Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 87b7fb87 by security tracker role at 2020-09-09T20:10:35+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,7 +1,9 @@ -CVE-2020-25212 [nfs: Fix getxattr kernel panic and memory overflow] +CVE-2020-25213 (The File Manager (wp-file-manager) plugin before 6.9 for WordPress all ...) + TODO: check +CVE-2020-25212 (A TOCTOU mismatch in the NFS client code in the Linux kernel before 5. ...) - linux 5.7.17-1 NOTE: https://git.kernel.org/linus/b4487b93545214a9db8cbf32e86411677b0cca21 -CVE-2020-25211 [netfilter: ctnetlink: add a range check for l3/l4 protonum] +CVE-2020-25211 (In the Linux kernel through 5.8.7, local attackers able to inject conn ...) - linux <unfixed> NOTE: https://git.kernel.org/linus/1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6 CVE-2020-25210 @@ -310,7 +312,7 @@ CVE-2020-25073 (FreedomBox through 20.13 allows remote attackers to obtain sensi [stretch] - plinth <no-dsa> (Minor issue) NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/1935 NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/commit/822c322d20d12f81c6cfca47b66f900542a5aac2 -CVE-2020-25068 (Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vuln ...) +CVE-2020-25068 (** DISPUTED ** Setelsa Conacwin v3.7.1.2 is vulnerable to a local file ...) NOT-FOR-US: Setelsa Conacwin CVE-2020-25067 (NETGEAR R8300 devices before 1.0.2.134 are affected by command injecti ...) NOT-FOR-US: Netgear @@ -637,8 +639,7 @@ CVE-2020-24918 RESERVED CVE-2020-24917 (osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxA ...) NOT-FOR-US: osTicket -CVE-2020-24916 [OS command injection in Yaws web server] - RESERVED +CVE-2020-24916 (CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulner ...) - yaws 2.0.8+dfsg-1 NOTE: https://github.com/erlyaws/yaws/commit/799b3b526d15b7a9bc43ae97165aeb085f18fac1 NOTE: https://github.com/vulnbe/poc-yaws-cgi-shell-injection @@ -889,8 +890,8 @@ CVE-2020-24796 RESERVED CVE-2020-24795 RESERVED -CVE-2020-24794 - RESERVED +CVE-2020-24794 (Cross Site Scripting (XSS) vulnerability in Kentico before 12.0.75. ...) + TODO: check CVE-2020-24793 RESERVED CVE-2020-24792 @@ -1373,8 +1374,8 @@ CVE-2020-24568 RESERVED CVE-2020-24567 (** DISPUTED ** voidtools Everything before 1.4.1 Beta Nightly 2020-08- ...) NOT-FOR-US: voidtools -CVE-2020-24566 - RESERVED +CVE-2020-24566 (In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4. ...) + TODO: check CVE-2020-24565 RESERVED CVE-2020-24564 @@ -1765,8 +1766,7 @@ CVE-2020-24381 (** DISPUTED ** GUnet Open eClass Platform (aka openeclass) throu NOT-FOR-US: GUnet Open eClass Platform CVE-2020-24380 RESERVED -CVE-2020-24379 [XXE in Yaws web server] - RESERVED +CVE-2020-24379 (WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vul ...) - yaws 2.0.8+dfsg-1 NOTE: https://github.com/erlyaws/yaws/commit/05a06345012598f5da55dbb4d041c8dc26e88e6c NOTE: https://github.com/vulnbe/poc-yaws-dav-xxe @@ -2176,19 +2176,19 @@ CVE-2020-24202 (File Upload component in Projects World House Rental v1.0 suffer CVE-2020-24201 RESERVED CVE-2020-24200 - RESERVED -CVE-2020-24199 - RESERVED -CVE-2020-24198 - RESERVED -CVE-2020-24197 - RESERVED + REJECTED +CVE-2020-24199 (Arbitrary File Upload in the Vehicle Image Upload component in Project ...) + TODO: check +CVE-2020-24198 (A persistent cross-site scripting vulnerability in Sourcecodester Stoc ...) + TODO: check +CVE-2020-24197 (A SQL injection vulnerability in the login component in Stock Manageme ...) + TODO: check CVE-2020-24196 (An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental ...) NOT-FOR-US: Online Bike Rental -CVE-2020-24195 - RESERVED -CVE-2020-24194 - RESERVED +CVE-2020-24195 (An Arbitrary File Upload in the Upload Image component in Sourcecodest ...) + TODO: check +CVE-2020-24194 (A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in So ...) + TODO: check CVE-2020-24193 (A SQL injection vulnerability in