Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
87b7fb87 by security tracker role at 2020-09-09T20:10:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,9 @@
-CVE-2020-25212 [nfs: Fix getxattr kernel panic and memory overflow]
+CVE-2020-25213 (The File Manager (wp-file-manager) plugin before 6.9 for
WordPress all ...)
+ TODO: check
+CVE-2020-25212 (A TOCTOU mismatch in the NFS client code in the Linux kernel
before 5. ...)
- linux 5.7.17-1
NOTE:
https://git.kernel.org/linus/b4487b93545214a9db8cbf32e86411677b0cca21
-CVE-2020-25211 [netfilter: ctnetlink: add a range check for l3/l4 protonum]
+CVE-2020-25211 (In the Linux kernel through 5.8.7, local attackers able to
inject conn ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6
CVE-2020-25210
@@ -310,7 +312,7 @@ CVE-2020-25073 (FreedomBox through 20.13 allows remote
attackers to obtain sensi
[stretch] - plinth <no-dsa> (Minor issue)
NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/1935
NOTE:
https://salsa.debian.org/freedombox-team/freedombox/-/commit/822c322d20d12f81c6cfca47b66f900542a5aac2
-CVE-2020-25068 (Setelsa Conacwin v3.7.1.2 is vulnerable to a local file
inclusion vuln ...)
+CVE-2020-25068 (** DISPUTED ** Setelsa Conacwin v3.7.1.2 is vulnerable to a
local file ...)
NOT-FOR-US: Setelsa Conacwin
CVE-2020-25067 (NETGEAR R8300 devices before 1.0.2.134 are affected by command
injecti ...)
NOT-FOR-US: Netgear
@@ -637,8 +639,7 @@ CVE-2020-24918
RESERVED
CVE-2020-24917 (osTicket before 1.14.3 allows XSS via a crafted filename to
DraftAjaxA ...)
NOT-FOR-US: osTicket
-CVE-2020-24916 [OS command injection in Yaws web server]
- RESERVED
+CVE-2020-24916 (CGI implementation in Yaws web server versions 1.81 to 2.0.7
is vulner ...)
- yaws 2.0.8+dfsg-1
NOTE:
https://github.com/erlyaws/yaws/commit/799b3b526d15b7a9bc43ae97165aeb085f18fac1
NOTE: https://github.com/vulnbe/poc-yaws-cgi-shell-injection
@@ -889,8 +890,8 @@ CVE-2020-24796
RESERVED
CVE-2020-24795
RESERVED
-CVE-2020-24794
- RESERVED
+CVE-2020-24794 (Cross Site Scripting (XSS) vulnerability in Kentico before
12.0.75. ...)
+ TODO: check
CVE-2020-24793
RESERVED
CVE-2020-24792
@@ -1373,8 +1374,8 @@ CVE-2020-24568
RESERVED
CVE-2020-24567 (** DISPUTED ** voidtools Everything before 1.4.1 Beta Nightly
2020-08- ...)
NOT-FOR-US: voidtools
-CVE-2020-24566
- RESERVED
+CVE-2020-24566 (In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before
2020.4. ...)
+ TODO: check
CVE-2020-24565
RESERVED
CVE-2020-24564
@@ -1765,8 +1766,7 @@ CVE-2020-24381 (** DISPUTED ** GUnet Open eClass Platform
(aka openeclass) throu
NOT-FOR-US: GUnet Open eClass Platform
CVE-2020-24380
RESERVED
-CVE-2020-24379 [XXE in Yaws web server]
- RESERVED
+CVE-2020-24379 (WebDAV implementation in Yaws web server versions 1.81 to
2.0.7 is vul ...)
