[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 21 Jul 2020 13:11:14 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0f2b272c by security tracker role at 2020-07-21T20:10:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,46 @@
+CVE-2020-15880
+       RESERVED
+CVE-2020-15879 (Bitwarden Server 1.35.1 allows SSRF because it does not 
consider certa ...)
+       TODO: check
+CVE-2020-15878
+       RESERVED
+CVE-2020-15877 (An issue was discovered in LibreNMS before 1.65.1. It has 
insufficient ...)
+       TODO: check
+CVE-2020-15876
+       RESERVED
+CVE-2020-15875
+       RESERVED
+CVE-2020-15874
+       RESERVED
+CVE-2020-15873 (In LibreNMS before 1.65.1, an authenticated attacker can 
achieve SQL I ...)
+       TODO: check
+CVE-2020-15872
+       RESERVED
+CVE-2020-15871
+       RESERVED
+CVE-2020-15870
+       RESERVED
+CVE-2020-15869
+       RESERVED
+CVE-2020-15868
+       RESERVED
+CVE-2020-15867
+       RESERVED
+CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the 
mrb_yie ...)
+       TODO: check
+CVE-2020-15865
+       RESERVED
+CVE-2020-15864
+       RESERVED
+CVE-2020-15863
+       RESERVED
 CVE-2020-15862
        RESERVED
 CVE-2020-15861
        RESERVED
 CVE-2020-15860
        RESERVED
-CVE-2020-15859 [net: e1000e: use-after-free while sending packets]
-       RESERVED
+CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c 
because a gues ...)
        - qemu <unfixed> (bug #965978)
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html
        NOTE: https://bugs.launchpad.net/qemu/+bug/1886362
@@ -311,12 +346,12 @@ CVE-2020-15726
        RESERVED
 CVE-2020-15725
        RESERVED
-CVE-2020-15724
-       RESERVED
-CVE-2020-15723
-       RESERVED
-CVE-2020-15722
-       RESERVED
+CVE-2020-15724 (In the version 12.1.0.1005 and below of 360 Total Security, 
when the G ...)
+       TODO: check
+CVE-2020-15723 (In the version 12.1.0.1004 and below of 360 Total Security, 
when the m ...)
+       TODO: check
+CVE-2020-15722 (In version 12.1.0.1004 and below of 360 Total Security,when 
TPI calls  ...)
+       TODO: check
 CVE-2020-15721 (RosarioSIS through 6.8-beta allows 
modules/Custom/NotifyParents.php XS ...)
        NOT-FOR-US: RosarioSIS
 CVE-2020-15720 (In Dogtag PKI through 10.8.3, the pki.client.PKIConnection 
class did n ...)
@@ -1728,8 +1763,8 @@ CVE-2020-15103
        NOTE: https://github.com/FreeRDP/FreeRDP/pull/6381
        NOTE: 
https://github.com/FreeRDP/FreeRDP/commit/be8c8640ead04b1e4fc9176c504bf688351c8924
 (stable-2.0)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/commit/da684f5335c2b3b726a39f3c091ce804e55f4f8e
 (stable-2.0)
-CVE-2020-15102
-       RESERVED
+CVE-2020-15102 (In PrestaShop Dashboard Productions before version 2.1.0, 
there is imp ...)
+       TODO: check
 CVE-2020-15101 (In freewvs before 0.1.1, a directory structure of more than 
1000 neste ...)
        NOT-FOR-US: freewvs
 CVE-2020-15100 (In freewvs before 0.1.1, a user could create a large file that 
freewvs ...)
@@ -4377,8 +4412,8 @@ CVE-2020-14065 (IceWarp Email Server 12.3.0.1 allows 
remote attackers to upload
        NOT-FOR-US: IceWarp Email Server
 CVE-2020-14064 (IceWarp Email Server 12.3.0.1 has Incorrect Access Control for 
user ac ...)
        NOT-FOR-US: IceWarp Email Server
-CVE-2020-14063
-       RESERVED
+CVE-2020-14063 (A stored Cross-Site Scripting (XSS) vulnerability in the TC 
Custom Jav ...)
+       TODO: check
 CVE-2020-14062 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the 
interact ...)
        {DLA-2270-1}
        - jackson-databind 2.11.1-1
@@ -8250,8 +8285,8 @@ CVE-2020-12501
        RESERVED
 CVE-2020-12500
        RESERVED
-CVE-2020-12499
-       RESERVED
+CVE-2020-12499 (In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and 
earlier an im ...)
+       TODO: check
 CVE-2020-12498 (mwe file parsing in Phoenix Contact PC Worx and PC Worx 
Express versio ...)
        NOT-FOR-US: Phoenix
 CVE-2020-12497 (PLCopen XML file parsing in Phoenix Contact PC Worx and PC 
Worx Expres ...)
@@ -8412,8 +8447,8 @@ CVE-2020-12434
        RESERVED
 CVE-2020-12433
        RESERVED
-CVE-2020-12432
-       RESERVED
+CVE-2020-12432 (The WOPI API integration for Vereign Collabora CODE through 
4.2.2 does ...)
+       TODO: check
 CVE-2020-12431 (A Windows privilege change issue was discovered in Splashtop 
Software  ...)
        NOT-FOR-US: Splashtop Software Updater
 CVE-2020-12430 (An issue was discovered in qemuDomainGetStatsIOThread in 
qemu/qemu_dri ...)
