Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ec96ed1d by security tracker role at 2020-06-29T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,15 @@
+CVE-2020-15367
+ RESERVED
+CVE-2020-15366
+ RESERVED
CVE-2020-15365 (LibRaw before 0.20-Beta3 has an out-of-bounds write in
parse_exif() in ...)
TODO: check
CVE-2020-15364 (The Nexos theme through 1.7 for WordPress allows
top-map/?search_locat ...)
NOT-FOR-US: Wordpress theme
CVE-2020-15363 (The Nexos theme through 1.7 for WordPress allows
side-map/?search_orde ...)
NOT-FOR-US: Wordpress theme
-CVE-2020-15362
- RESERVED
+CVE-2020-15362 (wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code
Injection b ...)
+ TODO: check
CVE-2020-15361
RESERVED
CVE-2020-15360 (com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege
escalatio ...)
@@ -21,11 +25,11 @@ CVE-2020-15358 (In SQLite before 3.32.3, select.c
mishandles query-flattener opt
NOTE: https://www.sqlite.org/src/info/10fa79d00f8091e5
NOTE: https://www.sqlite.org/src/tktview?name=8f157e8010
CVE-2020-15356
- RESERVED
+ REJECTED
CVE-2020-15355
- RESERVED
+ REJECTED
CVE-2020-15354
- RESERVED
+ REJECTED
CVE-2013-7489 (The Beaker library through 1.11.0 for Python is affected by
deserializ ...)
TODO: check
CVE-2020-15353
@@ -86,32 +90,32 @@ CVE-2020-15326 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1
has a hardcoded certi
NOT-FOR-US: Zyxel
CVE-2020-15325 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded
Erlang cook ...)
NOT-FOR-US: Zyxel
-CVE-2020-15324
- RESERVED
-CVE-2020-15323
- RESERVED
-CVE-2020-15322
- RESERVED
-CVE-2020-15321
- RESERVED
-CVE-2020-15320
- RESERVED
-CVE-2020-15319
- RESERVED
-CVE-2020-15318
- RESERVED
-CVE-2020-15317
- RESERVED
-CVE-2020-15316
- RESERVED
-CVE-2020-15315
- RESERVED
-CVE-2020-15314
- RESERVED
-CVE-2020-15313
- RESERVED
-CVE-2020-15312
- RESERVED
+CVE-2020-15324 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a
world-readable axess/ ...)
+ TODO: check
+CVE-2020-15323 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234
password ...)
+ TODO: check
+CVE-2020-15322 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the
wbboEZ4BN3ssxAfM ha ...)
+ TODO: check
+CVE-2020-15321 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel
password fo ...)
+ TODO: check
+CVE-2020-15320 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros
password for ...)
+ TODO: check
+CVE-2020-15319 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA
SSH key ...)
+ TODO: check
+CVE-2020-15318 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA
SSH key ...)
+ TODO: check
+CVE-2020-15317 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA
SSH key ...)
+ TODO: check
+CVE-2020-15316 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded
ECDSA SSH k ...)
+ TODO: check
+CVE-2020-15315 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA
SSH key ...)
+ TODO: check
+CVE-2020-15314 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA
SSH key ...)
+ TODO: check
+CVE-2020-15313 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded
ECDSA SSH k ...)
+ TODO: check
+CVE-2020-15312 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA
SSH key ...)
+ TODO: check
CVE-2020-15311 (Stash 1.0.3 allows SQL Injection via the downloadmp3.php
download para ...)
NOT-FOR-US: Stash
CVE-2020-15310
@@ -602,8 +606,8 @@ CVE-2020-15071
RESERVED
CVE-2020-15070
RESERVED
-CVE-2020-15069
- RESERVED
+CVE-2020-15069 (Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer
Overflow an ...)
+ TODO: check
CVE-2020-15068
RESERVED
CVE-2020-15067
@@ -660,8 +664,8 @@ CVE-2020-15045
RESERVED
CVE-2020-15044
RESERVED
-CVE-2020-15043
- RESERVED
+CVE-2020-15043 (iBall WRB303N devices allow CSRF attacks, as demonstrated by
enabling ...)
