Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e9becb90 by security tracker role at 2020-07-02T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-15509
+ RESERVED
+CVE-2020-15508
+ RESERVED
+CVE-2020-15507
+ RESERVED
+CVE-2020-15506
+ RESERVED
+CVE-2020-15505
+ RESERVED
+CVE-2020-15504
+ RESERVED
+CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a thumbnail size range check.
This affect ...)
+ TODO: check
+CVE-2020-15502 (** DISPUTED ** The DuckDuckGo application through 5.58.0 for
Android, ...)
+ TODO: check
+CVE-2019-20894 (Traefik 2.x, in certain configurations, allows HTTPS sessions
to proce ...)
+ TODO: check
CVE-2020-15501
RESERVED
CVE-2020-15500 (An issue was discovered in server.js in TileServer GL through
3.0.0. T ...)
@@ -865,8 +883,8 @@ CVE-2020-15093
RESERVED
CVE-2020-15092
RESERVED
-CVE-2020-15091
- RESERVED
+CVE-2020-15091 (TenderMint from version 0.33.0 and before version 0.33.6
allows block ...)
+ TODO: check
CVE-2020-15090
RESERVED
CVE-2020-15089
@@ -881,16 +899,16 @@ CVE-2020-15085 (In Saleor Storefront before version
2.10.3, request data used to
NOT-FOR-US: Saleor Storefront
CVE-2020-15084 (In express-jwt (NPM package) up and including version 5.3.3,
the algor ...)
TODO: check
-CVE-2020-15083
- RESERVED
-CVE-2020-15082
- RESERVED
-CVE-2020-15081
- RESERVED
-CVE-2020-15080
- RESERVED
-CVE-2020-15079
- RESERVED
+CVE-2020-15083 (In PrestaShop from version 1.7.0.0 and before version 1.7.6.6,
if a ta ...)
+ TODO: check
+CVE-2020-15082 (In PrestaShop from version 1.6.0.1 and before version 1.7.6.6,
the das ...)
+ TODO: check
+CVE-2020-15081 (In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there
is inform ...)
+ TODO: check
+CVE-2020-15080 (In PrestaShop from version 1.7.4.0 and before version 1.7.6.6,
some fi ...)
+ TODO: check
+CVE-2020-15079 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.6,
there i ...)
+ TODO: check
CVE-2020-15078
RESERVED
CVE-2020-15077
@@ -3370,8 +3388,8 @@ CVE-2020-14093 (Mutt before 1.14.3 allows an IMAP
fcc/postpone man-in-the-middle
NOTE: Fixed by:
https://gitlab.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01
NOTE: Fix for CVE-2020-14093 introduces a regression, cf. #963107
NOTE: Regression fixed by:
https://gitlab.com/muttmua/mutt/-/commit/dc909119b3433a84290f0095c0f43a23b98b3748
-CVE-2020-14092
- RESERVED
+CVE-2020-14092 (The CodePeople Payment Form for PayPal Pro plugin before
1.1.65 for Wo ...)
+ TODO: check
CVE-2020-14091
RESERVED
CVE-2020-14090
@@ -4544,8 +4562,8 @@ CVE-2020-13655
RESERVED
CVE-2020-13654
RESERVED
-CVE-2020-13653
- RESERVED
+CVE-2020-13653 (An XSS vulnerability exists in the Webmail component of Zimbra
Collabo ...)
+ TODO: check
CVE-2020-13652 (An issue was discovered in DigDash 2018R2 before p20200528,
2019R1 bef ...)
NOT-FOR-US: DigDash
CVE-2020-13651 (An issue was discovered in DigDash 2018R2 before p20200528,
2019R1 bef ...)
@@ -5109,6 +5127,7 @@ CVE-2020-13403
CVE-2020-13402
RESERVED
CVE-2020-13401 (An issue was discovered in Docker Engine before 19.03.11. An
attacker ...)
+ {DSA-4716-1}
- docker.io 19.03.11+dfsg1-1 (bug #962141)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1833233
NOTE:
https://github.com/moby/libnetwork/commit/153d0769a1181bf591a9637fd487a541ec7db1e6
@@ -8251,8 +8270,8 @@ CVE-2020-12121
RESERVED
CVE-2020-12120 (The Correos Express addon for PrestaShop 1.6 through 1.7
allows remote ...)
NOT-FOR-US: PrestaShop
-CVE-2020-12119
- RESERVED
+CVE-2020-12119 (Ledger Live before 2.7.0 does not handle Bitcoin's
Replace-By-Fee (RBF ...)
+ TODO: check
CVE-2020-12118 (The keygen protocol implementation in Binance tss-lib before
1.2.0 all ...)
NOT-FOR-US: Binance tss-lib
CVE-2020-12117 (Moxa Service in Moxa NPort 5150A firmware version 1.5 and
earlier allo ...)
