Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f90ace55 by security tracker role at 2020-07-07T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2020-15595
+ RESERVED
+CVE-2020-15594
+ RESERVED
+CVE-2020-15593
+ RESERVED
+CVE-2020-15592
+ RESERVED
+CVE-2020-15591
+ RESERVED
+CVE-2020-15590
+ RESERVED
+CVE-2020-15589
+ RESERVED
+CVE-2020-15588
+ RESERVED
+CVE-2020-15587
+ RESERVED
+CVE-2020-15586
+ RESERVED
+CVE-2020-15585
+ RESERVED
+CVE-2020-15584 (An issue was discovered on Samsung mobile devices with Q(10.0)
softwar ...)
+ TODO: check
+CVE-2020-15583 (An issue was discovered on Samsung mobile devices with O(8.x),
P(9.0), ...)
+ TODO: check
+CVE-2020-15582 (An issue was discovered on Samsung mobile devices with P(9.0)
and Q(10 ...)
+ TODO: check
+CVE-2020-15581 (An issue was discovered on Samsung mobile devices with O(8.x),
P(9.0), ...)
+ TODO: check
+CVE-2020-15580 (An issue was discovered on Samsung mobile devices with O(8.x),
P(9.0), ...)
+ TODO: check
+CVE-2020-15579 (An issue was discovered on Samsung mobile devices with O(8.x),
P(9.0), ...)
+ TODO: check
+CVE-2020-15578 (An issue was discovered on Samsung mobile devices with O(8.x)
software ...)
+ TODO: check
+CVE-2020-15577 (An issue was discovered on Samsung mobile devices with P(9.0)
and Q(10 ...)
+ TODO: check
+CVE-2020-15576 (SolarWinds Serv-U File Server before 15.2.1 allows information
disclos ...)
+ TODO: check
+CVE-2020-15575 (SolarWinds Serv-U File Server before 15.2.1 allows XSS as
demonstrated ...)
+ TODO: check
+CVE-2020-15574 (SolarWinds Serv-U File Server before 15.2.1 mishandles the
Same-Site c ...)
+ TODO: check
+CVE-2020-15573 (SolarWinds Serv-U File Server before 15.2.1 has a
"Cross-script vulner ...)
+ TODO: check
+CVE-2019-20896 (WebChess 1.0 allows SQL injection via the messageFrom, gameID,
opponen ...)
+ TODO: check
CVE-2020-15572
RESERVED
CVE-2020-15571
@@ -9,28 +57,23 @@ CVE-2020-15569 (PlayerGeneric.cpp in MilkyTracker through
1.02.00 has a use-afte
NOTE:
https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf
CVE-2020-15568
RESERVED
-CVE-2020-15567
- RESERVED
+CVE-2020-15567 (An issue was discovered in Xen through 4.13.x, allowing Intel
guest OS ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-328.html
-CVE-2020-15566
- RESERVED
+CVE-2020-15566 (An issue was discovered in Xen through 4.13.x, allowing guest
OS users ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-317.html
-CVE-2020-15565
- RESERVED
+CVE-2020-15565 (An issue was discovered in Xen through 4.13.x, allowing x86
Intel HVM ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-321.html
-CVE-2020-15564
- RESERVED
+CVE-2020-15564 (An issue was discovered in Xen through 4.13.x, allowing Arm
guest OS u ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-327.html
-CVE-2020-15563
- RESERVED
+CVE-2020-15563 (An issue was discovered in Xen through 4.13.x, allowing x86
HVM guest ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-319.html
@@ -114,8 +157,8 @@ CVE-2020-15527
RESERVED
CVE-2020-15526
RESERVED
-CVE-2020-15525
- RESERVED
+CVE-2020-15525 (GitLab EE 11.3 through 13.1.2 has Incorrect Access Control
because of ...)
+ TODO: check
CVE-2020-15524
RESERVED
CVE-2020-15523 (In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through
3.8.4rc1, ...)
@@ -131,24 +174,24 @@ CVE-2020-15519
RESERVED
CVE-2020-15518 (VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam
Backup &a ...)
NOT-FOR-US: Veeam
-CVE-2020-15517
- RESERVED
-CVE-2020-15516
- RESERVED
-CVE-2020-15515
- RESERVED
-CVE-2020-15514
- RESERVED
-CVE-2020-15513
- RESERVED
+CVE-2020-15517 (The ke_search (aka Faceted Search) extension through 2.8.2,
and 3.x th ...)
+ TODO: check
+CVE-2020-15516 (The mm_forum extension through 1.9.5 for TYPO3 allows XSS that
can be ...)
+ TODO: check
+CVE-2020-15515 (The turn extension through 0.3.2 for TYPO3 allows Remote Code
Executio ...)
