[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 12 May 2020 13:11:23 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
26cdbb13 by security tracker role at 2020-05-12T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2020-12826 (A signal access-control issue was discovered in the Linux 
kernel befor ...)
+       TODO: check
+CVE-2020-12825 (libcroco through 0.6.13 has excessive recursion in 
cr_parser_parse_any ...)
+       TODO: check
+CVE-2020-12824
+       RESERVED
+CVE-2020-12823 (OpenConnect 8.09 has a buffer overflow, causing a denial of 
service (a ...)
+       TODO: check
+CVE-2020-12822
+       RESERVED
+CVE-2020-12821
+       RESERVED
+CVE-2020-12820
+       RESERVED
+CVE-2020-12819
+       RESERVED
+CVE-2020-12818
+       RESERVED
+CVE-2020-12817
+       RESERVED
+CVE-2020-12816
+       RESERVED
+CVE-2020-12815
+       RESERVED
+CVE-2020-12814
+       RESERVED
+CVE-2020-12813
+       RESERVED
+CVE-2020-12812
+       RESERVED
+CVE-2020-12811
+       RESERVED
+CVE-2020-12810
+       RESERVED
+CVE-2020-12809
+       RESERVED
+CVE-2020-12808
+       RESERVED
+CVE-2020-12807
+       RESERVED
+CVE-2020-12806
+       RESERVED
+CVE-2020-12805
+       RESERVED
+CVE-2020-12804
+       RESERVED
+CVE-2020-12803
+       RESERVED
+CVE-2020-12802
+       RESERVED
+CVE-2020-12801
+       RESERVED
+CVE-2020-12800
+       RESERVED
 CVE-2020-12799
        RESERVED
 CVE-2020-12798
@@ -6282,8 +6336,8 @@ CVE-2020-10743
        RESERVED
 CVE-2020-10742
        RESERVED
-CVE-2020-10741
-       RESERVED
+CVE-2020-10741 (A flaw was found in the Linux kernel loose validation of 
child/parent  ...)
+       TODO: check
 CVE-2020-10740
        RESERVED
 CVE-2020-10739
@@ -6387,8 +6441,7 @@ CVE-2020-10708 [race condition in kernel/audit.c may 
allow low privilege users t
        NOTE: Disputed and negligigle imapct
 CVE-2020-10707
        REJECTED
-CVE-2020-10706
-       RESERVED
+CVE-2020-10706 (A flaw was found in OpenShift Container Platform where OAuth 
tokens ar ...)
        NOT-FOR-US: OpenShift
 CVE-2020-10705
        RESERVED
@@ -9659,7 +9712,7 @@ CVE-2020-9312
 CVE-2020-9311
        RESERVED
 CVE-2020-9310
-       RESERVED
+       REJECTED
 CVE-2020-9309
        RESERVED
 CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2 
attempts ...)
@@ -12289,24 +12342,24 @@ CVE-2020-8161
        RESERVED
 CVE-2020-8160
        RESERVED
-CVE-2020-8159
-       RESERVED
+CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem &lt; 
v1.2.1 th ...)
+       TODO: check
 CVE-2020-8158
        RESERVED
 CVE-2020-8157 (UniFi Cloud Key firmware &lt;= v1.1.10 for Cloud Key gen2 and 
Cloud Ke ...)
        NOT-FOR-US: UniFi Cloud Key
-CVE-2020-8156
-       RESERVED
-CVE-2020-8155
-       RESERVED
-CVE-2020-8154
-       RESERVED
-CVE-2020-8153
-       RESERVED
+CVE-2020-8156 (A missing verification of the TLS host in Nextcloud Mail 1.1.3 
allowed ...)
+       TODO: check
+CVE-2020-8155 (An outdated 3rd party library in the Files PDF viewer for 
Nextcloud Se ...)
+       TODO: check
+CVE-2020-8154 (An Insecure direct object reference vulnerability in Nextcloud 
Server  ...)
+       TODO: check
+CVE-2020-8153 (Improper access control in Groupfolders app 4.0.3 allowed to 
delete hi ...)
+       TODO: check
 CVE-2020-8152
        RESERVED
-CVE-2020-8151
-       RESERVED
+CVE-2020-8151 (There is a possible information disclosure issue in Active 
Resource &l ...)
