Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3a3c0158 by security tracker role at 2020-08-06T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2020-17374
+ RESERVED
+CVE-2020-17373
+ RESERVED
+CVE-2020-17372
+ RESERVED
CVE-2020-17371
RESERVED
CVE-2020-17370
@@ -6,10 +12,12 @@ CVE-2020-17369
RESERVED
CVE-2020-17368 [don't pass command line through shell when redirecting output]
RESERVED
+ {DSA-4742-1}
- firejail 0.9.62-4
NOTE:
https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b
CVE-2020-17367 [don't interpret output arguments after end-of-options tag]
RESERVED
+ {DSA-4742-1}
- firejail 0.9.62-4
NOTE:
https://github.com/netblue30/firejail/commit/2c734d6350ad321fccbefc5ef0382199ac331b37
CVE-2020-17366 (An issue was discovered in NLnet Labs Routinator 0.1.0 through
0.7.1. ...)
@@ -1055,8 +1063,8 @@ CVE-2020-16847 (Extreme Analytics in Extreme Management
Center before 8.5.0.169
NOT-FOR-US: Extreme Management Center
CVE-2020-16846
RESERVED
-CVE-2020-16845
- RESERVED
+CVE-2020-16845 (Go before 1.13.15 and 14.x before 1.14.7 can have an infinite
read loo ...)
+ TODO: check
CVE-2020-16844
RESERVED
CVE-2020-16843 (In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2,
the netw ...)
@@ -2290,8 +2298,8 @@ CVE-2020-16231
RESERVED
CVE-2020-16230
RESERVED
-CVE-2020-16229
- RESERVED
+CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior.
Process ...)
+ TODO: check
CVE-2020-16228
RESERVED
CVE-2020-16227
@@ -2314,28 +2322,28 @@ CVE-2020-16219
RESERVED
CVE-2020-16218
RESERVED
-CVE-2020-16217
- RESERVED
+CVE-2020-16217 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior.
A doubl ...)
+ TODO: check
CVE-2020-16216
RESERVED
-CVE-2020-16215
- RESERVED
+CVE-2020-16215 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior.
Process ...)
+ TODO: check
CVE-2020-16214
RESERVED
-CVE-2020-16213
- RESERVED
+CVE-2020-16213 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior.
Process ...)
+ TODO: check
CVE-2020-16212
RESERVED
-CVE-2020-16211
- RESERVED
+CVE-2020-16211 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior.
An out- ...)
+ TODO: check
CVE-2020-16210
RESERVED
CVE-2020-16209
RESERVED
CVE-2020-16208
RESERVED
-CVE-2020-16207
- RESERVED
+CVE-2020-16207 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior.
Multipl ...)
+ TODO: check
CVE-2020-16206
RESERVED
CVE-2020-16205
@@ -2992,7 +3000,7 @@ CVE-2020-15903
RESERVED
CVE-2020-15902 (Graph Explorer in Nagios XI before 5.7.2 allows XSS via the
link url o ...)
NOT-FOR-US: Nagios XI
-CVE-2020-15901 (ajaxhelper.php in Nagios XI before 5.7.2 allows remote
attackers to ex ...)
+CVE-2020-15901 (In Nagios XI before 5.7.3, ajaxhelper.php allows remote
authenticated ...)
NOT-FOR-US: Nagios XI
CVE-2020-15900 (A memory corruption issue was found in Artifex Ghostscript
9.50 and 9. ...)
- ghostscript <unfixed>
@@ -8348,8 +8356,8 @@ CVE-2020-13795 (An issue was discovered in Navigate CMS
through 2.8.7. It allows
NOT-FOR-US: Navigate CMS
CVE-2020-13794
RESERVED
-CVE-2020-13793
- RESERVED
+CVE-2020-13793 (Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due
to a st ...)
+ TODO: check
CVE-2020-13792 (PlayTube 1.8 allows disclosure of user details via
ajax.php?type=../ad ...)
NOT-FOR-US: PlayTube
CVE-2019-20837 (An issue was discovered in Foxit Reader and PhantomPDF before
9.5. It ...)
@@ -9451,10 +9459,10 @@ CVE-2020-13367
RESERVED
CVE-2020-13366
RESERVED
-CVE-2020-13365
- RESERVED
-CVE-2020-13364
- RESERVED
+CVE-2020-13365 (Certain Zyxel products have a locally accessible binary that
allows a ...)
+ TODO: check
+CVE-2020-13364 (A backdoor in certain Zyxel products allows remote TELNET
access via a ...)
+ TODO: check
CVE-2020-13363
RESERVED
CVE-2020-13362 (In QEMU 5.0.0 and earlier, megasas_lookup_frame in
hw/scsi/megasas.c h ...)
@@ -10949,7 +10957,7 @@ CVE-2020-12740 (tcprewrite in Tcpreplay through 4.3.2
has a heap-based buffer ov
NOTE: Fixed with: https://github.com/appneta/tcpreplay/issues/578
NOTE: --fuzz-seed in PoC not present until version 4.2.0
NOTE: Crash in CLI tool, no security impact
-CVE-2020-12739 (A vulnerability in the Fanuc i Series CNC (0i-MD and 0i
Mate-MD) could ...)
+CVE-2020-12739 (A denial-of-service vulnerability in the Fanuc i Series CNC
(0i-MD and ...)
NOT-FOR-US: Fanuc i Series CNC
CVE-2020-12738
RESERVED
@@ -11041,6 +11049,7 @@ CVE-2020-12697 (The direct_mail extension through 5.2.3
for TYPO3 allows Denial
CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a
URL. ...)
NOT-FOR-US: iframe plugin for WordPress
CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before
2020-04-17 ...)
+ {DLA-2315-1}
- wpa <unfixed>
[buster] - wpa <no-dsa> (Minor issue)
- gupnp 1.2.3-1
@@ -11663,8 +11672,8 @@ CVE-2020-12443 (BigBlueButton before 2.2.6 allows
remote attackers to read arbit
NOT-FOR-US: BigBlueButton
CVE-2020-12442 (Ivanti Avalanche 6.3 allows a SQL injection that is vaguely
associated ...)
NOT-FOR-US: Ivanti
-CVE-2020-12441
- RESERVED
+CVE-2020-12441 (Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote
Control ...)
+ TODO: check
CVE-2020-12440
REJECTED
CVE-2020-12439 (Grin before 3.1.0 allows attackers to adversely affect
availability of ...)
@@ -24754,8 +24763,8 @@ CVE-2020-7819
RESERVED
CVE-2020-7818 (DaviewIndy 8.98.9 and earlier has a Heap-based overflow
vulnerability, ...)
NOT-FOR-US: Daview
-CVE-2020-7817
- RESERVED
+CVE-2020-7817 (MyBrowserPlus downloads the files needed to run the program
through th ...)
+ TODO: check
CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView
Indy, DaVa+ ...)
NOT-FOR-US: DaView
CVE-2020-7815 (XPLATFORM v9.2.260 and eariler versions contain a vulnerability
that c ...)
@@ -25526,10 +25535,10 @@ CVE-2020-7462
RESERVED
CVE-2020-7461
RESERVED
-CVE-2020-7460
- RESERVED
-CVE-2020-7459
- RESERVED
+CVE-2020-7460 (In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8,
11.4-ST ...)
+ TODO: check
+CVE-2020-7459 (In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8,
11.4-ST ...)
+ TODO: check
CVE-2020-7458 (In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before
r362281, and ...)
NOT-FOR-US: FreeBSD
CVE-2020-7457 (In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7,
11.4-ST ...)
@@ -25727,26 +25736,26 @@ CVE-2020-7363
RESERVED
CVE-2020-7362
RESERVED
-CVE-2020-7361
- RESERVED
+CVE-2020-7361 (The EasyCorp ZenTao Pro application suffers from an OS command
injecti ...)
+ TODO: check
CVE-2020-7360
RESERVED
CVE-2020-7359
RESERVED
CVE-2020-7358
RESERVED
-CVE-2020-7357
- RESERVED
-CVE-2020-7356
- RESERVED
+CVE-2020-7357 (Cayin CMS suffers from an authenticated OS semi-blind command
injectio ...)
+ TODO: check
+CVE-2020-7356 (CAYIN xPost suffers from an unauthenticated SQL Injection
vulnerabilit ...)
+ TODO: check
CVE-2020-7355 (Cross-site Scripting (XSS) vulnerability in the 'notes' field
of a dis ...)
NOT-FOR-US: Metasploit Pro
CVE-2020-7354 (Cross-site Scripting (XSS) vulnerability in the 'host' field of
a disc ...)
NOT-FOR-US: Metasploit Pro
CVE-2020-7353
RESERVED
-CVE-2020-7352
- RESERVED
+CVE-2020-7352 (The GalaxyClientService component of GOG Galaxy runs with
elevated SYS ...)
+ TODO: check
CVE-2020-7351 (An OS Command Injection vulnerability in the
endpoint_devicemap.php co ...)
NOT-FOR-US: Fonality Trixbox Community Edition
CVE-2020-7350 (Rapid7 Metasploit Framework versions before 5.0.85 suffers from
an ins ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a3c015829324b72a7afd27044a0c0f87222b3f5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a3c015829324b72a7afd27044a0c0f87222b3f5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
