Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5949979a by security tracker role at 2020-08-25T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2020-24622 (In Sonatype Nexus Repository 3.26.1, an S3 secret key can be
exposed b ...)
+ TODO: check
+CVE-2020-24621
+ RESERVED
+CVE-2020-24620
+ RESERVED
+CVE-2020-24619
+ RESERVED
+CVE-2020-24618
+ RESERVED
+CVE-2020-24617
+ RESERVED
+CVE-2020-24616 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the
interact ...)
+ TODO: check
+CVE-2020-24615
+ RESERVED
CVE-2020-24613 (wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the
WAIT_CERT_C ...)
- wolfssl <unfixed>
NOTE:
https://research.nccgroup.com/2020/08/24/technical-advisory-wolfssl-tls-1-3-client-man-in-the-middle-attack/
@@ -7,8 +23,8 @@ CVE-2020-24611
RESERVED
CVE-2020-24610
RESERVED
-CVE-2020-24609
- RESERVED
+CVE-2020-24609 (TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5 has XSS
which can r ...)
+ TODO: check
CVE-2020-24608
RESERVED
CVE-2020-24607
@@ -115,7 +131,7 @@ CVE-2020-24557
RESERVED
CVE-2020-24556
RESERVED
-CVE-2020-24614 [fossil RCE]
+CVE-2020-24614 (Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before
2.12.1 a ...)
- fossil 1:2.12.1-1
NOTE: https://www.openwall.com/lists/oss-security/2020/08/20/1
NOTE: https://fossil-scm.org/forum/info/a05ae3ce7760daf6
@@ -520,7 +536,7 @@ CVE-2020-24366
RESERVED
CVE-2020-24365
RESERVED
-CVE-2020-24364 (MineTime through 1.8.5 allows XSS via the notes field in a
meeting inv ...)
+CVE-2020-24364 (MineTime through 1.8.5 allows arbitrary command execution via
the note ...)
NOT-FOR-US: MineTime
CVE-2020-24363
RESERVED
@@ -786,12 +802,12 @@ CVE-2020-24244
RESERVED
CVE-2020-24243
RESERVED
-CVE-2020-24242
- RESERVED
-CVE-2020-24241
- RESERVED
-CVE-2020-24240
- RESERVED
+CVE-2020-24242 (In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in
tok_tex ...)
+ TODO: check
+CVE-2020-24241 (In Netwide Assembler (NASM) 2.15rc10, there is heap
use-after-free in ...)
+ TODO: check
+CVE-2020-24240 (GNU Bison 3.7 has a use after free (UAF) vulnerability. A
local attack ...)
+ TODO: check
CVE-2020-24239
RESERVED
CVE-2020-24238
@@ -14195,7 +14211,7 @@ CVE-2020-17540
CVE-2020-17539
RESERVED
CVE-2020-17538 (A buffer overflow vulnerability in GetNumSameData() in
contrib/lips4/g ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701792
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134
(9.51)
@@ -14524,12 +14540,12 @@ CVE-2020-17388
RESERVED
CVE-2020-17387
RESERVED
-CVE-2020-17386
- RESERVED
-CVE-2020-17385
- RESERVED
-CVE-2020-17384
- RESERVED
+CVE-2020-17386 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL
inputte ...)
+ TODO: check
+CVE-2020-17385 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL
inputte ...)
+ TODO: check
+CVE-2020-17384 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL
inputte ...)