+ TODO: check
+CVE-2020-15514 (The jh_captcha extension through 2.1.3, and 3.x through 3.0.2,
for TYP ...)
+ TODO: check
+CVE-2020-15513 (The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect
Access ...)
+ TODO: check
CVE-2020-15512
RESERVED
CVE-2020-15511
RESERVED
CVE-2020-15510
RESERVED
-CVE-2020-15509
- RESERVED
+CVE-2020-15509 (Nordic Semiconductor Android BLE Library through 2.2.1 and DFU
Library ...)
+ TODO: check
CVE-2020-15508
RESERVED
CVE-2020-15507 (MobileIron Core and Connector before 10.3.0.4, 10.4.x before
10.4.0.4, ...)
@@ -425,8 +468,8 @@ CVE-2017-18922 (It was discovered that websockets.c in
LibVNCServer prior to 0.9
CVE-2020-15393 (In the Linux kernel through 5.7.6, usbtest_disconnect in
drivers/usb/m ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/28ebeb8db77035e058a510ce9bd17c2b9a009dba
-CVE-2020-15392
- RESERVED
+CVE-2020-15392 (A user enumeration vulnerability flaw was found in Venki
Supravizio BP ...)
+ TODO: check
CVE-2020-15391
RESERVED
CVE-2020-15390
@@ -477,8 +520,8 @@ CVE-2020-15369
RESERVED
CVE-2020-15368 (AsrDrv103.sys in the ASRock RGB Driver does not properly
restrict acce ...)
NOT-FOR-US: ASRock RGB Driver
-CVE-2020-15367
- RESERVED
+CVE-2020-15367 (Venki Supravizio BPM 10.1.2 does not limit the number of
authenticatio ...)
+ TODO: check
CVE-2020-15366
RESERVED
CVE-2020-15365 (LibRaw before 0.20-Beta3 has an out-of-bounds write in
parse_exif() in ...)
@@ -521,8 +564,8 @@ CVE-2020-15352
RESERVED
CVE-2020-15351 (IDrive before 6.7.3.19 on Windows installs by default to
%PROGRAMFILES ...)
NOT-FOR-US: IDrive
-CVE-2020-15350
- RESERVED
+CVE-2020-15350 (RIOT 2020.04 has a buffer overflow in the base64 decoder. The
decoding ...)
+ TODO: check
CVE-2020-15349
RESERVED
CVE-2020-15348 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of
live/CPEManag ...)
@@ -1037,8 +1080,8 @@ CVE-2020-15097
RESERVED
CVE-2020-15096 (In Electron before versions 6.1.1, 7.2.4, 8.2.4, and
9.0.0-beta21, the ...)
TODO: check
-CVE-2020-15095
- RESERVED
+CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6 are vulnerable to an
informati ...)
+ TODO: check
CVE-2020-15094
RESERVED
CVE-2020-15093
@@ -1162,26 +1205,26 @@ CVE-2020-15039
RESERVED
CVE-2020-15038 (The SeedProd coming-soon plugin before 5.1.1 for WordPress
allows XSS. ...)
NOT-FOR-US: WordPress plugin
-CVE-2020-15037
- RESERVED
-CVE-2020-15036
- RESERVED
-CVE-2020-15035
- RESERVED
-CVE-2020-15034
- RESERVED
-CVE-2020-15033
- RESERVED
-CVE-2020-15032
- RESERVED
-CVE-2020-15031
- RESERVED
-CVE-2020-15030
- RESERVED
-CVE-2020-15029
- RESERVED
-CVE-2020-15028
- RESERVED
+CVE-2020-15037 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack.
The appl ...)
+ TODO: check
+CVE-2020-15036 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack.
The appl ...)
+ TODO: check
+CVE-2020-15035 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack.
The appl ...)
+ TODO: check
+CVE-2020-15034 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack.
The appl ...)
+ TODO: check
+CVE-2020-15033 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack.
The appl ...)
+ TODO: check
+CVE-2020-15032 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack.
The appl ...)
+ TODO: check
+CVE-2020-15031 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack.
The appl ...)
+ TODO: check
+CVE-2020-15030 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack.
The appl ...)
+ TODO: check
+CVE-2020-15029 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack.
The appl ...)
+ TODO: check
+CVE-2020-15028 (NeDi 1.9C is vulnerable to a cross-site scripting (XSS)
attack. The ap ...)
+ TODO: check
CVE-2020-15027
RESERVED
CVE-2020-15026 (Bludit 3.12.0 allows admins to use a
/plugin-backup-download?file=../ ...)
