[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Sep 25 21:32:53 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
99e70731 by security tracker role at 2020-09-25T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -591,11 +591,13 @@ CVE-2020-25829
RESERVED
CVE-2020-25828
RESERVED
+ {DSA-4767-1}
- mediawiki <unfixed>
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
NOTE: https://phabricator.wikimedia.org/T115888
CVE-2020-25827
RESERVED
+ {DSA-4767-1}
- mediawiki <unfixed>
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
NOTE: https://phabricator.wikimedia.org/T251661
@@ -628,16 +630,19 @@ CVE-2020-25815
NOTE: https://phabricator.wikimedia.org/T256171
CVE-2020-25814
RESERVED
+ {DSA-4767-1}
- mediawiki <unfixed>
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
NOTE: https://phabricator.wikimedia.org/T86738
CVE-2020-25813
RESERVED
+ {DSA-4767-1}
- mediawiki <unfixed>
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
NOTE: https://phabricator.wikimedia.org/T232568
CVE-2020-25812
RESERVED
+ {DSA-4767-1}
- mediawiki <unfixed>
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
NOTE: https://phabricator.wikimedia.org/T255918
@@ -917,6 +922,7 @@ CVE-2020-25690
RESERVED
CVE-2020-25689
RESERVED
+ {DSA-4767-1}
NOT-FOR-US: CentralAuth MediaWiki extension
NOTE: The extension requires some new infrastructure code which was added to the
NOTE: MediaWiki 1.31.9 / 1.34.3 security releases announced at
@@ -2111,46 +2117,46 @@ CVE-2020-25151
RESERVED
CVE-2020-25150
RESERVED
-CVE-2020-25149
- RESERVED
-CVE-2020-25148
- RESERVED
-CVE-2020-25147
- RESERVED
-CVE-2020-25146
- RESERVED
-CVE-2020-25145
- RESERVED
-CVE-2020-25144
- RESERVED
-CVE-2020-25143
- RESERVED
-CVE-2020-25142
- RESERVED
-CVE-2020-25141
- RESERVED
-CVE-2020-25140
- RESERVED
-CVE-2020-25139
- RESERVED
-CVE-2020-25138
- RESERVED
-CVE-2020-25137
- RESERVED
-CVE-2020-25136
- RESERVED
-CVE-2020-25135
- RESERVED
-CVE-2020-25134
- RESERVED
-CVE-2020-25133
- RESERVED
-CVE-2020-25132
- RESERVED
-CVE-2020-25131
- RESERVED
-CVE-2020-25130
- RESERVED
+CVE-2020-25149 (An issue was discovered in Observium Professional, Enterprise & Co ...)
+ TODO: check
+CVE-2020-25148 (An issue was discovered in Observium Professional, Enterprise & Co ...)
+ TODO: check
+CVE-2020-25147 (An issue was discovered in Observium Professional, Enterprise & Co ...)
+ TODO: check
+CVE-2020-25146 (An issue was discovered in Observium Professional, Enterprise & Co ...)
+ TODO: check
+CVE-2020-25145 (An issue was discovered in Observium Professional, Enterprise & Co ...)
+ TODO: check
+CVE-2020-25144 (An issue was discovered in Observium Professional, Enterprise & Co ...)
+ TODO: check
+CVE-2020-25143 (An issue was discovered in Observium Professional, Enterprise & Co ...)
+ TODO: check
+CVE-2020-25142 (An issue was discovered in Observium Professional, Enterprise & Co ...)
+ TODO: check
+CVE-2020-25141 (An issue was discovered in Observium Professional, Enterprise & Co ...)
+ TODO: check
+CVE-2020-25140 (An issue was discovered in Observium Professional, Enterprise & Co ...)
+ TODO: check
+CVE-2020-25139 (An issue was discovered in Observium Professional, Enterprise & Co ...)
+ TODO: check
+CVE-2020-25138 (An issue was discovered in Observium Professional, Enterprise & Co ...)
+ TODO: check
+CVE-2020-25137 (An issue was discovered in Observium Professional, Enterprise & Co ...)
+ TODO: check
+CVE-2020-25136 (An issue was discovered in Observium Professional, Enterprise & Co ...)
+ TODO: check
+CVE-2020-25135 (An issue was discovered in Observium Professional, Enterprise & Co ...)
