Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bcb1a11b by security tracker role at 2020-07-17T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2020-15815
+ RESERVED
+CVE-2020-15814
+ RESERVED
+CVE-2020-15813 (Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP
servers ...)
+ TODO: check
+CVE-2020-15812
+ RESERVED
+CVE-2020-15811
+ RESERVED
+CVE-2020-15810
+ RESERVED
+CVE-2020-15809
+ RESERVED
+CVE-2020-15808
+ RESERVED
+CVE-2020-15807 (GNU LibreDWG before 0.11 allows NULL pointer dereferences via
crafted ...)
+ TODO: check
+CVE-2020-15806
+ RESERVED
CVE-2020-15805
RESERVED
CVE-2020-15804
@@ -368,7 +388,7 @@ CVE-2020-15647
RESERVED
CVE-2020-15646
RESERVED
- {DSA-4718-1 DLA-2247-1}
+ {DSA-4718-1}
- thunderbird 1:68.10.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-15646
CVE-2020-15645
@@ -513,8 +533,7 @@ CVE-2020-15588
RESERVED
CVE-2020-15587
RESERVED
-CVE-2020-15586
- RESERVED
+CVE-2020-15586 (Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in
some net ...)
- golang-1.15 <unfixed>
- golang-1.14 <unfixed>
- golang-1.11 <removed>
@@ -734,8 +753,8 @@ CVE-2020-15499
RESERVED
CVE-2020-15498
RESERVED
-CVE-2020-15497
- RESERVED
+CVE-2020-15497 (jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2
build-20200224104759 ...)
+ TODO: check
CVE-2020-15496
RESERVED
CVE-2020-15495
@@ -2004,8 +2023,7 @@ CVE-2020-14929 (Alpine before 2.23 silently proceeds to
use an insecure connecti
[stretch] - alpine <no-dsa> (Minor issue)
NOTE:
http://mailman13.u.washington.edu/pipermail/alpine-info/2020-June/008989.html
NOTE:
https://repo.or.cz/alpine.git/commitdiff/000edd9036b6aea5e6a06900ecd6c58faec665ab
-CVE-2020-14928
- RESERVED
+CVE-2020-14928 (evolution-data-server (eds) through 3.36.3 has a STARTTLS
buffering is ...)
{DSA-4725-1 DLA-2281-1}
- evolution-data-server 3.36.4-1
NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226
@@ -4308,8 +4326,7 @@ CVE-2020-14040 (The x/text package before 0.3.3 for Go
has a vulnerability in en
NOTE: https://github.com/golang/go/issues/39491
NOTE:
https://go.googlesource.com/text/+/23ae387dee1f90d29a23c0e87ee0b46038fbed0e
NOTE:
https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0
-CVE-2020-14039
- RESERVED
+CVE-2020-14039 (In Go before 1.13.13 and 1.14.x before 1.14.5,
Certificate.Verify may ...)
- golang-1.15 <not-affected> (Windows-specific)
- golang-1.14 <not-affected> (Windows-specific)
- golang-1.11 <not-affected> (Windows-specific)
@@ -4441,8 +4458,8 @@ CVE-2020-14002 (PuTTY 0.68 through 0.73 has an Observable
Discrepancy leading to
[stretch] - putty <no-dsa> (Minor issue)
[jessie] - putty <no-dsa> (Minor issue)
NOTE: Fixed by:
https://git.tartarus.org/?p=simon/putty.git;a=commit;h=08f1e2a5066ea95559945af339a60ca14560d764
(0.74)
-CVE-2020-14001
- RESERVED
+CVE-2020-14001 (The kramdown gem before 2.3.0 for Ruby processes the template
option i ...)
+ TODO: check
CVE-2020-14000 (MIT Lifelong Kindergarten Scratch scratch-vm before
0.2.0-prerelease.2 ...)
TODO: check
CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234
Metafile Libr ...)
@@ -4581,12 +4598,14 @@ CVE-2020-13937
CVE-2020-13936
RESERVED
CVE-2020-13935 (The payload length in a WebSocket frame was not correctly
validated in ...)
+ {DSA-4727-1}
- tomcat9 9.0.37-1
- tomcat8 <removed>
NOTE: https://www.openwall.com/lists/oss-security/2020/07/14/3
NOTE:
https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5
(8.5.57)
NOTE:
https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d
(9.0.37)
CVE-2020-13934 (An h2c direct connection to Apache Tomcat 10.0.0-M1 to
10.0.0-M6, 9.0. ...)