@@ -3689,7 +3732,7 @@ CVE-2020-14042
RESERVED
CVE-2020-14041
RESERVED
-CVE-2020-14040 (Go version v0.3.3 of the x/text package fixes a vulnerability
in encod ...)
+CVE-2020-14040 (The x/text package before 0.3.3 for Go has a vulnerability in
encoding ...)
- golang-golang-x-text <unfixed> (bug #964272)
- golang-x-text <unfixed> (bug #964271)
NOTE: https://github.com/golang/go/issues/39491
@@ -9626,8 +9669,8 @@ CVE-2020-11884 (In the Linux kernel through 5.6.7 on the
s390 platform, code exe
NOTE:
https://git.kernel.org/linus/316ec154810960052d4586b634156c54d0778f74
CVE-2020-11883 (In Divante vue-storefront-api through 1.11.1 and
storefront-api throug ...)
NOT-FOR-US: Divante vue-storefront-api
-CVE-2020-11882
- RESERVED
+CVE-2020-11882 (The O2 Business application 1.2.0 for Android exposes the
canvasm.myo2 ...)
+ TODO: check
CVE-2020-11881
RESERVED
CVE-2020-11880 (An issue was discovered in KDE KMail before 19.12.3. By using
the prop ...)
@@ -13433,8 +13476,7 @@ CVE-2020-10747
REJECTED
CVE-2020-10746
RESERVED
-CVE-2020-10745
- RESERVED
+CVE-2020-10745 (A flaw was found in all Samba versions before 4.10.17, before
4.11.11 ...)
- samba 2:4.12.5+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2020-10745.html
CVE-2020-10744 (An incomplete fix was found for the fix of the flaw
CVE-2020-1733 ansi ...)
@@ -13487,8 +13529,7 @@ CVE-2020-10732 (A flaw was found in the Linux kernel's
implementation of Userspa
NOTE:
https://git.kernel.org/linus/1d605416fb7175e1adf094251466caa52093b413
CVE-2020-10731
RESERVED
-CVE-2020-10730
- RESERVED
+CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw
was found ...)
- ldb 2:2.1.4-1
- samba 2:4.12.5+dfsg-1
[stretch] - ldb <not-affected> (Vulnerable code introduced later)
@@ -14418,7 +14459,7 @@ CVE-2020-10380 (RMySQL through 0.10.19 allows SQL
Injection. ...)
[jessie] - rmysql <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/r-dbi/RMySQL/commit/c2467c466684b4733a7b0df4689987e1f9dcfc32
NOTE: Test:
https://github.com/r-dbi/RMySQL/commit/6137ce887c1e36b278f11656a9a9fc1cae6a5f40
-CVE-2020-10379 (In Pillow before 6.2.3 and 7.x before 7.0.1, there are two
Buffer Over ...)
+CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in
libImaging/T ...)
- pillow <unfixed>
[jessie] - pillow <no-dsa> (Minor issue)
NOTE: https://github.com/python-pillow/Pillow/pull/4538
@@ -20785,9 +20826,9 @@ CVE-2020-7693
RESERVED
CVE-2020-7692
RESERVED
-CVE-2020-7691 (It's possible to use <<script>script> in order to
go over ...)
+CVE-2020-7691 (In all versions of the package jspdf, it is possible to use
<<sc ...)
TODO: check
-CVE-2020-7690 (It's possible to inject JavaScript code via the html method.
...)
+CVE-2020-7690 (In all versions of package jspdf, it is possible to inject
JavaScript ...)
TODO: check
CVE-2020-7689 (Data is truncated wrong when its length is greater than 255
bytes. ...)
NOT-FOR-US: Node bcrypt
@@ -20809,7 +20850,7 @@ CVE-2020-7681
RESERVED
CVE-2020-7680
RESERVED
-CVE-2020-7679 (The mergeObjects utility function is susceptible to Prototype
Pollutio ...)
+CVE-2020-7679 (In all versions of package casperjs, the mergeObjects utility
function ...)
NOT-FOR-US: Node casperjs
CVE-2020-7678
RESERVED
@@ -20836,15 +20877,15 @@ CVE-2020-7670 (agoo through 2.12.3 allows request
smuggling attacks where agoo i
TODO: check
CVE-2020-7669
RESERVED
-CVE-2020-7668 (The ExtractTo function doesn't securely escape file paths in
zip archi ...)
+CVE-2020-7668 (In all versions of the package github.com/unknwon/cae/tz, the
ExtractT ...)
TODO: check
-CVE-2020-7667 (The CPIO extraction functionality doesn't sanitize the paths of
the ar ...)
+CVE-2020-7667 (In package github.com/sassoftware/go-rpmutils/cpio before
version 0.1. ...)
