[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 26 Jun 2020 13:11:40 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6549e05e by security tracker role at 2020-06-26T20:10:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,97 @@
+CVE-2020-15353
+       RESERVED
+CVE-2020-15352
+       RESERVED
+CVE-2020-15351 (IDrive before 6.7.3.19 on Windows installs by default to 
%PROGRAMFILES ...)
+       TODO: check
+CVE-2020-15350
+       RESERVED
+CVE-2020-15349
+       RESERVED
+CVE-2020-15348 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of 
live/CPEManag ...)
+       TODO: check
+CVE-2020-15347 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the 
q6xV4aW8bQ4cfD-b pa ...)
+       TODO: check
+CVE-2020-15346 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS 
API wit ...)
+       TODO: check
+CVE-2020-15345 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an 
unauthenticated zy_g ...)
+       TODO: check
+CVE-2020-15344 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an 
unauthenticated zy_g ...)
+       TODO: check
+CVE-2020-15343 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an 
unauthenticated zy_i ...)
+       TODO: check
+CVE-2020-15342 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an 
unauthenticated zy_i ...)
+       TODO: check
+CVE-2020-15341 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an 
unauthenticated upda ...)
+       TODO: check
+CVE-2020-15340 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded 
opt/axess/A ...)
+       TODO: check
+CVE-2020-15339 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows 
live/CPEManager/AXCa ...)
+       TODO: check
+CVE-2020-15338 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET 
Request M ...)
+       TODO: check
+CVE-2020-15337 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET 
Request M ...)
+       TODO: check
+CVE-2020-15336 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no 
authentication for / ...)
+       TODO: check
+CVE-2020-15335 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no 
authentication for / ...)
+       TODO: check
+CVE-2020-15334 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows 
escape-sequence inje ...)
+       TODO: check
+CVE-2020-15333 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to 
discove ...)
+       TODO: check
+CVE-2020-15332 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak 
/opt/axess/etc/def ...)
+       TODO: check
+CVE-2020-15331 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded 
OAUTH_SECRE ...)
+       TODO: check
+CVE-2020-15330 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded 
APP_KEY in  ...)
+       TODO: check
+CVE-2020-15329 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs 
permission ...)
+       TODO: check
+CVE-2020-15328 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak 
/opt/axess/var/blo ...)
+       TODO: check
+CVE-2020-15327 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage 
without a ...)
+       TODO: check
+CVE-2020-15326 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded 
certificate ...)
+       TODO: check
+CVE-2020-15325 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded 
Erlang cook ...)
+       TODO: check
+CVE-2020-15324
+       RESERVED
+CVE-2020-15323
+       RESERVED
+CVE-2020-15322
+       RESERVED
+CVE-2020-15321
+       RESERVED
+CVE-2020-15320
+       RESERVED
+CVE-2020-15319
+       RESERVED
+CVE-2020-15318
+       RESERVED
+CVE-2020-15317
+       RESERVED
+CVE-2020-15316
+       RESERVED
+CVE-2020-15315
+       RESERVED
+CVE-2020-15314
+       RESERVED
+CVE-2020-15313
+       RESERVED
+CVE-2020-15312
+       RESERVED
+CVE-2020-15311 (Stash 1.0.3 allows SQL Injection via the downloadmp3.php 
download para ...)
+       TODO: check
+CVE-2020-15310
+       RESERVED
+CVE-2020-15309
+       RESERVED
+CVE-2020-15308 (Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 
allows post-a ...)
+       TODO: check
+CVE-2020-15307
+       RESERVED
 CVE-2020-15306 (An issue was discovered in OpenEXR before v2.5.2. Invalid 
chunkCount a ...)
        - openexr <unfixed>
        NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/738
@@ -592,10 +686,10 @@ CVE-2020-15019
        RESERVED
 CVE-2020-15018 (playSMS through 1.4.3 is vulnerable to session fixation. ...)