@@ -11969,8 +11988,8 @@ CVE-2020-11076 (In Puma (RubyGem) before 4.3.4 and
3.12.5, an attacker could smu
NOTE:
https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd
CVE-2020-11075 (In Anchore Engine version 0.7.0, a specially crafted container
image m ...)
NOT-FOR-US: Anchore Engine
-CVE-2020-11074
- RESERVED
+CVE-2020-11074 (In PrestaShop from version 1.5.3.0 and before version 1.7.7.6,
there i ...)
+ TODO: check
CVE-2020-11073 (In Autoswitch Python Virtualenv before version 0.16.0, a user
who ente ...)
NOT-FOR-US: zsh-autoswitch-virtualenv
CVE-2020-11072 (In SLP Validate (npm package slp-validate) before version
1.2.1, users ...)
@@ -16163,12 +16182,10 @@ CVE-2020-9500 (Some products of Dahua have Denial of
Service vulnerabilities. Af
NOT-FOR-US: Dahua
CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After
the su ...)
NOT-FOR-US: Dahua
-CVE-2020-9498
- RESERVED
+CVE-2020-9498 (Apache Guacamole 1.1.0 and older may mishandle pointers
involved inpro ...)
- guacamole-client <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/3
-CVE-2020-9497
- RESERVED
+CVE-2020-9497 (Apache Guacamole 1.1.0 and older do not properly validate
datareceived ...)
- guacamole-client <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/2
CVE-2020-9496
@@ -19274,14 +19291,13 @@ CVE-2020-8190
RESERVED
CVE-2020-8189
RESERVED
-CVE-2020-8188
- RESERVED
+CVE-2020-8188 (We have recently released new version of UniFi Protect firmware
v1.13. ...)
+ TODO: check
CVE-2020-8187
RESERVED
CVE-2020-8186
RESERVED
-CVE-2020-8185
- RESERVED
+CVE-2020-8185 (A denial of service vulnerability exists in Rails <6.0.3.2
that all ...)
[experimental] - rails 6.0.3.2+dfsg-1 (bug #964081)
- rails <not-affected> (Introduced in rails 6.x)
NOTE: https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0
@@ -19296,8 +19312,8 @@ CVE-2020-8181
RESERVED
CVE-2020-8180 (A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7
allowed a cod ...)
NOT-FOR-US: Nextcloud Talk
-CVE-2020-8179
- RESERVED
+CVE-2020-8179 (Improper access control in Nextcloud Deck 1.0.0 allowed an
attacker to ...)
+ TODO: check
CVE-2020-8178
RESERVED
CVE-2020-8177
@@ -19305,8 +19321,8 @@ CVE-2020-8177
- curl <unfixed>
NOTE: https://curl.haxx.se/docs/CVE-2020-8177.html
NOTE:
https://github.com/curl/curl/commit/8236aba58542c5f89f1d41ca09d84579efb05e22
(7.71.0)
-CVE-2020-8176
- RESERVED
+CVE-2020-8176 (A cross-site scripting vulnerability exists in koa-shopify-auth
v3.1.6 ...)
+ TODO: check
CVE-2020-8175
RESERVED
CVE-2020-8174 [napi_get_value_string_*() allows various kinds of memory
corruption]
@@ -19340,8 +19356,7 @@ CVE-2020-8167 (A CSRF vulnerability exists in rails
<= 6.0.3 rails-ujs module
[jessie] - rails <not-affected> (Vulnerable code introduced later)
NOTE:
https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
NOTE:
https://github.com/rails/rails/commit/fbc7bec074b5ef9ae22f79ca5d9bafec7b276dd3
-CVE-2020-8166
- RESERVED
+CVE-2020-8166 (A CSRF forgery vulnerability exists in rails < 5.2.5, rails
< 6. ...)
- rails 2:5.2.4.3+dfsg-1
[stretch] - rails <not-affected> (Vulnerable code introduced later)
[jessie] - rails <not-affected> (Vulnerable code introduced later)
@@ -19361,8 +19376,7 @@ CVE-2020-8164 (A deserialization of untrusted data
vulnerability exists in rails
- rails 2:5.2.4.3+dfsg-1
NOTE:
https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
NOTE:
https://github.com/rails/rails/commit/7a3ee4fea90b7555f8d09c6c05c15fe7ab5a06ec
-CVE-2020-8163
- RESERVED
+CVE-2020-8163 (The is a code injection vulnerability in versions of Rails
prior to 5. ...)
