[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Sep 23 21:10:36 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
233e8ce7 by security tracker role at 2020-09-23T20:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2020-25850
+	RESERVED
+CVE-2020-25849
+	RESERVED
+CVE-2020-25848
+	RESERVED
+CVE-2020-25847
+	RESERVED
+CVE-2020-25846
+	RESERVED
+CVE-2020-25845
+	RESERVED
+CVE-2020-25844
+	RESERVED
+CVE-2020-25843
+	RESERVED
+CVE-2020-25842
+	RESERVED
+CVE-2020-25841
+	RESERVED
+CVE-2020-25840
+	RESERVED
+CVE-2020-25839
+	RESERVED
+CVE-2020-25838
+	RESERVED
+CVE-2020-25837
+	RESERVED
+CVE-2020-25836
+	RESERVED
+CVE-2020-25835
+	RESERVED
+CVE-2020-25834
+	RESERVED
+CVE-2020-25833
+	RESERVED
+CVE-2020-25832
+	RESERVED
+CVE-2020-25831
+	RESERVED
+CVE-2020-25830
+	RESERVED
+CVE-2020-25829
+	RESERVED
+CVE-2020-25828
+	RESERVED
+CVE-2020-25827
+	RESERVED
 CVE-2020-25826 (PingID Integration for Windows Login before 2.4.2 allows local users t ...)
 	NOT-FOR-US: PingID Integration for Windows Login
 CVE-2020-25825
@@ -191,8 +239,8 @@ CVE-2020-25741
 	RESERVED
 CVE-2020-25740
 	RESERVED
-CVE-2020-25739
-	RESERVED
+CVE-2020-25739 (An issue was discovered in the gon gem before gon-6.4.0 for Ruby. Mult ...)
+	TODO: check
 CVE-2020-25738
 	RESERVED
 CVE-2020-25737
@@ -2617,12 +2665,12 @@ CVE-2020-24628
 	RESERVED
 CVE-2020-24627
 	RESERVED
-CVE-2020-24626
-	RESERVED
-CVE-2020-24625
-	RESERVED
-CVE-2020-24624
-	RESERVED
+CVE-2020-24626 (Unathenticated directory traversal in the ReceiverServlet class doPost ...)
+	TODO: check
+CVE-2020-24625 (Unathenticated directory traversal in the ReceiverServlet class doGet( ...)
+	TODO: check
+CVE-2020-24624 (Unathenticated directory traversal in the DownloadServlet class execut ...)
+	TODO: check
 CVE-2020-24623 (A potential security vulnerability has been identified in Hewlett Pack ...)
 	NOT-FOR-US: Hewlett Packard Enterprise Universal API Framework
 CVE-2020-24622 (In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed b ...)
@@ -3531,8 +3579,8 @@ CVE-2020-24215
 	RESERVED
 CVE-2020-24214
 	RESERVED
-CVE-2020-24213
-	RESERVED
+CVE-2020-24213 (An integer overflow was discovered in YGOPro ygocore v13.51. Attackers ...)
+	TODO: check
 CVE-2020-24212
 	REJECTED
 CVE-2020-24211
@@ -19615,16 +19663,16 @@ CVE-2020-16246
 	RESERVED
 CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product is vulne ...)
 	NOT-FOR-US: Advantech
-CVE-2020-16244
-	RESERVED
+CVE-2020-16244 (GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for h ...)
+	TODO: check
 CVE-2020-16243
 	RESERVED
 CVE-2020-16242
 	RESERVED
 CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior. The software does not restr ...)
 	NOT-FOR-US: Philips SureSigns
-CVE-2020-16240
-	RESERVED
+CVE-2020-16240 (GE Digital APM Classic, Versions 4.4 and prior. An insecure direct obj ...)
+	TODO: check
 CVE-2020-16239 (Philips SureSigns VS4, A.07.107 and prior. When an actor claims to hav ...)
 	NOT-FOR-US: Philips SureSigns
 CVE-2020-16238
@@ -24401,8 +24449,8 @@ CVE-2020-14372
 CVE-2020-14371
 	RESERVED
 	NOT-FOR-US: Red Hat Satellite
-CVE-2020-14370
-	RESERVED
+CVE-2020-14370 (An information disclosure vulnerability was found in containers/podman ...)
+	TODO: check
 CVE-2020-14369
 	RESERVED
 	NOT-FOR-US: Red Hat CloudForm
@@ -24419,8 +24467,7 @@ CVE-2020-14367 (A flaw was found in chrony versions before 3.5.1 when creating t
 	NOTE: additionally mitigating the issue. Earlier versions used /var/run/chronyd.pid.
 CVE-2020-14366
 	RESERVED
-CVE-2020-14365 [dnf module install packages with no GPG signature]
-	RESERVED
+CVE-2020-14365 (A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before ...)
 	- ansible <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869154
 CVE-2020-14364 (An out-of-bounds read/write access flaw was found in the USB emulator  ...)
@@ -34244,8 +34291,8 @@ CVE-2020-11032 (In GLPI before version 9.4.6, there is a SQL injection vulnerabi
 	- glpi <removed> (unimportant)
 	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-344w-34h9-wwhh
 	NOTE: Only supported behind an authenticated HTTP zone
-CVE-2020-11031
-	RESERVED
+CVE-2020-11031 (In GLPI before version 9.5.0, the encryption algorithm used is insecur ...)
