Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
091a886a by security tracker role at 2020-04-15T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2020-11767 (Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak
issue. I ...)
+ TODO: check
+CVE-2020-11766
+ RESERVED
+CVE-2020-11765 (An issue was discovered in OpenEXR before 2.4.1. There is an
off-by-on ...)
+ TODO: check
+CVE-2020-11764 (An issue was discovered in OpenEXR before 2.4.1. There is an
out-of-bo ...)
+ TODO: check
+CVE-2020-11763 (An issue was discovered in OpenEXR before 2.4.1. There is an
std::vect ...)
+ TODO: check
+CVE-2020-11762 (An issue was discovered in OpenEXR before 2.4.1. There is an
out-of-bo ...)
+ TODO: check
+CVE-2020-11761 (An issue was discovered in OpenEXR before 2.4.1. There is an
out-of-bo ...)
+ TODO: check
+CVE-2020-11760 (An issue was discovered in OpenEXR before 2.4.1. There is an
out-of-bo ...)
+ TODO: check
+CVE-2020-11759 (An issue was discovered in OpenEXR before 2.4.1. Because of
integer ov ...)
+ TODO: check
+CVE-2020-11758 (An issue was discovered in OpenEXR before 2.4.1. There is an
out-of-bo ...)
+ TODO: check
+CVE-2020-11757
+ RESERVED
+CVE-2020-11756
+ RESERVED
+CVE-2020-11755
+ RESERVED
+CVE-2020-11754
+ RESERVED
+CVE-2020-11753
+ RESERVED
+CVE-2020-11752
+ RESERVED
+CVE-2020-11751
+ RESERVED
+CVE-2020-11750
+ RESERVED
CVE-2020-11749
RESERVED
CVE-2020-11748
@@ -70,8 +106,8 @@ CVE-2020-11724 (An issue was discovered in OpenResty before
1.15.8.4. ngx_http_l
CVE-2020-11725 (** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the
Linux k ...)
- linux <unfixed>
NOTE: https://twitter.com/yabbadabbadrew/status/1248632267028582400
-CVE-2020-11723
- RESERVED
+CVE-2020-11723 (Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA
private keys ...)
+ TODO: check
CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25
allows remote ...)
- crawl <unfixed>
NOTE:
https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html
@@ -1898,16 +1934,16 @@ CVE-2020-11007
RESERVED
CVE-2020-11006
RESERVED
-CVE-2020-11005
- RESERVED
+CVE-2020-11005 (The WindowsHello open source library (NuGet
HaemmerElectronics.SeppPen ...)
+ TODO: check
CVE-2020-11004
RESERVED
-CVE-2020-11003
- RESERVED
+CVE-2020-11003 (Oasis before version 2.15.0 has a potential DNS rebinding or
CSRF vuln ...)
+ TODO: check
CVE-2020-11002 (dropwizard-validation before versions 2.0.3 and 1.3.21 has a
remote co ...)
TODO: check
-CVE-2020-11001
- RESERVED
+CVE-2020-11001 (In Wagtail before versions 2.8.1 and 2.7.2, a cross-site
scripting (XS ...)
+ TODO: check
CVE-2020-11000 (GreenBrowser before version 1.2 has a vulnerability where apps
that re ...)
NOT-FOR-US: GreenBrowser
CVE-2020-10999
@@ -2082,6 +2118,7 @@ CVE-2020-10940 (Local Privilege Escalation can occur in
PHOENIX CONTACT PORTICO
CVE-2020-10939 (Insecure, default path permissions in PHOENIX CONTACT PC WORX
SRT thro ...)
NOT-FOR-US: PHOENIX CONTACT
CVE-2020-10938 (GraphicsMagick before 1.3.35 has an integer overflow and
resultant hea ...)
+ {DLA-2173-1}
- graphicsmagick 1.4+really1.3.34-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/95abc2b694ce
CVE-2020-10937
@@ -3327,26 +3364,26 @@ CVE-2020-10516
RESERVED
CVE-2020-10515 (STARFACE UCC Client before 6.7.1.204 on WIndows allows binary
planting ...)