+ {DSA-4727-1}
- tomcat9 9.0.37-1
- tomcat8 <removed>
NOTE: https://www.openwall.com/lists/oss-security/2020/07/14/4
@@ -8290,7 +8309,7 @@ CVE-2020-12422 (In non-standard configurations, a JPEG
image created by JavaScri
- firefox 78.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12422
CVE-2020-12421 (When performing add-on updates, certificate chains terminating
in non- ...)
- {DSA-4718-1 DSA-4713-1 DLA-2247-1}
+ {DSA-4718-1 DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
- thunderbird 1:68.10.0-1
@@ -8298,7 +8317,7 @@ CVE-2020-12421 (When performing add-on updates,
certificate chains terminating i
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12421
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12421
CVE-2020-12420 (When trying to connect to a STUN server, a race condition
could have c ...)
- {DSA-4718-1 DSA-4713-1 DLA-2247-1}
+ {DSA-4718-1 DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
- thunderbird 1:68.10.0-1
@@ -8306,7 +8325,7 @@ CVE-2020-12420 (When trying to connect to a STUN server,
a race condition could
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12420
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12420
CVE-2020-12419 (When processing callbacks that occurred during window flushing
in the ...)
- {DSA-4718-1 DSA-4713-1 DLA-2247-1}
+ {DSA-4718-1 DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
- thunderbird 1:68.10.0-1
@@ -8314,7 +8333,7 @@ CVE-2020-12419 (When processing callbacks that occurred
during window flushing i
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12419
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12419
CVE-2020-12418 (Manipulating individual parts of a URL object could have
caused an out ...)
- {DSA-4718-1 DSA-4713-1 DLA-2247-1}
+ {DSA-4718-1 DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
- thunderbird 1:68.10.0-1
@@ -8322,7 +8341,7 @@ CVE-2020-12418 (Manipulating individual parts of a URL
object could have caused
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12418
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12418
CVE-2020-12417 (Due to confusion about ValueTags on JavaScript Objects, an
object may ...)
- {DSA-4718-1 DSA-4713-1 DLA-2247-1}
+ {DSA-4718-1 DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
- thunderbird 1:68.10.0-1
@@ -8347,7 +8366,7 @@ CVE-2020-12411 (Mozilla developers reported memory safety
bugs present in Firefo
- firefox 77.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12411
CVE-2020-12410 (Mozilla developers reported memory safety bugs present in
Firefox 76 a ...)
- {DSA-4702-1 DSA-4695-1 DLA-2243-1}
+ {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- thunderbird 1:68.9.0-1
@@ -8364,7 +8383,7 @@ CVE-2020-12407 (Mozilla Developer Nicolas Silva found
that when using WebRender,
- firefox 77.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12407
CVE-2020-12406 (Mozilla Developer Iain Ireland discovered a missing type check
during ...)
- {DSA-4702-1 DSA-4695-1 DLA-2243-1}
+ {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- thunderbird 1:68.9.0-1
@@ -8372,7 +8391,7 @@ CVE-2020-12406 (Mozilla Developer Iain Ireland discovered
a missing type check d
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12406
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12406
CVE-2020-12405 (When browsing a malicious page, a race condition in our
SharedWorkerSe ...)
- {DSA-4702-1 DSA-4695-1 DLA-2243-1}
+ {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- thunderbird 1:68.9.0-1
@@ -8385,7 +8404,7 @@ CVE-2020-12404 (For native-to-JS bridging the app
requires a unique token to be
CVE-2020-12403
RESERVED
CVE-2020-12402 (During RSA key generation, bignum implementations used a
variation of ...)
- {DLA-2266-1}
+ {DSA-4726-1 DLA-2266-1}
- nss 2:3.53.1-1 (bug #963152)
NOTE:
https://hg.mozilla.org/projects/nss/rev/699541a7793bbe9b20f1d73dc49e25c6054aa4c1
NOTE: Fixed upstream in 3.53.1
@@ -8394,7 +8413,7 @@ CVE-2020-12401
CVE-2020-12400
RESERVED
CVE-2020-12399 (NSS has shown timing differences when performing DSA
signatures, which ...)
- {DSA-4702-1 DSA-4695-1 DLA-2266-1 DLA-2243-1}
+ {DSA-4726-1 DSA-4702-1 DSA-4695-1 DLA-2266-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- nss 2:3.53-1 (bug #961752)
@@ -8405,7 +8424,7 @@ CVE-2020-12399 (NSS has shown timing differences when
performing DSA signatures,
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12399
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12399
CVE-2020-12398 (If Thunderbird is configured to use STARTTLS for an IMAP
server, and t ...)