+ TODO: check
CVE-2020-15042
RESERVED
CVE-2020-15041 (PHP-Fusion 9.03.60 allows XSS via the
administration/site_links.php Ad ...)
@@ -2282,12 +2286,12 @@ CVE-2020-14416 (In the Linux kernel before 5.4.16, a
race condition in tty->d
[stretch] - linux 4.9.210-1+deb9u1
[jessie] - linux 3.16.84-1
NOTE:
https://git.kernel.org/linus/0ace17d56824165c7f4c68785d6b58971db954dd
-CVE-2020-14414
- RESERVED
-CVE-2020-14413
- RESERVED
-CVE-2020-14412
- RESERVED
+CVE-2020-14414 (NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php
imprope ...)
+ TODO: check
+CVE-2020-14413 (NeDi 1.9C is vulnerable to XSS because of an incorrect
implementation ...)
+ TODO: check
+CVE-2020-14412 (NeDi 1.9C is vulnerable to Remote Command Execution.
System-Snapshot.p ...)
+ TODO: check
CVE-2020-14411
RESERVED
CVE-2020-14410
@@ -2715,6 +2719,7 @@ CVE-2019-20839 (libvncclient/sockets.c in LibVNCServer
before 0.9.13 has a buffe
- libvncserver 0.9.13+dfsg-1
NOTE:
https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1
CVE-2018-21247 (An issue was discovered in LibVNCServer before 0.9.13. There
is an inf ...)
+ {DSA-4383-1 DLA-1617-1}
- libvncserver 0.9.11+dfsg-1.2
NOTE: https://github.com/LibVNC/libvncserver/issues/253
NOTE:
https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858
@@ -2898,8 +2903,7 @@ CVE-2020-14147 (An integer overflow in the getnum
function in lua_struct.c in Re
NOTE: Fixed upstream in 6.0~rc2 and 5.0.8
CVE-2020-14146 (KumbiaPHP through 1.1.1, in Development mode, allows XSS via
the publi ...)
NOT-FOR-US: KumbiaPHP
-CVE-2020-14145
- RESERVED
+CVE-2020-14145 (The client side in OpenSSH 5.7 through 8.3 has an Observable
Discrepan ...)
- openssh <unfixed> (unimportant)
NOTE:
https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/
NOTE: https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf
@@ -3073,16 +3077,16 @@ CVE-2020-14074 (TRENDnet TEW-827DRU devices through
2.06B04 contain a stack-base
NOT-FOR-US: TRENDnet
CVE-2020-14073 (XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted
map proper ...)
NOT-FOR-US: PRTG Network Monitor
-CVE-2020-14072
- RESERVED
-CVE-2020-14071
- RESERVED
-CVE-2020-14070
- RESERVED
-CVE-2020-14069
- RESERVED
-CVE-2020-14068
- RESERVED
+CVE-2020-14072 (An issue was discovered in MK-AUTH 19.01. It allows command
execution ...)
+ TODO: check
+CVE-2020-14071 (An issue was discovered in MK-AUTH 19.01. XSS vulnerabilities
in admin ...)
+ TODO: check
+CVE-2020-14070 (An issue was discovered in MK-AUTH 19.01. There is
authentication bypa ...)
+ TODO: check
+CVE-2020-14069 (An issue was discovered in MK-AUTH 19.01. There are SQL
injection issu ...)
+ TODO: check
+CVE-2020-14068 (An issue was discovered in MK-AUTH 19.01. The web login
functionality ...)
+ TODO: check
CVE-2020-14067 (The install_from_hash functionality in Navigate CMS 2.9 does
not consi ...)
NOT-FOR-US: Navigate CMS
CVE-2020-14066
@@ -3273,8 +3277,7 @@ CVE-2020-14004 (An issue was discovered in Icinga2 before
v2.12.0-rc1. The prepa
NOTE:
https://github.com/Icinga/icinga2/commit/2f0f2e8c355b75fa4407d23f85feea037d2bc4b6
CVE-2020-14003
RESERVED
-CVE-2020-14002 [Dynamic host key policy leaks information about known host
keys]
- RESERVED
+CVE-2020-14002 (PuTTY 0.68 through 0.73 has an Observable Discrepancy leading
to an in ...)