+ TODO: check
CVE-2020-17383
RESERVED
CVE-2020-17382
@@ -16697,126 +16713,126 @@ CVE-2020-16312
CVE-2020-16311
RESERVED
CVE-2020-16310 (A division by zero vulnerability in dot24_print_page() in
devices/gdev ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701828
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=eaba1d97b62831b42c51840cc8ee2bc4576c942e
(9.51)
CVE-2020-16309 (A buffer overflow vulnerability in lxm5700m_print_page() in
devices/gd ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701827
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6f7464dddc689386668a38b92dfd03cc1b38a10
(9.51)
NOTE: PoC requires de8b6458abaeb9d0b14f02377f3e617f2854e647 (9.27) to
trigger
CVE-2020-16308 (A buffer overflow vulnerability in p_print_image() in
devices/gdevcdj. ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701829
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=af004276fd8f6c305727183c159b83021020f7d6
(9.51)
CVE-2020-16307 (A null pointer dereference vulnerability in
devices/vector/gdevtxtw.c ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701822
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=407c98a38c3a6ac1681144ed45cc2f4fc374c91f
(9.51)
CVE-2020-16306 (A null pointer dereference vulnerability in devices/gdevtsep.c
of Arti ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=aadb53eb834b3def3ef68d78865ff87a68901804
(9.51)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701821
CVE-2020-16305 (A buffer overflow vulnerability in pcx_write_rle() in
contrib/japanese ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701819
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2793769ff107d8d22dadd30c6e68cd781b569550
(9.51)
CVE-2020-16304 (A buffer overflow vulnerability in image_render_color_thresh()
in base ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=027c546e0dd11e0526f1780a7f3c2c66acffe209
(9.51)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701816
NOTE: PoC requires de8b6458abaeb9d0b14f02377f3e617f2854e647 (9.27) to
trigger
CVE-2020-16303 (A use-after-free vulnerability in xps_finish_image_path() in
devices/v ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701818
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=94d8955cb7725eb5f3557ddc02310c76124fdd1a
(9.51)
CVE-2020-16302 (A buffer overflow vulnerability in jetp3852_print_page() in
devices/gd ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701815
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=366ad48d076c1aa4c8f83c65011258a04e348207
(9.51)
CVE-2020-16301 (A buffer overflow vulnerability in okiibm_print_page1() in
devices/gde ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701808
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f54414c8b15b2c27d1dcadd92cfe84f6d15f18dc
(9.51)
CVE-2020-16300 (A buffer overflow vulnerability in tiff12_print_page() in
devices/gdev ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701807
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=714e8995cd582d418276915cbbec3c70711fb19e
(9.51)
CVE-2020-16299 (A Division by Zero vulnerability in bj10v_print_page() in
contrib/japa ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701801
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=19cebe708b9ee3d9e0f8bcdd79dbc6ef9ddc70d2
(9.51)
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4fcbece468706e0e89ed2856729b2ccacbc112be
(9.51)
CVE-2020-16298 (A buffer overflow vulnerability in mj_color_correct() in
contrib/japan ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701799
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=849e74e5ab450dd581942192da7101e0664fa5af
(9.51)
CVE-2020-16297 (A buffer overflow vulnerability in FloydSteinbergDitheringC()
in contr ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701800
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=bf72f1a3dd5392ee8291e3b1518a0c2c5dc6ba39
(9.51)
CVE-2020-16296 (A buffer overflow vulnerability in GetNumWrongData() in
contrib/lips4/ ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701792
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134
(9.51)
NOTE: chunk #2, see also CVE-2020-17538
CVE-2020-16295 (A null pointer dereference vulnerability in clj_media_size()
in device ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;h=2c2dc335c212750e0fb8ae157063bc06cafa8d3e
(9.51)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701796
CVE-2020-16294 (A buffer overflow vulnerability in epsc_print_page() in
devices/gdevep ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701794
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=89f58f1aa95b3482cadf6977da49457194ee5358
(9.51)
CVE-2020-16293 (A null pointer dereference vulnerability in
compose_group_nonknockout_ ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701795
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7870f4951bcc6a153f317e3439e14d0e929fd231
(9.51)
CVE-2020-16292 (A buffer overflow vulnerability in mj_raster_cmd() in
contrib/japanese ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701793
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=863ada11f9a942a622a581312e2be022d9e2a6f7
(9.51)
CVE-2020-16291 (A buffer overflow vulnerability in contrib/gdevdj9.c of
Artifex Softwa ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;h=4f73e8b4d578e69a17f452fa60d2130c5faaefd6
(9.51)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701787
CVE-2020-16290 (A buffer overflow vulnerability in jetp3852_print_page() in
devices/gd ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;h=93cb0c0adbd9bcfefd021d59c472388f67d3300d
(9.51)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701786
CVE-2020-16289 (A buffer overflow vulnerability in cif_print_page() in
devices/gdevcif ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701788
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d31e25ed5b130499e0d880e4609b1b4824699768
(9.51)
CVE-2020-16288 (A buffer overflow vulnerability in pj_common_print_page() in
devices/g ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;h=aba3375ac24f8e02659d9b1eb9093909618cdb9f
(9.51)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701791
CVE-2020-16287 (A buffer overflow vulnerability in lprn_is_black() in
contrib/lips4/gd ...)
