[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 16 Jun 2020 13:11:21 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bd802e00 by security tracker role at 2020-06-16T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,91 @@
+CVE-2020-14207
+       RESERVED
+CVE-2020-14206
+       RESERVED
+CVE-2020-14205
+       RESERVED
+CVE-2020-14204
+       RESERVED
+CVE-2020-14203
+       RESERVED
+CVE-2020-14202
+       RESERVED
+CVE-2020-14201
+       RESERVED
+CVE-2020-14200
+       RESERVED
+CVE-2020-14199 (BIP-143 in the Bitcoin protocol specification mishandles the 
signing o ...)
+       TODO: check
+CVE-2020-14198
+       RESERVED
+CVE-2020-14197
+       RESERVED
+CVE-2020-14196
+       RESERVED
+CVE-2020-14195 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the 
interact ...)
+       TODO: check
+CVE-2020-14194
+       RESERVED
+CVE-2020-14193
+       RESERVED
+CVE-2020-14192
+       RESERVED
+CVE-2020-14191
+       RESERVED
+CVE-2020-14190
+       RESERVED
+CVE-2020-14189
+       RESERVED
+CVE-2020-14188
+       RESERVED
+CVE-2020-14187
+       RESERVED
+CVE-2020-14186
+       RESERVED
+CVE-2020-14185
+       RESERVED
+CVE-2020-14184
+       RESERVED
+CVE-2020-14183
+       RESERVED
+CVE-2020-14182
+       RESERVED
+CVE-2020-14181
+       RESERVED
+CVE-2020-14180
+       RESERVED
+CVE-2020-14179
+       RESERVED
+CVE-2020-14178
+       RESERVED
+CVE-2020-14177
+       RESERVED
+CVE-2020-14176
+       RESERVED
+CVE-2020-14175
+       RESERVED
+CVE-2020-14174
+       RESERVED
+CVE-2020-14173
+       RESERVED
+CVE-2020-14172
+       RESERVED
+CVE-2020-14171
+       RESERVED
+CVE-2020-14170
+       RESERVED
+CVE-2020-14169
+       RESERVED
+CVE-2020-14168
+       RESERVED
+CVE-2020-14167
+       RESERVED
+CVE-2020-14166
+       RESERVED
+CVE-2020-14165
+       RESERVED
+CVE-2020-14164
+       RESERVED
 CVE-2020-14163 (An issue was discovered in 
ecma/operations/ecma-container-object.c in  ...)
        NOT-FOR-US: JerryScript
 CVE-2020-14162
@@ -458,7 +546,7 @@ CVE-2020-13976 (** DISPUTED ** An issue was discovered in 
DD-WRT through 16214.
        NOT-FOR-US: DD-WRT
 CVE-2020-13975
        RESERVED
-CVE-2020-13974 (An issue was discovered in the Linux kernel through 5.7.1. 
drivers/tty ...)
+CVE-2020-13974 (** DISPUTED ** An issue was discovered in the Linux kernel 
through 5.7 ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/b86dab054059b970111b5516ae548efaae5b3aae
 CVE-2020-13973 (OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who 
controls ...)
@@ -1787,8 +1875,8 @@ CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL 
Injection via the editPlayer
        NOT-FOR-US: Jason2605 AdminPanel
 CVE-2020-13432 (rejetto HFS (aka HTTP File Server) v2.3m Build #300, when 
virtual file ...)
        NOT-FOR-US: Rejetto HTTP File Server
-CVE-2020-13431
-       RESERVED
+CVE-2020-13431 (I2P before 0.9.46 allows local users to gain privileges via a 
Trojan h ...)
+       TODO: check
 CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB 
datasource. ...)
        - grafana <removed>
        NOTE: https://github.com/grafana/grafana/pull/24539
@@ -3990,8 +4078,8 @@ CVE-2020-12496
        RESERVED
 CVE-2020-12495
        RESERVED
-CVE-2020-12494
-       RESERVED
+CVE-2020-12494 (Beckhoff&#8217;s TwinCAT RT network driver for Intel 8254x and 
8255x i ...)