- putty 0.74-1
[buster] - putty <no-dsa> (Minor issue)
[stretch] - putty <no-dsa> (Minor issue)
@@ -3519,8 +3522,8 @@ CVE-2020-13898 (An issue was discovered in janus-gateway
(aka Janus WebRTC Serve
NOTE:
https://github.com/meetecho/janus-gateway/pull/2214/commits/2ed485d04630b9ee9de7c96517135654b7f32120
CVE-2020-13897 (HESK before 3.1.10 allows reflected XSS. ...)
NOT-FOR-US: HESK
-CVE-2020-13896
- RESERVED
+CVE-2020-13896 (The web interface of Maipu MP1800X-50 7.5.3.14(R) devices
allows remot ...)
+ TODO: check
CVE-2020-13894 (handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961
allows ...)
NOT-FOR-US: DEXT5 Editor
CVE-2020-13893
@@ -4190,8 +4193,8 @@ CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0
can trigger a NULL poi
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=77f55eac6c433e23e82a1b88b2d74f385c4c7d82
CVE-2020-13658
RESERVED
-CVE-2020-13657
- RESERVED
+CVE-2020-13657 (An elevation of privilege vulnerability exists in Avast Free
Antivirus ...)
+ TODO: check
CVE-2020-13656 (In Morgan Stanley Hobbes through 2020-05-21, the array
implementation ...)
NOT-FOR-US: Hobbes
CVE-2020-13655
@@ -4718,8 +4721,8 @@ CVE-2020-13425 (TrackR devices through 2020-05-06 allow
attackers to trigger the
NOT-FOR-US: TrackR
CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows
Authenticated Lo ...)
NOT-FOR-US: Joomla addon
-CVE-2020-13423
- RESERVED
+CVE-2020-13423 (Form Builder 2.1.0 for Magento has multiple XSS issues that
can be exp ...)
+ TODO: check
CVE-2020-13422
RESERVED
CVE-2020-13421
@@ -6620,8 +6623,8 @@ CVE-2018-21233 (TensorFlow before 1.7.0 has an integer
overflow that causes an o
- tensorflow <itp> (bug #804612)
CVE-2020-12636
RESERVED
-CVE-2020-12635
- RESERVED
+CVE-2020-12635 (XSS exists in the WebForms Pro M2 extension before 2.9.17 for
Magento ...)
+ TODO: check
CVE-2020-12634
RESERVED
CVE-2020-12633
@@ -8050,40 +8053,40 @@ CVE-2020-12049 (An issue was discovered in dbus >=
1.3.0 before 1.12.18. The
NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/issues/294
NOTE: Fixed by:
https://gitlab.freedesktop.org/dbus/dbus/-/commit/272d484283883fa9ff95b69d924fff6cd34842f5
NOTE: Test:
https://gitlab.freedesktop.org/dbus/dbus/-/commit/8bc1381819e5a845331650bfa28dacf6d2ac1748
-CVE-2020-12048
- RESERVED
-CVE-2020-12047
- RESERVED
+CVE-2020-12048 (Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The
Phoenix Hem ...)
+ TODO: check
+CVE-2020-12047 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and
v22D24), whe ...)
+ TODO: check
CVE-2020-12046 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s
firmwar ...)
NOT-FOR-US: Opto 22 SoftPAC Project
-CVE-2020-12045
- RESERVED
+CVE-2020-12045 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and
v22D24) when ...)
+ TODO: check
CVE-2020-12044
RESERVED
-CVE-2020-12043
- RESERVED
+CVE-2020-12043 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and
v22D24) when ...)
+ TODO: check
CVE-2020-12042 (Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified
within ...)
NOT-FOR-US: Opto 22 SoftPAC Project
-CVE-2020-12041
- RESERVED
-CVE-2020-12040
- RESERVED
-CVE-2020-12039
- RESERVED
+CVE-2020-12041 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and
v22D24) teln ...)
+ TODO: check
+CVE-2020-12040 (Sigma Spectrum Infusion System v's6.x (model 35700BAX) and
Baxter Spec ...)
+ TODO: check
+CVE-2020-12039 (Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion
System v' ...)