- rails 2:5.2.0+dfsg-2
NOTE:
https://weblog.rubyonrails.org/2020/5/15/Rails-4-2-11-2-has-been-released/
NOTE:
https://weblog.rubyonrails.org/2020/5/16/rails-4-2-11-3-has-been-released/
@@ -19379,8 +19393,7 @@ CVE-2020-8162 (A client side enforcement of server side
security vulnerability e
[jessie] - rails <not-affected> (Vulnerable code introduced later)
NOTE:
https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
NOTE:
https://github.com/rails/rails/commit/e8df5648515a0e8324d3b3c4bdb7bde6802cd8be
-CVE-2020-8161 [Directory traversal in Rack::Directory]
- RESERVED
+CVE-2020-8161 (A directory traversal vulnerability exists in rack < 2.2.0
that all ...)
{DLA-2216-1}
- ruby-rack 2.1.1-5
[buster] - ruby-rack <no-dsa> (Minor issue; can be fixed via point
release)
@@ -20308,10 +20321,10 @@ CVE-2020-7823
RESERVED
CVE-2020-7822
RESERVED
-CVE-2020-7821
- RESERVED
-CVE-2020-7820
- RESERVED
+CVE-2020-7821 (Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version
contain a ...)
+ TODO: check
+CVE-2020-7820 (Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version
contain a ...)
+ TODO: check
CVE-2020-7819
RESERVED
CVE-2020-7818
@@ -24964,12 +24977,12 @@ CVE-2020-5913
RESERVED
CVE-2020-5912
RESERVED
-CVE-2020-5911
- RESERVED
-CVE-2020-5910
- RESERVED
-CVE-2020-5909
- RESERVED
+CVE-2020-5911 (In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX
Controller ...)
+ TODO: check
+CVE-2020-5910 (In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural
Autonomic ...)
+ TODO: check
+CVE-2020-5909 (In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run
the co ...)
+ TODO: check
CVE-2020-5908 (In versions bundled with BIG-IP APM 12.1.0-12.1.5 and
11.6.1-11.6.5.2, ...)
NOT-FOR-US: F5 BIG-IP
CVE-2020-5907 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3,
13.1.0-13.1.3.3, ...)
@@ -29313,8 +29326,8 @@ CVE-2020-4076
RESERVED
CVE-2020-4075
RESERVED
-CVE-2020-4074
- RESERVED
+CVE-2020-4074 (In PrestaShop from version 1.5.0.0 and before version 1.7.7.6,
the aut ...)
+ TODO: check
CVE-2020-4073
RESERVED
CVE-2020-4072 (In generator-jhipster-kotlin version 1.6.0 log entries are
created for ...)
@@ -29342,8 +29355,8 @@ CVE-2020-4063
RESERVED
CVE-2020-4062 (In Conjur OSS Helm Chart before 2.0.0, a recently identified
critical ...)
TODO: check
-CVE-2020-4061
- RESERVED
+CVE-2020-4061 (In October from version 1.0.319 and before version 1.0.467,
pasting co ...)
+ TODO: check
CVE-2020-4060 (In LoRa Basics Station before 2.0.4, there is a Use After Free
vulnera ...)
NOT-FOR-US: LoRa Basics Station
CVE-2020-4059 (In mversion before 2.0.0, there is a command injection
vulnerability. ...)
@@ -30144,7 +30157,7 @@ CVE-2019-19949 (In ImageMagick 7.0.8-43 Q16, there is a
heap-based buffer over-r
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617
(7.x)
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/34adc98afd5c7e7fb774d2ebdaea39e831c24dce
(6.x)
CVE-2019-19948 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer
overflow in ...)
- {DSA-4712-1 DLA-2049-1}
+ {DSA-4715-1 DSA-4712-1 DLA-2049-1}
- imagemagick <unfixed> (low; bug #947308)
[stretch] - imagemagick <no-dsa> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1562
@@ -32075,8 +32088,8 @@ CVE-2020-3284
RESERVED
CVE-2020-3283 (A vulnerability in the Secure Sockets Layer (SSL)/Transport
Layer Secu ...)
NOT-FOR-US: Cisco
-CVE-2020-3282
- RESERVED
+CVE-2020-3282 (A vulnerability in the web-based management interface of Cisco
Unified ...)
+ TODO: check
CVE-2020-3281 (A vulnerability in the audit logging component of Cisco Digital
Networ ...)
NOT-FOR-US: Cisco
CVE-2020-3280 (A vulnerability in the Java Remote Management Interface of
Cisco Unifi ...)