+       TODO: check
 CVE-2020-12493 (An open port used for debugging in SWARCOs CPU LS4000 Series 
with vers ...)
        NOT-FOR-US: SWARCOs CPU LS4000 Series
 CVE-2020-12492
@@ -6238,14 +6326,14 @@ CVE-2020-11843
        RESERVED
 CVE-2020-11842 (Information disclosure vulnerability in Micro Focus Verastream 
Host In ...)
        NOT-FOR-US: Micro Focus
-CVE-2020-11841
-       RESERVED
-CVE-2020-11840
-       RESERVED
+CVE-2020-11841 (Unauthorized information disclosure vulnerability in Micro 
Focus ArcSi ...)
+       TODO: check
+CVE-2020-11840 (Unauthorized information disclosure vulnerability in Micro 
Focus ArcSi ...)
+       TODO: check
 CVE-2020-11839 (Cross Site Scripting (XSS) vulnerability in Micro Focus 
ArcSight Logge ...)
        NOT-FOR-US: Micro Focus
-CVE-2020-11838
-       RESERVED
+CVE-2020-11838 (Cross Site Scripting (XSS) vulnerability in Micro Focus 
ArcSight Manag ...)
+       TODO: check
 CVE-2020-11837
        RESERVED
 CVE-2020-11836
@@ -11055,8 +11143,8 @@ CVE-2020-10270
        RESERVED
 CVE-2020-10269
        RESERVED
-CVE-2020-10268
-       RESERVED
+CVE-2020-10268 (Critical services for operation can be terminated from windows 
task ma ...)
+       TODO: check
 CVE-2020-10267 (Universal Robots control box CB 3.1 across firmware versions 
(tested o ...)
        NOT-FOR-US: Universal Robots control box CB
 CVE-2020-10266 (UR+ (Universal Robots+) is a platform of hardware and software 
compone ...)
@@ -12732,8 +12820,8 @@ CVE-2020-9524 (Cross Site scripting vulnerability on 
Micro Focus Enterprise Serv
        NOT-FOR-US: Micro Focus
 CVE-2020-9523 (Insufficiently protected credentials vulnerability on Micro 
Focus ente ...)
        NOT-FOR-US: Micro Focus
-CVE-2020-9522
-       RESERVED
+CVE-2020-9522 (Cross Site Scripting (XSS) vulnerability in Micro Focus 
ArcSight Enter ...)
+       TODO: check
 CVE-2020-9521 (An SQL injection vulnerability was discovered in Micro Focus 
Service M ...)
        NOT-FOR-US: Micro Focus
 CVE-2020-9520 (A stored XSS vulnerability was discovered in Micro Focus Vibe, 
affecti ...)
@@ -13320,8 +13408,8 @@ CVE-2020-9298
        RESERVED
 CVE-2020-9297
        RESERVED
-CVE-2020-9296
-       RESERVED
+CVE-2020-9296 (Netflix Conductor uses Java Bean Validation (JSR 380) custom 
constrain ...)
+       TODO: check
 CVE-2020-9295
        RESERVED
 CVE-2020-9294 (An improper authentication vulnerability in FortiMail 5.4.10, 
6.0.7, 6 ...)
@@ -15086,14 +15174,14 @@ CVE-2020-8546
        RESERVED
 CVE-2020-8545 (Global.py in AIL framework 2.8 allows path traversal. ...)
        NOT-FOR-US: AIL framework
-CVE-2020-8544
-       RESERVED
-CVE-2020-8543
-       RESERVED
-CVE-2020-8542
-       RESERVED
-CVE-2020-8541
-       RESERVED
+CVE-2020-8544 (OX App Suite through 7.10.3 allows SSRF. ...)
+       TODO: check
+CVE-2020-8543 (OX App Suite through 7.10.3 has Improper Input Validation. ...)