        NOT-FOR-US: playSMS
-CVE-2020-15017
-       RESERVED
-CVE-2020-15016
-       RESERVED
+CVE-2020-15017 (NeDi 1.9C is vulnerable to reflected cross-site scripting. The 
Devices ...)
+       TODO: check
+CVE-2020-15016 (NeDi 1.9C is vulnerable to reflected cross-site scripting. The 
Other-C ...)
+       TODO: check
 CVE-2020-15015 (The FileExplorer component in GleamTech FileUltimate 6.1.5.0 
allows XS ...)
        NOT-FOR-US: FileExplorer component in GleamTech FileUltimate
 CVE-2020-15014 (pramodmahato BlogCMS through 2019-12-31 has 
admin/changepass.php CSRF. ...)
@@ -729,8 +823,8 @@ CVE-2020-14957
        RESERVED
 CVE-2020-14956
        RESERVED
-CVE-2020-14955
-       RESERVED
+CVE-2020-14955 (In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) 
allows l ...)
+       TODO: check
 CVE-2020-14953
        RESERVED
 CVE-2020-14952
@@ -1717,8 +1811,8 @@ CVE-2020-14479
        RESERVED
 CVE-2020-14478
        RESERVED
-CVE-2020-14477
-       RESERVED
+CVE-2020-14477 (In Philips Ultrasound ClearVue Versions 3.2 and prior, 
Ultrasound CX V ...)
+       TODO: check
 CVE-2020-14476
        RESERVED
 CVE-2020-14475 (A reflected cross-site scripting (XSS) vulnerability in 
Dolibarr 11.0. ...)
@@ -3384,8 +3478,8 @@ CVE-2020-13893
        RESERVED
 CVE-2020-13892 (The SportsPress plugin before 2.7.2 for WordPress allows XSS. 
...)
        NOT-FOR-US: SportsPress plugin for WordPress
-CVE-2020-13891
-       RESERVED
+CVE-2020-13891 (An issue was discovered in Mattermost Mobile Apps before 
1.31.2 on iOS ...)
+       TODO: check
 CVE-2020-13890 (The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS 
via an A ...)
        NOT-FOR-US: Bootstrap theme
 CVE-2020-13889 (showAlert() in the administration panel in Bludit 3.12.0 
allows XSS. ...)
@@ -8007,8 +8101,7 @@ CVE-2020-11998
        RESERVED
 CVE-2020-11997
        RESERVED
-CVE-2020-11996
-       RESERVED
+CVE-2020-11996 (A specially crafted sequence of HTTP/2 requests sent to Apache 
Tomcat  ...)
        - tomcat9 9.0.36-1
        - tomcat8 <removed>
        NOTE: https://www.openwall.com/lists/oss-security/2020/06/25/6
@@ -12562,8 +12655,7 @@ CVE-2020-10771
        NOT-FOR-US: Infinispan
 CVE-2020-10770
        RESERVED
-CVE-2020-10769
-       RESERVED
+CVE-2020-10769 (A buffer over-read flaw was found in RH kernel versions before 
5.0 in  ...)
        - linux 4.19.20-1
        [stretch] - linux 4.9.161-1
        [jessie] - linux 3.16.68-1
@@ -12644,8 +12736,7 @@ CVE-2020-10754 (It was found that nmcli, a command line 
interface to NetworkMana
        NOTE: Only affects builds enabling ifcfg-rh settings plugin, 
source-wise only
        NOTE: affected but not the Debian binary builds (and is RedHat/Fedora 
specific
        NOTE: plugin).
-CVE-2020-10753 [rgw: sanitize newlines in s3 CORSConfiguration's ExposeHeader]
-       RESERVED
+CVE-2020-10753 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph 
Object Gate ...)
