Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
87b7fb87 by security tracker role at 2020-09-09T20:10:35+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,9 @@
-CVE-2020-25212 [nfs: Fix getxattr kernel panic and memory overflow]
+CVE-2020-25213 (The File Manager (wp-file-manager) plugin before 6.9 for 
WordPress all ...)
+       TODO: check
+CVE-2020-25212 (A TOCTOU mismatch in the NFS client code in the Linux kernel 
before 5. ...)
        - linux 5.7.17-1
        NOTE: 
https://git.kernel.org/linus/b4487b93545214a9db8cbf32e86411677b0cca21
-CVE-2020-25211 [netfilter: ctnetlink: add a range check for l3/l4 protonum]
+CVE-2020-25211 (In the Linux kernel through 5.8.7, local attackers able to 
inject conn ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6
 CVE-2020-25210
@@ -310,7 +312,7 @@ CVE-2020-25073 (FreedomBox through 20.13 allows remote 
attackers to obtain sensi
        [stretch] - plinth <no-dsa> (Minor issue)
        NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/1935
        NOTE: 
https://salsa.debian.org/freedombox-team/freedombox/-/commit/822c322d20d12f81c6cfca47b66f900542a5aac2
-CVE-2020-25068 (Setelsa Conacwin v3.7.1.2 is vulnerable to a local file 
inclusion vuln ...)
+CVE-2020-25068 (** DISPUTED ** Setelsa Conacwin v3.7.1.2 is vulnerable to a 
local file ...)
        NOT-FOR-US: Setelsa Conacwin
 CVE-2020-25067 (NETGEAR R8300 devices before 1.0.2.134 are affected by command 
injecti ...)
        NOT-FOR-US: Netgear
@@ -637,8 +639,7 @@ CVE-2020-24918
        RESERVED
 CVE-2020-24917 (osTicket before 1.14.3 allows XSS via a crafted filename to 
DraftAjaxA ...)
        NOT-FOR-US: osTicket
-CVE-2020-24916 [OS command injection in Yaws web server]
-       RESERVED
+CVE-2020-24916 (CGI implementation in Yaws web server versions 1.81 to 2.0.7 
is vulner ...)
        - yaws 2.0.8+dfsg-1
        NOTE: 
https://github.com/erlyaws/yaws/commit/799b3b526d15b7a9bc43ae97165aeb085f18fac1
        NOTE: https://github.com/vulnbe/poc-yaws-cgi-shell-injection
@@ -889,8 +890,8 @@ CVE-2020-24796
        RESERVED
 CVE-2020-24795
        RESERVED
-CVE-2020-24794
-       RESERVED
+CVE-2020-24794 (Cross Site Scripting (XSS) vulnerability in Kentico before 
12.0.75. ...)
+       TODO: check
 CVE-2020-24793
        RESERVED
 CVE-2020-24792
@@ -1373,8 +1374,8 @@ CVE-2020-24568
        RESERVED
 CVE-2020-24567 (** DISPUTED ** voidtools Everything before 1.4.1 Beta Nightly 
2020-08- ...)
        NOT-FOR-US: voidtools
-CVE-2020-24566
-       RESERVED
+CVE-2020-24566 (In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 
2020.4. ...)
+       TODO: check
 CVE-2020-24565
        RESERVED
 CVE-2020-24564
@@ -1765,8 +1766,7 @@ CVE-2020-24381 (** DISPUTED ** GUnet Open eClass Platform 
(aka openeclass) throu
        NOT-FOR-US: GUnet Open eClass Platform
 CVE-2020-24380
        RESERVED
-CVE-2020-24379 [XXE in Yaws web server]
-       RESERVED
+CVE-2020-24379 (WebDAV implementation in Yaws web server versions 1.81 to 
2.0.7 is vul ...)