+ TODO: check
+CVE-2020-25134 (An issue was discovered in Observium Professional, Enterprise & Co ...)
+ TODO: check
+CVE-2020-25133 (An issue was discovered in Observium Professional, Enterprise & Co ...)
+ TODO: check
+CVE-2020-25132 (An issue was discovered in Observium Professional, Enterprise & Co ...)
+ TODO: check
+CVE-2020-25131 (An issue was discovered in Observium Professional, Enterprise & Co ...)
+ TODO: check
+CVE-2020-25130 (An issue was discovered in Observium Professional, Enterprise & Co ...)
+ TODO: check
CVE-2020-25129
RESERVED
CVE-2020-25128
@@ -8261,7 +8267,7 @@ CVE-2020-22160
RESERVED
CVE-2020-22159
RESERVED
-CVE-2020-22158 (Ericsson RX8200 5.13.3 devices are vulnerable to multiple reflected an ...)
+CVE-2020-22158 (MediaKind (formerly Ericsson) RX8200 5.13.3 devices are vulnerable to ...)
NOT-FOR-US: Ericsson RX8200 5.13.3 devices
CVE-2020-22157
RESERVED
@@ -13667,18 +13673,18 @@ CVE-2020-19457
RESERVED
CVE-2020-19456
RESERVED
-CVE-2020-19455
- RESERVED
+CVE-2020-19455 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! vi ...)
+ TODO: check
CVE-2020-19454
RESERVED
CVE-2020-19453
RESERVED
CVE-2020-19452
RESERVED
-CVE-2020-19451
- RESERVED
-CVE-2020-19450
- RESERVED
+CVE-2020-19451 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! vi ...)
+ TODO: check
+CVE-2020-19450 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! vi ...)
+ TODO: check
CVE-2020-19449
RESERVED
CVE-2020-19448
@@ -17887,11 +17893,11 @@ CVE-2020-17370
CVE-2020-17369
RESERVED
CVE-2020-17368 (Firejail through 0.9.62 mishandles shell metacharacters during use of ...)
- {DSA-4742-1 DLA-2336-1}
+ {DSA-4767-1 DSA-4742-1 DLA-2336-1}
- firejail 0.9.62-4
NOTE: https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b
CVE-2020-17367 (Firejail through 0.9.62 does not honor the -- end-of-options indicator ...)
- {DSA-4742-1 DLA-2336-1}
+ {DSA-4767-1 DSA-4742-1 DLA-2336-1}
- firejail 0.9.62-4
NOTE: https://github.com/netblue30/firejail/commit/2c734d6350ad321fccbefc5ef0382199ac331b37
CVE-2020-17366 (An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. ...)
@@ -20240,8 +20246,8 @@ CVE-2020-16244 (GE Digital APM Classic, Versions 4.4 and prior. Salt is not used
NOT-FOR-US: GE Digital APM Classic
CVE-2020-16243
RESERVED
-CVE-2020-16242
- RESERVED
+CVE-2020-16242 (The affected product is vulnerable to cross-site scripting (XSS), whic ...)
+ TODO: check
CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior. The software does not restr ...)
NOT-FOR-US: Philips SureSigns
CVE-2020-16240 (GE Digital APM Classic, Versions 4.4 and prior. An insecure direct obj ...)
@@ -22435,18 +22441,18 @@ CVE-2020-15376
RESERVED
CVE-2020-15375
RESERVED
-CVE-2020-15374
- RESERVED
-CVE-2020-15373
- RESERVED
-CVE-2020-15372
- RESERVED
-CVE-2020-15371
- RESERVED
-CVE-2020-15370
- RESERVED
-CVE-2020-15369
- RESERVED
+CVE-2020-15374 (Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versio ...)
+ TODO: check
+CVE-2020-15373 (Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric ...)
+ TODO: check
+CVE-2020-15372 (A vulnerability in the command-line interface in Brocade Fabric OS bef ...)
+ TODO: check
+CVE-2020-15371 (Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v ...)
+ TODO: check
+CVE-2020-15370 (Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allo ...)
+ TODO: check
+CVE-2020-15369 (Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, ...)
+ TODO: check
CVE-2020-15368 (AsrDrv103.sys in the ASRock RGB Driver does not properly restrict acce ...)