NOT-FOR-US: STARFACE UCC Client
-CVE-2020-10514
- RESERVED
-CVE-2020-10513
- RESERVED
-CVE-2020-10512
- RESERVED
-CVE-2020-10511
- RESERVED
+CVE-2020-10514 (iCatch DVR do not validate function parameter properly,
resulting atta ...)
+ TODO: check
+CVE-2020-10513 (The file management interface of iCatch DVR contains broken
access con ...)
+ TODO: check
+CVE-2020-10512 (HGiga C&Cmail contains a SQL Injection vulnerability which
allows ...)
+ TODO: check
+CVE-2020-10511 (HGiga C&Cmail contains insecure configurations. Attackers
can expl ...)
+ TODO: check
CVE-2020-10510 (Sunnet eHRD, a human training and development management
system, conta ...)
NOT-FOR-US: Sunnet eHRD
CVE-2020-10509 (Sunnet eHRD, a human training and development management
system, conta ...)
NOT-FOR-US: Sunnet eHRD
CVE-2020-10508 (Sunnet eHRD, a human training and development management
system, impro ...)
NOT-FOR-US: Sunnet eHRD
-CVE-2020-10507
- RESERVED
-CVE-2020-10506
- RESERVED
-CVE-2020-10505
- RESERVED
+CVE-2020-10507 (The School Manage System, developed by ALLE INFORMATION CO.,
LTD., con ...)
+ TODO: check
+CVE-2020-10506 (The School Manage System, developed by ALLE INFORMATION CO.,
LTD., con ...)
+ TODO: check
+CVE-2020-10505 (The School Manage System, developed by ALLE INFORMATION CO.,
LTD., con ...)
+ TODO: check
CVE-2020-10504 (CSRF in admin/edit-comments.php in Chadha PHPKB Standard
Multi-Languag ...)
NOT-FOR-US: Chadha PHPKB
CVE-2020-10503 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard
Multi-Langu ...)
@@ -4009,6 +4046,7 @@ CVE-2020-10190 (An issue was discovered in MunkiReport
before 5.3.0. An authenti
CVE-2020-10189 (Zoho ManageEngine Desktop Central before 10.0.474 allows
remote code e ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows
remote attac ...)
+ {DLA-2176-1}
- inetutils 2:1.9.4-12 (bug #956084)
- netkit-telnet 0.17-18woody2 (bug #953477)
- netkit-telnet-ssl 0.17.17+0.1-2woody3 (bug #953478)
@@ -5819,8 +5857,8 @@ CVE-2020-9391 (An issue was discovered in the Linux
kernel 5.4 and 5.5 through 5
NOTE:
https://git.kernel.org/linus/dcde237319e626d1ec3c9d8b7613032f0fd4663a
CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in Zint 2.7.1
because mul ...)
- zint <itp> (bug #732141)
-CVE-2020-9384
- RESERVED
+CVE-2020-9384 (An Insecure Direct Object Reference (IDOR) vulnerability in the
Change ...)
+ TODO: check
CVE-2020-9383 (An issue was discovered in the Linux kernel through 5.5.6.
set_fdc in ...)
- linux 5.5.13-1
NOTE:
https://git.kernel.org/linus/2e90ca68b0d2f5548804f22f0dd61145516171e3
@@ -7047,6 +7085,7 @@ CVE-2020-8866 (This vulnerability allows remote attackers
to create arbitrary fi
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-275/
NOTE:
https://github.com/horde/Form/commit/813f8e7e9479fad4546b89c569325ee9eef60b0f
CVE-2020-8865 (This vulnerability allows remote attackers to execute local PHP
files ...)
+ {DLA-2175-1}
- php-horde-trean <unfixed> (bug #955019)
[buster] - php-horde-trean <no-dsa> (Minor issue)
[stretch] - php-horde-trean <no-dsa> (Minor issue)
@@ -7854,6 +7893,7 @@ CVE-2020-8520
CVE-2020-8519
RESERVED
CVE-2020-8518 (Horde Groupware Webmail Edition 5.2.22 allows injection of
arbitrary P ...)
