[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Sep 15 21:10:33 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8c79b94a by security tracker role at 2020-09-15T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2020-25594
+ RESERVED
+CVE-2020-25593
+ RESERVED
+CVE-2020-25592
+ RESERVED
CVE-2020-25591
RESERVED
CVE-2020-25590
@@ -1093,8 +1099,8 @@ CVE-2020-25074
RESERVED
CVE-2020-25072
RESERVED
-CVE-2020-25071
- RESERVED
+CVE-2020-25071 (Nifty Project Management Web Application 2020-08-26 allows XSS, via Ad ...)
+ TODO: check
CVE-2020-25070 (USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the ...)
NOT-FOR-US: User-friendly SVN
CVE-2020-25069 (USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute ...)
@@ -1295,7 +1301,7 @@ CVE-2020-24978 (In NASM 2.15.04rc3, there is a double-free vulnerability in pp_t
[stretch] - nasm <no-dsa> (Minor issue)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392712
NOTE: https://github.com/netwide-assembler/nasm/commit/8806c3ca007b84accac21dd88b900fb03614ceb7
-CVE-2020-24977 (GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflo ...)
+CVE-2020-24977 (GNOME project libxml2 v2.9.10 and earlier have a global buffer over-re ...)
{DLA-2369-1}
- libxml2 <unfixed> (bug #969529)
[buster] - libxml2 <no-dsa> (Minor issue)
@@ -1410,10 +1416,10 @@ CVE-2020-24927
RESERVED
CVE-2020-24926
RESERVED
-CVE-2020-24925
- RESERVED
-CVE-2020-24924
- RESERVED
+CVE-2020-24925 (A Sensitive Source Code Path Disclosure vulnerability is found in Elka ...)
+ TODO: check
+CVE-2020-24924 (A Persistent Cross-site Scripting vulnerability is found in ElkarBacku ...)
+ TODO: check
CVE-2020-24923
RESERVED
CVE-2020-24922
@@ -4341,8 +4347,8 @@ CVE-2020-23514
RESERVED
CVE-2020-23513
RESERVED
-CVE-2020-23512
- RESERVED
+CVE-2020-23512 (VR CAM P1 Model P1 v1 has an incorrect access control vulnerability wh ...)
+ TODO: check
CVE-2020-23511
RESERVED
CVE-2020-23510
@@ -4463,8 +4469,8 @@ CVE-2020-23453
RESERVED
CVE-2020-23452
RESERVED
-CVE-2020-23451
- RESERVED
+CVE-2020-23451 (Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead ...)
+ TODO: check
CVE-2020-23450 (Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed ...)
NOT-FOR-US: Spiceworks
CVE-2020-23449
@@ -16408,6 +16414,7 @@ CVE-2020-17491
CVE-2020-17490
RESERVED
CVE-2020-17489 (An issue was discovered in certain configurations of GNOME gnome-shell ...)
+ {DLA-2374-1}
- gnome-shell 3.36.5-1 (bug #968311)
[buster] - gnome-shell <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997
@@ -19328,18 +19335,18 @@ CVE-2020-16103
RESERVED
CVE-2020-16102
RESERVED
-CVE-2020-16101
- RESERVED
-CVE-2020-16100
- RESERVED
-CVE-2020-16099
- RESERVED
-CVE-2020-16098
- RESERVED
-CVE-2020-16097
- RESERVED
-CVE-2020-16096
- RESERVED
+CVE-2020-16101 (It is possible for an unauthenticated remote DCOM websocket connection ...)
+ TODO: check
+CVE-2020-16100 (It is possible for an unauthenticated remote DCOM websocket connection ...)
+ TODO: check
+CVE-2020-16099 (In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possi ...)
+ TODO: check
+CVE-2020-16098 (It is possible to enumerate access card credentials via an unauthentic ...)
+ TODO: check
+CVE-2020-16097 (On controllers running versions of v8.20 prior to vCR8.20.200221b (dis ...)
+ TODO: check
+CVE-2020-16096 (In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.0 ...)
+ TODO: check
CVE-2020-16095 (The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 all ...)
NOT-FOR-US: dlf for TYPO3
CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious ...)
@@ -21594,10 +21601,10 @@ CVE-2020-15181
RESERVED
CVE-2020-15180
RESERVED
-CVE-2020-15179
- RESERVED
-CVE-2020-15178
- RESERVED
+CVE-2020-15179 (The ScratchSig extension for MediaWiki before version 1.0.1 allows sto ...)
+ TODO: check
+CVE-2020-15178 (In PrestaShop contactform module (prestashop/contactform) before versi ...)
+ TODO: check
CVE-2020-15177
RESERVED
CVE-2020-15176
@@ -21608,8 +21615,8 @@ CVE-2020-15174
RESERVED
CVE-2020-15173 (In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a b ...)