+       TODO: check
+CVE-2020-8542 (OX App Suite through 7.10.3 allows XSS. ...)
+       TODO: check
+CVE-2020-8541 (OX App Suite through 7.10.3 allows XXE attacks. ...)
+       TODO: check
 CVE-2020-8540 (An XML external entity (XXE) vulnerability in Zoho ManageEngine 
Deskto ...)
        NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2020-8539
@@ -17565,8 +17653,8 @@ CVE-2020-7494
        RESERVED
 CVE-2020-7493
        RESERVED
-CVE-2020-7492
-       RESERVED
+CVE-2020-7492 (A CWE-521: Weak Password Requirements vulnerability exists in 
the GP-P ...)
+       TODO: check
 CVE-2020-7491
        RESERVED
 CVE-2020-7490 (A CWE-426: Untrusted Search Path vulnerability exists in Vijeo 
Designe ...)
@@ -25293,8 +25381,8 @@ CVE-2020-4322
        RESERVED
 CVE-2020-4321
        RESERVED
-CVE-2020-4320
-       RESERVED
+CVE-2020-4320 (IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 
LTS, and 9 ...)
+       TODO: check
 CVE-2020-4319
        RESERVED
 CVE-2020-4318
@@ -25313,8 +25401,8 @@ CVE-2020-4312 (IBM Sterling B2B Integrator Standard 
Edition 5.2.0.0 trough 6.0.3
        NOT-FOR-US: IBM
 CVE-2020-4311 (IBM Tivoli Monitoring 6.3.0 could allow a local attacker to 
execute ar ...)
        NOT-FOR-US: IBM
-CVE-2020-4310
-       RESERVED
+CVE-2020-4310 (IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 
9.1 C are ...)
+       TODO: check
 CVE-2020-4309 (IBM Content Navigator 3.0CD could disclose sensitive 
information to an ...)
        NOT-FOR-US: IBM
 CVE-2020-4308
@@ -37517,8 +37605,8 @@ CVE-2019-18616
        RESERVED
 CVE-2019-18615 (In CloudVision Portal (CVP) for all releases in the 2018.2 
Train, unde ...)
        NOT-FOR-US: CloudVision Portal
-CVE-2019-18614
-       RESERVED
+CVE-2019-18614 (On the Cypress CYW20735 evaluation board, any data that 
exceeds 384 by ...)
+       TODO: check
 CVE-2019-18613
        RESERVED
 CVE-2019-18612 (An issue was discovered in the AbuseFilter extension through 
1.34 for  ...)
@@ -39302,16 +39390,13 @@ CVE-2020-0237
        RESERVED
 CVE-2020-0236
        RESERVED
-CVE-2020-0235
-       RESERVED
+CVE-2020-0235 (In crus_sp_shared_ioctl we first copy 4 bytes from userdata 
into "size ...)
        NOT-FOR-US: Pixel kernel drivers
-CVE-2020-0234
-       RESERVED
+CVE-2020-0234 (In crus_afe_get_param of msm-cirrus-playback.c, there is a 
possible ou ...)
        NOT-FOR-US: Pixel kernel drivers
 CVE-2020-0233 (In main of main.cpp, there is possible memory corruption due to 
a use  ...)
        NOT-FOR-US: Android
-CVE-2020-0232
-       RESERVED
+CVE-2020-0232 (Function abc_pcie_issue_dma_xfer_sync creates a transfer 
object, adds  ...)
        NOT-FOR-US: Pixel kernel drivers
 CVE-2020-0231
        RESERVED
@@ -39329,8 +39414,7 @@ CVE-2020-0225
        RESERVED
 CVE-2020-0224
        RESERVED
-CVE-2020-0223
-       RESERVED
+CVE-2020-0223 (This is an unbounded write into kernel global memory, via a 
user-contr ...)
        NOT-FOR-US: Pixel kernel drivers
 CVE-2020-0222
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd802e00079c192d5536c3a74b666f2d36b88697

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd802e00079c192d5536c3a74b666f2d36b88697
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to