+ TODO: check
CVE-2020-12038 (Products that use EDS Subsystem: Version 28.0.1 and prior
(FactoryTalk ...)
NOT-FOR-US: Rockwell Automation
-CVE-2020-12037
- RESERVED
-CVE-2020-12036
- RESERVED
-CVE-2020-12035
- RESERVED
+CVE-2020-12037 (Baxter PrismaFlex all versions, PrisMax all versions prior to
3.x, The ...)
+ TODO: check
+CVE-2020-12036 (Baxter PrismaFlex all versions, PrisMax all versions prior to
3.x, The ...)
+ TODO: check
+CVE-2020-12035 (Baxter PrismaFlex all versions, PrisMax all versions prior to
3.x, The ...)
+ TODO: check
CVE-2020-12034 (Products that use EDS Subsystem: Version 28.0.1 and prior
(FactoryTalk ...)
NOT-FOR-US: Rockwell Automation
CVE-2020-12033 (In Rockwell Automation FactoryTalk Services Platform, all
versions, th ...)
NOT-FOR-US: Rockwell Automation
-CVE-2020-12032
- RESERVED
+CVE-2020-12032 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix
EM1200 Vers ...)
+ TODO: check
CVE-2020-12031
RESERVED
CVE-2020-12030
@@ -8098,40 +8101,40 @@ CVE-2020-12026 (Advantech WebAccess Node, Version 8.4.4
and prior, Version 9.0.0
NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12025
RESERVED
-CVE-2020-12024
- RESERVED
+CVE-2020-12024 (Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and
ExactaMix ...)
+ TODO: check
CVE-2020-12023 (Philips IntelliBridge Enterprise (IBE), Versions B.12 and
prior, Intel ...)
NOT-FOR-US: Philips
CVE-2020-12022 (Advantech WebAccess Node, Version 8.4.4 and prior, Version
9.0.0. An i ...)
NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12021 (In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all
previous vers ...)
NOT-FOR-US: OSIsoft PI Web
-CVE-2020-12020
- RESERVED
+CVE-2020-12020 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and
ExactaMix E ...)
+ TODO: check
CVE-2020-12019 (WebAccess Node Version 8.4.4 and prior is vulnerable to a
stack-based ...)
NOT-FOR-US: WebAccess Node
CVE-2020-12018 (Advantech WebAccess Node, Version 8.4.4 and prior, Version
9.0.0. An o ...)
NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12017 (GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434,
all firmw ...)
NOT-FOR-US: GE Grid Solutions Reason RT Clocks
-CVE-2020-12016
- RESERVED
+CVE-2020-12016 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix
EM2400 Vers ...)
+ TODO: check
CVE-2020-12015
RESERVED
CVE-2020-12014 (Advantech WebAccess Node, Version 8.4.4 and prior, Version
9.0.0. Inpu ...)
NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12013
RESERVED
-CVE-2020-12012
- RESERVED
+CVE-2020-12012 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix
EM2400 Vers ...)
+ TODO: check
CVE-2020-12011
RESERVED
CVE-2020-12010 (Advantech WebAccess Node, Version 8.4.4 and prior, Version
9.0.0. Mult ...)
NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12009
RESERVED
-CVE-2020-12008
- RESERVED
+CVE-2020-12008 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix
EM1200 Vers ...)
+ TODO: check
CVE-2020-12007
RESERVED
CVE-2020-12006 (Advantech WebAccess Node, Version 8.4.4 and prior, Version
9.0.0. Mult ...)
@@ -18015,8 +18018,8 @@ CVE-2020-8575
RESERVED
CVE-2020-8574
RESERVED
-CVE-2020-8573
- RESERVED
+CVE-2020-8573 (The NetApp HCI H610S Baseboard Management Controller (BMC) is
shipped ...)
+ TODO: check
CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior
to vers ...)
NOT-FOR-US: Element OS
CVE-2020-8571 (StorageGRID (formerly StorageGRID Webscale) versions 10.0.0
through 11 ...)
@@ -19303,18 +19306,18 @@ CVE-2020-8026
RESERVED
CVE-2020-8025
RESERVED
-CVE-2020-8024
- RESERVED
+CVE-2020-8024 (A Incorrect Default Permissions vulnerability in the packaging
of hyla ...)
