Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1e48c8dc by security tracker role at 2020-05-14T20:10:36+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2020-12877 (Veritas APTARE versions prior to 10.4 allowed sensitive
information to ...)
+ TODO: check
+CVE-2020-12876 (Veritas APTARE versions prior to 10.4 allowed remote users to
access s ...)
+ TODO: check
+CVE-2020-12875 (Veritas APTARE versions prior to 10.4 did not perform adequate
authori ...)
+ TODO: check
+CVE-2020-12874 (Veritas APTARE versions prior to 10.4 included code that
bypassed the ...)
+ TODO: check
+CVE-2020-12873
+ RESERVED
+CVE-2020-12872
+ RESERVED
+CVE-2020-12871
+ RESERVED
+CVE-2020-12870
+ RESERVED
+CVE-2020-12869
+ RESERVED
+CVE-2020-12868
+ RESERVED
+CVE-2020-12867
+ RESERVED
+CVE-2020-12866
+ RESERVED
+CVE-2020-12865
+ RESERVED
+CVE-2020-12864
+ RESERVED
+CVE-2020-12863
+ RESERVED
+CVE-2020-12862
+ RESERVED
+CVE-2020-12861
+ RESERVED
+CVE-2020-12860
+ RESERVED
+CVE-2020-12859
+ RESERVED
+CVE-2020-12858
+ RESERVED
+CVE-2020-12857
+ RESERVED
+CVE-2020-12856
+ RESERVED
+CVE-2020-12855
+ RESERVED
+CVE-2020-12854
+ RESERVED
+CVE-2020-12853
+ RESERVED
+CVE-2020-12852
+ RESERVED
+CVE-2020-12851
+ RESERVED
+CVE-2020-12850
+ RESERVED
+CVE-2020-12849
+ RESERVED
+CVE-2020-12848
+ RESERVED
+CVE-2020-12847
+ RESERVED
+CVE-2020-12846
+ RESERVED
+CVE-2020-12845
+ RESERVED
CVE-2020-12844
RESERVED
CVE-2020-12843
@@ -375,8 +441,8 @@ CVE-2020-12679 (A reflected cross-site scripting (XSS)
vulnerability in the Mite
NOT-FOR-US: Mitel
CVE-2020-12678
REJECTED
-CVE-2020-12677
- RESERVED
+CVE-2020-12677 (An issue was discovered in Progress MOVEit Automation Web
Admin. A Web ...)
+ TODO: check
CVE-2020-12676
RESERVED
CVE-2020-12675
@@ -2030,14 +2096,11 @@ CVE-2020-11975
RESERVED
CVE-2020-11974
RESERVED
-CVE-2020-11973
- RESERVED
+CVE-2020-11973 (Apache Camel Netty enables Java deserialization by default.
Apache Cam ...)
NOT-FOR-US: Apache Camel
-CVE-2020-11972
- RESERVED
+CVE-2020-11972 (Apache Camel RabbitMQ enables Java deserialization by default.
Apache ...)
NOT-FOR-US: Apache Camel
-CVE-2020-11971
- RESERVED
+CVE-2020-11971 (Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel
2.22.x, ...)
NOT-FOR-US: Apache Camel
CVE-2020-11970
RESERVED
@@ -6812,8 +6875,8 @@ CVE-2020-10628
RESERVED
CVE-2020-10627
RESERVED
-CVE-2020-10626
- RESERVED
+CVE-2020-10626 (In Fazecast jSerialComm, Version 2.2.2 and prior, an
uncontrolled sear ...)
+ TODO: check
CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an
unauthenticated remo ...)
NOT-FOR-US: WebAccess/NMS
CVE-2020-10624
@@ -18870,8 +18933,8 @@ CVE-2020-5410
RESERVED
CVE-2020-5409 (Pivotal Concourse, most versions prior to 6.0.0, allows
redirects to u ...)
NOT-FOR-US: Pivotal
-CVE-2020-5408
- RESERVED
+CVE-2020-5408 (Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to
5.2.4, 5 ...)
+ TODO: check
CVE-2020-5407 (Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior
to 5.3.2 ...)
TODO: check
CVE-2020-5406 (VMware Tanzu Application Service for VMs, 2.6.x versions prior
to 2.6. ...)
@@ -21357,10 +21420,10 @@ CVE-2020-4470
RESERVED
CVE-2020-4469
RESERVED
-CVE-2020-4468
- RESERVED
-CVE-2020-4467
- RESERVED
+CVE-2020-4468 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote
attacke ...)
+ TODO: check
+CVE-2020-4467 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote
attacke ...)
