Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
465f6978 by security tracker role at 2020-07-16T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,46 @@
-CVE-2020-15780 [ACPI: configfs: Disallow loading ACPI tables when locked down]
+CVE-2020-15800
+ RESERVED
+CVE-2020-15799
+ RESERVED
+CVE-2020-15798
+ RESERVED
+CVE-2020-15797
+ RESERVED
+CVE-2020-15796
+ RESERVED
+CVE-2020-15795
+ RESERVED
+CVE-2020-15794
+ RESERVED
+CVE-2020-15793
+ RESERVED
+CVE-2020-15792
+ RESERVED
+CVE-2020-15791
+ RESERVED
+CVE-2020-15790
+ RESERVED
+CVE-2020-15789
+ RESERVED
+CVE-2020-15788
+ RESERVED
+CVE-2020-15787
+ RESERVED
+CVE-2020-15786
+ RESERVED
+CVE-2020-15785
+ RESERVED
+CVE-2020-15784
+ RESERVED
+CVE-2020-15783
+ RESERVED
+CVE-2020-15782
+ RESERVED
+CVE-2020-15781
+ RESERVED
+CVE-2020-15779 (A Path Traversal issue was discovered in the socket.io-file
package th ...)
+ TODO: check
+CVE-2020-15780 (An issue was discovered in drivers/acpi/acpi_configfs.c in the
Linux k ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2020/06/15/3
NOTE: Fixed by:
https://git.kernel.org/linus/75b0cea7bf307f362057cc778efe89af4c615354
@@ -189,7 +231,7 @@ CVE-2020-15688
RESERVED
CVE-2020-15687
RESERVED
-CVE-2019-20908 [efi: Restrict efivar_ssdt_load when the kernel is locked down]
+CVE-2019-20908 (An issue was discovered in drivers/firmware/efi/efi.c in the
Linux ker ...)
- linux 5.2.6-1
NOTE: https://www.openwall.com/lists/oss-security/2020/06/14/1
NOTE: Fixed by:
https://git.kernel.org/linus/1957a85b0032a81e6482ca4aab883643b8dae06e
@@ -373,10 +415,10 @@ CVE-2020-15605
RESERVED
CVE-2020-15604
RESERVED
-CVE-2020-15603
- RESERVED
-CVE-2020-15602
- RESERVED
+CVE-2020-15603 (An invalid memory read vulnerability in a Trend Micro Secuity
2020 (v1 ...)
+ TODO: check
+CVE-2020-15602 (An untrusted search path remote code execution (RCE)
vulnerability in ...)
+ TODO: check
CVE-2020-15601
RESERVED
CVE-2020-15600 (An issue was discovered in CMSUno before 1.6.1. uno.php allows
CSRF to ...)
@@ -956,8 +998,8 @@ CVE-2020-15368 (AsrDrv103.sys in the ASRock RGB Driver does
not properly restric
NOT-FOR-US: ASRock RGB Driver
CVE-2020-15367 (Venki Supravizio BPM 10.1.2 does not limit the number of
authenticatio ...)
NOT-FOR-US: Venki
-CVE-2020-15366
- RESERVED
+CVE-2020-15366 (An issue was discovered in ajv.validate() in Ajv (aka Another
JSON Sch ...)
+ TODO: check
CVE-2020-15365 (LibRaw before 0.20-Beta3 has an out-of-bounds write in
parse_exif() in ...)
- libraw <not-affected> (Vulnerable code introduced in 0.20-Beta1)
NOTE: https://github.com/LibRaw/LibRaw/issues/301
@@ -1490,8 +1532,8 @@ CVE-2020-15109
RESERVED
CVE-2020-15108
RESERVED
-CVE-2020-15107
- RESERVED
+CVE-2020-15107 (In openenclave before 0.10.0, enclaves that use x87 FPU
operations are ...)
+ TODO: check
CVE-2020-15106
RESERVED
CVE-2020-15105 (Django Two-Factor Authentication before 1.12, stores the
user's passwo ...)
@@ -1605,8 +1647,8 @@ CVE-2020-15053
RESERVED
CVE-2020-15052
RESERVED
-CVE-2020-15051
- RESERVED
+CVE-2020-15051 (An issue was discovered in Artica Proxy before 4.30.000000.
Stored XSS ...)
+ TODO: check
CVE-2020-15050 (An issue was discovered in the Video Extension in Suprema
BioStar 2 be ...)
NOT-FOR-US: Suprema BioStar
CVE-2020-15049 (An issue was discovered in http/ContentLengthInterpreter.cc in
Squid b ...)