TODO: check
CVE-2020-7666
RESERVED
CVE-2020-7665
RESERVED
-CVE-2020-7664 (The ExtractTo function doesn't securely escape file paths in
zip archi ...)
+CVE-2020-7664 (In all versions of the package github.com/unknwon/cae/zip, the
Extract ...)
TODO: check
CVE-2020-7663 (websocket-extensions ruby module prior to 0.1.5 allows Denial
of Servi ...)
- ruby-websocket-extensions <unfixed> (bug #964274)
@@ -25800,18 +25841,18 @@ CVE-2020-5602 (Mitsubishi Electoric FA Engineering
Software (CPU Module Logging
NOT-FOR-US: Mitsubishi
CVE-2020-5601 (Chrome Extension for e-Tax Reception System Ver1.0.0.0 allows
remote a ...)
NOT-FOR-US: Chrome Extension for e-Tax Reception System
-CVE-2020-5600
- RESERVED
-CVE-2020-5599
- RESERVED
-CVE-2020-5598
- RESERVED
-CVE-2020-5597
- RESERVED
-CVE-2020-5596
- RESERVED
-CVE-2020-5595
- RESERVED
+CVE-2020-5600 (TCP/IP function included in the firmware of Mitsubishi Electric
GOT200 ...)
+ TODO: check
+CVE-2020-5599 (TCP/IP function included in the firmware of Mitsubishi Electric
GOT200 ...)
+ TODO: check
+CVE-2020-5598 (TCP/IP function included in the firmware of Mitsubishi Electric
GOT200 ...)
+ TODO: check
+CVE-2020-5597 (TCP/IP function included in the firmware of Mitsubishi Electric
GOT200 ...)
+ TODO: check
+CVE-2020-5596 (TCP/IP function included in the firmware of Mitsubishi Electric
GOT200 ...)
+ TODO: check
+CVE-2020-5595 (TCP/IP function included in the firmware of Mitsubishi Electric
GOT200 ...)
+ TODO: check
CVE-2020-5594 (Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU
modules ...)
NOT-FOR-US: Mitsubishi
CVE-2020-5593 (Zenphoto versions prior to 1.5.7 allows an attacker to conduct
PHP cod ...)
@@ -29527,7 +29568,7 @@ CVE-2020-4076 (In Electron before versions 7.2.4,
8.2.4, and 9.0.0-beta21, there
TODO: check
CVE-2020-4075 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21,
arbitrary ...)
TODO: check
-CVE-2020-4074 (In PrestaShop from version 1.5.0.0 and before version 1.7.7.6,
the aut ...)
+CVE-2020-4074 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.6,
the aut ...)
TODO: check
CVE-2020-4073
RESERVED
@@ -30392,8 +30433,8 @@ CVE-2019-19937 (In JFrog Artifactory before 6.18, it is
not possible to restrict
NOT-FOR-US: JFrog Artifactory
CVE-2019-19936
RESERVED
-CVE-2019-19935
- RESERVED
+CVE-2019-19935 (Froala Editor before 3.0.6 allows XSS. ...)
+ TODO: check
CVE-2019-19934
RESERVED
CVE-2019-19933
@@ -81483,7 +81524,7 @@ CVE-2019-5510
RESERVED
CVE-2019-5509 (ONTAP Select Deploy administration utility versions 2.11.2
through 2.1 ...)
NOT-FOR-US: ONTAP Select Deploy administration utility
-CVE-2019-5508 (Clustered Data ONTAP versions 9.2 through 9.6 are susceptible
to a vul ...)
+CVE-2019-5508 (Clustered Data ONTAP versions 9.2 through 9.4 are susceptible
to a vul ...)
NOT-FOR-US: Clustered Data ONTAP
CVE-2019-5507 (SnapManager for Oracle prior to version 3.4.2P1 are susceptible
to a v ...)
NOT-FOR-US: SnapManager for Oracle
@@ -84096,10 +84137,10 @@ CVE-2019-4326
RESERVED
CVE-2019-4325
RESERVED
-CVE-2019-4324
- RESERVED
-CVE-2019-4323
- RESERVED
+CVE-2019-4324 ("HCL AppScan Enterprise is susceptible to Cross-Site Scripting
while i ...)
+ TODO: check
+CVE-2019-4323 ("HCL AppScan Enterprise advisory API documentation is
susceptible to c ...)
+ TODO: check
CVE-2019-4322 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 9.7, ...)
NOT-FOR-US: IBM
CVE-2019-4321 (IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM
Intelligent Ope ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f90ace5518220554b797725cf586fabe975c6647
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f90ace5518220554b797725cf586fabe975c6647
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