NOT-FOR-US: ACCEL-PPP
-CVE-2020-15172
- RESERVED
+CVE-2020-15172 (The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerabl ...)
+ TODO: check
CVE-2020-15171 (In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right ...)
NOT-FOR-US: XWiki
CVE-2020-15170 (apollo-adminservice before version 1.7.1 does not implement access con ...)
@@ -21669,8 +21676,8 @@ CVE-2020-15150 (There is a vulnerability in Paginator (Elixir/Hex package) which
NOT-FOR-US: Paginator
CVE-2020-15149 (NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in ...)
NOT-FOR-US: NodeBB
-CVE-2020-15148
- RESERVED
+CVE-2020-15148 (Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote cod ...)
+ TODO: check
CVE-2020-15147 (Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execu ...)
NOT-FOR-US: Red Discord Bot
CVE-2020-15146 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4 ...)
@@ -23803,14 +23810,12 @@ CVE-2020-14363 (An integer overflow vulnerability leading to a double-free was f
[buster] - libx11 <no-dsa> (Minor issue, will be fixed via spu)
NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003056.html
NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d
-CVE-2020-14362
- RESERVED
+CVE-2020-14362 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Int ...)
{DSA-4758-1 DLA-2359-1}
- xorg-server 2:1.20.9-1
NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/2902b78535ecc6821cc027351818b28a5c7fdbdc
-CVE-2020-14361
- RESERVED
+CVE-2020-14361 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Int ...)
{DSA-4758-1 DLA-2359-1}
- xorg-server 2:1.20.9-1
NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html
@@ -23868,14 +23873,12 @@ CVE-2020-14347 (A flaw was found in the way xserver memory was not properly init
- xorg-server 2:1.20.9-1 (bug #968986)
NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003051.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816
-CVE-2020-14346
- RESERVED
+CVE-2020-14346 (A flaw was found in xorg-x11-server before 1.20.9. An integer underflo ...)
{DSA-4758-1 DLA-2359-1}
- xorg-server 2:1.20.9-1
NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/c940cc8b6c0a2983c1ec974f1b3f019795dd4cff
-CVE-2020-14345
- RESERVED
+CVE-2020-14345 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out ...)
{DSA-4758-1 DLA-2359-1}
- xorg-server 2:1.20.9-1
NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html
@@ -23942,8 +23945,7 @@ CVE-2020-14332 (A flaw was found in the Ansible Engine when using module_args. T
- ansible <unfixed> (bug #966672)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1857805
NOTE: https://github.com/ansible/ansible/pull/71033
-CVE-2020-14331
- RESERVED
+CVE-2020-14331 (A flaw was found in the Linux kernel’s implementation of the inv ...)
- linux 5.7.17-1 (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2020/07/28/2
NOTE: Only exploitable when CONFIG_VGACON_SOFT_SCROLLBACK is set
@@ -26621,12 +26623,10 @@ CVE-2020-13310 (A vulnerability was discovered in GitLab runner versions before
CVE-2020-13309 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
- gitlab 13.2.8-1
NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
-CVE-2020-13308
- RESERVED
+CVE-2020-13308 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
- gitlab 13.2.8-1
NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
-CVE-2020-13307
- RESERVED
+CVE-2020-13307 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
- gitlab 13.2.8-1
NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
CVE-2020-13306 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
@@ -26638,8 +26638,7 @@ CVE-2020-13305 (A vulnerability was discovered in GitLab versions before 13.1.10
CVE-2020-13304 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
- gitlab 13.2.8-1
NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
-CVE-2020-13303
- RESERVED
+CVE-2020-13303 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
- gitlab 13.2.8-1
NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
CVE-2020-13302 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
@@ -30053,8 +30052,7 @@ CVE-2020-11979
RESERVED
CVE-2020-11978 (An issue was found in Apache Airflow versions 1.10.10 and below. A rem ...)
- airflow <itp> (bug #819700)
-CVE-2020-11977
- RESERVED
+CVE-2020-11977 (In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable ext ...)
NOT-FOR-US: Apache Syncope
CVE-2020-11976 (By crafting a special URL it is possible to make Wicket deliver unproc ...)
NOT-FOR-US: Apache Wicket
@@ -34666,8 +34664,7 @@ CVE-2020-10760 (A use-after-free flaw was found in all samba LDAP server version
- samba 2:4.12.5+dfsg-1
[buster] - samba <postponed> (Minor issue, fix along in next DSA)
NOTE: https://www.samba.org/samba/security/CVE-2020-10760.html
-CVE-2020-10759 [Possible bypass in signature verification]
- RESERVED
+CVE-2020-10759 (A PGP signature bypass flaw was found in fwupd (all versions), which c ...)
{DLA-2274-1}
- fwupd 1.3.10-1 (bug #962517)
[buster] - fwupd 1.2.13-1
@@ -38011,8 +38008,8 @@ CVE-2020-9418 (An untrusted search path vulnerability in the installer of PDFesc
NOT-FOR-US: PDFescape
CVE-2020-9417
RESERVED
-CVE-2020-9416
- RESERVED
+CVE-2020-9416 (The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire ...)