+	TODO: check
 CVE-2020-11030 (In affected versions of WordPress, a special payload can be crafted th ...)
 	- wordpress 5.4.1+dfsg1-1 (bug #959391)
 	[buster] - wordpress <not-affected> (Vulnerable code not present)
@@ -35466,8 +35513,7 @@ CVE-2020-10716
 	NOT-FOR-US: tfm-rubygem-foreman_ansible / Red Hat Satellite's Job Invocation
 CVE-2020-10715 (A content spoofing vulnerability was found in the openshift/console 3. ...)
 	NOT-FOR-US: Openshift Web Console
-CVE-2020-10714
-	RESERVED
+CVE-2020-10714 (A flaw was found in WildFly Elytron version 1.11.3.Final and before. W ...)
 	NOT-FOR-US: WildFly Elytron
 CVE-2020-10713 (A flaw was found in grub2, prior to version 2.06. An attacker may use  ...)
 	{DSA-4735-1}
@@ -35588,8 +35634,7 @@ CVE-2020-10688
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974
 	NOTE: https://github.com/quarkusio/quarkus/issues/7248
 	NOTE: https://issues.redhat.com/browse/RESTEASY-2519 (restricted)
-CVE-2020-10687
-	RESERVED
+CVE-2020-10687 (A flaw was discovered in all versions of Undertow before Undertow 2.2. ...)
 	- undertow 2.2.0-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1785049
 	NOTE: https://issues.jboss.org/browse/UNDERTOW-1780
@@ -44167,10 +44212,10 @@ CVE-2020-7124
 	RESERVED
 CVE-2020-7123
 	RESERVED
-CVE-2020-7122
-	RESERVED
-CVE-2020-7121
-	RESERVED
+CVE-2020-7122 (Two memory corruption vulnerabilities in the Aruba CX Switches Series  ...)
+	TODO: check
+CVE-2020-7121 (Two memory corruption vulnerabilities in the Aruba CX Switches Series  ...)
+	TODO: check
 CVE-2020-7120
 	RESERVED
 CVE-2020-7119 (A vulnerability exists in the Aruba Analytics and Location Engine (ALE ...)
@@ -47686,12 +47731,12 @@ CVE-2020-5785
 	RESERVED
 CVE-2020-5784
 	RESERVED
-CVE-2020-5783
-	RESERVED
-CVE-2020-5782
-	RESERVED
-CVE-2020-5781
-	RESERVED
+CVE-2020-5783 (In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does n ...)
+	TODO: check
+CVE-2020-5782 (In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ...)
+	TODO: check
+CVE-2020-5781 (In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is ...)
+	TODO: check
 CVE-2020-5780 (Missing Authentication for Critical Function in Icegram Email Subscrib ...)
 	NOT-FOR-US: Icegram Email Subscribers & Newsletters Plugin for WordPress
 CVE-2020-5779 (A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) relates t ...)
@@ -51262,8 +51307,8 @@ CVE-2020-4342 (IBM Security Secret Server 10.7 could disclose sensitive informat
 	NOT-FOR-US: IBM
 CVE-2020-4341 (IBM Security Secret Server 10.7 could allow a remote attacker to obtai ...)
 	NOT-FOR-US: IBM
-CVE-2020-4340
-	RESERVED
+CVE-2020-4340 (IBM Security Secret Server prior to 10.9 could allow an attacker to by ...)
+	TODO: check
 CVE-2020-4339
 	RESERVED
 CVE-2020-4338 (IBM MQ 9.1.4 could allow a local attacker to obtain sensitive informat ...)
@@ -51294,8 +51339,8 @@ CVE-2020-4326
 	RESERVED
 CVE-2020-4325 (The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0 ...)
 	NOT-FOR-US: IBM
-CVE-2020-4324
-	RESERVED
+CVE-2020-4324 (IBM Security Secret Server proir to 10.9 could allow a remote attacker ...)
+	TODO: check
 CVE-2020-4323 (IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. ...)
 	NOT-FOR-US: IBM
 CVE-2020-4322 (IBM Security Secret Server 10.7 could allow a remote attacker to hijac ...)
@@ -57249,26 +57294,19 @@ CVE-2020-2287
 	RESERVED
 CVE-2020-2286
 	RESERVED
-CVE-2020-2285
-	RESERVED
+CVE-2020-2285 (A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 an ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2284
-	RESERVED
+CVE-2020-2284 (Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure i ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2283
-	RESERVED
+CVE-2020-2283 (Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape chan ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2282
-	RESERVED
+CVE-2020-2282 (Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permi ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2281
-	RESERVED
+CVE-2020-2281 (A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2280
-	RESERVED
+CVE-2020-2280 (A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2279
-	RESERVED
+CVE-2020-2279 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74  ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2020-2278 (Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the  ...)
 	NOT-FOR-US: Jenkins plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/233e8ce73f4222f3060d61158d8925e0641d75fd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/233e8ce73f4222f3060d61158d8925e0641d75fd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200923/0af16a75/attachment.html>

More information about the debian-security-tracker-commits mailing list