login in Sourcecodetester Daily Track ...) NOT-FOR-US: Sourcecodetester Daily Tracker System CVE-2020-24192 @@ -2427,8 +2427,8 @@ CVE-2020-24076 RESERVED CVE-2020-24075 RESERVED -CVE-2020-24074 - RESERVED +CVE-2020-24074 (The decode program in silk-v3-decoder Version:20160922 Build By kn007 ...) + TODO: check CVE-2020-24073 RESERVED CVE-2020-24072 @@ -19278,22 +19278,22 @@ CVE-2020-15793 RESERVED CVE-2020-15792 RESERVED -CVE-2020-15791 - RESERVED -CVE-2020-15790 - RESERVED -CVE-2020-15789 - RESERVED -CVE-2020-15788 - RESERVED -CVE-2020-15787 - RESERVED -CVE-2020-15786 - RESERVED -CVE-2020-15785 - RESERVED -CVE-2020-15784 - RESERVED +CVE-2020-15791 (A vulnerability has been identified in SIMATIC S7-300 CPU family (incl ...) + TODO: check +CVE-2020-15790 (A vulnerability has been identified in Spectrum Power 4 (All versions ...) + TODO: check +CVE-2020-15789 (A vulnerability has been identified in Polarion Subversion Webclient ( ...) + TODO: check +CVE-2020-15788 (A vulnerability has been identified in Polarion Subversion Webclient ( ...) + TODO: check +CVE-2020-15787 (A vulnerability has been identified in SIMATIC HMI United Comfort Pane ...) + TODO: check +CVE-2020-15786 (A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Ge ...) + TODO: check +CVE-2020-15785 (A vulnerability has been identified in Siveillance Video Client (All v ...) + TODO: check +CVE-2020-15784 (A vulnerability has been identified in Spectrum Power 4 (All versions ...) + TODO: check CVE-2020-15783 RESERVED CVE-2020-15782 @@ -20841,8 +20841,8 @@ CVE-2020-15165 (Version 1.1.6-free of Chameleon Mini Live Debugger on Google Pla NOT-FOR-US: Chameleon Mini Live Debugger CVE-2020-15164 (in Scratch Login (MediaWiki extension) before version 1.1, any account ...) NOT-FOR-US: Scrach Login MediaWiki extension -CVE-2020-15163 - RESERVED +CVE-2020-15163 (Python TUF (The Update Framework) reference implementation before vers ...) + TODO: check CVE-2020-15162 RESERVED CVE-2020-15161 @@ -22914,8 +22914,7 @@ CVE-2020-14385 [xfs: fix boundary test in xfs_attr_shortform_verify] - linux 5.8.7-1 [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/f4020438fab05364018c91f7e02ebdd192085933 -CVE-2020-14384 - RESERVED +CVE-2020-14384 (A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. ...) NOT-FOR-US: JBossWeb CVE-2020-14383 RESERVED @@ -23089,8 +23088,7 @@ CVE-2020-14343 [.load() and FullLoader still vulnerable to fairly trivial RCE] [stretch] - pyyaml <not-affected> (Vulnerable code not present) NOTE: https://github.com/yaml/pyyaml/issues/420 NOTE: CVE is for an incomplete fix of CVE-2020-1747. -CVE-2020-14342 [shell command injection in mount.cifs] - RESERVED +CVE-2020-14342 (It was found that cifs-utils' mount.cifs was invoking a shell when req ...) - cifs-utils <unfixed> [buster] - cifs-utils <no-dsa> (Minor issue) [stretch] - cifs-utils <no-dsa> (Minor issue) @@ -23271,8 +23269,8 @@ CVE-2020-14294 RESERVED CVE-2020-14293 RESERVED -CVE-2020-14292 - RESERVED +CVE-2020-14292 (In the COVIDSafe application through 1.0.21 for Android, unsafe use of ...) + TODO: check CVE-2020-14291 RESERVED CVE-2020-14290 @@ -26301,8 +26299,8 @@ CVE-2019-20797 (An issue was discovered in e6y prboom-plus 2.5.1.5. There is a b NOTE: https://logicaltrust.net/blog/2019/10/prboom1.html NOTE: https://sourceforge.net/p/prboom-plus/bugs/252/ NOTE: https://sourceforge.net/p/prboom-plus/bugs/253/ -CVE-2020-13127 - RESERVED +CVE-2020-13127 (A SQL injection vulnerability at a tpf URI in Loway QueueMetrics befor ...) + TODO: check CVE-2020-13126 (An issue was discovered in the Elementor Pro plugin before 2.9.4 for W ...) NOT-FOR-US: Elementor Pro plugin for WordPress CVE-2020-13125 (An issue was discovered in the "Ultimate Addons for Elementor" plugin ...) @@ -29215,8 +29213,7 @@ CVE-2020-11988 RESERVED CVE-2020-11987 RESERVED -CVE-2020-11986 - RESERVED +CVE-2020-11986 (To be able to analyze gradle projects, the