+       TODO: check
 CVE-2020-8150
        RESERVED
 CVE-2020-8149
@@ -16897,52 +16950,52 @@ CVE-2020-6264
        RESERVED
 CVE-2020-6263
        RESERVED
-CVE-2020-6262
-       RESERVED
+CVE-2020-6262 (Service Data Download in SAP Application Server ABAP (ST-PI, 
before ve ...)
+       TODO: check
 CVE-2020-6261
        RESERVED
 CVE-2020-6260
        RESERVED
-CVE-2020-6259
-       RESERVED
-CVE-2020-6258
-       RESERVED
-CVE-2020-6257
-       RESERVED
-CVE-2020-6256
-       RESERVED
+CVE-2020-6259 (Under certain conditions SAP Adaptive Server Enterprise, 
versions 15.7 ...)
+       TODO: check
+CVE-2020-6258 (SAP Identity Management, version 8.0, does not perform 
necessary autho ...)
+       TODO: check
+CVE-2020-6257 (SAP Business Objects Business Intelligence Platform (CMC and BI 
Launch ...)
+       TODO: check
+CVE-2020-6256 (SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 
800, 8 ...)
+       TODO: check
 CVE-2020-6255
        RESERVED
-CVE-2020-6254
-       RESERVED
-CVE-2020-6253
-       RESERVED
-CVE-2020-6252
-       RESERVED
-CVE-2020-6251
-       RESERVED
-CVE-2020-6250
-       RESERVED
-CVE-2020-6249
-       RESERVED
-CVE-2020-6248
-       RESERVED
-CVE-2020-6247
-       RESERVED
+CVE-2020-6254 (SAP Enterprise Threat Detection, versions 1.0, 2.0, does not 
sufficien ...)
+       TODO: check
+CVE-2020-6253 (Under certain conditions, SAP Adaptive Server Enterprise (Web 
Services ...)
+       TODO: check
+CVE-2020-6252 (Under certain conditions SAP Adaptive Server Enterprise 
(Cockpit), ver ...)
+       TODO: check
+CVE-2020-6251 (Under certain conditions or error scenarios SAP Business 
Objects Busin ...)
+       TODO: check
+CVE-2020-6250 (SAP Adaptive Server Enterprise, version 16.0, allows an 
authenticated  ...)
+       TODO: check
+CVE-2020-6249 (The use of an admin backend report within SAP Master Data 
Governance,  ...)
+       TODO: check
+CVE-2020-6248 (SAP Adaptive Server Enterprise (Backup Server), version 16.0, 
does not ...)
+       TODO: check
+CVE-2020-6247 (SAP Business Objects Business Intelligence Platform, version 
4.2, allo ...)
+       TODO: check
 CVE-2020-6246
        RESERVED
-CVE-2020-6245
-       RESERVED
-CVE-2020-6244
-       RESERVED
-CVE-2020-6243
-       RESERVED
-CVE-2020-6242
-       RESERVED
-CVE-2020-6241
-       RESERVED
-CVE-2020-6240
-       RESERVED
+CVE-2020-6245 (SAP Business Objects Business Intelligence Platform, version 
4.2, allo ...)
+       TODO: check
+CVE-2020-6244 (SAP Business Client, version 7.0, allows an attacker after a 
successfu ...)
+       TODO: check
+CVE-2020-6243 (Under certain conditions, SAP Adaptive Server Enterprise (XP 
Server on ...)
+       TODO: check
+CVE-2020-6242 (SAP Business Objects Business Intelligence Platform (Live Data 
Connect ...)
+       TODO: check
+CVE-2020-6241 (SAP Adaptive Server Enterprise, version 16.0, allows an 
authenticated  ...)
+       TODO: check
+CVE-2020-6240 (SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 
752, 75 ...)
+       TODO: check
 CVE-2020-6239
        RESERVED
 CVE-2020-6238 (SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not 
process  ...)
@@ -17711,12 +17764,12 @@ CVE-2020-5900
        RESERVED
 CVE-2020-5899
        RESERVED
-CVE-2020-5898
-       RESERVED
-CVE-2020-5897
-       RESERVED
-CVE-2020-5896
-       RESERVED
+CVE-2020-5898 (In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall 
driver d ...)
+       TODO: check
+CVE-2020-5897 (In versions 7.1.5-7.1.9, there is use-after-free memory 
vulnerability  ...)
+       TODO: check
+CVE-2020-5896 (On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows 
Installer Se ...)