- yaws 2.0.8+dfsg-1
NOTE:
https://github.com/erlyaws/yaws/commit/05a06345012598f5da55dbb4d041c8dc26e88e6c
NOTE: https://github.com/vulnbe/poc-yaws-dav-xxe
@@ -2176,19 +2176,19 @@ CVE-2020-24202 (File Upload component in Projects World
House Rental v1.0 suffer
CVE-2020-24201
RESERVED
CVE-2020-24200
- RESERVED
-CVE-2020-24199
- RESERVED
-CVE-2020-24198
- RESERVED
-CVE-2020-24197
- RESERVED
+ REJECTED
+CVE-2020-24199 (Arbitrary File Upload in the Vehicle Image Upload component in
Project ...)
+ TODO: check
+CVE-2020-24198 (A persistent cross-site scripting vulnerability in
Sourcecodester Stoc ...)
+ TODO: check
+CVE-2020-24197 (A SQL injection vulnerability in the login component in Stock
Manageme ...)
+ TODO: check
CVE-2020-24196 (An Arbitrary File Upload in Vehicle Image Upload in Online
Bike Rental ...)
NOT-FOR-US: Online Bike Rental
-CVE-2020-24195
- RESERVED
-CVE-2020-24194
- RESERVED
+CVE-2020-24195 (An Arbitrary File Upload in the Upload Image component in
Sourcecodest ...)
+ TODO: check
+CVE-2020-24194 (A Cross-site scripting (XSS) vulnerability in
'user-profile.php' in So ...)
+ TODO: check
CVE-2020-24193 (A SQL injection vulnerability in login in Sourcecodetester
Daily Track ...)
NOT-FOR-US: Sourcecodetester Daily Tracker System
CVE-2020-24192
@@ -2427,8 +2427,8 @@ CVE-2020-24076
RESERVED
CVE-2020-24075
RESERVED
-CVE-2020-24074
- RESERVED
+CVE-2020-24074 (The decode program in silk-v3-decoder Version:20160922 Build
By kn007 ...)
+ TODO: check
CVE-2020-24073
RESERVED
CVE-2020-24072
@@ -19278,22 +19278,22 @@ CVE-2020-15793
RESERVED
CVE-2020-15792
RESERVED
-CVE-2020-15791
- RESERVED
-CVE-2020-15790
- RESERVED
-CVE-2020-15789
- RESERVED
-CVE-2020-15788
- RESERVED
-CVE-2020-15787
- RESERVED
-CVE-2020-15786
- RESERVED
-CVE-2020-15785
- RESERVED
-CVE-2020-15784
- RESERVED
+CVE-2020-15791 (A vulnerability has been identified in SIMATIC S7-300 CPU
family (incl ...)
+ TODO: check
+CVE-2020-15790 (A vulnerability has been identified in Spectrum Power 4 (All
versions ...)
+ TODO: check
+CVE-2020-15789 (A vulnerability has been identified in Polarion Subversion
Webclient ( ...)
+ TODO: check
+CVE-2020-15788 (A vulnerability has been identified in Polarion Subversion
Webclient ( ...)
+ TODO: check
+CVE-2020-15787 (A vulnerability has been identified in SIMATIC HMI United
Comfort Pane ...)
+ TODO: check
+CVE-2020-15786 (A vulnerability has been identified in SIMATIC HMI Basic
Panels 2nd Ge ...)
+ TODO: check
+CVE-2020-15785 (A vulnerability has been identified in Siveillance Video
Client (All v ...)
+ TODO: check
+CVE-2020-15784 (A vulnerability has been identified in Spectrum Power 4 (All
versions ...)
+ TODO: check
CVE-2020-15783
RESERVED
CVE-2020-15782
@@ -20841,8 +20841,8 @@ CVE-2020-15165 (Version 1.1.6-free of Chameleon Mini
Live Debugger on Google Pla
NOT-FOR-US: Chameleon Mini Live Debugger
CVE-2020-15164 (in Scratch Login (MediaWiki extension) before version 1.1, any
account ...)
NOT-FOR-US: Scrach Login MediaWiki extension
-CVE-2020-15163
- RESERVED
+CVE-2020-15163 (Python TUF (The Update Framework) reference implementation
before vers ...)
