[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Sep 17 21:10:31 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b6c09455 by security tracker role at 2020-09-17T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2020-25739
+ RESERVED
+CVE-2020-25738
+ RESERVED
+CVE-2020-25737
+ RESERVED
+CVE-2020-25736
+ RESERVED
+CVE-2020-25735
+ RESERVED
+CVE-2020-25734
+ RESERVED
+CVE-2020-25733
+ RESERVED
+CVE-2020-25732
+ RESERVED
+CVE-2020-25731
+ RESERVED
+CVE-2020-25730
+ RESERVED
+CVE-2020-25729 (ZoneMinder before 1.34.21 has XSS via the connkey parameter to downloa ...)
+ TODO: check
+CVE-2020-25728 (The Reset Password add-on before 1.2.0 for Alfresco has a broken algor ...)
+ TODO: check
+CVE-2020-25727 (The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS- ...)
+ TODO: check
CVE-2020-25726
RESERVED
CVE-2020-25725
@@ -472,10 +498,10 @@ CVE-2020-25492
RESERVED
CVE-2020-25491
RESERVED
-CVE-2020-25490
- RESERVED
-CVE-2020-25489
- RESERVED
+CVE-2020-25490 (Lack of cryptographic signature verification in the Sqreen PHP agent d ...)
+ TODO: check
+CVE-2020-25489 (A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0 ...)
+ TODO: check
CVE-2020-25488
RESERVED
CVE-2020-25487
@@ -1024,7 +1050,7 @@ CVE-2020-25227
RESERVED
CVE-2020-25226
RESERVED
-CVE-2019-20919 [NULL porfile dereference in dbi_profile()]
+CVE-2019-20919 (An issue was discovered in the DBI module before 1.643 for Perl. The h ...)
- libdbi-perl 1.643-1
[buster] - libdbi-perl <no-dsa> (Minor issue)
NOTE: https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff
@@ -1064,10 +1090,10 @@ CVE-2020-25218
RESERVED
CVE-2020-25217
RESERVED
-CVE-2020-25216
- RESERVED
-CVE-2020-25215
- RESERVED
+CVE-2020-25216 (yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Tran ...)
+ TODO: check
+CVE-2020-25215 (yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or Grap ...)
+ TODO: check
CVE-2020-25214
RESERVED
CVE-2020-25213 (The File Manager (wp-file-manager) plugin before 6.9 for WordPress all ...)
@@ -2061,14 +2087,14 @@ CVE-2020-24755
RESERVED
CVE-2020-24754
RESERVED
-CVE-2020-24753
- RESERVED
+CVE-2020-24753 (A memory corruption vulnerability in Objective Open CBOR Run-time (ooc ...)
+ TODO: check
CVE-2020-24752
RESERVED
CVE-2020-24751
RESERVED
-CVE-2020-24750
- RESERVED
+CVE-2020-24750 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...)
+ TODO: check
CVE-2020-24749
RESERVED
CVE-2020-24748
@@ -3574,10 +3600,10 @@ CVE-2020-24048
RESERVED
CVE-2020-24047
RESERVED
-CVE-2020-24046
- RESERVED
-CVE-2020-24045
- RESERVED
+CVE-2020-24046 (A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.0 ...)
+ TODO: check
+CVE-2020-24045 (A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.0 ...)
+ TODO: check
CVE-2020-24044
RESERVED
CVE-2020-24043
@@ -24220,8 +24246,7 @@ CVE-2020-14339 [leak of /dev/mapper/control into QEMU guests]
NOTE: https://www.redhat.com/archives/libvir-list/2020-July/msg01500.html
NOTE: Proposed patch: https://www.redhat.com/archives/libvir-list/2020-July/msg01501.html
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=22494556542c676d1b9e7f1c1f2ea13ac17e1e3e (v6.6.0)
-CVE-2020-14338
- RESERVED
+CVE-2020-14338 (A flaw was found in Wildfly's implementation of Xerces, specifically i ...)
- wildfly <itp> (bug #752018)
CVE-2020-14337 (A data exposure flaw was found in Tower, where sensitive data was reve ...)
NOT-FOR-US: Ansible Tower
@@ -25255,8 +25280,7 @@ CVE-2020-13950
RESERVED
CVE-2020-13949
RESERVED
-CVE-2020-13948
- RESERVED
+CVE-2020-13948 (While investigating a bug report on Apache Superset, it was determined ...)
NOT-FOR-US: Apache Superset
CVE-2020-13947
RESERVED
@@ -25264,8 +25288,7 @@ CVE-2020-13946 (In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.2
- cassandra <itp> (bug #585905)
CVE-2020-13945
RESERVED
-CVE-2020-13944
- RESERVED
+CVE-2020-13944 (In Apache Airflow < 1.10.12, the "origin" parameter passed to some ...)
