[Git][security-tracker-team/security-tracker][master] automatic update

Wed Sep 16 09:10:22 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8a05731a by security tracker role at 2020-09-16T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2020-25613
+	RESERVED
+CVE-2020-25612
+	RESERVED
+CVE-2020-25611
+	RESERVED
+CVE-2020-25610
+	RESERVED
+CVE-2020-25609
+	RESERVED
+CVE-2020-25608
+	RESERVED
+CVE-2020-25607
+	RESERVED
+CVE-2020-25606
+	RESERVED
+CVE-2020-25605
+	RESERVED
+CVE-2020-25604
+	RESERVED
+CVE-2020-25603
+	RESERVED
+CVE-2020-25602
+	RESERVED
+CVE-2020-25601
+	RESERVED
+CVE-2020-25600
+	RESERVED
+CVE-2020-25599
+	RESERVED
+CVE-2020-25598
+	RESERVED
+CVE-2020-25597
+	RESERVED
+CVE-2020-25596
+	RESERVED
+CVE-2020-25595
+	RESERVED
 CVE-2020-25594
 	RESERVED
 CVE-2020-25593
@@ -272,8 +310,8 @@ CVE-2020-25455
 	RESERVED
 CVE-2020-25454
 	RESERVED
-CVE-2020-25453
-	RESERVED
+CVE-2020-25453 (An issue was discovered in BlackCat CMS v.1.3.6. There is a CSRF vulne ...)
+	TODO: check
 CVE-2020-25452
 	RESERVED
 CVE-2020-25451
@@ -2179,8 +2217,8 @@ CVE-2020-24563
 	RESERVED
 CVE-2020-24562
 	RESERVED
-CVE-2020-24561
-	RESERVED
+CVE-2020-24561 (A command injection vulnerability in Trend Micro ServerProtect for Lin ...)
+	TODO: check
 CVE-2020-24560
 	RESERVED
 CVE-2020-24559 (A vulnerability in Trend Micro Apex One on macOS may allow an attacker ...)
@@ -3705,8 +3743,8 @@ CVE-2020-23835 (A Reflected Cross-Site Scripting (XSS) vulnerability in the inde
 	NOT-FOR-US: SourceCodester Tailor Management System
 CVE-2020-23834 (Insecure Service File Permissions in the bd service in Real Time Logic ...)
 	NOT-FOR-US: Real Time Logic BarracudaDrive
-CVE-2020-23833
-	RESERVED
+CVE-2020-23833 (Projectworlds House Rental v1.0 suffers from an unauthenticated SQL In ...)
+	TODO: check
 CVE-2020-23832
 	RESERVED
 CVE-2020-23831 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php  ...)
@@ -3715,8 +3753,8 @@ CVE-2020-23830 (A Cross-Site Request Forgery (CSRF) vulnerability in changeUsern
 	NOT-FOR-US: SourceCodester Stock Management System
 CVE-2020-23829 (interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suff ...)
 	NOT-FOR-US: LibreHealth EHR
-CVE-2020-23828
-	RESERVED
+CVE-2020-23828 (A File Upload vulnerability in SourceCodester Online Course Registrati ...)
+	TODO: check
 CVE-2020-23827
 	RESERVED
 CVE-2020-23826
@@ -23725,8 +23763,7 @@ CVE-2020-14386 [af_packet memory corruption]
 	RESERVED
 	- linux 5.8.7-1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/09/03/3
-CVE-2020-14385 [xfs: fix boundary test in xfs_attr_shortform_verify]
-	RESERVED
+CVE-2020-14385 (A flaw was found in the Linux kernel before 5.9-rc4. A failure of the  ...)
 	- linux 5.8.7-1
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/f4020438fab05364018c91f7e02ebdd192085933
@@ -23999,8 +24036,7 @@ CVE-2020-14315
 	[stretch] - bsdiff <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/09/2
 	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc
-CVE-2020-14314 [buffer uses out of index in ext3/4 filesystem]
-	RESERVED
+CVE-2020-14314 (A memory out-of-bounds read flaw was found in the Linux kernel before  ...)