@@ -1774,8 +1816,8 @@ CVE-2020-14983 (The server in Chocolate Doom 3.0.0 and
Crispy Doom 5.8.0 doesn't
NOTE: https://github.com/chocolate-doom/chocolate-doom/issues/1293
NOTE:
https://github.com/chocolate-doom/chocolate-doom/commit/8b6cfbfc6c934923b3c2c16e5e7e5a74d5d238e1
NOTE:
https://github.com/fabiangreffrath/crispy-doom/commit/8b6cfbfc6c934923b3c2c16e5e7e5a74d5d238e1
-CVE-2020-14982
- RESERVED
+CVE-2020-14982 (A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and
later be ...)
+ TODO: check
CVE-2020-14981 (The ThreatTrack VIPRE Password Vault app through 1.100.1090
for iOS ha ...)
NOT-FOR-US: ThreatTrack VIPRE Password Vault app for IOS
CVE-2020-14980 (The Sophos Secure Email application through 3.9.4 for Android
has Miss ...)
@@ -1922,6 +1964,7 @@ CVE-2020-14929 (Alpine before 2.23 silently proceeds to
use an insecure connecti
NOTE:
https://repo.or.cz/alpine.git/commitdiff/000edd9036b6aea5e6a06900ecd6c58faec665ab
CVE-2020-14928
RESERVED
+ {DSA-4725-1}
- evolution-data-server 3.36.4-1
NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226
NOTE:
https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df
@@ -4130,12 +4173,12 @@ CVE-2020-14068 (An issue was discovered in MK-AUTH
19.01. The web login function
NOT-FOR-US: MK-AUTH
CVE-2020-14067 (The install_from_hash functionality in Navigate CMS 2.9 does
not consi ...)
NOT-FOR-US: Navigate CMS
-CVE-2020-14066
- RESERVED
-CVE-2020-14065
- RESERVED
-CVE-2020-14064
- RESERVED
+CVE-2020-14066 (IceWarp Email Server 12.3.0.1 allows remote attackers to
upload JavaSc ...)
+ TODO: check
+CVE-2020-14065 (IceWarp Email Server 12.3.0.1 allows remote attackers to
upload files ...)
+ TODO: check
+CVE-2020-14064 (IceWarp Email Server 12.3.0.1 has Incorrect Access Control for
user ac ...)
+ TODO: check
CVE-2020-14063
RESERVED
CVE-2020-14062 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the
interact ...)
@@ -4946,8 +4989,8 @@ CVE-2020-13790 (libjpeg-turbo 2.0.4, and mozjpeg 4.0.0,
has a heap-based buffer
NOTE:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a
(2.0.x)
CVE-2020-13789
RESERVED
-CVE-2020-13788
- RESERVED
+CVE-2020-13788 (Harbor prior to 2.0.1 allows SSRF with this limitation: an
attacker wi ...)
+ TODO: check
CVE-2020-13787 (D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext
Transmission of ...)
NOT-FOR-US: D-Link
CVE-2020-13786 (D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. ...)
@@ -7542,8 +7585,8 @@ CVE-2020-12686
RESERVED
CVE-2020-12685 (XSS in the admin help system admin/help.html and
admin/quicklinks.html ...)
NOT-FOR-US: Interchange
-CVE-2020-12684
- RESERVED
+CVE-2020-12684 (XXE injection can occur in i-net Clear Reports 2019 19.0.287
(Designer ...)
+ TODO: check
CVE-2020-12683 (Katyshop2 before 2.12 has multiple stored XSS issues. ...)
NOT-FOR-US: Katyshop2
CVE-2020-12682
@@ -11893,14 +11936,14 @@ CVE-2020-11441 (** DISPUTED ** phpMyAdmin 5.0.2
allows CRLF injection, as demons
NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/16056
CVE-2020-11440
RESERVED
-CVE-2020-11439
- RESERVED
-CVE-2020-11438
- RESERVED
-CVE-2020-11437
- RESERVED
-CVE-2020-11436
- RESERVED
+CVE-2020-11439 (LibreHealth EMR v2.0.0 is affected by a Local File Inclusion
issue all ...)
+ TODO: check
+CVE-2020-11438 (LibreHealth EMR v2.0.0 is affected by systemic CSRF. ...)
+ TODO: check
+CVE-2020-11437 (LibreHealth EMR v2.0.0 is affected by SQL injection allowing
low-privi ...)
+ TODO: check
+CVE-2020-11436 (LibreHealth EMR v2.0.0 is vulnerable to XSS that results in
the abilit ...)
