Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
57f35fba by security tracker role at 2020-07-28T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,273 @@
+CVE-2020-16091
+ RESERVED
+CVE-2020-16090
+ RESERVED
+CVE-2020-16089
+ RESERVED
+CVE-2020-16088
+ RESERVED
+CVE-2020-16087
+ RESERVED
+CVE-2020-16086
+ RESERVED
+CVE-2020-16085
+ RESERVED
+CVE-2020-16084
+ RESERVED
+CVE-2020-16083
+ RESERVED
+CVE-2020-16082
+ RESERVED
+CVE-2020-16081
+ RESERVED
+CVE-2020-16080
+ RESERVED
+CVE-2020-16079
+ RESERVED
+CVE-2020-16078
+ RESERVED
+CVE-2020-16077
+ RESERVED
+CVE-2020-16076
+ RESERVED
+CVE-2020-16075
+ RESERVED
+CVE-2020-16074
+ RESERVED
+CVE-2020-16073
+ RESERVED
+CVE-2020-16072
+ RESERVED
+CVE-2020-16071
+ RESERVED
+CVE-2020-16070
+ RESERVED
+CVE-2020-16069
+ RESERVED
+CVE-2020-16068
+ RESERVED
+CVE-2020-16067
+ RESERVED
+CVE-2020-16066
+ RESERVED
+CVE-2020-16065
+ RESERVED
+CVE-2020-16064
+ RESERVED
+CVE-2020-16063
+ RESERVED
+CVE-2020-16062
+ RESERVED
+CVE-2020-16061
+ RESERVED
+CVE-2020-16060
+ RESERVED
+CVE-2020-16059
+ RESERVED
+CVE-2020-16058
+ RESERVED
+CVE-2020-16057
+ RESERVED
+CVE-2020-16056
+ RESERVED
+CVE-2020-16055
+ RESERVED
+CVE-2020-16054
+ RESERVED
+CVE-2020-16053
+ RESERVED
+CVE-2020-16052
+ RESERVED
+CVE-2020-16051
+ RESERVED
+CVE-2020-16050
+ RESERVED
+CVE-2020-16049
+ RESERVED
+CVE-2020-16048
+ RESERVED
+CVE-2020-16047
+ RESERVED
+CVE-2020-16046
+ RESERVED
+CVE-2020-16045
+ RESERVED
+CVE-2020-16044
+ RESERVED
+CVE-2020-16043
+ RESERVED
+CVE-2020-16042
+ RESERVED
+CVE-2020-16041
+ RESERVED
+CVE-2020-16040
+ RESERVED
+CVE-2020-16039
+ RESERVED
+CVE-2020-16038
+ RESERVED
+CVE-2020-16037
+ RESERVED
+CVE-2020-16036
+ RESERVED
+CVE-2020-16035
+ RESERVED
+CVE-2020-16034
+ RESERVED
+CVE-2020-16033
+ RESERVED
+CVE-2020-16032
+ RESERVED
+CVE-2020-16031
+ RESERVED
+CVE-2020-16030
+ RESERVED
+CVE-2020-16029
+ RESERVED
+CVE-2020-16028
+ RESERVED
+CVE-2020-16027
+ RESERVED
+CVE-2020-16026
+ RESERVED
+CVE-2020-16025
+ RESERVED
+CVE-2020-16024
+ RESERVED
+CVE-2020-16023
+ RESERVED
+CVE-2020-16022
+ RESERVED
+CVE-2020-16021
+ RESERVED
+CVE-2020-16020
+ RESERVED
+CVE-2020-16019
+ RESERVED
+CVE-2020-16018
+ RESERVED
+CVE-2020-16017
+ RESERVED
+CVE-2020-16016
+ RESERVED
+CVE-2020-16015
+ RESERVED
+CVE-2020-16014
+ RESERVED
+CVE-2020-16013
+ RESERVED
+CVE-2020-16012
+ RESERVED
+CVE-2020-16011
+ RESERVED
+CVE-2020-16010
+ RESERVED
+CVE-2020-16009
+ RESERVED
+CVE-2020-16008
+ RESERVED
+CVE-2020-16007
+ RESERVED
+CVE-2020-16006
+ RESERVED
+CVE-2020-16005
+ RESERVED
+CVE-2020-16004
+ RESERVED
+CVE-2020-16003
+ RESERVED
+CVE-2020-16002
+ RESERVED
+CVE-2020-16001
+ RESERVED
+CVE-2020-16000
+ RESERVED
+CVE-2020-15999
+ RESERVED
+CVE-2020-15998
+ RESERVED
+CVE-2020-15997
+ RESERVED
+CVE-2020-15996
+ RESERVED
+CVE-2020-15995
+ RESERVED
+CVE-2020-15994
+ RESERVED
+CVE-2020-15993
+ RESERVED
+CVE-2020-15992
+ RESERVED
+CVE-2020-15991
+ RESERVED
+CVE-2020-15990
+ RESERVED
+CVE-2020-15989
+ RESERVED
+CVE-2020-15988
+ RESERVED
