop 4.1.1-1+deb10u1
NOTE: https://hackerone.com/reports/719856
@@ -42316,16 +42323,16 @@ CVE-2020-7317
RESERVED
CVE-2020-7316
RESERVED
-CVE-2020-7315
- RESERVED
-CVE-2020-7314
- RESERVED
+CVE-2020-7315 (DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to ...)
+ TODO: check
+CVE-2020-7314 (Privilege Escalation Vulnerability in the installer in McAfee Data Exc ...)
+ TODO: check
CVE-2020-7313
RESERVED
-CVE-2020-7312
- RESERVED
-CVE-2020-7311
- RESERVED
+CVE-2020-7312 (DLL Search Order Hijacking Vulnerability in the installer in McAfee Ag ...)
+ TODO: check
+CVE-2020-7311 (Privilege Escalation vulnerability in the installer in McAfee Agent (M ...)
+ TODO: check
CVE-2020-7310 (Privilege Escalation vulnerability in the installer in McAfee McAfee T ...)
NOT-FOR-US: McAfee
CVE-2020-7309 (Cross Site Scripting vulnerability in ePO extension in McAfee Applicat ...)
@@ -45601,8 +45608,8 @@ CVE-2020-6099
CVE-2020-6098 (An exploitable denial of service vulnerability exists in the freeDiame ...)
- freediameter <unfixed>
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1030
-CVE-2020-6097
- RESERVED
+CVE-2020-6097 (An exploitable denial of service vulnerability exists in the atftpd da ...)
+ TODO: check
CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...)
- glibc 2.31-2 (low; bug #961452)
[buster] - glibc <no-dsa> (Minor issue)
@@ -46322,8 +46329,8 @@ CVE-2020-5782
RESERVED
CVE-2020-5781
RESERVED
-CVE-2020-5780
- RESERVED
+CVE-2020-5780 (Missing Authentication for Critical Function in Icegram Email Subscrib ...)
+ TODO: check
CVE-2020-5779 (A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) relates t ...)
NOT-FOR-US: Trading Technologies Messaging
CVE-2020-5778 (A flaw exists in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) du ...)
@@ -49415,8 +49422,8 @@ CVE-2020-4580
RESERVED
CVE-2020-4579
RESERVED
-CVE-2020-4578
- RESERVED
+CVE-2020-4578 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
+ TODO: check
CVE-2020-4577
RESERVED
CVE-2020-4576
@@ -114580,7 +114587,7 @@ CVE-2018-19651 (admin/functions/remote.php in Interspire Email Marketer through
CVE-2018-19650 (Local attackers can trigger a stack-based buffer overflow on vulnerabl ...)
NOT-FOR-US: Antiy-AVL ATool security management
CVE-2019-1564
- RESERVED
+ REJECTED
CVE-2019-1563 (In situations where an attacker receives automated notification of the ...)
{DSA-4540-1 DSA-4539-1 DLA-1932-1}
- openssl 1.1.1d-1
@@ -114590,11 +114597,11 @@ CVE-2019-1563 (In situations where an attacker receives automated notification o
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f (OpenSSL_1_0_2t)
NOTE: https://www.openssl.org/news/secadv/20190910.txt
CVE-2019-1562
- RESERVED
+ REJECTED
CVE-2019-1561
- RESERVED
+ REJECTED
CVE-2019-1560
- RESERVED
+ REJECTED
CVE-2019-1559 (If an application encounters a fatal protocol error and then calls SSL ...)
{DSA-4400-1 DLA-1701-1}
- openssl1.0 <unfixed>
@@ -114607,17 +114614,17 @@ CVE-2019-1559 (If an application encounters a fatal protocol error and then call
NOTE: to this issue, marking first 1.1 upload of src:openssl as fixed
NOTE: https://www.openssl.org/news/secadv/20190226.txt
CVE-2019-1558
- RESERVED
+ REJECTED
CVE-2019-1557
- RESERVED
+ REJECTED
CVE-2019-1556
- RESERVED
+ REJECTED
CVE-2019-1555
- RESERVED
+ REJECTED
CVE-2019-1554
- RESERVED
+ REJECTED
CVE-2019-1553
- RESERVED
+ REJECTED
CVE-2019-1552 (OpenSSL has internal defaults for a directory tree where it can find a ...)
- openssl <not-affected> (Windows-specific)
- openssl1.0 <not-affected> (Windows-specific)
@@ -114633,7 +114640,7 @@ CVE-2019-1551 (There is an overflow bug in the x64_64 Montgomery squaring proced
NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f
NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98
CVE-2019-1550
- RESERVED
+ REJECTED
CVE-2019-1549 (OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). Th ...)
- openssl 1.1.1d-1
[buster] - openssl 1.1.1d-0+deb10u1
@@ -114643,7 +114650,7 @@ CVE-2019-1549 (OpenSSL 1.1.1 introduced a rewritten random number generator (RNG
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be
NOTE: https://www.openssl.org/news/secadv/20190910.txt
CVE-2019-1548
- RESERVED
+ REJECTED
CVE-2019-1547 (Normally in OpenSSL EC groups always have a co-factor present and this ...)
{DSA-4540-1 DSA-4539-1 DLA-1932-1}
- openssl 1.1.1d-1
@@ -114653,11 +114660,11 @@ CVE-2019-1547 (Normally in OpenSSL EC groups always have a co-factor present and
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8 (OpenSSL_1_1_1d)
NOTE: https://www.openssl.org/news/secadv/20190910.txt
CVE-2019-1546
- RESERVED
+ REJECTED
CVE-2019-1545
- RESERVED
+ REJECTED
CVE-2019-1544
- RESERVED
+ REJECTED
CVE-2019-1543 (ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input ...)
{DSA-4475-1}
- openssl 1.1.1c-1 (low)
@@ -114667,21 +114674,21 @@ CVE-2019-1543 (ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce
NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=f426625b6ae9a7831010750490a5f0ad689c5ba3 (OpenSSL_1_1_1c)
NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ee22257b1418438ebaf54df98af4e24f494d1809 (OpenSSL_1_1_0k)
CVE-2019-1542
- RESERVED
+ REJECTED
CVE-2019-1541
- RESERVED
+ REJECTED
CVE-2019-1540
- RESERVED
+ REJECTED
CVE-2019-1539
- RESERVED
+ REJECTED
CVE-2019-1538
- RESERVED
+ REJECTED
CVE-2019-1537
- RESERVED
+ REJECTED
CVE-2019-1536
- RESERVED
+ REJECTED
CVE-2019-1535
- RESERVED
+ REJECTED
CVE-2018-19649 (XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). VPor ...)
NOT-FOR-US: InfoVista VistaPortal
CVE-2018-19648 (An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETC ...)
@@ -124367,8 +124374,8 @@ CVE-2018-17147 (Nagios XI before 5.5.4 has XSS in the auto login admin managemen
NOT-FOR-US: Nagios XI
CVE-2018-17146 (A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 ...)
NOT-FOR-US: Nagios XI
-CVE-2018-17145
- RESERVED
+CVE-2018-17145 (Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16 ...)
+ TODO: check
CVE-2018-17144 (Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x be ...)
- bitcoin 0.16.3~dfsg-1
- litecoin 0.16.3-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7605463f99afb0579c0f3325625123916344d100
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7605463f99afb0579c0f3325625123916344d100
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200910/b71b482f/attachment.html>
More information about the debian-security-tracker-commits
mailing list