+ TODO: check
CVE-2020-15162
RESERVED
CVE-2020-15161
@@ -22914,8 +22914,7 @@ CVE-2020-14385 [xfs: fix boundary test in
xfs_attr_shortform_verify]
- linux 5.8.7-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/f4020438fab05364018c91f7e02ebdd192085933
-CVE-2020-14384
- RESERVED
+CVE-2020-14384 (A flaw was found in JBossWeb in versions before
7.5.31.Final-redhat-3. ...)
NOT-FOR-US: JBossWeb
CVE-2020-14383
RESERVED
@@ -23089,8 +23088,7 @@ CVE-2020-14343 [.load() and FullLoader still vulnerable
to fairly trivial RCE]
[stretch] - pyyaml <not-affected> (Vulnerable code not present)
NOTE: https://github.com/yaml/pyyaml/issues/420
NOTE: CVE is for an incomplete fix of CVE-2020-1747.
-CVE-2020-14342 [shell command injection in mount.cifs]
- RESERVED
+CVE-2020-14342 (It was found that cifs-utils' mount.cifs was invoking a shell
when req ...)
- cifs-utils <unfixed>
[buster] - cifs-utils <no-dsa> (Minor issue)
[stretch] - cifs-utils <no-dsa> (Minor issue)
@@ -23271,8 +23269,8 @@ CVE-2020-14294
RESERVED
CVE-2020-14293
RESERVED
-CVE-2020-14292
- RESERVED
+CVE-2020-14292 (In the COVIDSafe application through 1.0.21 for Android,
unsafe use of ...)
+ TODO: check
CVE-2020-14291
RESERVED
CVE-2020-14290
@@ -26301,8 +26299,8 @@ CVE-2019-20797 (An issue was discovered in e6y
prboom-plus 2.5.1.5. There is a b
NOTE: https://logicaltrust.net/blog/2019/10/prboom1.html
NOTE: https://sourceforge.net/p/prboom-plus/bugs/252/
NOTE: https://sourceforge.net/p/prboom-plus/bugs/253/
-CVE-2020-13127
- RESERVED
+CVE-2020-13127 (A SQL injection vulnerability at a tpf URI in Loway
QueueMetrics befor ...)
+ TODO: check
CVE-2020-13126 (An issue was discovered in the Elementor Pro plugin before
2.9.4 for W ...)
NOT-FOR-US: Elementor Pro plugin for WordPress
CVE-2020-13125 (An issue was discovered in the "Ultimate Addons for Elementor"
plugin ...)
@@ -29215,8 +29213,7 @@ CVE-2020-11988
RESERVED
CVE-2020-11987
RESERVED
-CVE-2020-11986
- RESERVED
+CVE-2020-11986 (To be able to analyze gradle projects, the build scripts need
to be ex ...)
- netbeans <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/2
CVE-2020-11985 (IP address spoofing when proxying using mod_remoteip and
mod_rewrite F ...)
@@ -35717,8 +35714,8 @@ CVE-2019-20490 (cPanel before 82.0.18 allows
authentication bypass because webma
NOT-FOR-US: cPanel
CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due
to broke ...)
NOT-FOR-US: GeniXCMS
-CVE-2020-10056
- RESERVED
+CVE-2020-10056 (A vulnerability has been identified in License Management
Utility (LMU ...)
+ TODO: check
CVE-2020-10055 (A vulnerability has been identified in Desigo CC (V4.x),
Desigo CC (V3 ...)
NOT-FOR-US: Desigo
CVE-2020-10054
@@ -35727,12 +35724,12 @@ CVE-2020-10053
RESERVED
CVE-2020-10052
RESERVED
-CVE-2020-10051
- RESERVED
-CVE-2020-10050
- RESERVED
-CVE-2020-10049
- RESERVED
+CVE-2020-10051 (A vulnerability has been identified in SIMATIC RTLS Locating
Manager ( ...)