- {DSA-4702-1}
+ {DSA-4702-1 DLA-2247-1}
- thunderbird 1:68.9.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12398
CVE-2020-12397 (By encoding Unicode whitespace characters within the From
email header ...)
@@ -9383,7 +9402,7 @@ CVE-2020-11998
CVE-2020-11997
RESERVED
CVE-2020-11996 (A specially crafted sequence of HTTP/2 requests sent to Apache
Tomcat ...)
- {DLA-2279-1}
+ {DSA-4727-1 DLA-2279-1}
- tomcat9 9.0.36-1
- tomcat8 <removed>
NOTE: https://www.openwall.com/lists/oss-security/2020/06/25/6
@@ -17103,7 +17122,7 @@ CVE-2020-9486
CVE-2020-9485 (An issue was found in Apache Airflow versions 1.10.10 and
below. A sto ...)
TODO: check
CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4,
9.0.0.M1 to ...)
- {DLA-2279-1 DLA-2217-1 DLA-2209-1}
+ {DSA-4727-1 DLA-2279-1 DLA-2217-1 DLA-2209-1}
- tomcat9 9.0.35-1 (bug #961209)
- tomcat8 <removed>
- tomcat7 <removed>
@@ -21216,10 +21235,10 @@ CVE-2020-7828
RESERVED
CVE-2020-7827
RESERVED
-CVE-2020-7826
- RESERVED
-CVE-2020-7825
- RESERVED
+CVE-2020-7826 (EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions
contain a ...)
+ TODO: check
+CVE-2020-7825 (A vulnerability exists that could allow the execution of
operating sys ...)
+ TODO: check
CVE-2020-7824
RESERVED
CVE-2020-7823
@@ -21476,8 +21495,8 @@ CVE-2020-7698
RESERVED
CVE-2020-7697
RESERVED
-CVE-2020-7696
- RESERVED
+CVE-2020-7696 (This affects all versions of package react-native-fast-image.
When an ...)
+ TODO: check
CVE-2020-7695
RESERVED
CVE-2020-7694
@@ -21503,8 +21522,8 @@ CVE-2020-7686
RESERVED
CVE-2020-7685
RESERVED
-CVE-2020-7684
- RESERVED
+CVE-2020-7684 (This affects all versions of package rollup-plugin-serve. There
is no ...)
+ TODO: check
CVE-2020-7683
RESERVED
CVE-2020-7682
@@ -28023,10 +28042,10 @@ CVE-2020-5133
RESERVED
CVE-2020-5132
RESERVED
-CVE-2020-5131
- RESERVED
-CVE-2020-5130
- RESERVED
+CVE-2020-5131 (SonicWall NetExtender Windows client vulnerable to arbitrary
file writ ...)
+ TODO: check
+CVE-2020-5130 (SonicOS SSLVPN LDAP login request allows remote attackers to
cause ext ...)
+ TODO: check
CVE-2020-5129 (A vulnerability in the SonicWall SMA1000 HTTP Extraweb server
allows a ...)
NOT-FOR-US: SonicWall
CVE-2019-20197 (In Nagios XI 5.6.9, an authenticated user is able to execute
arbitrary ...)
@@ -29511,8 +29530,8 @@ CVE-2020-4466
RESERVED
CVE-2020-4465
RESERVED
-CVE-2020-4464
- RESERVED
+CVE-2020-4464 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0
traditional co ...)
+ TODO: check
CVE-2020-4463
RESERVED
CVE-2020-4462 (IBM Sterling External Authentication Server 6.0.1, 6.0.0,
2.4.3.2, and ...)
@@ -39559,51 +39578,38 @@ CVE-2020-1657
RESERVED
CVE-2020-1656
RESERVED
-CVE-2020-1655
- RESERVED
+CVE-2020-1655 (When a device running Juniper Networks Junos OS with MPC7,
MPC8, or MP ...)
NOT-FOR-US: Juniper
-CVE-2020-1654
- RESERVED
+CVE-2020-1654 (On Juniper Networks SRX Series with ICAP (Internet Content
Adaptation ...)
NOT-FOR-US: Juniper
-CVE-2020-1653
- RESERVED
+CVE-2020-1653 (On Juniper Networks Junos OS devices, a stream of TCP packets
sent to ...)