        - ceph <unfixed>
        NOTE: https://github.com/ceph/ceph/pull/35773
        NOTE: Fix: 
https://github.com/ceph/ceph/commit/1524d3c0c5cb11775313ea1e2bb36a93257947f2
@@ -12732,8 +12823,7 @@ CVE-2020-10729 [two random password lookups in same 
task return same value]
 CVE-2020-10728
        RESERVED
        NOT-FOR-US: automationbroker/apb
-CVE-2020-10727
-       RESERVED
+CVE-2020-10727 (A flaw was found in ActiveMQ Artemis management API from 
version 2.7.0 ...)
        NOT-FOR-US: ApacheMQ Artemis
 CVE-2020-10726 (A vulnerability was found in DPDK versions 19.11 and above. A 
maliciou ...)
        - dpdk 19.11.2-1 (bug #960936)
@@ -13109,16 +13199,16 @@ CVE-2020-10630 (SAE IT-systems FW-50 Remote Telemetry 
Unit (RTU). The software d
        NOT-FOR-US: SAE IT-systems FW-50 Remote Telemetry Unit
 CVE-2020-10629 (WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML 
input. S ...)
        NOT-FOR-US: WebAccess/NMS
-CVE-2020-10628
-       RESERVED
+CVE-2020-10628 (ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, 
R110, R1 ...)
+       TODO: check
 CVE-2020-10627
        RESERVED
 CVE-2020-10626 (In Fazecast jSerialComm, Version 2.2.2 and prior, an 
uncontrolled sear ...)
        NOT-FOR-US: Fazecast jSerialComm
 CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an 
unauthenticated remo ...)
        NOT-FOR-US: WebAccess/NMS
-CVE-2020-10624
-       RESERVED
+CVE-2020-10624 (ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, 
R110, R1 ...)
+       TODO: check
 CVE-2020-10623 (Multiple vulnerabilities could allow an attacker with low 
privileges t ...)
        NOT-FOR-US: WebAccess/NMS
 CVE-2020-10622 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected 
product is vu ...)
@@ -16690,8 +16780,8 @@ CVE-2020-9049
        RESERVED
 CVE-2020-9048
        RESERVED
-CVE-2020-9047
-       RESERVED
+CVE-2020-9047 (A vulnerability exists that could allow the execution of 
unauthorized  ...)
+       TODO: check
 CVE-2020-9046 (A vulnerability in all versions of Kantech EntraPass Editions 
could po ...)
        NOT-FOR-US: Kantech
 CVE-2020-9045 (During installation or upgrade to Software House C&#8226;CURE 
9000 v2. ...)
@@ -27683,8 +27773,8 @@ CVE-2020-4567
        RESERVED
 CVE-2020-4566
        RESERVED
-CVE-2020-4565
-       RESERVED
+CVE-2020-4565 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an 
attacke ...)
+       TODO: check
 CVE-2020-4564
        RESERVED
 CVE-2020-4563
@@ -28367,8 +28457,8 @@ CVE-2020-4225
        RESERVED
 CVE-2020-4224 (IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive 
inform ...)
        NOT-FOR-US: IBM
-CVE-2020-4223
-       RESERVED
+CVE-2020-4223 (IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable 
to cros ...)
+       TODO: check
 CVE-2020-4222 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a 
remote attac ...)
        NOT-FOR-US: IBM Spectrum Protect Plus
 CVE-2020-4221
@@ -82541,8 +82631,8 @@ CVE-2019-4652 (IBM Spectrum Protect Plus 10.1.0 through 
10.1.4 uses insecure fil
        NOT-FOR-US: IBM Spectrum Protect Plus
 CVE-2019-4651 (IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL 
injectio ...)
        NOT-FOR-US: IBM
-CVE-2019-4650
-       RESERVED
+CVE-2019-4650 (IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL 
injection. A  ...)
+       TODO: check
 CVE-2019-4649
        RESERVED
 CVE-2019-4648



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6549e05e16ac8134d83d4ac850ad835a387b0c67

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6549e05e16ac8134d83d4ac850ad835a387b0c67
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to