+ TODO: check
CVE-2020-4466
RESERVED
CVE-2020-4465
@@ -21449,8 +21512,8 @@ CVE-2020-4424
RESERVED
CVE-2020-4423
RESERVED
-CVE-2020-4422
- RESERVED
+CVE-2020-4422 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote
attacke ...)
+ TODO: check
CVE-2020-4421 (IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4
could allo ...)
NOT-FOR-US: IBM
CVE-2020-4420
@@ -21563,8 +21626,8 @@ CVE-2020-4367
RESERVED
CVE-2020-4366
RESERVED
-CVE-2020-4365
- RESERVED
+CVE-2020-4365 (IBM WebSphere Application Server 8.5 is vulnerable to
server-side requ ...)
+ TODO: check
CVE-2020-4364
RESERVED
CVE-2020-4363
@@ -21607,8 +21670,8 @@ CVE-2020-4345
RESERVED
CVE-2020-4344
RESERVED
-CVE-2020-4343
- RESERVED
+CVE-2020-4343 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote
attacke ...)
+ TODO: check
CVE-2020-4342
RESERVED
CVE-2020-4341
@@ -21695,8 +21758,8 @@ CVE-2020-4301
RESERVED
CVE-2020-4300
RESERVED
-CVE-2020-4299
- RESERVED
+CVE-2020-4299 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through
6.0.3.1 c ...)
+ TODO: check
CVE-2020-4298
RESERVED
CVE-2020-4297
@@ -21717,14 +21780,14 @@ CVE-2020-4290 (IBM Security Information Queue (ISIQ)
1.0.0, 1.0.1, 1.0.2, 1.0.3,
NOT-FOR-US: IBM
CVE-2020-4289 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2,
1.0.3, 1.0. ...)
NOT-FOR-US: IBM
-CVE-2020-4288
- RESERVED
-CVE-2020-4287
- RESERVED
+CVE-2020-4288 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote
attacke ...)
+ TODO: check
+CVE-2020-4287 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote
attacke ...)
+ TODO: check
CVE-2020-4286
RESERVED
-CVE-2020-4285
- RESERVED
+CVE-2020-4285 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote
attacke ...)
+ TODO: check
CVE-2020-4284 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2,
1.0.3, 1.0. ...)
NOT-FOR-US: IBM
CVE-2020-4283 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2,
1.0.3, and ...)
@@ -21761,26 +21824,26 @@ CVE-2020-4268 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 is
vulnerable to cross-site scr
NOT-FOR-US: IBM
CVE-2020-4267 (IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an
authen ...)
NOT-FOR-US: IBM
-CVE-2020-4266
- RESERVED
-CVE-2020-4265
- RESERVED
-CVE-2020-4264
- RESERVED
-CVE-2020-4263
- RESERVED
-CVE-2020-4262
- RESERVED
-CVE-2020-4261
- RESERVED
+CVE-2020-4266 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local
attacker ...)
+ TODO: check
+CVE-2020-4265 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local
attacker ...)
+ TODO: check
+CVE-2020-4264 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local
attacker ...)
+ TODO: check
+CVE-2020-4263 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local
attacker ...)
+ TODO: check
+CVE-2020-4262 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local
attacker ...)
+ TODO: check
+CVE-2020-4261 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local
attacker ...)
+ TODO: check
CVE-2020-4260 (IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with
special permi ...)
NOT-FOR-US: IBM
-CVE-2020-4259
- RESERVED
-CVE-2020-4258
- RESERVED
-CVE-2020-4257
- RESERVED
+CVE-2020-4259 (IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow
an authe ...)
+ TODO: check
+CVE-2020-4258 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local
attacker ...)
+ TODO: check
+CVE-2020-4257 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local
attacker ...)
+ TODO: check
CVE-2020-4256
RESERVED
CVE-2020-4255
@@ -28083,7 +28146,7 @@ CVE-2020-2020
RESERVED
CVE-2020-2019
RESERVED
-CVE-2020-2018 (An authentication bypass vulnerability in Palo Alto Networks
PAN-OS Pa ...)
+CVE-2020-2018 (An authentication bypass vulnerability in the Panorama context
switchi ...)
NOT-FOR-US: PAN-OS
CVE-2020-2017 (A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS
and Pa ...)
NOT-FOR-US: PAN-OS
@@ -28477,8 +28540,7 @@ CVE-2020-1962
REJECTED
CVE-2020-1961 (Vulnerability to Server-Side Template Injection on Mail
templates for ...)
NOT-FOR-US: Apache Syncope
-CVE-2020-1960
- RESERVED
+CVE-2020-1960 (A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to
1.2.1, 1.3.0 ...)
NOT-FOR-US: Apache Flink
CVE-2020-1959 (A Server-Side Template Injection was identified in Apache
Syncope prio ...)