+ TODO: check
CVE-2020-9415 (The TIBCO Data Virtualization Server component of TIBCO Software Inc.' ...)
NOT-FOR-US: TIBCO
CVE-2020-9414 (The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed ...)
@@ -39182,8 +39179,7 @@ CVE-2020-8929
RESERVED
CVE-2020-8928
RESERVED
-CVE-2020-8927 [fix integer overflow when input chunk is larger than 2GiB]
- RESERVED
+CVE-2020-8927 (A buffer overflow exists in the Brotli library versions prior to 1.0.8 ...)
- brotli 1.0.9-1
NOTE: https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6
CVE-2020-8926
@@ -40607,22 +40603,22 @@ CVE-2020-8348
RESERVED
CVE-2020-8347
RESERVED
-CVE-2020-8346
- RESERVED
+CVE-2020-8346 (A denial of service vulnerability was reported in the Lenovo Vantage c ...)
+ TODO: check
CVE-2020-8345
RESERVED
CVE-2020-8344
RESERVED
CVE-2020-8343
RESERVED
-CVE-2020-8342
- RESERVED
+CVE-2020-8342 (A race condition vulnerability was reported in Lenovo System Update pr ...)
+ TODO: check
CVE-2020-8341 (In Lenovo systems, SMM BIOS Write Protection is used to prevent writes ...)
NOT-FOR-US: Lenovo
-CVE-2020-8340
- RESERVED
-CVE-2020-8339
- RESERVED
+CVE-2020-8340 (A cross-site scripting (XSS) vulnerability was discovered in the legac ...)
+ TODO: check
+CVE-2020-8339 (A cross-site scripting inclusion (XSSI) vulnerability was reported in ...)
+ TODO: check
CVE-2020-8338
RESERVED
CVE-2020-8337 (An unquoted search path vulnerability was reported in versions prior t ...)
@@ -49932,8 +49928,8 @@ CVE-2020-4713
RESERVED
CVE-2020-4712
RESERVED
-CVE-2020-4711
- RESERVED
+CVE-2020-4711 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote a ...)
+ TODO: check
CVE-2020-4710
RESERVED
CVE-2020-4709
@@ -49948,8 +49944,8 @@ CVE-2020-4705
RESERVED
CVE-2020-4704
RESERVED
-CVE-2020-4703
- RESERVED
+CVE-2020-4703 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console ...)
+ TODO: check
CVE-2020-4702 (IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-s ...)
NOT-FOR-US: IBM
CVE-2020-4701
@@ -50294,16 +50290,16 @@ CVE-2020-4532 (IBM Business Automation Workflow and IBM Business Process Manager
NOT-FOR-US: IBM
CVE-2020-4531
RESERVED
-CVE-2020-4530
- RESERVED
+CVE-2020-4530 (IBM Business Automation Workflow C.D.0 and IBM Business Process Manage ...)
+ TODO: check
CVE-2020-4529 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server si ...)
NOT-FOR-US: IBM
CVE-2020-4528
RESERVED
CVE-2020-4527 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...)
NOT-FOR-US: IBM
-CVE-2020-4526
- RESERVED
+CVE-2020-4526 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-sit ...)
+ TODO: check
CVE-2020-4525 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
NOT-FOR-US: IBM
CVE-2020-4524
@@ -50312,8 +50308,8 @@ CVE-2020-4523
RESERVED
CVE-2020-4522 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...)
NOT-FOR-US: IBM
-CVE-2020-4521
- RESERVED
+CVE-2020-4521 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authe ...)
+ TODO: check
CVE-2020-4520
RESERVED
CVE-2020-4519
@@ -50666,8 +50662,8 @@ CVE-2020-4346 (IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management serv
NOT-FOR-US: IBM
CVE-2020-4345 (IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a s ...)
NOT-FOR-US: IBM
-CVE-2020-4344
- RESERVED
+CVE-2020-4344 (IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web ...)
+ TODO: check
CVE-2020-4343 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...)
NOT-FOR-US: IBM
CVE-2020-4342 (IBM Security Secret Server 10.7 could disclose sensitive information i ...)
@@ -105266,8 +105262,8 @@ CVE-2019-4673
RESERVED
CVE-2019-4672 (IBM QRadar Advisor 1.1 through 2.5 could allow an unauthorized attacke ...)
NOT-FOR-US: IBM
-CVE-2019-4671
- RESERVED
+CVE-2019-4671 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injec ...)
+ TODO: check
CVE-2019-4670 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
NOT-FOR-US: IBM
CVE-2019-4669 (IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c79b94ac35b78533d373060bf66018461d46bd7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c79b94ac35b78533d373060bf66018461d46bd7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200915/948dba23/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list