        - yaws 2.0.8+dfsg-1
        NOTE: 
https://github.com/erlyaws/yaws/commit/05a06345012598f5da55dbb4d041c8dc26e88e6c
        NOTE: https://github.com/vulnbe/poc-yaws-dav-xxe
@@ -2176,19 +2176,19 @@ CVE-2020-24202 (File Upload component in Projects World 
House Rental v1.0 suffer
 CVE-2020-24201
        RESERVED
 CVE-2020-24200
-       RESERVED
-CVE-2020-24199
-       RESERVED
-CVE-2020-24198
-       RESERVED
-CVE-2020-24197
-       RESERVED
+       REJECTED
+CVE-2020-24199 (Arbitrary File Upload in the Vehicle Image Upload component in 
Project ...)
+       TODO: check
+CVE-2020-24198 (A persistent cross-site scripting vulnerability in 
Sourcecodester Stoc ...)
+       TODO: check
+CVE-2020-24197 (A SQL injection vulnerability in the login component in Stock 
Manageme ...)
+       TODO: check
 CVE-2020-24196 (An Arbitrary File Upload in Vehicle Image Upload in Online 
Bike Rental ...)
        NOT-FOR-US: Online Bike Rental
-CVE-2020-24195
-       RESERVED
-CVE-2020-24194
-       RESERVED
+CVE-2020-24195 (An Arbitrary File Upload in the Upload Image component in 
Sourcecodest ...)
+       TODO: check
+CVE-2020-24194 (A Cross-site scripting (XSS) vulnerability in 
'user-profile.php' in So ...)
+       TODO: check
 CVE-2020-24193 (A SQL injection vulnerability in login in Sourcecodetester 
Daily Track ...)
        NOT-FOR-US: Sourcecodetester Daily Tracker System
 CVE-2020-24192
@@ -2427,8 +2427,8 @@ CVE-2020-24076
        RESERVED
 CVE-2020-24075
        RESERVED
-CVE-2020-24074
-       RESERVED
+CVE-2020-24074 (The decode program in silk-v3-decoder Version:20160922 Build 
By kn007  ...)
+       TODO: check
 CVE-2020-24073
        RESERVED
 CVE-2020-24072
@@ -19278,22 +19278,22 @@ CVE-2020-15793
        RESERVED
 CVE-2020-15792
        RESERVED
-CVE-2020-15791
-       RESERVED
-CVE-2020-15790
-       RESERVED
-CVE-2020-15789
-       RESERVED
-CVE-2020-15788
-       RESERVED
-CVE-2020-15787
-       RESERVED
-CVE-2020-15786
-       RESERVED
-CVE-2020-15785
-       RESERVED
-CVE-2020-15784
-       RESERVED
+CVE-2020-15791 (A vulnerability has been identified in SIMATIC S7-300 CPU 
family (incl ...)
+       TODO: check
+CVE-2020-15790 (A vulnerability has been identified in Spectrum Power 4 (All 
versions  ...)
+       TODO: check
+CVE-2020-15789 (A vulnerability has been identified in Polarion Subversion 
Webclient ( ...)
+       TODO: check
+CVE-2020-15788 (A vulnerability has been identified in Polarion Subversion 
Webclient ( ...)
+       TODO: check
+CVE-2020-15787 (A vulnerability has been identified in SIMATIC HMI United 
Comfort Pane ...)
+       TODO: check
+CVE-2020-15786 (A vulnerability has been identified in SIMATIC HMI Basic 
Panels 2nd Ge ...)
+       TODO: check
+CVE-2020-15785 (A vulnerability has been identified in Siveillance Video 
Client (All v ...)
+       TODO: check
+CVE-2020-15784 (A vulnerability has been identified in Spectrum Power 4 (All 
versions  ...)
+       TODO: check
 CVE-2020-15783
        RESERVED
 CVE-2020-15782
@@ -20841,8 +20841,8 @@ CVE-2020-15165 (Version 1.1.6-free of Chameleon Mini 
Live Debugger on Google Pla
        NOT-FOR-US: Chameleon Mini Live Debugger
 CVE-2020-15164 (in Scratch Login (MediaWiki extension) before version 1.1, any 
account ...)
        NOT-FOR-US: Scrach Login MediaWiki extension
-CVE-2020-15163
-       RESERVED
+CVE-2020-15163 (Python TUF (The Update Framework) reference implementation 
before vers ...)
+       TODO: check
 CVE-2020-15162
        RESERVED
 CVE-2020-15161
@@ -22914,8 +22914,7 @@ CVE-2020-14385 [xfs: fix boundary test in 
xfs_attr_shortform_verify]
        - linux 5.8.7-1
        [stretch] - linux <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://git.kernel.org/linus/f4020438fab05364018c91f7e02ebdd192085933
-CVE-2020-14384
-       RESERVED
+CVE-2020-14384 (A flaw was found in JBossWeb in versions before 
7.5.31.Final-redhat-3. ...)
        NOT-FOR-US: JBossWeb
 CVE-2020-14383
        RESERVED
@@ -23089,8 +23088,7 @@ CVE-2020-14343 [.load() and FullLoader still vulnerable 
to fairly trivial RCE]
        [stretch] - pyyaml <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/yaml/pyyaml/issues/420
        NOTE: CVE is for an incomplete fix of CVE-2020-1747.
-CVE-2020-14342 [shell command injection in mount.cifs]
-       RESERVED
+CVE-2020-14342 (It was found that cifs-utils' mount.cifs was invoking a shell 
when req ...)
        - cifs-utils <unfixed>
        [buster] - cifs-utils <no-dsa> (Minor issue)
        [stretch] - cifs-utils <no-dsa> (Minor issue)
@@ -23271,8 +23269,8 @@ CVE-2020-14294
        RESERVED
 CVE-2020-14293
        RESERVED
-CVE-2020-14292
-       RESERVED
+CVE-2020-14292 (In the COVIDSafe application through 1.0.21 for Android, 
unsafe use of ...)
+       TODO: check
 CVE-2020-14291
        RESERVED
 CVE-2020-14290
@@ -26301,8 +26299,8 @@ CVE-2019-20797 (An issue was discovered in e6y 
prboom-plus 2.5.1.5. There is a b
        NOTE: https://logicaltrust.net/blog/2019/10/prboom1.html
        NOTE: https://sourceforge.net/p/prboom-plus/bugs/252/
        NOTE: https://sourceforge.net/p/prboom-plus/bugs/253/
-CVE-2020-13127
-       RESERVED
+CVE-2020-13127 (A SQL injection vulnerability at a tpf URI in Loway 
QueueMetrics befor ...)
+       TODO: check
 CVE-2020-13126 (An issue was discovered in the Elementor Pro plugin before 
2.9.4 for W ...)
        NOT-FOR-US: Elementor Pro plugin for WordPress
 CVE-2020-13125 (An issue was discovered in the "Ultimate Addons for Elementor" 
plugin  ...)
@@ -29215,8 +29213,7 @@ CVE-2020-11988
        RESERVED
 CVE-2020-11987
        RESERVED
-CVE-2020-11986
-       RESERVED
+CVE-2020-11986 (To be able to analyze gradle projects, the build scripts need 
to be ex ...)
        - netbeans <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/2
 CVE-2020-11985 (IP address spoofing when proxying using mod_remoteip and 
mod_rewrite F ...)
@@ -35717,8 +35714,8 @@ CVE-2019-20490 (cPanel before 82.0.18 allows 
authentication bypass because webma
        NOT-FOR-US: cPanel
 CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due 
to broke ...)
        NOT-FOR-US: GeniXCMS
-CVE-2020-10056
-       RESERVED
+CVE-2020-10056 (A vulnerability has been identified in License Management 
Utility (LMU ...)
+       TODO: check
 CVE-2020-10055 (A vulnerability has been identified in Desigo CC (V4.x), 
Desigo CC (V3 ...)
        NOT-FOR-US: Desigo
 CVE-2020-10054
@@ -35727,12 +35724,12 @@ CVE-2020-10053
        RESERVED
 CVE-2020-10052
        RESERVED
-CVE-2020-10051
-       RESERVED
-CVE-2020-10050
-       RESERVED
-CVE-2020-10049
-       RESERVED
+CVE-2020-10051 (A vulnerability has been identified in SIMATIC RTLS Locating 
Manager ( ...)
+       TODO: check
+CVE-2020-10050 (A vulnerability has been identified in SIMATIC RTLS Locating 
Manager ( ...)
+       TODO: check
+CVE-2020-10049 (A vulnerability has been identified in SIMATIC RTLS Locating 
Manager ( ...)
+       TODO: check
 CVE-2020-10048
        RESERVED
 CVE-2020-10047
@@ -41382,6 +41379,7 @@ CVE-2020-7731
 CVE-2020-7730 (The package bestzip before 2.1.7 are vulnerable to Command 
Injection v ...)
        NOT-FOR-US: bestzip nodejs module
 CVE-2020-7729 (The package grunt before 1.3.0 are vulnerable to Arbitrary Code 
Execut ...)
+       {DLA-2368-1}
        - grunt 1.3.0-1 (bug #969668)
        [buster] - grunt <no-dsa> (Minor issue)
        NOTE: 
https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7
@@ -42265,20 +42263,20 @@ CVE-2020-7327
        RESERVED
 CVE-2020-7326
        RESERVED
-CVE-2020-7325
-       RESERVED
-CVE-2020-7324
-       RESERVED
-CVE-2020-7323
-       RESERVED
-CVE-2020-7322
-       RESERVED
+CVE-2020-7325 (Privilege Escalation vulnerability in McAfee MVISION Endpoint 
prior to ...)
+       TODO: check
+CVE-2020-7324 (Improper Access Control vulnerability in McAfee MVISION 
Endpoint prior ...)
+       TODO: check
+CVE-2020-7323 (Authentication Protection Bypass vulnerability in McAfee 
Endpoint Secu ...)
+       TODO: check
+CVE-2020-7322 (Information Disclosure Vulnerability in McAfee Endpoint 
Security (ENS) ...)
+       TODO: check
 CVE-2020-7321
        RESERVED
-CVE-2020-7320
-       RESERVED
-CVE-2020-7319
-       RESERVED
+CVE-2020-7320 (Protection Mechanism Failure vulnerability in McAfee Endpoint 
Security ...)
+       TODO: check
+CVE-2020-7319 (Improper Access Control vulnerability in McAfee Endpoint 
Security (ENS ...)
+       TODO: check
 CVE-2020-7318
        RESERVED
 CVE-2020-7317
@@ -42736,7 +42734,7 @@ CVE-2020-7121
        RESERVED
 CVE-2020-7120
        RESERVED
-CVE-2020-7119 (A vulnerability exists in the Aruba ClearPass C1000 S-1200 R4 
HW-Based ...)
+CVE-2020-7119 (A vulnerability exists in the Aruba Analytics and Location 
Engine (ALE ...)
        NOT-FOR-US: Aruba
 CVE-2020-7118
        RESERVED
@@ -42852,8 +42850,7 @@ CVE-2020-7070
        RESERVED
 CVE-2020-7069
        RESERVED
-CVE-2020-7068
-       RESERVED
+CVE-2020-7068 (In PHP versions 7.2.x below 7.3.21, 7.3.x below 7.3.21 and 
7.4.x below ...)
        {DLA-2345-1}
        - php7.4 7.4.9-1
        - php7.3 <removed>
@@ -45019,108 +45016,108 @@ CVE-2020-6363
        RESERVED
 CVE-2020-6362
        RESERVED
-CVE-2020-6361
-       RESERVED
-CVE-2020-6360
-       RESERVED
-CVE-2020-6359
-       RESERVED
-CVE-2020-6358
-       RESERVED
-CVE-2020-6357
-       RESERVED
-CVE-2020-6356
-       RESERVED
-CVE-2020-6355
-       RESERVED
-CVE-2020-6354
-       RESERVED
-CVE-2020-6353
-       RESERVED
-CVE-2020-6352
-       RESERVED
-CVE-2020-6351
-       RESERVED
-CVE-2020-6350
-       RESERVED
-CVE-2020-6349
-       RESERVED
-CVE-2020-6348
-       RESERVED
-CVE-2020-6347
-       RESERVED
-CVE-2020-6346
-       RESERVED
-CVE-2020-6345
-       RESERVED
-CVE-2020-6344
-       RESERVED
-CVE-2020-6343
-       RESERVED
-CVE-2020-6342
-       RESERVED
-CVE-2020-6341
-       RESERVED
-CVE-2020-6340
-       RESERVED
-CVE-2020-6339
-       RESERVED
-CVE-2020-6338
-       RESERVED
-CVE-2020-6337
-       RESERVED
-CVE-2020-6336
-       RESERVED
-CVE-2020-6335
-       RESERVED
-CVE-2020-6334
-       RESERVED
-CVE-2020-6333
-       RESERVED
-CVE-2020-6332
-       RESERVED
-CVE-2020-6331
-       RESERVED
-CVE-2020-6330
-       RESERVED
-CVE-2020-6329
-       RESERVED
-CVE-2020-6328
-       RESERVED
-CVE-2020-6327
-       RESERVED
-CVE-2020-6326
-       RESERVED
+CVE-2020-6361 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6360 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6359 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6358 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6357 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6356 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6355 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6354 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6353 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6352 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6351 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6350 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6349 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6348 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6347 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6346 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6345 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6344 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6343 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6342 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6341 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6340 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6339 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6338 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6337 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6336 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6335 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6334 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6333 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6332 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6331 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6330 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6329 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6328 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6327 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6326 (SAP NetWeaver (Knowledge Management), 
version-7.30,7.31,7.40,7.50, all ...)
+       TODO: check
 CVE-2020-6325
        RESERVED
-CVE-2020-6324
-       RESERVED
+CVE-2020-6324 (SAP Netweaver AS ABAP(BSP Test Application sbspext_table), 
version-700 ...)
+       TODO: check
 CVE-2020-6323
        RESERVED
-CVE-2020-6322
-       RESERVED
-CVE-2020-6321
-       RESERVED
-CVE-2020-6320
-       RESERVED
+CVE-2020-6322 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6321 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6320 (SAP Marketing (Servlet), version-130,140,150, allows an 
authenticated  ...)
+       TODO: check
 CVE-2020-6319
        RESERVED
-CVE-2020-6318
-       RESERVED
+CVE-2020-6318 (A Remote Code Execution vulnerability exists in the SAP 
NetWeaver (ABA ...)
+       TODO: check
 CVE-2020-6317
        RESERVED
 CVE-2020-6316
        RESERVED
 CVE-2020-6315
        RESERVED
-CVE-2020-6314
-       RESERVED
-CVE-2020-6313
-       RESERVED
-CVE-2020-6312
-       RESERVED
-CVE-2020-6311
-       RESERVED
+CVE-2020-6314 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
+       TODO: check
+CVE-2020-6313 (SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 
7.31,  ...)
+       TODO: check
+CVE-2020-6312 (SAP BusinessObjects Business Intelligence Platform (Web 
Intelligence H ...)
+       TODO: check
+CVE-2020-6311 (Banking services from SAP 9.0 (Bank Analyzer), version - 500, 
and SAP  ...)
+       TODO: check
 CVE-2020-6310 (Improper access control in SOA Configuration Trace component in 
SAP Ne ...)
        NOT-FOR-US: SAP
 CVE-2020-6309 (SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 
7.11, 7. ...)
@@ -45137,8 +45134,8 @@ CVE-2020-6304 (Improper input validation in SAP 
NetWeaver Internet Communication
        NOT-FOR-US: SAP
 CVE-2020-6303 (SAP Disclosure Management, before version 10.1, does not 
validate user ...)
        NOT-FOR-US: SAP
-CVE-2020-6302
-       RESERVED
+CVE-2020-6302 (SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the 
jSessio ...)
+       TODO: check
 CVE-2020-6301 (SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 
605, 6 ...)
        NOT-FOR-US: SAP
 CVE-2020-6300 (SAP Business Objects Business Intelligence Platform (Central 
Managemen ...)
@@ -45165,8 +45162,8 @@ CVE-2020-6290 (SAP Disclosure Management, version 10.1, 
is vulnerable to Session
        NOT-FOR-US: SAP
 CVE-2020-6289 (SAP Disclosure Management, version 10.1, had insufficient 
protection a ...)
        NOT-FOR-US: SAP
-CVE-2020-6288
-       RESERVED
+CVE-2020-6288 (SAP Business Objects Business Intelligence Platform (Web 
Intelligence  ...)
+       TODO: check
 CVE-2020-6287 (SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 
7.30, 7.31 ...)
        NOT-FOR-US: SAP
 CVE-2020-6286 (The insufficient input path validation of certain parameter in 
the web ...)
@@ -45175,8 +45172,8 @@ CVE-2020-6285 (SAP NetWeaver - XML Toolkit for JAVA 
(ENGINEAPI) (versions- 7.10,
        NOT-FOR-US: SAP
 CVE-2020-6284 (SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 
7.40, 7.5 ...)
        NOT-FOR-US: SAP
-CVE-2020-6283
-       RESERVED
+CVE-2020-6283 (SAP Fiori Launchpad does not sufficiently encode user 
controlled input ...)
+       TODO: check
 CVE-2020-6282 (SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 
7.10, 7.11 ...)
        NOT-FOR-US: SAP
 CVE-2020-6281 (SAP Business Objects Business Intelligence Platform (BI 
Launchpad), ve ...)
@@ -46598,8 +46595,8 @@ CVE-2020-5629
        RESERVED
 CVE-2020-5628
        RESERVED
-CVE-2020-5627
-       RESERVED
+CVE-2020-5627 (Yodobashi App for Android versions 1.8.7 and earlier allows 
remote att ...)
+       TODO: check
 CVE-2020-5626
        RESERVED
 CVE-2020-5625 (Cross-site scripting vulnerability in XooNIps 3.48 and earlier 
allows  ...)
@@ -56331,24 +56328,24 @@ CVE-2020-2046
        RESERVED
 CVE-2020-2045
        RESERVED
-CVE-2020-2044
-       RESERVED
-CVE-2020-2043
-       RESERVED
-CVE-2020-2042
-       RESERVED
-CVE-2020-2041
-       RESERVED
-CVE-2020-2040
-       RESERVED
-CVE-2020-2039
-       RESERVED
-CVE-2020-2038
-       RESERVED
-CVE-2020-2037
-       RESERVED
-CVE-2020-2036
-       RESERVED
+CVE-2020-2044 (An information exposure through log file vulnerability where an 
admini ...)
+       TODO: check
+CVE-2020-2043 (An information exposure through log file vulnerability where 
sensitive ...)
+       TODO: check
+CVE-2020-2042 (A buffer overflow vulnerability in the PAN-OS management web 
interface ...)
+       TODO: check
+CVE-2020-2041 (An insecure configuration of the appweb daemon of Palo Alto 
Networks P ...)
+       TODO: check
+CVE-2020-2040 (A buffer overflow vulnerability in PAN-OS allows an 
unauthenticated at ...)
+       TODO: check
+CVE-2020-2039 (An uncontrolled resource consumption vulnerability in Palo Alto 
Networ ...)
+       TODO: check
+CVE-2020-2038 (An OS Command Injection vulnerability in the PAN-OS management 
interfa ...)
+       TODO: check
+CVE-2020-2037 (An OS Command Injection vulnerability in the PAN-OS management 
interfa ...)
+       TODO: check
+CVE-2020-2036 (A reflected cross-site scripting (XSS) vulnerability exists in 
the PAN ...)
+       TODO: check
 CVE-2020-2035 (When SSL/TLS Forward Proxy Decryption mode has been configured 
to decr ...)
        NOT-FOR-US: Palo Alto Networks
 CVE-2020-2034 (An OS Command Injection vulnerability in the PAN-OS 
GlobalProtect port ...)
@@ -56624,8 +56621,7 @@ CVE-2020-1970
        RESERVED
 CVE-2020-1969
        RESERVED
-CVE-2020-1968
-       RESERVED
+CVE-2020-1968 (The Raccoon attack exploits a flaw in the TLS specification 
which can  ...)
        - openssl 1.1.1g-1
        - openssl1.0 <removed>
        NOTE: Marking the first openssl 1.1.1 version in unstable as the fixed 
version in sid
@@ -56964,10 +56960,10 @@ CVE-2020-1915
        RESERVED
 CVE-2020-1914
        RESERVED
-CVE-2020-1913
-       RESERVED
-CVE-2020-1912
-       RESERVED
+CVE-2020-1913 (An Integer signedness error in the JavaScript Interpreter in 
Facebook  ...)
+       TODO: check
+CVE-2020-1912 (An out-of-bounds read/write vulnerability when executing lazily 
compil ...)
+       TODO: check
 CVE-2020-1911 (A type confusion vulnerability when resolving properties of 
JavaScript ...)
        NOT-FOR-US: Facebook Hermes
 CVE-2020-1910
@@ -57730,8 +57726,7 @@ CVE-2020-1751 (An out-of-bounds write vulnerability was 
found in glibc before 2.
 CVE-2020-1750
        RESERVED
        NOT-FOR-US: OpenShift machine-config-operator
-CVE-2020-1749 [net: ipv6_stub: use ip6_dst_lookup_flow instead of 
ip6_dst_lookup]
-       RESERVED
+CVE-2020-1749 (A flaw was found in the Linux kernel's implementation of some 
networki ...)
        {DLA-2241-1}
        - linux 5.4.6-1
        [buster] - linux 4.19.118-1
@@ -122801,26 +122796,26 @@ CVE-2018-17776 (PCProtect Anti-Virus v4.8.35 has 
"Everyone: (F)" permission for
        NOT-FOR-US: PCProtect Anti-Virus
 CVE-2018-17775 (Seqrite End Point Security v7.4 has "Everyone: (F)" permission 
for %PR ...)
        NOT-FOR-US: Seqrite End Point Security
-CVE-2018-17774
-       RESERVED
-CVE-2018-17773
-       RESERVED
-CVE-2018-17772
-       RESERVED
-CVE-2018-17771
-       RESERVED
-CVE-2018-17770
-       RESERVED
-CVE-2018-17769
-       RESERVED
-CVE-2018-17768
-       RESERVED
-CVE-2018-17767
-       RESERVED
-CVE-2018-17766
-       RESERVED
-CVE-2018-17765
-       RESERVED
+CVE-2018-17774 (Ingenico Telium 2 POS terminals have an insecure NTPT3 
protocol. This  ...)
+       TODO: check
+CVE-2018-17773 (Ingenico Telium 2 POS terminals have a buffer overflow via 
SOCKET_TASK ...)
+       TODO: check
+CVE-2018-17772 (Ingenico Telium 2 POS terminals allow arbitrary code execution 
via the ...)
+       TODO: check
+CVE-2018-17771 (Ingenico Telium 2 POS terminals have hardcoded FTP 
credentials. This i ...)
+       TODO: check
+CVE-2018-17770 (Ingenico Telium 2 POS terminals have a buffer overflow via the 
RemoteP ...)
+       TODO: check
+CVE-2018-17769 (Ingenico Telium 2 POS terminals have a buffer overflow via the 
0x26 co ...)
+       TODO: check
+CVE-2018-17768 (Ingenico Telium 2 POS terminals have an insecure TRACE 
protocol. This  ...)
+       TODO: check
+CVE-2018-17767 (Ingenico Telium 2 POS terminals have hardcoded PPP 
credentials. This i ...)
+       TODO: check
+CVE-2018-17766 (Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading 
restrict ...)
+       TODO: check
+CVE-2018-17765 (Ingenico Telium 2 POS terminals have undeclared TRACE protocol 
command ...)
+       TODO: check
 CVE-2018-17764
        RESERVED
 CVE-2018-17763



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87b7fb870e9e9ec0dc81a5a0454cbee036bfc123

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87b7fb870e9e9ec0dc81a5a0454cbee036bfc123
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to