NOT-FOR-US: ASRock RGB Driver
CVE-2020-15367 (Venki Supravizio BPM 10.1.2 does not limit the number of authenticatio ...)
@@ -22787,56 +22793,56 @@ CVE-2020-15216
RESERVED
CVE-2020-15215
RESERVED
-CVE-2020-15214
- RESERVED
-CVE-2020-15213
- RESERVED
-CVE-2020-15212
- RESERVED
-CVE-2020-15211
- RESERVED
-CVE-2020-15210
- RESERVED
-CVE-2020-15209
- RESERVED
-CVE-2020-15208
- RESERVED
-CVE-2020-15207
- RESERVED
-CVE-2020-15206
- RESERVED
-CVE-2020-15205
- RESERVED
-CVE-2020-15204
- RESERVED
-CVE-2020-15203
- RESERVED
-CVE-2020-15202
- RESERVED
-CVE-2020-15201
- RESERVED
-CVE-2020-15200
- RESERVED
-CVE-2020-15199
- RESERVED
-CVE-2020-15198
- RESERVED
-CVE-2020-15197
- RESERVED
-CVE-2020-15196
- RESERVED
-CVE-2020-15195
- RESERVED
-CVE-2020-15194
- RESERVED
-CVE-2020-15193
- RESERVED
-CVE-2020-15192
- RESERVED
-CVE-2020-15191
- RESERVED
-CVE-2020-15190
- RESERVED
+CVE-2020-15214 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segme ...)
+ TODO: check
+CVE-2020-15213 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segme ...)
+ TODO: check
+CVE-2020-15212 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segme ...)
+ TODO: check
+CVE-2020-15211 (In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...)
+ TODO: check
+CVE-2020-15210 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...)
+ TODO: check
+CVE-2020-15209 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...)
+ TODO: check
+CVE-2020-15208 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...)
+ TODO: check
+CVE-2020-15207 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...)
+ TODO: check
+CVE-2020-15206 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, c ...)
+ TODO: check
+CVE-2020-15205 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...)
+ TODO: check
+CVE-2020-15204 (In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 ...)
+ TODO: check
+CVE-2020-15203 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, b ...)
+ TODO: check
+CVE-2020-15202 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...)
+ TODO: check
+CVE-2020-15201 (In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` impl ...)
+ TODO: check
+CVE-2020-15200 (In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` impl ...)
+ TODO: check
+CVE-2020-15199 (In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does ...)
+ TODO: check
+CVE-2020-15198 (In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` impl ...)
+ TODO: check
+CVE-2020-15197 (In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` impl ...)
+ TODO: check
+CVE-2020-15196 (In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `Ragged ...)
+ TODO: check
+CVE-2020-15195 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...)
+ TODO: check
+CVE-2020-15194 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...)
+ TODO: check
+CVE-2020-15193 (In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of ` ...)
+ TODO: check
+CVE-2020-15192 (In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list ...)
+ TODO: check
+CVE-2020-15191 (In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an inv ...)
+ TODO: check
+CVE-2020-15190 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...)
+ TODO: check
CVE-2020-15189 (SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) u ...)
NOT-FOR-US: SOY CMS
CVE-2020-15188 (SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Co ...)
@@ -23284,6 +23290,7 @@ CVE-2020-15007 (A buffer overflow in the M_LoadDefaults function in m_misc.c in
CVE-2020-15006 (Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document ...)
NOT-FOR-US: Bludit
CVE-2020-15005 (In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34. ...)
+ {DSA-4767-1}
- mediawiki 1:1.31.8-1
[stretch] - mediawiki <postponed> (Minor issue)
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html
@@ -24393,7 +24400,7 @@ CVE-2020-14497 (Advantech iView, versions 5.6 and prior, contains multiple SQL i
CVE-2020-14496
RESERVED
CVE-2020-14495
- RESERVED
+ REJECTED
CVE-2020-14494 (OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication ...)
NOT-FOR-US: OpenClinic GA
CVE-2020-14493 (A low-privilege user may use SQL syntax to write arbitrary files to th ...)
@@ -26111,8 +26118,8 @@ CVE-2020-13997 (In Shopware before 6.2.3, the database password is leaked to an
NOT-FOR-US: Shopware
CVE-2020-13996 (The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection at ...)