+ TODO: check
+CVE-2020-10050 (A vulnerability has been identified in SIMATIC RTLS Locating
Manager ( ...)
+ TODO: check
+CVE-2020-10049 (A vulnerability has been identified in SIMATIC RTLS Locating
Manager ( ...)
+ TODO: check
CVE-2020-10048
RESERVED
CVE-2020-10047
@@ -41382,6 +41379,7 @@ CVE-2020-7731
CVE-2020-7730 (The package bestzip before 2.1.7 are vulnerable to Command
Injection v ...)
NOT-FOR-US: bestzip nodejs module
CVE-2020-7729 (The package grunt before 1.3.0 are vulnerable to Arbitrary Code
Execut ...)
+ {DLA-2368-1}
- grunt 1.3.0-1 (bug #969668)
[buster] - grunt <no-dsa> (Minor issue)
NOTE:
https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7
@@ -42265,20 +42263,20 @@ CVE-2020-7327
RESERVED
CVE-2020-7326
RESERVED
-CVE-2020-7325
- RESERVED
-CVE-2020-7324
- RESERVED
-CVE-2020-7323
- RESERVED
-CVE-2020-7322
- RESERVED
+CVE-2020-7325 (Privilege Escalation vulnerability in McAfee MVISION Endpoint
prior to ...)
+ TODO: check
+CVE-2020-7324 (Improper Access Control vulnerability in McAfee MVISION
Endpoint prior ...)
+ TODO: check
+CVE-2020-7323 (Authentication Protection Bypass vulnerability in McAfee
Endpoint Secu ...)
+ TODO: check
+CVE-2020-7322 (Information Disclosure Vulnerability in McAfee Endpoint
Security (ENS) ...)
+ TODO: check
CVE-2020-7321
RESERVED
-CVE-2020-7320
- RESERVED
-CVE-2020-7319
- RESERVED
+CVE-2020-7320 (Protection Mechanism Failure vulnerability in McAfee Endpoint
Security ...)
+ TODO: check
+CVE-2020-7319 (Improper Access Control vulnerability in McAfee Endpoint
Security (ENS ...)
+ TODO: check
CVE-2020-7318
RESERVED
CVE-2020-7317
@@ -42736,7 +42734,7 @@ CVE-2020-7121
RESERVED
CVE-2020-7120
RESERVED
-CVE-2020-7119 (A vulnerability exists in the Aruba ClearPass C1000 S-1200 R4
HW-Based ...)
+CVE-2020-7119 (A vulnerability exists in the Aruba Analytics and Location
Engine (ALE ...)
NOT-FOR-US: Aruba
CVE-2020-7118
RESERVED
@@ -42852,8 +42850,7 @@ CVE-2020-7070
RESERVED
CVE-2020-7069
RESERVED
-CVE-2020-7068
- RESERVED
+CVE-2020-7068 (In PHP versions 7.2.x below 7.3.21, 7.3.x below 7.3.21 and
7.4.x below ...)
{DLA-2345-1}
- php7.4 7.4.9-1
- php7.3 <removed>
@@ -45019,108 +45016,108 @@ CVE-2020-6363
RESERVED
CVE-2020-6362
RESERVED
-CVE-2020-6361
- RESERVED
-CVE-2020-6360
- RESERVED
-CVE-2020-6359
- RESERVED
-CVE-2020-6358
- RESERVED
-CVE-2020-6357
- RESERVED
-CVE-2020-6356
- RESERVED
-CVE-2020-6355
- RESERVED
-CVE-2020-6354
- RESERVED
-CVE-2020-6353
- RESERVED
-CVE-2020-6352
- RESERVED
-CVE-2020-6351
- RESERVED
-CVE-2020-6350
- RESERVED
-CVE-2020-6349
- RESERVED
-CVE-2020-6348
- RESERVED
-CVE-2020-6347
- RESERVED
-CVE-2020-6346
- RESERVED
-CVE-2020-6345
- RESERVED
-CVE-2020-6344
- RESERVED
-CVE-2020-6343
- RESERVED
-CVE-2020-6342
- RESERVED
-CVE-2020-6341
- RESERVED
-CVE-2020-6340
- RESERVED
-CVE-2020-6339
- RESERVED
-CVE-2020-6338
- RESERVED
-CVE-2020-6337
- RESERVED
-CVE-2020-6336
- RESERVED
-CVE-2020-6335
- RESERVED
-CVE-2020-6334
- RESERVED
-CVE-2020-6333
- RESERVED
-CVE-2020-6332
- RESERVED
-CVE-2020-6331
- RESERVED
-CVE-2020-6330
- RESERVED
-CVE-2020-6329
- RESERVED
-CVE-2020-6328
- RESERVED
-CVE-2020-6327
- RESERVED
-CVE-2020-6326
- RESERVED
+CVE-2020-6361 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6360 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6359 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6358 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6357 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6356 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6355 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6354 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6353 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6352 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6351 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6350 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6349 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6348 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6347 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6346 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6345 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6344 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6343 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6342 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6341 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6340 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6339 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6338 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6337 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6336 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6335 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6334 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6333 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6332 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6331 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6330 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6329 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6328 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6327 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6326 (SAP NetWeaver (Knowledge Management),
version-7.30,7.31,7.40,7.50, all ...)
+ TODO: check
CVE-2020-6325
RESERVED
-CVE-2020-6324
- RESERVED
+CVE-2020-6324 (SAP Netweaver AS ABAP(BSP Test Application sbspext_table),
version-700 ...)
+ TODO: check
CVE-2020-6323
RESERVED
-CVE-2020-6322
- RESERVED
-CVE-2020-6321
- RESERVED
-CVE-2020-6320
- RESERVED
+CVE-2020-6322 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6321 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6320 (SAP Marketing (Servlet), version-130,140,150, allows an
authenticated ...)
+ TODO: check
CVE-2020-6319
RESERVED
-CVE-2020-6318
- RESERVED
+CVE-2020-6318 (A Remote Code Execution vulnerability exists in the SAP
NetWeaver (ABA ...)
+ TODO: check
CVE-2020-6317
RESERVED
CVE-2020-6316
RESERVED
CVE-2020-6315
RESERVED
-CVE-2020-6314
- RESERVED
-CVE-2020-6313
- RESERVED
-CVE-2020-6312
- RESERVED
-CVE-2020-6311
- RESERVED
+CVE-2020-6314 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6313 (SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30,
7.31, ...)
+ TODO: check
+CVE-2020-6312 (SAP BusinessObjects Business Intelligence Platform (Web
Intelligence H ...)
+ TODO: check
+CVE-2020-6311 (Banking services from SAP 9.0 (Bank Analyzer), version - 500,
and SAP ...)
+ TODO: check
CVE-2020-6310 (Improper access control in SOA Configuration Trace component in
SAP Ne ...)
NOT-FOR-US: SAP
CVE-2020-6309 (SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10,
7.11, 7. ...)
@@ -45137,8 +45134,8 @@ CVE-2020-6304 (Improper input validation in SAP
NetWeaver Internet Communication
NOT-FOR-US: SAP
CVE-2020-6303 (SAP Disclosure Management, before version 10.1, does not
validate user ...)
NOT-FOR-US: SAP
-CVE-2020-6302
- RESERVED
+CVE-2020-6302 (SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the
jSessio ...)
+ TODO: check
CVE-2020-6301 (SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604,
605, 6 ...)
NOT-FOR-US: SAP
CVE-2020-6300 (SAP Business Objects Business Intelligence Platform (Central
Managemen ...)
@@ -45165,8 +45162,8 @@ CVE-2020-6290 (SAP Disclosure Management, version 10.1,
is vulnerable to Session
NOT-FOR-US: SAP
CVE-2020-6289 (SAP Disclosure Management, version 10.1, had insufficient
protection a ...)
NOT-FOR-US: SAP
-CVE-2020-6288
- RESERVED
+CVE-2020-6288 (SAP Business Objects Business Intelligence Platform (Web
Intelligence ...)
+ TODO: check
CVE-2020-6287 (SAP NetWeaver AS JAVA (LM Configuration Wizard), versions -
7.30, 7.31 ...)
NOT-FOR-US: SAP
CVE-2020-6286 (The insufficient input path validation of certain parameter in
the web ...)
@@ -45175,8 +45172,8 @@ CVE-2020-6285 (SAP NetWeaver - XML Toolkit for JAVA
(ENGINEAPI) (versions- 7.10,
NOT-FOR-US: SAP
CVE-2020-6284 (SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31,
7.40, 7.5 ...)
NOT-FOR-US: SAP
-CVE-2020-6283
- RESERVED
+CVE-2020-6283 (SAP Fiori Launchpad does not sufficiently encode user
controlled input ...)
+ TODO: check
CVE-2020-6282 (SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions
7.10, 7.11 ...)
NOT-FOR-US: SAP
CVE-2020-6281 (SAP Business Objects Business Intelligence Platform (BI
Launchpad), ve ...)
@@ -46598,8 +46595,8 @@ CVE-2020-5629
RESERVED
CVE-2020-5628
RESERVED
-CVE-2020-5627
- RESERVED
+CVE-2020-5627 (Yodobashi App for Android versions 1.8.7 and earlier allows
remote att ...)
+ TODO: check
CVE-2020-5626
RESERVED
CVE-2020-5625 (Cross-site scripting vulnerability in XooNIps 3.48 and earlier
allows ...)
@@ -56331,24 +56328,24 @@ CVE-2020-2046
RESERVED
CVE-2020-2045
RESERVED
-CVE-2020-2044
- RESERVED
-CVE-2020-2043
- RESERVED
-CVE-2020-2042
- RESERVED
-CVE-2020-2041
- RESERVED
-CVE-2020-2040
- RESERVED
-CVE-2020-2039
- RESERVED
-CVE-2020-2038
- RESERVED
-CVE-2020-2037
- RESERVED
-CVE-2020-2036
- RESERVED
+CVE-2020-2044 (An information exposure through log file vulnerability where an
admini ...)
+ TODO: check
+CVE-2020-2043 (An information exposure through log file vulnerability where
sensitive ...)
+ TODO: check
+CVE-2020-2042 (A buffer overflow vulnerability in the PAN-OS management web
interface ...)
+ TODO: check
+CVE-2020-2041 (An insecure configuration of the appweb daemon of Palo Alto
Networks P ...)
+ TODO: check
+CVE-2020-2040 (A buffer overflow vulnerability in PAN-OS allows an
unauthenticated at ...)
+ TODO: check
+CVE-2020-2039 (An uncontrolled resource consumption vulnerability in Palo Alto
Networ ...)
+ TODO: check
+CVE-2020-2038 (An OS Command Injection vulnerability in the PAN-OS management
interfa ...)
+ TODO: check
+CVE-2020-2037 (An OS Command Injection vulnerability in the PAN-OS management
interfa ...)
+ TODO: check
+CVE-2020-2036 (A reflected cross-site scripting (XSS) vulnerability exists in
the PAN ...)
+ TODO: check
CVE-2020-2035 (When SSL/TLS Forward Proxy Decryption mode has been configured
to decr ...)
NOT-FOR-US: Palo Alto Networks
CVE-2020-2034 (An OS Command Injection vulnerability in the PAN-OS
GlobalProtect port ...)
@@ -56624,8 +56621,7 @@ CVE-2020-1970
RESERVED
CVE-2020-1969
RESERVED
-CVE-2020-1968
- RESERVED
+CVE-2020-1968 (The Raccoon attack exploits a flaw in the TLS specification
which can ...)