+       TODO: check
 CVE-2020-5895 (On NGINX Controller versions 3.1.0-3.3.0, AVRD uses 
world-readable and ...)
        TODO: check
 CVE-2020-5894 (On versions 3.0.0-3.3.0, the NGINX Controller webserver does 
not inval ...)
@@ -19167,8 +19220,8 @@ CVE-2020-5249 (In Puma (RubyGem) before 4.3.3 and 
3.12.4, if an application usin
        - puma 3.12.4-1 (bug #953122)
        NOTE: 
https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
        NOTE: 
https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3
-CVE-2020-5248
-       RESERVED
+CVE-2020-5248 (GLPI before before version 9.4.6 has a vulnerability involving 
a defau ...)
+       TODO: check
 CVE-2020-5247 (In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an 
application us ...)
        - puma 3.12.4-1 (bug #952766)
        NOTE: 
https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
@@ -21481,8 +21534,8 @@ CVE-2020-4348
        RESERVED
 CVE-2020-4347 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be 
subjec ...)
        NOT-FOR-US: IBM
-CVE-2020-4346
-       RESERVED
+CVE-2020-4346 (IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management 
server ha ...)
+       TODO: check
 CVE-2020-4345
        RESERVED
 CVE-2020-4344
@@ -21783,8 +21836,8 @@ CVE-2020-4197 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 
allows web pages to be store
        NOT-FOR-US: IBM
 CVE-2020-4196 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to 
cross-site scrip ...)
        NOT-FOR-US: IBM
-CVE-2020-4195
-       RESERVED
+CVE-2020-4195 (IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a 
remote a ...)
+       TODO: check
 CVE-2020-4194
        RESERVED
 CVE-2020-4193
@@ -28405,8 +28458,7 @@ CVE-2020-1941
        RESERVED
 CVE-2020-1940 (The optional initial password change and password expiration 
features  ...)
        NOT-FOR-US: Apache Jackrabbit Oak
-CVE-2020-1939
-       RESERVED
+CVE-2020-1939 (The Apache NuttX (Incubating) project provides an optional 
separate "a ...)
        NOT-FOR-US: Apache NuttX
 CVE-2020-1938 (When using the Apache JServ Protocol (AJP), care must be taken 
when tr ...)
        {DSA-4680-1 DSA-4673-1 DLA-2209-1 DLA-2133-1}
@@ -29207,8 +29259,7 @@ CVE-2019-19365
        RESERVED
 CVE-2020-1764 (A hard-coded cryptographic key vulnerability in the default 
configurat ...)
        NOT-FOR-US: Kiali
-CVE-2020-1763
-       RESERVED
+CVE-2020-1763 (An out-of-bounds buffer read flaw was found in the pluto daemon 
of lib ...)
        - libreswan <unfixed> (bug #960458)
        NOTE: Introduced by: 
https://github.com/libreswan/libreswan/commit/fa004e7d4b83fbeaa8d0f6d8430a96aed97a97b9
 (v3.27)
        NOTE: Fixed by: 
https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8
@@ -29284,8 +29335,7 @@ CVE-2020-1747 (A vulnerability was discovered in the 
PyYAML library in versions
        [stretch] - pyyaml <not-affected> (Loader/Constructor classes are 
unsafe in this version)
        [jessie] - pyyaml <not-affected> (Loader/Constructor classes are unsafe 
in this version)
        NOTE: https://github.com/yaml/pyyaml/pull/386
-CVE-2020-1746 [Information disclosure issue in ldap_attr and ldap_entry 
modules]
-       RESERVED
+CVE-2020-1746 (A flaw was found in the Ansible Engine affecting Ansible Engine 
versio ...)
        - ansible <unfixed>
        [stretch] - ansible <not-affected> (Vulnerable code introduced later)
        [jessie] - ansible <not-affected> (Vulnerable code introduced later)
@@ -76142,8 +76192,8 @@ CVE-2019-4480
        RESERVED
 CVE-2019-4479
        RESERVED
-CVE-2019-4478
-       RESERVED
+CVE-2019-4478 (IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an 
authentica ...)
+       TODO: check
 CVE-2019-4477 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could 
allow a  ...)
        NOT-FOR-US: IBM
 CVE-2019-4476



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26cdbb13377972440a80b415eaf85be7f773b6c0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26cdbb13377972440a80b415eaf85be7f773b6c0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to