+ TODO: check
CVE-2020-8023
RESERVED
-CVE-2020-8022
- RESERVED
+CVE-2020-8022 (A Incorrect Default Permissions vulnerability in the packaging
of tomc ...)
+ TODO: check
CVE-2020-8021 (a Improper Access Control vulnerability in of Open Build
Service allow ...)
TODO: check
CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation
vulnerab ...)
TODO: check
-CVE-2020-8019
- RESERVED
+CVE-2020-8019 (A UNIX Symbolic Link (Symlink) Following vulnerability in the
packagin ...)
+ TODO: check
CVE-2020-8018 (A Incorrect Default Permissions vulnerability in the
SLES15-SP1-CHOST- ...)
NOT-FOR-US: Some SLES images
CVE-2020-8017 (A Race Condition Enabling Link Following vulnerability in the
cron job ...)
@@ -19323,8 +19326,8 @@ CVE-2020-8016 (A Race Condition Enabling Link Following
vulnerability in the pac
NOT-FOR-US: SuSE packaging of TexLive
CVE-2020-8015 (A UNIX Symbolic Link (Symlink) Following vulnerability in the
packagin ...)
NOT-FOR-US: SuSE packaging of TexLive
-CVE-2020-8014
- RESERVED
+CVE-2020-8014 (A UNIX Symbolic Link (Symlink) Following vulnerability in the
packagin ...)
+ TODO: check
CVE-2020-8013 (A UNIX Symbolic Link (Symlink) Following vulnerability in
chkstat of S ...)
NOT-FOR-US: chkstat
CVE-2020-8012 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and
below cont ...)
@@ -24137,11 +24140,13 @@ CVE-2020-6064 (An exploitable out-of-bounds write
vulnerability exists in the un
CVE-2020-6063 (An exploitable out-of-bounds write vulnerability exists in the
uncompr ...)
NOT-FOR-US: Accusoft ImageGear
CVE-2020-6062 (An exploitable denial-of-service vulnerability exists in the
way CoTUR ...)
+ {DSA-4711-1}
- coturn 4.5.1.1-1.2 (bug #951876)
[jessie] - coturn <not-affected> (Vulnerable code introduced later)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985
NOTE:
https://github.com/coturn/coturn/commit/e09bcd9f7af5b32c81b37f51835b384b5a7d03a8
CVE-2020-6061 (An exploitable heap overflow vulnerability exists in the way
CoTURN 4. ...)
+ {DSA-4711-1}
- coturn 4.5.1.1-1.2 (bug #951876)
[jessie] - coturn <not-affected> (Vulnerable code introduced later)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984
@@ -27857,8 +27862,8 @@ CVE-2020-4559
RESERVED
CVE-2020-4558
RESERVED
-CVE-2020-4557
- RESERVED
+CVE-2020-4557 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM
Business ...)
+ TODO: check
CVE-2020-4556
RESERVED
CVE-2020-4555
@@ -28067,8 +28072,8 @@ CVE-2020-4454
RESERVED
CVE-2020-4453
RESERVED
-CVE-2020-4452
- RESERVED
+CVE-2020-4452 (IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker
than expec ...)
+ TODO: check
CVE-2020-4451
RESERVED
CVE-2020-4450 (IBM WebSphere Application Server 8.5 and 9.0 traditional could
allow a ...)
@@ -28839,6 +28844,7 @@ CVE-2020-4068 (In APNSwift 1.0.0, calling
APNSwiftSigner.sign(digest:) is likely
TODO: check
CVE-2020-4067 [STUN response buffer not initialized properly]
RESERVED
+ {DSA-4711-1}
- coturn 4.5.1.3-1
NOTE:
https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm
NOTE:
https://github.com/coturn/coturn/commit/170da1140797748ae85565b5a93a2e35e7b07b6a
@@ -34775,8 +34781,8 @@ CVE-2020-2023 (Kata Containers doesn't restrict
containers from accessing the gu
NOT-FOR-US: Kata Containers
CVE-2020-2022
RESERVED
-CVE-2020-2021
- RESERVED
+CVE-2020-2021 (When Security Assertion Markup Language (SAML) authentication
is enabl ...)