- {DLA-2335-1}
+ {DSA-4748-1 DLA-2335-1}
- ghostscript 9.51~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701785
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=450da26a76286a8342ec0864b3d113856709f8f6
(9.51)
@@ -16910,8 +16926,8 @@ CVE-2020-16247
RESERVED
CVE-2020-16246
RESERVED
-CVE-2020-16245
- RESERVED
+CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product
is vulne ...)
+ TODO: check
CVE-2020-16244
RESERVED
CVE-2020-16243
@@ -17006,8 +17022,8 @@ CVE-2020-16199 (Delta Industrial Automation CNCSoft
ScreenEditor, Versions 1.01.
NOT-FOR-US: Delta Industrial Automation
CVE-2020-16198
RESERVED
-CVE-2020-16197
- RESERVED
+CVE-2020-16197 (An issue was discovered in Octopus Deploy 3.4. A deployment
target can ...)
+ TODO: check
CVE-2020-16196
RESERVED
CVE-2020-16195
@@ -20909,12 +20925,12 @@ CVE-2020-14526
RESERVED
CVE-2020-14525
RESERVED
-CVE-2020-14524
- RESERVED
+CVE-2020-14524 (Softing Industrial Automation all versions prior to the latest
build o ...)
+ TODO: check
CVE-2020-14523
RESERVED
-CVE-2020-14522
- RESERVED
+CVE-2020-14522 (Softing Industrial Automation all versions prior to the latest
build o ...)
+ TODO: check
CVE-2020-14521
RESERVED
CVE-2020-14520 (The affected product is vulnerable to an information leak,
which may a ...)
@@ -20933,16 +20949,16 @@ CVE-2020-14514
RESERVED
CVE-2020-14513
RESERVED
-CVE-2020-14512
- RESERVED
+CVE-2020-14512 (GateManager versions prior to 9.2c, The affected product uses
a weak h ...)
+ TODO: check
CVE-2020-14511 (Malicious operation of the crafted web browser cookie may
cause a stac ...)
NOT-FOR-US: EDR routers
-CVE-2020-14510
- RESERVED
+CVE-2020-14510 (GateManager versions prior to 9.2c, The affected product
contains a ha ...)
+ TODO: check
CVE-2020-14509
RESERVED
-CVE-2020-14508
- RESERVED
+CVE-2020-14508 (GateManager versions prior to 9.2c, The affected product is
vulnerable ...)
+ TODO: check
CVE-2020-14507 (Advantech iView, versions 5.6 and prior, is vulnerable to
multiple pat ...)
NOT-FOR-US: Advantech
CVE-2020-14506
@@ -20957,8 +20973,8 @@ CVE-2020-14502
RESERVED
CVE-2020-14501 (Advantech iView, versions 5.6 and prior, has an improper
authenticatio ...)
NOT-FOR-US: Advantech
-CVE-2020-14500
- RESERVED
+CVE-2020-14500 (Secomea GateManager all versions prior to 9.2c, An attacker
can send a ...)
+ TODO: check
CVE-2020-14499 (Advantech iView, versions 5.6 and prior, has an improper
access contro ...)
NOT-FOR-US: Advantech
CVE-2020-14498
@@ -22448,8 +22464,8 @@ CVE-2020-14044 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED
** A Server-Side Request
NOT-FOR-US: Codiad
CVE-2020-14043 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request
Forgery ...)
NOT-FOR-US: Codiad
-CVE-2020-14042
- RESERVED
+CVE-2020-14042 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site
Scripting (XSS) ...)
+ TODO: check
CVE-2020-14041
RESERVED
CVE-2020-14040 (The x/text package before 0.3.3 for Go has a vulnerability in
encoding ...)
@@ -39651,8 +39667,8 @@ CVE-2020-7826 (EyeSurfer BflyInstallerX.ocx v1.0.0.16
and earlier versions conta
NOT-FOR-US: EyeSurfer BflyInstallerX.ocx
CVE-2020-7825 (A vulnerability exists that could allow the execution of
operating sys ...)
NOT-FOR-US: MiPlatform
-CVE-2020-7824
- RESERVED
+CVE-2020-7824 (A vulnerability in the web-based management interface of iPECS
could a ...)
+ TODO: check
CVE-2020-7823 (DaviewIndy has a Memory corruption vulnerability, triggered
when the u ...)
NOT-FOR-US: DaviewIndy
CVE-2020-7822 (DaviewIndy has a Heap-based overflow vulnerability, triggered
when the ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5949979ab5f737cb9f11986c8ac3c6ae4d29c533
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5949979ab5f737cb9f11986c8ac3c6ae4d29c533
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