 	- linux 5.8.7-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853922
 	NOTE: https://git.kernel.org/linus/5872331b3d91820e14716632ebb56b1399b34fe1
@@ -24043,8 +24079,7 @@ CVE-2020-14305 [memory corruption in Voice over IP nf_conntrack_h323 module]
 	RESERVED
 	- linux 4.12.6-1
 	NOTE: https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/
-CVE-2020-14304 [ethtool when reading eeprom of device could lead to memory leak]
-	RESERVED
+CVE-2020-14304 (A memory disclosure flaw was found in the Linux kernel's ethernet driv ...)
 	- linux <unfixed> (bug #960702)
 CVE-2020-14303 (A flaw was found in the AD DC NBT server in all Samba versions before  ...)
 	- samba 2:4.12.5+dfsg-1
@@ -34620,24 +34655,21 @@ CVE-2020-10769 (A buffer over-read flaw was found in RH kernel versions before 5
 	[stretch] - linux 4.9.161-1
 	[jessie] - linux 3.16.68-1
 	NOTE: https://git.kernel.org/linus/8f9c469348487844328e162db57112f7d347c49f
-CVE-2020-10768 [Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command]
-	RESERVED
+CVE-2020-10768 (A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() fun ...)
 	{DLA-2323-1}
 	- linux 5.7.6-1
 	[buster] - linux 4.19.131-1
 	[stretch] - linux 4.9.228-1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1
 	NOTE: https://git.kernel.org/linus/4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf
-CVE-2020-10767 [Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available]
-	RESERVED
+CVE-2020-10767 (A flaw was found in the Linux kernel before 5.8-rc1 in the implementat ...)
 	{DLA-2323-1}
 	- linux 5.7.6-1
 	[buster] - linux 4.19.131-1
 	[stretch] - linux 4.9.228-1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1
 	NOTE: https://git.kernel.org/linus/21998a351512eba4ed5969006f0c55882d995ada
-CVE-2020-10766 [Rogue cross-process SSBD shutdown]
-	RESERVED
+CVE-2020-10766 (A logic bug flaw was found in Linux kernel before 5.8-rc1 in the imple ...)
 	{DLA-2323-1}
 	- linux 5.7.6-1
 	[buster] - linux 4.19.131-1
@@ -43136,16 +43168,16 @@ CVE-2020-7299 (Cleartext Storage of Sensitive Information in Memory vulnerabilit
 	NOT-FOR-US: McAfee
 CVE-2020-7298 (Unexpected behavior violation in McAfee Total Protection (MTP) prior t ...)
 	NOT-FOR-US: McAfee
-CVE-2020-7297
-	RESERVED
-CVE-2020-7296
-	RESERVED
-CVE-2020-7295
-	RESERVED
-CVE-2020-7294
-	RESERVED
-CVE-2020-7293
-	RESERVED
+CVE-2020-7297 (Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior t ...)
+	TODO: check
+CVE-2020-7296 (Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior t ...)
+	TODO: check
+CVE-2020-7295 (Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior t ...)
+	TODO: check
+CVE-2020-7294 (Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior t ...)
+	TODO: check
+CVE-2020-7293 (Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior t ...)
+	TODO: check
 CVE-2020-7292 (Inappropriate Encoding for output context vulnerability in McAfee Web  ...)
 	NOT-FOR-US: McAfee
 CVE-2020-7291 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...)
@@ -43194,8 +43226,8 @@ CVE-2020-7270
 	RESERVED
 CVE-2020-7269
 	RESERVED
-CVE-2020-7268
-	RESERVED
+CVE-2020-7268 (Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prio ...)
+	TODO: check
 CVE-2020-7267 (Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE ...)
 	NOT-FOR-US: McAfee
 CVE-2020-7266 (Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a05731a832366539ecd864052a1f7a816b7813a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a05731a832366539ecd864052a1f7a816b7813a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200916/93f5624b/attachment.html>