NOT-FOR-US: J2Store plugin for Joomla!
-CVE-2020-13995
- RESERVED
+CVE-2020-13995 (U.S. Air Force Sensor Data Management System extract75 has a buffer ov ...)
+ TODO: check
CVE-2020-13994 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A pri ...)
NOT-FOR-US: Mods for HESK
CVE-2020-13993 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A bli ...)
@@ -43436,8 +43443,8 @@ CVE-2020-7737
RESERVED
CVE-2020-7736
RESERVED
-CVE-2020-7735
- RESERVED
+CVE-2020-7735 (The package ng-packagr before 10.1.1 are vulnerable to Command Injecti ...)
+ TODO: check
CVE-2020-7734 (All versions of package cabot are vulnerable to Cross-site Scripting ( ...)
NOT-FOR-US: cabot
CVE-2020-7733 (The package ua-parser-js before 0.7.22 are vulnerable to Regular Expre ...)
@@ -48026,10 +48033,9 @@ CVE-2020-5932
RESERVED
CVE-2020-5931
RESERVED
-CVE-2020-5930
- RESERVED
-CVE-2020-5929
- RESERVED
+CVE-2020-5930 (In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12 ...)
+ TODO: check
+CVE-2020-5929 (In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, B ...)
NOT-FOR-US: F5
CVE-2020-5928 (In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0- ...)
NOT-FOR-US: F5 BIG-IP
@@ -51125,8 +51131,8 @@ CVE-2020-4729
RESERVED
CVE-2020-4728
RESERVED
-CVE-2020-4727
- RESERVED
+CVE-2020-4727 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...)
+ TODO: check
CVE-2020-4726
RESERVED
CVE-2020-4725
@@ -51517,8 +51523,8 @@ CVE-2020-4533 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable
NOT-FOR-US: IBM
CVE-2020-4532 (IBM Business Automation Workflow and IBM Business Process Manager (IBM ...)
NOT-FOR-US: IBM
-CVE-2020-4531
- RESERVED
+CVE-2020-4531 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business ...)
+ TODO: check
CVE-2020-4530 (IBM Business Automation Workflow C.D.0 and IBM Business Process Manage ...)
NOT-FOR-US: IBM
CVE-2020-4529 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server si ...)
@@ -71937,10 +71943,10 @@ CVE-2019-16214 (Libra Core before 2019-09-03 has an erroneous regular expression
NOT-FOR-US: Libra
CVE-2019-16213 (Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authe ...)
NOT-FOR-US: Tenda PA6 Wi-Fi Powerline extender
-CVE-2019-16212
- RESERVED
-CVE-2019-16211
- RESERVED
+CVE-2019-16212 (A vulnerability in Brocade SANnav versions before v2.1.0 could allow a ...)
+ TODO: check
+CVE-2019-16211 (Brocade SANnav versions before v2.1.0, contain a Plaintext Password St ...)
+ TODO: check
CVE-2019-16210 (Brocade SANnav versions before v2.0, logs plain text database connecti ...)
NOT-FOR-US: Brocade
CVE-2019-16209 (A vulnerability, in The ReportsTrustManager class of Brocade SANnav ve ...)
@@ -155726,12 +155732,12 @@ CVE-2018-6451
RESERVED
CVE-2018-6450
RESERVED
-CVE-2018-6449
- RESERVED
-CVE-2018-6448
- RESERVED
-CVE-2018-6447
- RESERVED
+CVE-2018-6449 (Host Header Injection vulnerability in the http management interface i ...)
+ TODO: check
+CVE-2018-6448 (A vulnerability in the management interface in Brocade Fabric OS Versi ...)
+ TODO: check
+CVE-2018-6447 (A Reflective XSS Vulnerability in HTTP Management Interface in Brocade ...)
+ TODO: check
CVE-2018-6446 (A vulnerability in Brocade Network Advisor Version Before 14.3.1 could ...)
NOT-FOR-US: Brocade
CVE-2018-6445 (A Vulnerability in Brocade Network Advisor versions before 14.0.3 coul ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99e70731ca511cd85b8b582aee83aecbd26dcfd9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99e70731ca511cd85b8b582aee83aecbd26dcfd9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200925/00bd13d3/attachment.html>
More information about the debian-security-tracker-commits
mailing list