@@ -34869,62 +34882,43 @@ CVE-2020-2221
RESERVED
CVE-2020-2220
RESERVED
-CVE-2020-2219
- RESERVED
+CVE-2020-2219 (Jenkins Link Column Plugin 1.0 and earlier does not filter URLs
of lin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2218
- RESERVED
+CVE-2020-2218 (Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a
password ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2217
- RESERVED
+CVE-2020-2217 (Jenkins Compatibility Action Storage Plugin 1.0 and earlier
does not e ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2216
- RESERVED
+CVE-2020-2216 (A missing permission check in Jenkins Zephyr for JIRA Test
Management ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2215
- RESERVED
+CVE-2020-2215 (A cross-site request forgery vulnerability in Jenkins Zephyr
for JIRA ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2214
- RESERVED
+CVE-2020-2214 (Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically
disables ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2213
- RESERVED
+CVE-2020-2213 (Jenkins White Source Plugin 19.1.1 and earlier stores
credentials unen ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2212
- RESERVED
+CVE-2020-2212 (Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores
secrets ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2211
- RESERVED
+CVE-2020-2211 (Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and
earlier doe ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2210
- RESERVED
+CVE-2020-2210 (Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier
transmits conf ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2209
- RESERVED
+CVE-2020-2209 (Jenkins TestComplete support Plugin 2.4.1 and earlier stores a
passwor ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2208
- RESERVED
+CVE-2020-2208 (Jenkins Slack Upload Plugin 1.7 and earlier stores a secret
unencrypte ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2207
- RESERVED
+CVE-2020-2207 (Jenkins VncViewer Plugin 1.7 and earlier does not escape a
parameter v ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2206
- RESERVED
+CVE-2020-2206 (Jenkins VncRecorder Plugin 1.25 and earlier does not escape a
paramete ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2205
- RESERVED
+CVE-2020-2205 (Jenkins VncRecorder Plugin 1.25 and earlier does not escape a
tool pat ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2204
- RESERVED
+CVE-2020-2204 (A missing permission check in Jenkins Fortify on Demand Plugin
5.0.1 a ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2203
- RESERVED
+CVE-2020-2203 (A cross-site request forgery vulnerability in Jenkins Fortify
on Deman ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2202
- RESERVED
+CVE-2020-2202 (A missing permission check in Jenkins Fortify on Demand Plugin
6.0.0 a ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2201
- RESERVED
+CVE-2020-2201 (Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does
not escap ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2200 (Jenkins Play Framework Plugin 1.0.2 and earlier lets users
specify the ...)
NOT-FOR-US: Jenkins plugin
@@ -51924,7 +51918,7 @@ CVE-2019-15141 (WriteTIFFImage in coders/tiff.c in
ImageMagick 7.0.8-43 Q16 allo
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1560
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/3c53413eb544cc567309b4c86485eae43e956112
CVE-2019-15140 (coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote
attackers to ca ...)
- {DSA-4712-1 DLA-1968-1}
+ {DSA-4715-1 DSA-4712-1 DLA-1968-1}
- imagemagick <unfixed> (bug #941671)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/f7206618d27c2e69d977abf40e3035a33e5f6be0
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/5caef6e97f3f575cf7bea497865a4c1e624b8010
@@ -59026,7 +59020,7 @@ CVE-2019-13308 (ImageMagick 7.0.8-50 Q16 has a
heap-based buffer overflow in Mag
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1595
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01
CVE-2019-13307 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at
MagickCor ...)
- {DSA-4712-1}
+ {DSA-4715-1 DSA-4712-1}
- imagemagick <unfixed> (bug #931448)
[jessie] - imagemagick <ignored> (minor issue, patch fairly intrusive)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1615
@@ -59035,7 +59029,7 @@ CVE-2019-13307 (ImageMagick 7.0.8-50 Q16 has a
heap-based buffer overflow at Mag
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/e6d26d4e2f07375ddbf46a857d309d51eeff7ee1
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/643921ca69a20b203faebd0b287d8b7012dc749d
CVE-2019-13306 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at
coders/p ...)
- {DSA-4712-1 DLA-1888-1}
+ {DSA-4715-1 DSA-4712-1 DLA-1888-1}
- imagemagick <unfixed> (bug #931449)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1612
NOTE: initial fix:
@@ -59048,7 +59042,7 @@ CVE-2019-13305 (ImageMagick 7.0.8-50 Q16 has a
stack-based buffer overflow at co
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1613
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
CVE-2019-13304 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at
coders/p ...)
- {DSA-4712-1 DLA-1888-1}
+ {DSA-4715-1 DSA-4712-1 DLA-1888-1}
- imagemagick <unfixed> (bug #931453)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1614
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/bfa3b9610c83227894c92b0d312ad327fceb6241
@@ -59066,7 +59060,7 @@ CVE-2019-13301 (ImageMagick 7.0.8-50 Q16 has memory
leaks in AcquireMagickMemory
- imagemagick <unfixed> (unimportant)
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/0b7d3675438cbcde824e751895847a0794406e08
CVE-2019-13300 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at
MagickCor ...)
- {DSA-4712-1}
+ {DSA-4715-1 DSA-4712-1}
- imagemagick <unfixed> (bug #931454)
[jessie] - imagemagick <ignored> (minor issue, patch fairly intrusive)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1586
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9becb90075efee7161b23df6a10549ca7d55358
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9becb90075efee7161b23df6a10549ca7d55358
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
