Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1ba4106e by security tracker role at 2020-07-31T20:10:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2020-16254
+ RESERVED
+CVE-2020-16253
+ RESERVED
+CVE-2020-16252
+ RESERVED
+CVE-2020-16251
+ RESERVED
+CVE-2020-16250
+ RESERVED
+CVE-2020-16249
+ RESERVED
+CVE-2020-16248
+ RESERVED
+CVE-2020-16247
+ RESERVED
+CVE-2020-16246
+ RESERVED
+CVE-2020-16245
+ RESERVED
+CVE-2020-16244
+ RESERVED
+CVE-2020-16243
+ RESERVED
+CVE-2020-16242
+ RESERVED
+CVE-2020-16241
+ RESERVED
+CVE-2020-16240
+ RESERVED
+CVE-2020-16239
+ RESERVED
+CVE-2020-16238
+ RESERVED
+CVE-2020-16237
+ RESERVED
+CVE-2020-16236
+ RESERVED
+CVE-2020-16235
+ RESERVED
+CVE-2020-16234
+ RESERVED
+CVE-2020-16233
+ RESERVED
+CVE-2020-16232
+ RESERVED
+CVE-2020-16231
+ RESERVED
+CVE-2020-16230
+ RESERVED
+CVE-2020-16229
+ RESERVED
+CVE-2020-16228
+ RESERVED
+CVE-2020-16227
+ RESERVED
+CVE-2020-16226
+ RESERVED
+CVE-2020-16225
+ RESERVED
+CVE-2020-16224
+ RESERVED
+CVE-2020-16223
+ RESERVED
+CVE-2020-16222
+ RESERVED
+CVE-2020-16221
+ RESERVED
+CVE-2020-16220
+ RESERVED
+CVE-2020-16219
+ RESERVED
+CVE-2020-16218
+ RESERVED
+CVE-2020-16217
+ RESERVED
+CVE-2020-16216
+ RESERVED
+CVE-2020-16215
+ RESERVED
+CVE-2020-16214
+ RESERVED
+CVE-2020-16213
+ RESERVED
+CVE-2020-16212
+ RESERVED
+CVE-2020-16211
+ RESERVED
+CVE-2020-16210
+ RESERVED
+CVE-2020-16209
+ RESERVED
+CVE-2020-16208
+ RESERVED
+CVE-2020-16207
+ RESERVED
+CVE-2020-16206
+ RESERVED
+CVE-2020-16205
+ RESERVED
+CVE-2020-16204
+ RESERVED
+CVE-2020-16203
+ RESERVED
+CVE-2020-16202
+ RESERVED
+CVE-2020-16201
+ RESERVED
+CVE-2020-16200
+ RESERVED
+CVE-2020-16199
+ RESERVED
+CVE-2020-16198
+ RESERVED
+CVE-2020-16197
+ RESERVED
+CVE-2020-16196
+ RESERVED
CVE-2020-16195
RESERVED
CVE-2020-16194
@@ -117,8 +235,8 @@ CVE-2020-16138
RESERVED
CVE-2020-16137
RESERVED
-CVE-2020-16136
- RESERVED
+CVE-2020-16136 (In tgstation-server 4.4.0 and 4.4.1, an authenticated user
with permis ...)
+ TODO: check
CVE-2020-16135 (libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if
ssh_buf ...)
- libssh <unfixed> (bug #966560)
NOTE: https://bugs.libssh.org/T232
@@ -2466,10 +2584,10 @@ CVE-2020-15136
RESERVED
CVE-2020-15135
RESERVED
-CVE-2020-15134
- RESERVED
-CVE-2020-15133
- RESERVED
+CVE-2020-15134 (Faye before version 1.4.0, there is a lack of certification
validation ...)
+ TODO: check
+CVE-2020-15133 (In faye-websocket before version 0.11.0, there is a lack of
certificat ...)
+ TODO: check
CVE-2020-15132
RESERVED
CVE-2020-15131 (In SLP Validate (npm package slp-validate) before version
1.2.2, there ...)
@@ -2478,8 +2596,8 @@ CVE-2020-15130 (In SLPJS (npm package slpjs) before
version 0.27.4, there is a v
NOT-FOR-US: Node slpjs
CVE-2020-15129 (In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there
exists ...)
NOT-FOR-US: Traefik
-CVE-2020-15128
- RESERVED
+CVE-2020-15128 (In OctoberCMS before version 1.0.468, encrypted cookie values
were not ...)
+ TODO: check
CVE-2020-15127
RESERVED
CVE-2020-15126 (In parser-server from version 3.5.0 and before 4.3.0, an
authenticated ...)
@@ -3823,8 +3941,8 @@ CVE-2020-14522
RESERVED
CVE-2020-14521
RESERVED
-CVE-2020-14520
- RESERVED
+CVE-2020-14520 (The affected product is vulnerable to an information leak,
which may a ...)
+ TODO: check
CVE-2020-14519
RESERVED
CVE-2020-14518
@@ -4551,16 +4669,14 @@ CVE-2020-14339 [leak of /dev/mapper/control into QEMU
guests]
NOTE: Proposed patch:
https://www.redhat.com/archives/libvir-list/2020-July/msg01501.html
CVE-2020-14338
RESERVED
-CVE-2020-14337
- RESERVED
+CVE-2020-14337 (A data exposure flaw was found in Tower, where sensitive data
was reve ...)