- airflow <itp> (bug #819700)
CVE-2020-13943
RESERVED
@@ -27272,8 +27295,8 @@ CVE-2020-13170 (HashiCorp Consul and Consul Enterprise did not appropriately enf
[buster] - consul <not-affected> (Vulnerable code not present)
NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
NOTE: https://github.com/hashicorp/consul/pull/8068
-CVE-2020-13169
- RESERVED
+CVE-2020-13169 (Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platf ...)
+ TODO: check
CVE-2020-13168
RESERVED
CVE-2020-13167 (Netsweeper through 6.4.3 allows unauthenticated remote code execution ...)
@@ -31390,10 +31413,10 @@ CVE-2020-11806 (In MailStore Outlook Add-in (and Email Archive Outlook Add-in) t
NOT-FOR-US: MailStore Outlook Add-in
CVE-2020-11805
RESERVED
-CVE-2020-11804
- RESERVED
-CVE-2020-11803
- RESERVED
+CVE-2020-11804 (An issue was discovered in Titan SpamTitan 7.07. Due to improper sanit ...)
+ TODO: check
+CVE-2020-11803 (An issue was discovered in Titan SpamTitan 7.07. Improper sanitization ...)
+ TODO: check
CVE-2020-11802
RESERVED
CVE-2020-11801
@@ -31957,12 +31980,12 @@ CVE-2020-11702 (An issue was discovered in ProVide (formerly zFTPServer) through
NOT-FOR-US: ProVide (formerly zFTPServer)
CVE-2020-11701 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...)
NOT-FOR-US: ProVide (formerly zFTPServer)
-CVE-2020-11700
- RESERVED
-CVE-2020-11699
- RESERVED
-CVE-2020-11698
- RESERVED
+CVE-2020-11700 (An issue was discovered in Titan SpamTitan 7.07. Improper sanitization ...)
+ TODO: check
+CVE-2020-11699 (An issue was discovered in Titan SpamTitan 7.07. Improper validation o ...)
+ TODO: check
+CVE-2020-11698 (An issue was discovered in Titan SpamTitan 7.07. Improper input saniti ...)
+ TODO: check
CVE-2020-11697 (In Combodo iTop, dashboard ids can be exploited with a reflective XSS ...)
NOT-FOR-US: Combodo iTop
CVE-2020-11696 (In Combodo iTop a menu shortcut name can be exploited with a stored XS ...)
@@ -33709,7 +33732,7 @@ CVE-2020-11082 (In Kaminari before 1.2.1, there is a vulnerability that would al
[jessie] - ruby-kaminari <no-dsa> (No reverse dependency)
NOTE: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433
NOTE: https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8
-CVE-2020-11081 (osquery before version 4.4.0 enables a priviledge escalation vulnerabi ...)
+CVE-2020-11081 (osquery before version 4.4.0 enables a privilege escalation vulnerabil ...)
- osquery <itp> (bug #803502)
CVE-2020-11080 (In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ...)
{DSA-4696-1}
@@ -41677,8 +41700,8 @@ CVE-2020-8030
RESERVED
CVE-2020-8029
RESERVED
-CVE-2020-8028
- RESERVED
+CVE-2020-8028 (A Improper Access Control vulnerability in the configuration of salt o ...)
+ TODO: check
CVE-2020-8027
RESERVED
CVE-2020-8026 (A Incorrect Default Permissions vulnerability in the packaging of inn ...)
@@ -46631,16 +46654,16 @@ CVE-2020-6118 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.
NOT-FOR-US: OS4Ed openSIS
CVE-2020-6117 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...)
NOT-FOR-US: OS4Ed openSIS
-CVE-2020-6116
- RESERVED
-CVE-2020-6115
- RESERVED
+CVE-2020-6116 (An arbitrary code execution vulnerability exists in the rendering func ...)
+ TODO: check
+CVE-2020-6115 (An exploitable vulnerability exists in the cross-reference table repai ...)
+ TODO: check
CVE-2020-6114 (An exploitable SQL injection vulnerability exists in the Admin Reports ...)
NOT-FOR-US: Glacies IceHRM
-CVE-2020-6113
- RESERVED
-CVE-2020-6112
- RESERVED
+CVE-2020-6113 (An exploitable vulnerability exists in the object stream parsing funct ...)
+ TODO: check
+CVE-2020-6112 (An exploitable code execution vulnerability exists in the JPEG2000 Str ...)
+ TODO: check
CVE-2020-6111
RESERVED
CVE-2020-6110 (An exploitable partial path traversal vulnerability exists in the way ...)