+ {DLA-2174-1}
- php-horde-data <unfixed> (bug #951537)
[buster] - php-horde-data <no-dsa> (Minor issue)
[stretch] - php-horde-data <no-dsa> (Minor issue)
@@ -8294,14 +8334,14 @@ CVE-2020-8329
RESERVED
CVE-2020-8328
RESERVED
-CVE-2020-8327
- RESERVED
+CVE-2020-8327 (A privilege escalation vulnerability was reported in
LenovoBatteryGaug ...)
+ TODO: check
CVE-2020-8326
RESERVED
CVE-2020-8325
RESERVED
-CVE-2020-8324
- RESERVED
+CVE-2020-8324 (A vulnerability was reported in LenovoAppScenarioPluginSystem
for Leno ...)
+ TODO: check
CVE-2020-8323
RESERVED
CVE-2020-8322
@@ -8310,14 +8350,14 @@ CVE-2020-8321
RESERVED
CVE-2020-8320
RESERVED
-CVE-2020-8319
- RESERVED
-CVE-2020-8318
- RESERVED
+CVE-2020-8319 (A privilege escalation vulnerability was reported in Lenovo
System Int ...)
+ TODO: check
+CVE-2020-8318 (A privilege escalation vulnerability was reported in the
LenovoSystemU ...)
+ TODO: check
CVE-2020-8317
RESERVED
-CVE-2020-8316
- RESERVED
+CVE-2020-8316 (A vulnerability was reported in Lenovo Vantage prior to version
10.200 ...)
+ TODO: check
CVE-2020-8428 (fs/namei.c in the Linux kernel before 5.5 has a
may_create_in_sticky u ...)
- linux 5.4.19-1
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -10042,10 +10082,10 @@ CVE-2020-7577
RESERVED
CVE-2020-7576
RESERVED
-CVE-2020-7575
- RESERVED
-CVE-2020-7574
- RESERVED
+CVE-2020-7575 (A vulnerability has been identified in Climatix POL908
(BACnet/IP modu ...)
+ TODO: check
+CVE-2020-7574 (A vulnerability has been identified in Climatix POL908
(BACnet/IP modu ...)
+ TODO: check
CVE-2020-7573
RESERVED
CVE-2020-7572
@@ -13284,8 +13324,8 @@ CVE-2020-6227 (SAP Business Objects Business
Intelligence Platform (CMS / Auditi
NOT-FOR-US: SAP
CVE-2020-6226 (SAP Business Objects Business Intelligence Platform (Web
Intelligence ...)
NOT-FOR-US: SAP
-CVE-2020-6225
- RESERVED
+CVE-2020-6225 (SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00,
7.01, 7 ...)
+ TODO: check
CVE-2020-6224 (SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11,
7.20, 7.30, ...)
NOT-FOR-US: SAP
CVE-2020-6223 (The open document of SAP Business Objects Business Intelligence
Platfo ...)
@@ -13300,20 +13340,20 @@ CVE-2020-6219 (SAP Business Objects Business
Intelligence Platform (CrystalRepor
NOT-FOR-US: SAP
CVE-2020-6218 (Admin tools and Query Builder in SAP Business Objects Business
Intelli ...)
NOT-FOR-US: SAP
-CVE-2020-6217
- RESERVED
+CVE-2020-6217 (SAP NetWeaver AS ABAP Business Server Pages Test Application
IT00, ver ...)
+ TODO: check
CVE-2020-6216 (SAP Business Objects Business Intelligence Platform (BI
Launchpad), ve ...)
NOT-FOR-US: SAP
-CVE-2020-6215
- RESERVED
+CVE-2020-6215 (SAP NetWeaver AS ABAP Business Server Pages Test Application
IT00, ver ...)