NOT-FOR-US: Ansible Tower
CVE-2020-14336
RESERVED
NOT-FOR-US: OpenShift
CVE-2020-14335
RESERVED
-CVE-2020-14334
- RESERVED
+CVE-2020-14334 (A flaw was found in Red Hat Satellite 6 which allows
privileged attack ...)
- foreman <itp> (bug #663101)
CVE-2020-14333
RESERVED
@@ -5026,6 +5142,7 @@ CVE-2020-14153 (In IJG JPEG (aka libjpeg) before 9d,
jdhuff.c has an out-of-boun
- libjpeg-turbo <not-affected> (Vulnerable code not present;
problematic condition cannot be reached)
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/445
CVE-2020-14152 (In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in
jmemnobs. ...)
+ {DLA-2302-1}
- libjpeg9 1:9d-1 (low)
- libjpeg-turbo 1:1.5.2-1 (low)
[jessie] - libjpeg-turbo <no-dsa> (Minor issue)
@@ -6060,6 +6177,7 @@ CVE-2020-13791 (hw/pci/pci.c in QEMU 4.2.0 allows guest
OS users to trigger an o
NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/1
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00831.html
CVE-2020-13790 (libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based
buffer over-r ...)
+ {DLA-2302-1}
- libjpeg-turbo 1:2.0.5-1 (bug #962829)
[buster] - libjpeg-turbo <no-dsa> (Minor issue)
[jessie] - libjpeg-turbo <ignored> (No package in Debian jessie uses
the TurboJPEG API)
@@ -10212,8 +10330,8 @@ CVE-2020-12083
RESERVED
CVE-2020-12082
RESERVED
-CVE-2020-12081
- RESERVED
+CVE-2020-12081 (An information disclosure vulnerability has been identified in
FlexNet ...)
+ TODO: check
CVE-2020-12080
RESERVED
CVE-2019-20788 (libvncclient/cursor.c in LibVNCServer through 0.9.12 has a
HandleCurso ...)
@@ -15175,8 +15293,8 @@ CVE-2020-10732 (A flaw was found in the Linux kernel's
implementation of Userspa
[jessie] - linux <ignored> (Does not affect supported architectures)
NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/1
NOTE:
https://git.kernel.org/linus/1d605416fb7175e1adf094251466caa52093b413
-CVE-2020-10731
- RESERVED
+CVE-2020-10731 (A flaw was found in the nova_libvirt container provided by the
Red Hat ...)
+ TODO: check
CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw
was found ...)
- ldb 2:2.1.4-1
[buster] - ldb <no-dsa> (Minor issue)
@@ -18838,10 +18956,10 @@ CVE-2020-9251 (HUAWEI Mate 20 smartphones with
versions earlier than 10.1.0.160(
NOT-FOR-US: Huawei
CVE-2020-9250
RESERVED
-CVE-2020-9249
- RESERVED
-CVE-2020-9248
- RESERVED
+CVE-2020-9249 (HUAWEI P30 smartphones with versions earlier than
10.1.0.160(C00E160R2 ...)
+ TODO: check
+CVE-2020-9248 (Huawei FusionComput 8.0.0 have an improper authorization
vulnerability ...)
+ TODO: check
CVE-2020-9247
RESERVED
CVE-2020-9246
@@ -21219,7 +21337,7 @@ CVE-2020-8215 (A buffer overflow is present in canvas
version <= 1.6.9, which
NOT-FOR-US: Node canvas
CVE-2020-8214 (A path traversal vulnerability in servey version < 3 allows
an atta ...)
NOT-FOR-US: servey
-CVE-2020-8213 (An information exposure vulnerability exists in UniFi Protect
v1.13.3 ...)
+CVE-2020-8213 (An information exposure vulnerability exists in UniFi Protect
before v ...)
NOT-FOR-US: UniFi Protect
CVE-2020-8212
RESERVED
@@ -28184,8 +28302,8 @@ CVE-2020-5386
RESERVED
CVE-2020-5385
RESERVED
-CVE-2020-5384
- RESERVED
+CVE-2020-5384 (Authentication Bypass Vulnerability RSA MFA Agent 2.0 for
Microsoft Wi ...)
+ TODO: check
CVE-2020-5383
RESERVED
CVE-2020-5382
@@ -112372,7 +112490,7 @@ CVE-2018-14505 (mitmweb in mitmproxy v4.0.3 allows
DNS Rebinding attacks, relate
CVE-2018-14499 (An issue was found in HYBBS through 2016-03-08. There is an
XSS vulner ...)
NOT-FOR-US: HYBBS
CVE-2018-14498 (get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and
MozJPEG th ...)
- {DLA-1719-1}
+ {DLA-2302-1 DLA-1719-1}
- libjpeg-turbo 1:2.0.5-1 (low; bug #924678)
[buster] - libjpeg-turbo <no-dsa> (Minor issue)
- mozjpeg <itp> (bug #741487)
@@ -150097,7 +150215,7 @@ CVE-2018-1154 (In SecurityCenter versions prior to
5.7.0, a username enumeration
CVE-2018-1153 (Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate
the se ...)
NOT-FOR-US: Burp Suite (different from src:burp)
CVE-2018-1152 (libjpeg-turbo 1.5.90 is vulnerable to a denial of service
vulnerabilit ...)
- {DLA-1638-1}
+ {DLA-2302-1 DLA-1638-1}
- libjpeg-turbo 1:2.0.5-1 (low; bug #902950)
[buster] - libjpeg-turbo <no-dsa> (Minor issue)
NOTE:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ba4106e9fdcf809ed16089e1c70dad7b2b4a569
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ba4106e9fdcf809ed16089e1c70dad7b2b4a569
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