+ TODO: check
CVE-2020-11435
RESERVED
CVE-2020-11434
@@ -15161,16 +15204,16 @@ CVE-2020-10290
RESERVED
CVE-2020-10289
RESERVED
-CVE-2020-10288
- RESERVED
-CVE-2020-10287
- RESERVED
-CVE-2020-10286
- RESERVED
-CVE-2020-10285
- RESERVED
-CVE-2020-10284
- RESERVED
+CVE-2020-10288 (IRC5 exposes an ftp server (port 21). Upon attempting to gain
access y ...)
+ TODO: check
+CVE-2020-10287 (The IRC5 family with UAS service enabled comes by default with
credent ...)
+ TODO: check
+CVE-2020-10286 (the main user account has restricted privileges but is in the
sudoers ...)
+ TODO: check
+CVE-2020-10285 (The authentication implementation on the xArm controller has
very low ...)
+ TODO: check
+CVE-2020-10284 (No authentication is required to control the robot inside the
network, ...)
+ TODO: check
CVE-2020-10283
RESERVED
CVE-2020-10282 (The Micro Air Vehicle Link (MAVLink) protocol presents no
authenticati ...)
@@ -17475,12 +17518,12 @@ CVE-2020-9313
RESERVED
CVE-2020-9312
RESERVED
-CVE-2020-9311
- RESERVED
+CVE-2020-9311 (In SilverStripe through 4.5, malicious users with a valid
Silverstripe ...)
+ TODO: check
CVE-2020-9310
REJECTED
-CVE-2020-9309
- RESERVED
+CVE-2020-9309 (Silverstripe CMS through 4.5 can be susceptible to script
execution fr ...)
+ TODO: check
CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2
attempts ...)
- libarchive 3.4.0-2 (bug #951759)
[buster] - libarchive <not-affected> (rar5 support added in 3.4.0)
@@ -18299,8 +18342,8 @@ CVE-2020-8960 (Western Digital mycloud.com before Web
Version 2.2.0-134 allows X
NOT-FOR-US: Western Digital mycloud.com
CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before
3.0.2.0 all ...)
NOT-FOR-US: Western Digital
-CVE-2020-8958
- RESERVED
+CVE-2020-8958 (Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and
V2804R ...)
+ TODO: check
CVE-2020-8957
RESERVED
CVE-2020-8956
@@ -25236,10 +25279,10 @@ CVE-2020-6167 (A flaw in the WordPress plugin,
Minimal Coming Soon & Mainten
NOT-FOR-US: WordPress plugin
CVE-2020-6166 (A flaw in the WordPress plugin, Minimal Coming Soon &
Maintenance ...)
NOT-FOR-US: WordPress plugin
-CVE-2020-6165
- RESERVED
-CVE-2020-6164
- RESERVED
+CVE-2020-6165 (SilverStripe 4.5.0 allows attackers to read certain records
that shoul ...)
+ TODO: check
+CVE-2020-6164 (In SilverStripe through 4.5.0, a specific URL path configured
by defau ...)
+ TODO: check
CVE-2020-6163 (The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS
because ...)
NOT-FOR-US: WikibaseMediaInfo MediaWiki extension
CVE-2020-6162 (An issue was discovered in Bftpd 5.3. Under certain
circumstances, an ...)
@@ -37844,7 +37887,7 @@ CVE-2019-19328 (ui/editor/tooltip/Rdf.js in Wikibase
Wikidata Query Service GUI
NOT-FOR-US: Wikibase Wikidata Query Service GUI
CVE-2019-19327 (ui/ResultView.js in Wikibase Wikidata Query Service GUI before
0.3.6-S ...)
NOT-FOR-US: Wikibase Wikidata Query Service GUI
-CVE-2019-19326 (SilverStripe through 4.4.4 allows Web Cache Poisoning through
HTTPRequ ...)
+CVE-2019-19326 (Silverstripe CMS sites through 4.4.4 which have opted into
HTTP Cache ...)
TODO: check
CVE-2019-19325 (SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2
allows ...)
NOT-FOR-US: SilverStripe
@@ -45396,8 +45439,8 @@ CVE-2019-17641
RESERVED
CVE-2019-17640
RESERVED
-CVE-2019-17639
- RESERVED
+CVE-2019-17639 (In Eclipse OpenJ9 prior to version 0.21 on Power platforms,
calling th ...)
+ TODO: check
CVE-2019-17638 (In Eclipse Jetty, versions 9.4.27.v20200227 to
9.4.29.v20200521, in ca ...)
TODO: check
CVE-2019-17637 (In all versions of Eclipse Web Tools Platform through release
3.18 (20 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/465f6978d33152db0484313c090866faeaf68502
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/465f6978d33152db0484313c090866faeaf68502
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