+CVE-2020-15987
+ RESERVED
+CVE-2020-15986
+ RESERVED
+CVE-2020-15985
+ RESERVED
+CVE-2020-15984
+ RESERVED
+CVE-2020-15983
+ RESERVED
+CVE-2020-15982
+ RESERVED
+CVE-2020-15981
+ RESERVED
+CVE-2020-15980
+ RESERVED
+CVE-2020-15979
+ RESERVED
+CVE-2020-15978
+ RESERVED
+CVE-2020-15977
+ RESERVED
+CVE-2020-15976
+ RESERVED
+CVE-2020-15975
+ RESERVED
+CVE-2020-15974
+ RESERVED
+CVE-2020-15973
+ RESERVED
+CVE-2020-15972
+ RESERVED
+CVE-2020-15971
+ RESERVED
+CVE-2020-15970
+ RESERVED
+CVE-2020-15969
+ RESERVED
+CVE-2020-15968
+ RESERVED
+CVE-2020-15967
+ RESERVED
+CVE-2020-15966
+ RESERVED
+CVE-2020-15965
+ RESERVED
+CVE-2020-15964
+ RESERVED
+CVE-2020-15963
+ RESERVED
+CVE-2020-15962
+ RESERVED
+CVE-2020-15961
+ RESERVED
+CVE-2020-15960
+ RESERVED
+CVE-2020-15959
+ RESERVED
+CVE-2020-15958
+ RESERVED
+CVE-2020-15957
+ RESERVED
CVE-2020-15956
RESERVED
CVE-2020-15955
@@ -7519,8 +7789,8 @@ CVE-2020-12882 (Submitty through 20.04.01 allows XSS via
upload of an SVG docume
NOT-FOR-US: Submitty
CVE-2020-12881
RESERVED
-CVE-2020-12880
- RESERVED
+CVE-2020-12880 (An issue was discovered in Pulse Policy Secure (PPS) and Pulse
Connect ...)
+ TODO: check
CVE-2020-12879
RESERVED
CVE-2020-12878
@@ -7639,8 +7909,8 @@ CVE-2020-12847 (Pydio Cells 2.0.4 web application offers
an administrative conso
NOT-FOR-US: Pydio Cells
CVE-2020-12846 (Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3
allows remo ...)
NOT-FOR-US: Zimbra
-CVE-2020-12845
- RESERVED
+CVE-2020-12845 (Cherokee 0.4.27 to 1.2.104 is affected by a denial of service
due to a ...)
+ TODO: check
CVE-2020-12844
RESERVED
CVE-2020-12843
@@ -8618,8 +8888,8 @@ CVE-2020-12462 (The ninja-forms plugin before 3.4.24.2
for WordPress allows CSRF
NOT-FOR-US: ninja-forms plugin for WordPress
CVE-2020-12461 (PHP-Fusion 9.03.50 allows SQL Injection because maincore.php
has an in ...)
NOT-FOR-US: PHP-Fusion
-CVE-2020-12460
- RESERVED
+CVE-2020-12460 (OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has
improper nul ...)
+ TODO: check
CVE-2020-12459 (In certain Red Hat packages for Grafana 6.x through 6.3.6, the
configu ...)
NOT-FOR-US: Grafana as shipped in Red Hat
CVE-2020-12458 (An information-disclosure flaw was found in Grafana through
6.7.3. The ...)
@@ -14934,8 +15204,8 @@ CVE-2020-10645
RESERVED
CVE-2020-10644 (The affected product lacks proper validation of user-supplied
data, wh ...)
NOT-FOR-US: Inductive Automation Ignition
-CVE-2020-10643
- RESERVED
+CVE-2020-10643 (An authenticated remote attacker could use specially crafted
URLs to s ...)
+ TODO: check
CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.1.00 and
prior, an au ...)
NOT-FOR-US: Rockwell
CVE-2020-10641 (An unprotected logging route may allow an attacker to write
endless lo ...)
@@ -15020,7 +15290,7 @@ CVE-2020-10602 (In OSIsoft PI System multiple products
and versions, an authenti
NOT-FOR-US: OSIsoft PI System
CVE-2020-10601 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote
Module allow ...)