@@ -64696,24 +64719,24 @@ CVE-2020-0437
RESERVED
CVE-2020-0436
RESERVED
-CVE-2020-0435
- RESERVED
-CVE-2020-0434
- RESERVED
-CVE-2020-0433
- RESERVED
-CVE-2020-0432
- RESERVED
-CVE-2020-0431
- RESERVED
-CVE-2020-0430
- RESERVED
-CVE-2020-0429
- RESERVED
-CVE-2020-0428
- RESERVED
-CVE-2020-0427
- RESERVED
+CVE-2020-0435 (In inline_data_addr of f2fs.h, there is a possible out of bounds write ...)
+ TODO: check
+CVE-2020-0434 (In Pixel's use of the Catpipe library, there is possible memory corrup ...)
+ TODO: check
+CVE-2020-0433 (In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use ...)
+ TODO: check
+CVE-2020-0432 (In skb_to_mamac of networking.c, there is a possible out of bounds wri ...)
+ TODO: check
+CVE-2020-0431 (In kbd_keycode of keyboard.c, there is a possible out of bounds write ...)
+ TODO: check
+CVE-2020-0430 (In skb_headlen of /include/linux/skbuff.h, there is a possible out of ...)
+ TODO: check
+CVE-2020-0429 (In l2tp_session_delete and related functions of l2tp_core.c, there is ...)
+ TODO: check
+CVE-2020-0428 (In CamX code, there is a possible use after free due to a race conditi ...)
+ TODO: check
+CVE-2020-0427 (In create_pinctrl of core.c, there is a possible out of bounds read du ...)
+ TODO: check
CVE-2020-0426
RESERVED
CVE-2020-0425
@@ -64752,69 +64775,68 @@ CVE-2020-0409
RESERVED
CVE-2020-0408
RESERVED
-CVE-2020-0407
- RESERVED
+CVE-2020-0407 (In various functions in fscrypt_ice.c and related files in some implem ...)
+ TODO: check
CVE-2020-0406
RESERVED
CVE-2020-0405
RESERVED
-CVE-2020-0404
- RESERVED
+CVE-2020-0404 (In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked ...)
- linux 5.4.19-1
[buster] - linux 4.19.118-1
[stretch] - linux 4.9.228-1
NOTE: https://git.kernel.org/linus/68035c80e129c4cfec659aac4180354530b26527
-CVE-2020-0403
- RESERVED
+CVE-2020-0403 (In the FPC TrustZone fingerprint App, there is a possible invalid comm ...)
+ TODO: check
CVE-2020-0402
RESERVED
NOTE: Duplicate assignment for CVE-2019-19769 (Android security informed)
-CVE-2020-0401
- RESERVED
+CVE-2020-0401 (In setInstallerPackageName of PackageManagerService.java, there is a m ...)
+ TODO: check
CVE-2020-0400
RESERVED
-CVE-2020-0399
- RESERVED
+CVE-2020-0399 (In showLimitedSimFunctionWarningNotification of NotificationMgr.java, ...)
+ TODO: check
CVE-2020-0398
RESERVED
-CVE-2020-0397
- RESERVED
-CVE-2020-0396
- RESERVED
-CVE-2020-0395
- RESERVED
-CVE-2020-0394
- RESERVED
-CVE-2020-0393
- RESERVED
-CVE-2020-0392
- RESERVED
-CVE-2020-0391
- RESERVED
-CVE-2020-0390
- RESERVED
-CVE-2020-0389
- RESERVED
-CVE-2020-0388
- RESERVED
-CVE-2020-0387
- RESERVED
-CVE-2020-0386
- RESERVED
-CVE-2020-0385
- RESERVED
-CVE-2020-0384
- RESERVED
-CVE-2020-0383
- RESERVED
-CVE-2020-0382
- RESERVED
-CVE-2020-0381
- RESERVED
-CVE-2020-0380
- RESERVED
-CVE-2020-0379
- RESERVED
+CVE-2020-0397 (In getNotificationBuilder of CarrierServiceStateTracker.java, there is ...)
+ TODO: check
+CVE-2020-0396 (In various places in Telephony, there is a possible permission bypass ...)
+ TODO: check
+CVE-2020-0395 (In showNotification of EmergencyCallbackModeService.java, there is a p ...)
+ TODO: check
+CVE-2020-0394 (In onCreate of BluetoothPairingDialog.java, there is a possible tapjac ...)
+ TODO: check
+CVE-2020-0393 (In decrypt and decrypt_1_2 of CryptoPlugin.cpp, there is a possible ou ...)
+ TODO: check
+CVE-2020-0392 (In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code e ...)
+ TODO: check
+CVE-2020-0391 (In applyPolicy of PackageManagerService.java, there is possible arbitr ...)