NOT-FOR-US: Juniper
-CVE-2020-1652
- RESERVED
-CVE-2020-1651
- RESERVED
+CVE-2020-1652 (OpenNMS is accessible via port 9443 ...)
+ TODO: check
+CVE-2020-1651 (On Juniper Networks MX series, receipt of a stream of specific
Layer 2 ...)
NOT-FOR-US: Juniper
-CVE-2020-1650
- RESERVED
+CVE-2020-1650 (On Juniper Networks Junos MX Series with service card
configured, rece ...)
NOT-FOR-US: Juniper
-CVE-2020-1649
- RESERVED
+CVE-2020-1649 (When a device running Juniper Networks Junos OS with MPC7,
MPC8, or MP ...)
NOT-FOR-US: Juniper
-CVE-2020-1648
- RESERVED
+CVE-2020-1648 (On Juniper Networks Junos OS and Junos OS Evolved devices,
processing ...)
NOT-FOR-US: Juniper
-CVE-2020-1647
- RESERVED
+CVE-2020-1647 (On Juniper Networks SRX Series with ICAP (Internet Content
Adaptation ...)
NOT-FOR-US: Juniper
-CVE-2020-1646
- RESERVED
+CVE-2020-1646 (On Juniper Networks Junos OS and Junos OS Evolved devices,
processing ...)
NOT-FOR-US: Juniper
-CVE-2020-1645
- RESERVED
+CVE-2020-1645 (When DNS filtering is enabled on Juniper Networks Junos MX
Series with ...)
NOT-FOR-US: Juniper
-CVE-2020-1644
- RESERVED
+CVE-2020-1644 (On Juniper Networks Junos OS and Junos OS Evolved devices, the
receipt ...)
NOT-FOR-US: Juniper
-CVE-2020-1643
- RESERVED
+CVE-2020-1643 (Execution of the "show ospf interface extensive" or "show ospf
interfa ...)
NOT-FOR-US: Juniper
CVE-2020-1642
RESERVED
-CVE-2020-1641
- RESERVED
+CVE-2020-1641 (A Race Condition vulnerability in Juniper Networks Junos OS
LLDP imple ...)
NOT-FOR-US: Juniper
-CVE-2020-1640
- RESERVED
+CVE-2020-1640 (An improper use of a validation framework when processing
incoming gen ...)
+ TODO: check
CVE-2020-1639 (When an attacker sends a specific crafted Ethernet Operation,
Administ ...)
NOT-FOR-US: Juniper
CVE-2020-1638 (The FPC (Flexible PIC Concentrator) of Juniper Networks Junos
OS and J ...)
@@ -47286,6 +47292,7 @@ CVE-2019-17024 (Mozilla developers reported memory
safety bugs present in Firefo
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17024
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17024
CVE-2019-17023 (After a HelloRetryRequest has been sent, the client may
negotiate a lo ...)
+ {DSA-4726-1}
- firefox 72.0-1
- nss 2:3.49-1
[jessie] - nss <not-affected> (Vulnerable code was introduced later)
@@ -47395,7 +47402,7 @@ CVE-2019-17007 [nss: Handling of Netscape Certificate
Sequences in CERT_DecodeCe
NOTE: but then reverted until the 2:3.45-1 upload).
CVE-2019-17006 [Check length of inputs for cryptographic primitives]
RESERVED
- {DLA-2058-1}
+ {DSA-4726-1 DLA-2058-1}
- nss 2:3.47-1
NOTE: Fixed upstream in NSS 3.46.
NOTE: Upstream bug (currently non-public):
https://bugzilla.mozilla.org/show_bug.cgi?id=1539788
@@ -85394,8 +85401,8 @@ CVE-2019-4093 (IBM Tivoli Storage Manager (IBM Spectrum
Protect 8.1.7) could all
NOT-FOR-US: IBM
CVE-2019-4092 (IBM Content Navigator 2.0.3 and 3.0CD could allow a remote
attacker to ...)
NOT-FOR-US: IBM
-CVE-2019-4091
- RESERVED
+CVE-2019-4091 ("HCL Marketing Platform is vulnerable to cross-site scripting
during a ...)
+ TODO: check
CVE-2019-4090
RESERVED
CVE-2019-4089
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcb1a11bb0d53c303fe2202baaf3d2a70e6ce02a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcb1a11bb0d53c303fe2202baaf3d2a70e6ce02a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