@@ -14842,8 +14877,8 @@ CVE-2020-10568 (The sitepress-multilingual-cms (WPML) 
plugin before 4.3.7-b.2 fo
        NOT-FOR-US: sitepress-multilingual-cms (WPML) plugin for WordPress
 CVE-2020-10567 (An issue was discovered in Responsive Filemanager through 
9.14.0. In t ...)
        NOT-FOR-US: Responsive Filemanager
-CVE-2018-21036
-       RESERVED
+CVE-2018-21036 (Sails.js before v1.0.0-46 allows attackers to cause a denial 
of servic ...)
+       TODO: check
 CVE-2020-10566 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 
2020-02-1 ...)
        NOT-FOR-US: FreeBSD
 CVE-2020-10565 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 
2020-02-1 ...)
@@ -21103,7 +21138,7 @@ CVE-2019-20419 (Affected versions of Atlassian Jira 
Server and Data Center allow
        NOT-FOR-US: Atlassian
 CVE-2019-20418 (Affected versions of Atlassian Jira Server and Data Center 
allow remot ...)
        NOT-FOR-US: Atlassian
-CVE-2019-20417 (Affected versions of Atlassian Jira Server and Data Center 
allow remot ...)
+CVE-2019-20417 (NOTE: This candidate is a duplicate of CVE-2019-15011. All CVE 
users s ...)
        NOT-FOR-US: Atlassian
 CVE-2019-20416 (Affected versions of Atlassian Jira Server and Data Center 
allow remot ...)
        NOT-FOR-US: Atlassian
@@ -22584,7 +22619,7 @@ CVE-2020-7265 (Privilege Escalation vulnerability in 
McAfee Endpoint Security (E
        NOT-FOR-US: McAfee
 CVE-2020-7264 (Privilege Escalation vulnerability in McAfee Endpoint Security 
(ENS) f ...)
        NOT-FOR-US: McAfee
-CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in 
ENS for W ...)
+CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in 
McAfee En ...)
        NOT-FOR-US: ENS for Windows
 CVE-2020-7262 (Improper Access Control vulnerability in McAfee Advanced Threat 
Defens ...)
        NOT-FOR-US: McAfee
@@ -39424,7 +39459,7 @@ CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is 
installed setuid and allow
 CVE-2019-18861
        RESERVED
 CVE-2019-18860 (Squid before 4.9, when certain web browsers are used, 
mishandles HTML  ...)
-       {DLA-2278-1}
+       {DSA-4732-1 DLA-2278-1}
        - squid 4.9-1 (low)
        - squid3 <removed>
        NOTE: https://github.com/squid-cache/squid/pull/504
@@ -40052,6 +40087,7 @@ CVE-2020-1505
        RESERVED
 CVE-2020-1504
        RESERVED
+       {DSA-4732-1}
 CVE-2020-1503
        RESERVED
 CVE-2020-1502
@@ -211186,10 +211222,10 @@ CVE-2016-7066 (It was found that the improper 
default permissions on /tmp/auth d
        NOT-FOR-US: admin-cli / jboss-cli in Red Hat
 CVE-2016-7065 (The JMX servlet in Red Hat JBoss Enterprise Application 
Platform (EAP) ...)
        NOT-FOR-US: Red Hat JBoss EAP
-CVE-2016-7064
-       RESERVED
-CVE-2016-7063
-       RESERVED
+CVE-2016-7064 (A flaw was found in pritunl-client before version 1.0.1116.6. A 
lack o ...)
+       TODO: check
+CVE-2016-7063 (A flaw was found in pritunl-client before version 1.0.1116.6. 
Arbitrar ...)
+       TODO: check
 CVE-2016-7062 (rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat 
Storage Co ...)
        NOT-FOR-US: Red Hat rhscon-core
 CVE-2016-7061 (An information disclosure vulnerability was found in JBoss 
Enterprise  ...)
@@ -243921,7 +243957,7 @@ CVE-2015-5239 (Integer overflow in the VNC display 
driver in QEMU before 2.1.0 a
        [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
        NOTE: Upstream fix: 
http://git.qemu.org/?p=qemu.git;a=commit;h=f9a70e79391f6d7c2a912d785239ee8effc1922d
 (v2.1.0-rc0)
 CVE-2015-5238
-       RESERVED
+       REJECTED
 CVE-2015-5237 (protobuf allows remote authenticated attackers to cause a 
heap-based b ...)
        - protobuf <unfixed> (unimportant)
        NOTE: https://github.com/google/protobuf/issues/760
@@ -346120,7 +346156,7 @@ CVE-2010-1146 (The Linux kernel 2.6.33.2 and earlier, 
when a ReiserFS filesystem
        [lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
 CVE-2010-1145
        REJECTED
-CVE-2010-0751 (The ip_evictor function in ip_fragment.c in libnids 1.24, as 
used in d ...)
+CVE-2010-0751 (The ip_evictor function in ip_fragment.c in libnids before 
1.24, as us ...)
        - libnids 1.23-1.2 (low; bug #576281)
        [lenny] - libnids <no-dsa> (Minor issue)
        NOTE: dsniff is the only software in Debian using this lib so the 
impact is pretty minor



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f2b272cce12ac2ce9c9eef46cd340b5fa47deef

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f2b272cce12ac2ce9c9eef46cd340b5fa47deef
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to