NOT-FOR-US: Apache Syncope
@@ -28519,8 +28581,7 @@ CVE-2020-1947 (In Apache ShardingSphere(incubator)
4.0.0-RC3 and 4.0.0, the Shar
NOT-FOR-US: Apache ShardingSphere
CVE-2020-1946
RESERVED
-CVE-2020-1945 [insecure temporary file vulnerability]
- RESERVED
+CVE-2020-1945 (Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default
tempora ...)
- ant <unfixed> (low)
[buster] - ant <no-dsa> (Minor issue)
[stretch] - ant <no-dsa> (Minor issue)
@@ -28541,8 +28602,7 @@ CVE-2020-1943 (Data sent with contentId to
/control/stream is not sanitized, all
NOT-FOR-US: Apache OFBiz
CVE-2020-1942 (In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory
generated ...)
NOT-FOR-US: Apache NiFi
-CVE-2020-1941
- RESERVED
+CVE-2020-1941 (In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI
is open ...)
- activemq <unfixed> (unimportant)
NOTE: Admin console not enabled in the Debian package, see #702670)
NOTE: Fixed in 5.15.12
@@ -37496,8 +37556,8 @@ CVE-2019-17574 (An issue was discovered in the Popup
Maker plugin before 1.8.13
NOT-FOR-US: Popup Maker plugin for WordPress
CVE-2019-17573 (By default, Apache CXF creates a /services page containing a
listing o ...)
NOT-FOR-US: Apache CFX
-CVE-2019-17572
- RESERVED
+CVE-2019-17572 (In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic
creation i ...)
+ TODO: check
CVE-2019-17571 (Included in Log4j 1.2 is a SocketServer class that is
vulnerable to de ...)
{DLA-2065-1}
- apache-log4j1.2 1.2.17-9 (bug #947124)
@@ -37542,8 +37602,8 @@ CVE-2019-17563 (When using FORM authentication with
Apache Tomcat 9.0.0.M1 to 9.
NOTE:
https://github.com/apache/tomcat/commit/1ecba14e690cf5f3f143eef6ae7037a6d3c16652
(9.0.30)
NOTE:
https://github.com/apache/tomcat/commit/e19a202ee43b6e2a538be5515ae0ab32d8ef112c
(8.5.50)
NOTE:
https://github.com/apache/tomcat/commit/ab72a106fe5d992abddda954e30849d7cf8cc583
(7.0.99)
-CVE-2019-17562
- RESERVED
+CVE-2019-17562 (A buffer overflow vulnerability has been found in the
baremetal compon ...)
+ TODO: check
CVE-2019-17561 (The "Apache NetBeans" autoupdate system does not fully
validate code s ...)
- netbeans <unfixed> (unimportant)
NOTE: Debian packages updated via apt
@@ -44814,8 +44874,8 @@ CVE-2019-15085 (An issue was discovered in PRiSE adAS
1.7.0. The current databas
NOT-FOR-US: PRiSE adAS
CVE-2019-15084 (Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell
laptops, insta ...)
NOT-FOR-US: Realtek
-CVE-2019-15083
- RESERVED
+CVE-2019-15083 (Default installations of Zoho ManageEngine ServiceDesk Plus
10.0 befor ...)
+ TODO: check
CVE-2018-20974 (The js-jobs plugin before 1.0.7 for WordPress has CSRF. ...)
NOT-FOR-US: js-jobs plugin for WordPress
CVE-2018-20973 (The companion-auto-update plugin before 3.2.1 for WordPress
has local ...)
@@ -52615,12 +52675,12 @@ CVE-2019-13025 (Compal CH7465LG
CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have I
NOT-FOR-US: Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices
CVE-2019-13024 (Centreon 18.x before 18.10.6, 19.x before 19.04.3, and
Centreon web be ...)
- centreon-web <itp> (bug #913903)
-CVE-2019-13023
- RESERVED
-CVE-2019-13022
- RESERVED
-CVE-2019-13021
- RESERVED
+CVE-2019-13023 (An issue was discovered in all versions of Bond JetSelect.
Within the ...)
+ TODO: check
+CVE-2019-13022 (Bond JetSelect (all versions) has an issue in the Java class
(ENCtool. ...)
+ TODO: check
+CVE-2019-13021 (The administrative passwords for all versions of Bond
JetSelect are st ...)
+ TODO: check
CVE-2019-13020 (The fetch API in Tightrope Media Carousel before 7.1.3 has
CarouselAPI ...)
NOT-FOR-US: Tightrope Media Carousel
CVE-2019-13019
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e48c8dcd577ca5b395e9d2ead1af8b0d3ffd05d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e48c8dcd577ca5b395e9d2ead1af8b0d3ffd05d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