NOT-FOR-US: VISAM VBASE Editor
-CVE-2020-10600 (In OSIsoft PI System multiple products and versions, an
authenticated ...)
+CVE-2020-10600 (An authenticated remote attacker could crash PI Archive
Subsystem when ...)
NOT-FOR-US: OSIsoft PI System
CVE-2020-10599 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote
Module may al ...)
NOT-FOR-US: VISAM VBASE Editor
@@ -19804,8 +20074,7 @@ CVE-2020-8560
CVE-2020-8559 (The Kubernetes kube-apiserver in versions v1.6-v1.15, and
versions pri ...)
- kubernetes 1.18.5-1
NOTE: https://www.openwall.com/lists/oss-security/2020/07/15/6
-CVE-2020-8558
- RESERVED
+CVE-2020-8558 (The Kubelet and kube-proxy components in versions
1.1.0-1.16.10, 1.17. ...)
- kubernetes 1.18.5-1
NOTE: Issue: https://github.com/kubernetes/kubernetes/issues/90259
NOTE: Upstream fix: https://github.com/kubernetes/kubernetes/pull/91569
@@ -86240,7 +86509,7 @@ CVE-2019-3904
CVE-2019-3903
RESERVED
CVE-2019-3902 (A flaw was found in Mercurial before 4.9. It was possible to
use symli ...)
- {DLA-1764-1}
+ {DLA-2293-1 DLA-1764-1}
- mercurial 4.9-1 (bug #927674)
[buster] - mercurial 4.8.2-1+deb10u1
NOTE:
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29
@@ -118103,12 +118372,12 @@ CVE-2018-12051 (Arbitrary File Upload and Remote
Code Execution exist in PHP Scr
CVE-2018-12050
RESERVED
CVE-2018-13346 (The mpatch_apply function in mpatch.c in Mercurial before
4.6.1 incorr ...)
- {DLA-1414-1}
+ {DLA-2293-1 DLA-1414-1}
- mercurial 4.6.1-1 (bug #901050)
NOTE:
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
NOTE: https://www.mercurial-scm.org/repo/hg/rev/faa924469635
CVE-2018-13347 (mpatch.c in Mercurial before 4.6.1 mishandles integer addition
and sub ...)
- {DLA-1414-1}
+ {DLA-2293-1 DLA-1414-1}
- mercurial 4.6.1-1 (bug #901050)
NOTE:
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
NOTE: https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
@@ -118117,7 +118386,7 @@ CVE-2018-13347 (mpatch.c in Mercurial before 4.6.1
mishandles integer addition a
NOTE: upstream proposes we use OVE-20180430-0002 to cover all undefined
behavior
NOTE: cases which the 6 patches fix
CVE-2018-13348 (The mpatch_decode function in mpatch.c in Mercurial before
4.6.1 misha ...)
- {DLA-1414-1}
+ {DLA-2293-1 DLA-1414-1}
- mercurial 4.6.1-1 (bug #901050)
NOTE:
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
NOTE: https://www.mercurial-scm.org/repo/hg/rev/90a274965de7
@@ -128506,7 +128775,7 @@ CVE-2018-8111 (A remote code execution vulnerability
exists when Microsoft Edge
CVE-2018-8110 (A remote code execution vulnerability exists when Microsoft
Edge impro ...)
NOT-FOR-US: Microsoft
CVE-2018-1000132 (Mercurial version 4.5 and earlier contains a Incorrect
Access Control ...)
- {DLA-1414-1 DLA-1331-1}
+ {DLA-2293-1 DLA-1414-1 DLA-1331-1}
- mercurial 4.5.2-1 (bug #892964)
NOTE:
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29
NOTE: https://www.mercurial-scm.org/repo/hg/rev/2ecb0fc535b1 (4.5.2)
@@ -148932,7 +149201,7 @@ CVE-2017-17459 (http_transport.c in Fossil before
2.4, when the SSH sync protoco
[wheezy] - fossil <no-dsa> (Minor issue)
NOTE: https://www.fossil-scm.org/xfer/info/1f63db591c77108c
CVE-2017-17458 (In Mercurial before 4.4.1, it is possible that a specially
malformed r ...)
- {DLA-1414-2 DLA-1414-1 DLA-1224-1}
+ {DLA-2293-1 DLA-1414-2 DLA-1414-1 DLA-1224-1}
- mercurial 4.4.1-1
NOTE: https://bz.mercurial-scm.org/show_bug.cgi?id=5730
NOTE:
https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57f35fba031b5d1994dc8ab1be233f037665ba7a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57f35fba031b5d1994dc8ab1be233f037665ba7a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