+ TODO: check
CVE-2020-6214 (SAP S/4HANA (Financial Products Subledger), version 100, uses
an incor ...)
NOT-FOR-US: SAP
CVE-2020-6213
RESERVED
CVE-2020-6212
RESERVED
-CVE-2020-6211
- RESERVED
+CVE-2020-6211 (SAP Business Objects Business Intelligence Platform
(AdminTools), vers ...)
+ TODO: check
CVE-2020-6210 (SAP Fiori Launchpad, versions- 753, 754, does not sufficiently
encode ...)
NOT-FOR-US: SAP
CVE-2020-6209 (SAP Disclosure Management, version 10.1, does not perform
necessary au ...)
@@ -13344,8 +13384,8 @@ CVE-2020-6197 (SAP Enable Now, before version 1908,
does not invalidate session
NOT-FOR-US: SAP
CVE-2020-6196 (SAP BusinessObjects Mobile (MobileBIService), version 4.2,
allows an a ...)
NOT-FOR-US: SAP
-CVE-2020-6195
- RESERVED
+CVE-2020-6195 (SAP Business Objects Business Intelligence Platform (CMC),
version 4.1 ...)
+ TODO: check
CVE-2020-6194
RESERVED
CVE-2020-6193 (SAP NetWeaver (Knowledge Management ICE Service), versions
7.30, 7.31, ...)
@@ -15388,8 +15428,7 @@ CVE-2020-5262 (In EasyBuild before version 4.1.2, the
GitHub Personal Access Tok
NOT-FOR-US: EasyBuild
CVE-2020-5261 (Saml2 Authentication services for ASP.NET (NuGet package
Sustainsys.Sa ...)
NOT-FOR-US: ASP.NET
-CVE-2020-5260
- RESERVED
+CVE-2020-5260 (Affected versions of Git have a vulnerability whereby Git can
be trick ...)
{DSA-4657-1}
- git 1:2.26.1-1
NOTE:
https://lore.kernel.org/lkml/[email protected]/
@@ -19246,8 +19285,8 @@ CVE-2020-3934 (Secom Co. Dr.ID, a Door Access Control
and Personnel Attendance M
NOT-FOR-US: Secom Co. Dr.ID
CVE-2020-3933 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance
Manage ...)
NOT-FOR-US: Secom Co. Dr.ID
-CVE-2020-3932
- RESERVED
+CVE-2020-3932 (A vulnerable SNMP in Draytek VigorAP910C cannot be disabled,
which may ...)
+ TODO: check
CVE-2020-3931
RESERVED
CVE-2020-3930
@@ -25735,10 +25774,10 @@ CVE-2019-19303
RESERVED
CVE-2019-19302
RESERVED
-CVE-2019-19301
- RESERVED
-CVE-2019-19300
- RESERVED
+CVE-2019-19301 (A vulnerability has been identified in SCALANCE X-200 switch
family (i ...)
+ TODO: check
+CVE-2019-19300 (A vulnerability has been identified in KTK ATE530S (All
versions), SID ...)
+ TODO: check
CVE-2019-19299 (A vulnerability has been identified in SiNVR 3 Central Control
Server ...)
NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
CVE-2019-19298 (A vulnerability has been identified in SiNVR 3 Central Control
Server ...)
@@ -54361,8 +54400,8 @@ CVE-2019-10941
RESERVED
CVE-2019-10940 (A vulnerability has been identified in SINEMA Server (All
versions < ...)
NOT-FOR-US: Siemens
-CVE-2019-10939
- RESERVED
+CVE-2019-10939 (A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS
NET var ...)
+ TODO: check
CVE-2019-10938 (A vulnerability has been identified in SIPROTEC 5 devices with
CPU var ...)
NOT-FOR-US: Ethernet plug-in communication modules for SIPROTEC 5
devices
CVE-2019-10937 (A vulnerability has been identified in SIMATIC TDC CP51M1 (All
version ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/091a886aef9881fa757c8a395c48333a13f11732
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/091a886aef9881fa757c8a395c48333a13f11732
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
