Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6549e05e by security tracker role at 2020-06-26T20:10:30+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,97 @@ +CVE-2020-15353 + RESERVED +CVE-2020-15352 + RESERVED +CVE-2020-15351 (IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES ...) + TODO: check +CVE-2020-15350 + RESERVED +CVE-2020-15349 + RESERVED +CVE-2020-15348 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManag ...) + TODO: check +CVE-2020-15347 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b pa ...) + TODO: check +CVE-2020-15346 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API wit ...) + TODO: check +CVE-2020-15345 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_g ...) + TODO: check +CVE-2020-15344 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_g ...) + TODO: check +CVE-2020-15343 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_i ...) + TODO: check +CVE-2020-15342 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_i ...) + TODO: check +CVE-2020-15341 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated upda ...) + TODO: check +CVE-2020-15340 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/A ...) + TODO: check +CVE-2020-15339 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCa ...) + TODO: check +CVE-2020-15338 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request M ...) + TODO: check +CVE-2020-15337 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request M ...) + TODO: check +CVE-2020-15336 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for / ...) + TODO: check +CVE-2020-15335 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for / ...) + TODO: check +CVE-2020-15334 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence inje ...) + TODO: check +CVE-2020-15333 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discove ...) + TODO: check +CVE-2020-15332 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/def ...) + TODO: check +CVE-2020-15331 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRE ...) + TODO: check +CVE-2020-15330 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in ...) + TODO: check +CVE-2020-15329 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permission ...) + TODO: check +CVE-2020-15328 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blo ...) + TODO: check +CVE-2020-15327 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without a ...) + TODO: check +CVE-2020-15326 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate ...) + TODO: check +CVE-2020-15325 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cook ...) + TODO: check +CVE-2020-15324 + RESERVED +CVE-2020-15323 + RESERVED +CVE-2020-15322 + RESERVED +CVE-2020-15321 + RESERVED +CVE-2020-15320 + RESERVED +CVE-2020-15319 + RESERVED +CVE-2020-15318 + RESERVED +CVE-2020-15317 + RESERVED +CVE-2020-15316 + RESERVED +CVE-2020-15315 + RESERVED +CVE-2020-15314 + RESERVED +CVE-2020-15313 + RESERVED +CVE-2020-15312 + RESERVED +CVE-2020-15311 (Stash 1.0.3 allows SQL Injection via the downloadmp3.php download para ...) + TODO: check +CVE-2020-15310 + RESERVED +CVE-2020-15309 + RESERVED +CVE-2020-15308 (Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-a ...) + TODO: check +CVE-2020-15307 + RESERVED CVE-2020-15306 (An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount a ...) - openexr <unfixed> NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/738 @@ -592,10 +686,10 @@ CVE-2020-15019 RESERVED CVE-2020-15018 (playSMS through 1.4.3 is vulnerable to session fixation. ...) NOT-FOR-US: playSMS -CVE-2020-15017 - RESERVED -CVE-2020-15016 - RESERVED +CVE-2020-15017 (NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices ...) + TODO: check +CVE-2020-15016 (NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-C ...) + TODO: check CVE-2020-15015 (The FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XS ...) NOT-FOR-US: FileExplorer component in GleamTech FileUltimate CVE-2020-15014 (pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF. ...) @@ -729,8 +823,8 @@ CVE-2020-14957 RESERVED CVE-2020-14956 RESERVED -CVE-2020-14955 - RESERVED +CVE-2020-14955 (In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows l ...) + TODO: check CVE-2020-14953 RESERVED CVE-2020-14952 @@ -1717,8 +1811,8 @@ CVE-2020-14479 RESERVED CVE-2020-14478 RESERVED -CVE-2020-14477 - RESERVED +CVE-2020-14477 (In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX V ...) + TODO: check CVE-2020-14476 RESERVED CVE-2020-14475 (A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0. ...) @@ -3384,8 +3478,8 @@ CVE-2020-13893 RESERVED CVE-2020-13892 (The SportsPress plugin before 2.7.2 for WordPress allows XSS. ...) NOT-FOR-US: SportsPress plugin for WordPress -CVE-2020-13891 - RESERVED +CVE-2020-13891 (An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS ...) + TODO: check CVE-2020-13890 (The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an A ...) NOT-FOR-US: Bootstrap theme CVE-2020-13889 (showAlert() in the administration panel in Bludit 3.12.0 allows XSS. ...) @@ -8007,8 +8101,7 @@ CVE-2020-11998 RESERVED CVE-2020-11997 RESERVED -CVE-2020-11996 - RESERVED +CVE-2020-11996 (A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat ...) - tomcat9 9.0.36-1 - tomcat8 <removed> NOTE: https://www.openwall.com/lists/oss-security/2020/06/25/6 @@ -12562,8 +12655,7 @@ CVE-2020-10771 NOT-FOR-US: Infinispan CVE-2020-10770 RESERVED -CVE-2020-10769 - RESERVED +CVE-2020-10769 (A buffer over-read flaw was found in RH kernel versions before 5.0 in ...) - linux 4.19.20-1 [stretch] - linux 4.9.161-1 [jessie] - linux 3.16.68-1 @@ -12644,8 +12736,7 @@ CVE-2020-10754 (It was found that nmcli, a command line interface to NetworkMana NOTE: Only affects builds enabling ifcfg-rh settings plugin, source-wise only NOTE: affected but not the Debian binary builds (and is RedHat/Fedora specific NOTE: plugin). -CVE-2020-10753 [rgw: sanitize newlines in s3 CORSConfiguration's ExposeHeader] - RESERVED +CVE-2020-10753 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...) - ceph <unfixed> NOTE: https://github.com/ceph/ceph/pull/35773 NOTE: Fix: https://github.com/ceph/ceph/commit/1524d3c0c5cb11775313ea1e2bb36a93257947f2 @@ -12732,8 +12823,7 @@ CVE-2020-10729 [two random password lookups in same task return same value] CVE-2020-10728 RESERVED NOT-FOR-US: automationbroker/apb -CVE-2020-10727 - RESERVED +CVE-2020-10727 (A flaw was found in ActiveMQ Artemis management API from version 2.7.0 ...) NOT-FOR-US: ApacheMQ Artemis CVE-2020-10726 (A vulnerability was found in DPDK versions 19.11 and above. A maliciou ...) - dpdk 19.11.2-1 (bug #960936) @@ -13109,16 +13199,16 @@ CVE-2020-10630 (SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software d NOT-FOR-US: SAE IT-systems FW-50 Remote Telemetry Unit CVE-2020-10629 (WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. S ...) NOT-FOR-US: WebAccess/NMS -CVE-2020-10628 - RESERVED +CVE-2020-10628 (ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R1 ...) + TODO: check CVE-2020-10627 RESERVED CVE-2020-10626 (In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled sear ...) NOT-FOR-US: Fazecast jSerialComm CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remo ...) NOT-FOR-US: WebAccess/NMS -CVE-2020-10624 - RESERVED +CVE-2020-10624 (ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R1 ...) + TODO: check CVE-2020-10623 (Multiple vulnerabilities could allow an attacker with low privileges t ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10622 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vu ...) @@ -16690,8 +16780,8 @@ CVE-2020-9049 RESERVED CVE-2020-9048 RESERVED -CVE-2020-9047 - RESERVED +CVE-2020-9047 (A vulnerability exists that could allow the execution of unauthorized ...) + TODO: check CVE-2020-9046 (A vulnerability in all versions of Kantech EntraPass Editions could po ...) NOT-FOR-US: Kantech CVE-2020-9045 (During installation or upgrade to Software House C•CURE 9000 v2. ...) @@ -27683,8 +27773,8 @@ CVE-2020-4567 RESERVED CVE-2020-4566 RESERVED -CVE-2020-4565 - RESERVED +CVE-2020-4565 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacke ...) + TODO: check CVE-2020-4564 RESERVED CVE-2020-4563 @@ -28367,8 +28457,8 @@ CVE-2020-4225 RESERVED CVE-2020-4224 (IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive inform ...) NOT-FOR-US: IBM -CVE-2020-4223 - RESERVED +CVE-2020-4223 (IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cros ...) + TODO: check CVE-2020-4222 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) NOT-FOR-US: IBM Spectrum Protect Plus CVE-2020-4221 @@ -82541,8 +82631,8 @@ CVE-2019-4652 (IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure fil NOT-FOR-US: IBM Spectrum Protect Plus CVE-2019-4651 (IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injectio ...) NOT-FOR-US: IBM -CVE-2019-4650 - RESERVED +CVE-2019-4650 (IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A ...) + TODO: check CVE-2019-4649 RESERVED CVE-2019-4648 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6549e05e16ac8134d83d4ac850ad835a387b0c67 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6549e05e16ac8134d83d4ac850ad835a387b0c67 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits