[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 22 Aug 2020 01:11:55 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b2489633 by security tracker role at 2020-08-22T08:10:39+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2020-24596
+       RESERVED
+CVE-2020-24595
+       RESERVED
+CVE-2020-24594
+       RESERVED
+CVE-2020-24593
+       RESERVED
+CVE-2020-24592
+       RESERVED
 CVE-2020-24591 (The Management Console in certain WSO2 products allows XXE 
attacks dur ...)
        NOT-FOR-US: WSO2
 CVE-2020-24590 (The Management Console in WSO2 API Manager through 3.1.0 and 
API Micro ...)
@@ -17722,8 +17732,8 @@ CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in 
hw/net/e1000e_core.c because
        [buster] - qemu <postponed> (Minor issue, can be fixed along in next 
DSA)
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html
        NOTE: https://bugs.launchpad.net/qemu/+bug/1886362
-CVE-2020-15858
-       RESERVED
+CVE-2020-15858 (Some devices of Thales DIS (formerly Gemalto, formerly 
Cinterion) allo ...)
+       TODO: check
 CVE-2020-15857
        RESERVED
 CVE-2020-15856
@@ -33883,14 +33893,14 @@ CVE-2020-10128
        RESERVED
 CVE-2020-10127
        RESERVED
-CVE-2020-10126
-       RESERVED
-CVE-2020-10125
-       RESERVED
-CVE-2020-10124
-       RESERVED
-CVE-2020-10123
-       RESERVED
+CVE-2020-10126 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly 
validate  ...)
+       TODO: check
+CVE-2020-10125 (NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 
implement 51 ...)
+       TODO: check
+CVE-2020-10124 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, 
authentic ...)
+       TODO: check
+CVE-2020-10123 (The currency dispenser of NCR SelfSev ATMs running APTRA XFS 
05.01.00  ...)
+       TODO: check
 CVE-2019-20501 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated 
OS comm ...)
        NOT-FOR-US: D-Link
 CVE-2019-20500 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated 
OS comm ...)
@@ -36396,10 +36406,10 @@ CVE-2020-9065 (Huawei smart phone Taurus-AL00B with 
versions earlier than 10.0.0
        NOT-FOR-US: Huawei
 CVE-2020-9064 (Huawei smartphone Honor V30 with versions earlier than 
OxfordS-AN00A 1 ...)
        NOT-FOR-US: Huawei
-CVE-2020-9063
-       RESERVED
-CVE-2020-9062
-       RESERVED
+CVE-2020-9063 (NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not 
authent ...)
+       TODO: check
+CVE-2020-9062 (Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase 
version ...)
+       TODO: check
 CVE-2020-9061
        RESERVED
 CVE-2020-9060
@@ -37472,24 +37482,19 @@ CVE-2020-8626
        RESERVED
 CVE-2020-8625
        RESERVED
-CVE-2020-8624
-       RESERVED
+CVE-2020-8624 (In BIND 9.9.12 -&gt; 9.9.13, 9.10.7 -&gt; 9.10.8, 9.11.3 -&gt; 
9.11.21 ...)
        - bind9 1:9.16.6-1 (bug #966497)
        NOTE: https://kb.isc.org/docs/cve-2020-8624
-CVE-2020-8623
-       RESERVED
+CVE-2020-8623 (In BIND 9.10.0 -&gt; 9.11.21, 9.12.0 -&gt; 9.16.5, 9.17.0 -&gt; 
9.17.3 ...)
        - bind9 1:9.16.6-1
        NOTE: https://kb.isc.org/docs/cve-2020-8623
-CVE-2020-8622
-       RESERVED
+CVE-2020-8622 (In BIND 9.0.0 -&gt; 9.11.21, 9.12.0 -&gt; 9.16.5, 9.17.0 -&gt; 
9.17.3, ...)
        - bind9 1:9.16.6-1
        NOTE: https://kb.isc.org/docs/cve-2020-8622
-CVE-2020-8621
-       RESERVED
+CVE-2020-8621 (In BIND 9.14.0 -&gt; 9.16.5, 9.17.0 -&gt; 9.17.3, If a server 
is confi ...)