- openssl 1.1.1g-1
- openssl1.0 <removed>
NOTE: Marking the first openssl 1.1.1 version in unstable as the fixed
version in sid
@@ -56964,10 +56960,10 @@ CVE-2020-1915
RESERVED
CVE-2020-1914
RESERVED
-CVE-2020-1913
- RESERVED
-CVE-2020-1912
- RESERVED
+CVE-2020-1913 (An Integer signedness error in the JavaScript Interpreter in
Facebook ...)
+ TODO: check
+CVE-2020-1912 (An out-of-bounds read/write vulnerability when executing lazily
compil ...)
+ TODO: check
CVE-2020-1911 (A type confusion vulnerability when resolving properties of
JavaScript ...)
NOT-FOR-US: Facebook Hermes
CVE-2020-1910
@@ -57730,8 +57726,7 @@ CVE-2020-1751 (An out-of-bounds write vulnerability was
found in glibc before 2.
CVE-2020-1750
RESERVED
NOT-FOR-US: OpenShift machine-config-operator
-CVE-2020-1749 [net: ipv6_stub: use ip6_dst_lookup_flow instead of
ip6_dst_lookup]
- RESERVED
+CVE-2020-1749 (A flaw was found in the Linux kernel's implementation of some
networki ...)
{DLA-2241-1}
- linux 5.4.6-1
[buster] - linux 4.19.118-1
@@ -122801,26 +122796,26 @@ CVE-2018-17776 (PCProtect Anti-Virus v4.8.35 has
"Everyone: (F)" permission for
NOT-FOR-US: PCProtect Anti-Virus
CVE-2018-17775 (Seqrite End Point Security v7.4 has "Everyone: (F)" permission
for %PR ...)
NOT-FOR-US: Seqrite End Point Security
-CVE-2018-17774
- RESERVED
-CVE-2018-17773
- RESERVED
-CVE-2018-17772
- RESERVED
-CVE-2018-17771
- RESERVED
-CVE-2018-17770
- RESERVED
-CVE-2018-17769
- RESERVED
-CVE-2018-17768
- RESERVED
-CVE-2018-17767
- RESERVED
-CVE-2018-17766
- RESERVED
-CVE-2018-17765
- RESERVED
+CVE-2018-17774 (Ingenico Telium 2 POS terminals have an insecure NTPT3
protocol. This ...)
+ TODO: check
+CVE-2018-17773 (Ingenico Telium 2 POS terminals have a buffer overflow via
SOCKET_TASK ...)
+ TODO: check
+CVE-2018-17772 (Ingenico Telium 2 POS terminals allow arbitrary code execution
via the ...)
+ TODO: check
+CVE-2018-17771 (Ingenico Telium 2 POS terminals have hardcoded FTP
credentials. This i ...)
+ TODO: check
+CVE-2018-17770 (Ingenico Telium 2 POS terminals have a buffer overflow via the
RemoteP ...)
+ TODO: check
+CVE-2018-17769 (Ingenico Telium 2 POS terminals have a buffer overflow via the
0x26 co ...)
+ TODO: check
+CVE-2018-17768 (Ingenico Telium 2 POS terminals have an insecure TRACE
protocol. This ...)
+ TODO: check
+CVE-2018-17767 (Ingenico Telium 2 POS terminals have hardcoded PPP
credentials. This i ...)
+ TODO: check
+CVE-2018-17766 (Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading
restrict ...)
+ TODO: check
+CVE-2018-17765 (Ingenico Telium 2 POS terminals have undeclared TRACE protocol
command ...)
+ TODO: check
CVE-2018-17764
RESERVED
CVE-2018-17763
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87b7fb870e9e9ec0dc81a5a0454cbee036bfc123
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87b7fb870e9e9ec0dc81a5a0454cbee036bfc123
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