+ TODO: check
CVE-2020-2020
RESERVED
CVE-2020-2019
@@ -36916,8 +36922,8 @@ CVE-2019-19162 (A use-after-free vulnerability in the
TOBESOFT XPLATFORM version
NOT-FOR-US: TOBESOFT XPLATFORM
CVE-2019-19161
RESERVED
-CVE-2019-19160
- RESERVED
+CVE-2019-19160 (Reportexpress ProPlus contains a vulnerability that could
allow an arb ...)
+ TODO: check
CVE-2019-19159
RESERVED
CVE-2019-19158
@@ -41684,28 +41690,28 @@ CVE-2019-18258
RESERVED
CVE-2019-18257 (In Advantech DiagAnywhere Server, Versions 3.07.11 and prior,
multiple ...)
NOT-FOR-US: Advantech
-CVE-2019-18256
- RESERVED
+CVE-2019-18256 (BIOTRONIK CardioMessenger II, The affected products use
individual per ...)
+ TODO: check
CVE-2019-18255
RESERVED
-CVE-2019-18254
- RESERVED
+CVE-2019-18254 (BIOTRONIK CardioMessenger II, The affected products do not
encrypt sen ...)
+ TODO: check
CVE-2019-18253 (An attacker could use specially crafted paths in a specific
request to ...)
NOT-FOR-US: Relion
-CVE-2019-18252
- RESERVED
+CVE-2019-18252 (BIOTRONIK CardioMessenger II, The affected products allow
credential r ...)
+ TODO: check
CVE-2019-18251 (In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron
CX-Supervis ...)
NOT-FOR-US: Omron
CVE-2019-18250 (In all versions of ABB Power Generation Information Manager
(PGIM) and ...)
NOT-FOR-US: ABB
CVE-2019-18249 (Reliable Controls MACH-ProWebCom/Sys, all versions prior to
2.15 (Firm ...)
NOT-FOR-US: Reliable Controls
-CVE-2019-18248
- RESERVED
+CVE-2019-18248 (BIOTRONIK CardioMessenger II, The affected products transmit
credentia ...)
+ TODO: check
CVE-2019-18247 (An attacker may use a specially crafted message to force
Relion 650 se ...)
NOT-FOR-US: Relion
-CVE-2019-18246
- RESERVED
+CVE-2019-18246 (BIOTRONIK CardioMessenger II, The affected products do not
properly en ...)
+ TODO: check
CVE-2019-18245 (Reliable Controls LicenseManager versions 3.4 and prior may
allow an a ...)
NOT-FOR-US: Reliable Controls LicenseManager
CVE-2019-18244 (OSIsoft PI Vision, PI Vision 2017 R2, PI Vision 2017 R2 SP1,
PI Vision ...)
@@ -84962,8 +84968,8 @@ CVE-2019-3683 (The keystone-json-assignment package in
SUSE Openstack Cloud 8 be
NOT-FOR-US: SuSE Openstack Cloud
CVE-2019-3682 (The docker-kubic package in SUSE CaaS Platform 3.0 before
17.09.1_ce-7 ...)
NOT-FOR-US: SuSE
-CVE-2019-3681
- RESERVED
+CVE-2019-3681 (A External Control of File Name or Path vulnerability in osc of
SUSE L ...)
+ TODO: check
CVE-2019-3680
RESERVED
CVE-2019-3679
@@ -131876,8 +131882,8 @@ CVE-2018-6448
RESERVED
CVE-2018-6447
RESERVED
-CVE-2018-6446
- RESERVED
+CVE-2018-6446 (A vulnerability in Brocade Network Advisor Version Before
14.3.1 could ...)
+ TODO: check
CVE-2018-6445 (A Vulnerability in Brocade Network Advisor versions before
14.0.3 coul ...)
NOT-FOR-US: Brocade
CVE-2018-6444 (A Vulnerability in Brocade Network Advisor versions before
14.1.0 coul ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec96ed1d0f771cbfdf831d48cabcf1e40aba710f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec96ed1d0f771cbfdf831d48cabcf1e40aba710f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