+ TODO: check
+CVE-2020-0390 (In the app zygote SE Policy, there is a possible permissions bypass. T ...)
+ TODO: check
+CVE-2020-0389 (In createSaveNotification of RecordingService.java, there is a possibl ...)
+ TODO: check
+CVE-2020-0388 (In createEmergencyLocationUserNotification of GnssVisibilityControl.ja ...)
+ TODO: check
+CVE-2020-0387 (In manifest files of the SmartSpace package, there is a possible tapja ...)
+ TODO: check
+CVE-2020-0386 (In onCreate of RequestPermissionActivity.java, there is a possible tap ...)
+ TODO: check
+CVE-2020-0385 (In Parse_insh of eas_mdls.c, there is a possible out of bounds write d ...)
+ TODO: check
+CVE-2020-0384 (In Parse_art of eas_mdls.c, there is a possible out of bounds write du ...)
+ TODO: check
+CVE-2020-0383 (In Parse_ins of eas_mdls.c, there is a possible out of bounds write du ...)
+ TODO: check
+CVE-2020-0382 (In RunInternal of dumpstate.cpp, there is a possible user consent bypa ...)
+ TODO: check
+CVE-2020-0381 (In Parse_wave of eas_mdls.c, there is a possible out of bounds write d ...)
+ TODO: check
+CVE-2020-0380 (In allocExcessBits of bitalloc.c, there is a possible out of bounds wr ...)
+ TODO: check
+CVE-2020-0379 (In the Bluetooth service, there is a possible spoofing attack due to a ...)
+ TODO: check
CVE-2020-0378
RESERVED
CVE-2020-0377
@@ -64887,8 +64909,8 @@ CVE-2020-0344
RESERVED
CVE-2020-0343
RESERVED
-CVE-2020-0342
- RESERVED
+CVE-2020-0342 (There is a possible out of bounds write due to an incorrect bounds che ...)
+ TODO: check
CVE-2020-0341
RESERVED
CVE-2020-0340
@@ -65019,8 +65041,8 @@ CVE-2020-0280
RESERVED
CVE-2020-0279
RESERVED
-CVE-2020-0278
- RESERVED
+CVE-2020-0278 (There is a possible out of bounds write due to an incorrect bounds che ...)
+ TODO: check
CVE-2020-0277
RESERVED
CVE-2020-0276
@@ -65085,8 +65107,8 @@ CVE-2020-0247 (In Threshold::getHistogram of ImageProcessHelper.java, there is a
NOT-FOR-US: Android
CVE-2020-0246
RESERVED
-CVE-2020-0245
- RESERVED
+CVE-2020-0245 (In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible ...)
+ TODO: check
CVE-2020-0244
RESERVED
CVE-2020-0243 (In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-a ...)
@@ -65117,8 +65139,8 @@ CVE-2020-0231 (There is a possible out of bounds write due to an incorrect bound
NOT-FOR-US: MediaTek components for Android
CVE-2020-0230 (There is a possible out of bounds write due to an incorrect bounds che ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2020-0229
- RESERVED
+CVE-2020-0229 (There is a possible out of bounds write due to an incorrect bounds che ...)
+ TODO: check
CVE-2020-0228 (There is an improper configuration of recorder related service. Produc ...)
NOT-FOR-US: MediaTek components for Android
CVE-2020-0227 (In onCommand of CompanionDeviceManagerService.java, there is a possibl ...)
@@ -65342,8 +65364,8 @@ CVE-2020-0125
RESERVED
CVE-2020-0124 (In markBootComplete of InstalldNativeService.cpp, there is a possible ...)
NOT-FOR-US: Android
-CVE-2020-0123
- RESERVED
+CVE-2020-0123 (There is a possible out of bounds write due to an incorrect bounds che ...)
+ TODO: check
CVE-2020-0122 (In the permission declaration for com.google.android.providers.gsf.per ...)
NOT-FOR-US: Android
CVE-2020-0121 (In updateUidProcState of AppOpsService.java, there is a possible permi ...)
@@ -65450,8 +65472,8 @@ CVE-2020-0076 (In get_auth_result of the FPC IRIS TrustZone app, there is a poss
NOT-FOR-US: Android
CVE-2020-0075 (In set_shared_key of the FPC IRIS TrustZone app, there is a possible o ...)
NOT-FOR-US: Android
-CVE-2020-0074
- RESERVED
+CVE-2020-0074 (In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is ...)
+ TODO: check
CVE-2020-0073 (In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible ...)
NOT-FOR-US: Android
CVE-2020-0072 (In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6c094554b239bd76ebfd126d30906916de531ba
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6c094554b239bd76ebfd126d30906916de531ba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200917/1db2ba49/attachment.html>
More information about the debian-security-tracker-commits
mailing list