        - bind9 1:9.16.6-1
        NOTE: https://kb.isc.org/docs/cve-2020-8621
-CVE-2020-8620
-       RESERVED
+CVE-2020-8620 (In BIND 9.15.6 -&gt; 9.16.5, 9.17.0 -&gt; 9.17.3, An attacker 
who can  ...)
        - bind9 1:9.16.6-1
        NOTE: https://kb.isc.org/docs/cve-2020-8620
 CVE-2020-8619 (In ISC BIND9 versions BIND 9.11.14 -&gt; 9.11.19, BIND 9.14.9 
-&gt; 9. ...)
@@ -38376,8 +38381,8 @@ CVE-2020-8236
        RESERVED
 CVE-2020-8235
        RESERVED
-CVE-2020-8234
-       RESERVED
+CVE-2020-8234 (A vulnerability exists in The EdgeMax EdgeSwitch firmware 
&lt;v1.9.1 w ...)
+       TODO: check
 CVE-2020-8233 (A command injection vulnerability exists in EdgeSwitch firmware 
&lt;v1 ...)
        NOT-FOR-US: Edgeswitch
 CVE-2020-8232 (An information disclosure vulnerability exists in EdgeMax 
EdgeSwitch f ...)
@@ -38395,8 +38400,8 @@ CVE-2020-8229 (A memory leak in the OCUtil.dll library 
used by Nextcloud Desktop
        NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-034
 CVE-2020-8228
        RESERVED
-CVE-2020-8227
-       RESERVED
+CVE-2020-8227 (Missing sanitization of a server response in Nextcloud Desktop 
Client  ...)
+       TODO: check
 CVE-2020-8226 (A vulnerability exists in phpBB &lt;v3.2.10 and &lt;v3.3.1 
which allow ...)
        NOT-FOR-US: phpBB
 CVE-2020-8225
@@ -38475,8 +38480,8 @@ CVE-2020-8191 (Improper input validation in Citrix ADC 
and Citrix Gateway versio
        NOT-FOR-US: Citrix
 CVE-2020-8190 (Incorrect file permissions in Citrix ADC and Citrix Gateway 
before ver ...)
        NOT-FOR-US: Citrix
-CVE-2020-8189
-       RESERVED
+CVE-2020-8189 (A cross-site scripting error in Nextcloud Desktop client 2.6.4 
allowed ...)
+       TODO: check
 CVE-2020-8188 (We have recently released new version of UniFi Protect firmware 
v1.13. ...)
        NOT-FOR-US: UniFi Protect
 CVE-2020-8187 (Improper input validation in Citrix ADC and Citrix Gateway 
versions be ...)
@@ -45346,10 +45351,10 @@ CVE-2020-5419
        RESERVED
 CVE-2020-5418
        RESERVED
-CVE-2020-5417
-       RESERVED
-CVE-2020-5416
-       RESERVED
+CVE-2020-5417 (Cloud Foundry CAPI (Cloud Controller), versions prior to 
1.97.0, when  ...)
+       TODO: check
+CVE-2020-5416 (Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, 
when used ...)
+       TODO: check
 CVE-2020-5415 (Concourse, versions prior to 6.3.1 and 6.4.1, in installations 
which u ...)
        TODO: check
 CVE-2020-5414 (VMware Tanzu Application Service for VMs (2.7.x versions prior 
to 2.7. ...)
@@ -78465,7 +78470,7 @@ CVE-2019-13306 (ImageMagick 7.0.8-50 Q16 has a 
stack-based buffer overflow at co
        NOTE: later reverted by the CVE-2019-13305 fix which is the right one:
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
 CVE-2019-13305 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at 
coders/p ...)
-       {DSA-4712-1 DLA-1888-1}
+       {DSA-4715-1 DSA-4712-1 DLA-1888-1}
        - imagemagick 8:6.9.11.24+dfsg-1 (bug #931452)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1613
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2489633317815a688b4ee71e04f369273dcc768

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2489633317815a688b4ee71e04f369273dcc768
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to