build scripts need to be ex ...) - netbeans <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/2 CVE-2020-11985 (IP address spoofing when proxying using mod_remoteip and mod_rewrite F ...) @@ -35717,8 +35714,8 @@ CVE-2019-20490 (cPanel before 82.0.18 allows authentication bypass because webma NOT-FOR-US: cPanel CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broke ...) NOT-FOR-US: GeniXCMS -CVE-2020-10056 - RESERVED +CVE-2020-10056 (A vulnerability has been identified in License Management Utility (LMU ...) + TODO: check CVE-2020-10055 (A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3 ...) NOT-FOR-US: Desigo CVE-2020-10054 @@ -35727,12 +35724,12 @@ CVE-2020-10053 RESERVED CVE-2020-10052 RESERVED -CVE-2020-10051 - RESERVED -CVE-2020-10050 - RESERVED -CVE-2020-10049 - RESERVED +CVE-2020-10051 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + TODO: check +CVE-2020-10050 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + TODO: check +CVE-2020-10049 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + TODO: check CVE-2020-10048 RESERVED CVE-2020-10047 @@ -41382,6 +41379,7 @@ CVE-2020-7731 CVE-2020-7730 (The package bestzip before 2.1.7 are vulnerable to Command Injection v ...) NOT-FOR-US: bestzip nodejs module CVE-2020-7729 (The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execut ...) + {DLA-2368-1} - grunt 1.3.0-1 (bug #969668) [buster] - grunt <no-dsa> (Minor issue) NOTE: https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7 @@ -42265,20 +42263,20 @@ CVE-2020-7327 RESERVED CVE-2020-7326 RESERVED -CVE-2020-7325 - RESERVED -CVE-2020-7324 - RESERVED -CVE-2020-7323 - RESERVED -CVE-2020-7322 - RESERVED +CVE-2020-7325 (Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to ...) + TODO: check +CVE-2020-7324 (Improper Access Control vulnerability in McAfee MVISION Endpoint prior ...) + TODO: check +CVE-2020-7323 (Authentication Protection Bypass vulnerability in McAfee Endpoint Secu ...) + TODO: check +CVE-2020-7322 (Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) ...) + TODO: check CVE-2020-7321 RESERVED -CVE-2020-7320 - RESERVED -CVE-2020-7319 - RESERVED +CVE-2020-7320 (Protection Mechanism Failure vulnerability in McAfee Endpoint Security ...) + TODO: check +CVE-2020-7319 (Improper Access Control vulnerability in McAfee Endpoint Security (ENS ...) + TODO: check CVE-2020-7318 RESERVED CVE-2020-7317 @@ -42736,7 +42734,7 @@ CVE-2020-7121 RESERVED CVE-2020-7120 RESERVED -CVE-2020-7119 (A vulnerability exists in the Aruba ClearPass C1000 S-1200 R4 HW-Based ...) +CVE-2020-7119 (A vulnerability exists in the Aruba Analytics and Location Engine (ALE ...) NOT-FOR-US: Aruba CVE-2020-7118 RESERVED @@ -42852,8 +42850,7 @@ CVE-2020-7070 RESERVED CVE-2020-7069 RESERVED -CVE-2020-7068 - RESERVED +CVE-2020-7068 (In PHP versions 7.2.x below 7.3.21, 7.3.x below 7.3.21 and 7.4.x below ...) {DLA-2345-1} - php7.4 7.4.9-1 - php7.3 <removed> @@ -45019,108 +45016,108 @@ CVE-2020-6363 RESERVED CVE-2020-6362 RESERVED -CVE-2020-6361 - RESERVED -CVE-2020-6360 - RESERVED -CVE-2020-6359 - RESERVED -CVE-2020-6358 - RESERVED -CVE-2020-6357 - RESERVED -CVE-2020-6356 - RESERVED -CVE-2020-6355 - RESERVED -CVE-2020-6354 - RESERVED -CVE-2020-6353 - RESERVED -CVE-2020-6352 - RESERVED -CVE-2020-6351 - RESERVED -CVE-2020-6350 - RESERVED -CVE-2020-6349 - RESERVED -CVE-2020-6348 - RESERVED -CVE-2020-6347 - RESERVED -CVE-2020-6346 - RESERVED -CVE-2020-6345 - RESERVED -CVE-2020-6344 - RESERVED -CVE-2020-6343 - RESERVED -CVE-2020-6342 - RESERVED -CVE-2020-6341 - RESERVED -CVE-2020-6340 - RESERVED -CVE-2020-6339 - RESERVED -CVE-2020-6338 - RESERVED -CVE-2020-6337 - RESERVED -CVE-2020-6336 - RESERVED -CVE-2020-6335 - RESERVED -CVE-2020-6334 - RESERVED -CVE-2020-6333 - RESERVED -CVE-2020-6332 - RESERVED -CVE-2020-6331 - RESERVED -CVE-2020-6330 - RESERVED -CVE-2020-6329 - RESERVED -CVE-2020-6328 - RESERVED -CVE-2020-6327 - RESERVED -CVE-2020-6326 - RESERVED +CVE-2020-6361 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6360 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6359 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6358 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6357 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6356 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6355 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6354 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6353 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6352 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6351 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6350 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6349 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6348 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6347 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6346 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6345 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6344 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6343 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6342 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6341 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6340 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6339 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6338 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6337 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6336 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6335 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6334 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6333 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6332 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6331 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6330 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6329 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6328 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6327 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6326 (SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, all ...) + TODO: check CVE-2020-6325 RESERVED -CVE-2020-6324 - RESERVED +CVE-2020-6324 (SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700 ...) + TODO: check CVE-2020-6323 RESERVED -CVE-2020-6322 - RESERVED -CVE-2020-6321 - RESERVED -CVE-2020-6320 - RESERVED +CVE-2020-6322 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6321 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6320 (SAP Marketing (Servlet), version-130,140,150, allows an authenticated ...) + TODO: check CVE-2020-6319 RESERVED -CVE-2020-6318 - RESERVED +CVE-2020-6318 (A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABA ...) + TODO: check CVE-2020-6317 RESERVED CVE-2020-6316 RESERVED CVE-2020-6315 RESERVED -CVE-2020-6314 - RESERVED -CVE-2020-6313 - RESERVED -CVE-2020-6312 - RESERVED -CVE-2020-6311 - RESERVED +CVE-2020-6314 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + TODO: check +CVE-2020-6313 (SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, ...) + TODO: check +CVE-2020-6312 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence H ...) + TODO: check +CVE-2020-6311 (Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP ...) + TODO: check CVE-2020-6310 (Improper access control in SOA Configuration Trace component in SAP Ne ...) NOT-FOR-US: SAP CVE-2020-6309 (SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7. ...) @@ -45137,8 +45134,8 @@ CVE-2020-6304 (Improper input validation in SAP NetWeaver Internet Communication NOT-FOR-US: SAP CVE-2020-6303 (SAP Disclosure Management, before version 10.1, does not validate user ...) NOT-FOR-US: SAP -CVE-2020-6302 - RESERVED +CVE-2020-6302 (SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSessio ...) + TODO: check CVE-2020-6301 (SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 6 ...) NOT-FOR-US: SAP CVE-2020-6300 (SAP Business Objects Business Intelligence Platform (Central Managemen ...) @@ -45165,8 +45162,8 @@ CVE-2020-6290 (SAP Disclosure Management, version 10.1, is vulnerable to Session NOT-FOR-US: SAP CVE-2020-6289 (SAP Disclosure Management, version 10.1, had insufficient protection a ...) NOT-FOR-US: SAP -CVE-2020-6288 - RESERVED +CVE-2020-6288 (SAP Business Objects Business Intelligence Platform (Web Intelligence ...) + TODO: check CVE-2020-6287 (SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31 ...) NOT-FOR-US: SAP CVE-2020-6286 (The insufficient input path validation of certain parameter in the web ...) @@ -45175,8 +45172,8 @@ CVE-2020-6285 (SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, NOT-FOR-US: SAP CVE-2020-6284 (SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.5 ...) NOT-FOR-US: SAP -CVE-2020-6283 - RESERVED +CVE-2020-6283 (SAP Fiori Launchpad does not sufficiently encode user controlled input ...) + TODO: check CVE-2020-6282 (SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11 ...) NOT-FOR-US: SAP CVE-2020-6281 (SAP Business Objects Business Intelligence Platform (BI Launchpad), ve ...) @@ -46598,8 +46595,8 @@ CVE-2020-5629 RESERVED CVE-2020-5628 RESERVED -CVE-2020-5627 - RESERVED +CVE-2020-5627 (Yodobashi App for Android versions 1.8.7 and earlier allows remote att ...) + TODO: check CVE-2020-5626 RESERVED CVE-2020-5625 (Cross-site scripting vulnerability in XooNIps 3.48 and earlier allows ...) @@ -56331,24 +56328,24 @@ CVE-2020-2046 RESERVED CVE-2020-2045 RESERVED -CVE-2020-2044 - RESERVED -CVE-2020-2043 - RESERVED -CVE-2020-2042 - RESERVED -CVE-2020-2041 - RESERVED -CVE-2020-2040 - RESERVED -CVE-2020-2039 - RESERVED -CVE-2020-2038 - RESERVED -CVE-2020-2037 - RESERVED -CVE-2020-2036 - RESERVED +CVE-2020-2044 (An information exposure through log file vulnerability where an admini ...) + TODO: check +CVE-2020-2043 (An information exposure through log file vulnerability where sensitive ...) + TODO: check +CVE-2020-2042 (A buffer overflow vulnerability in the PAN-OS management web interface ...) + TODO: check +CVE-2020-2041 (An insecure configuration of the appweb daemon of Palo Alto Networks P ...) + TODO: check +CVE-2020-2040 (A buffer overflow vulnerability in PAN-OS allows an unauthenticated at ...) + TODO: check +CVE-2020-2039 (An uncontrolled resource consumption vulnerability in Palo Alto Networ ...) + TODO: check +CVE-2020-2038 (An OS Command Injection vulnerability in the PAN-OS management interfa ...) + TODO: check +CVE-2020-2037 (An OS Command Injection vulnerability in the PAN-OS management interfa ...) + TODO: check +CVE-2020-2036 (A reflected cross-site scripting (XSS) vulnerability exists in the PAN ...) + TODO: check CVE-2020-2035 (When SSL/TLS Forward Proxy Decryption mode has been configured to decr ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2034 (An OS Command Injection vulnerability in the PAN-OS GlobalProtect port ...) @@ -56624,8 +56621,7 @@ CVE-2020-1970 RESERVED CVE-2020-1969 RESERVED -CVE-2020-1968 - RESERVED +CVE-2020-1968 (The Raccoon attack exploits a flaw in the TLS specification which can ...) - openssl 1.1.1g-1 - openssl1.0 <removed> NOTE: Marking the first openssl 1.1.1 version in unstable as the fixed version in sid @@ -56964,10 +56960,10 @@ CVE-2020-1915 RESERVED CVE-2020-1914 RESERVED -CVE-2020-1913 - RESERVED -CVE-2020-1912 - RESERVED +CVE-2020-1913 (An Integer signedness error in the JavaScript Interpreter in Facebook ...) + TODO: check +CVE-2020-1912 (An out-of-bounds read/write vulnerability when executing lazily compil ...) + TODO: check CVE-2020-1911 (A type confusion vulnerability when resolving properties of JavaScript ...) NOT-FOR-US: Facebook Hermes CVE-2020-1910 @@ -57730,8 +57726,7 @@ CVE-2020-1751 (An out-of-bounds write vulnerability was found in glibc before 2. CVE-2020-1750 RESERVED NOT-FOR-US: OpenShift machine-config-operator -CVE-2020-1749 [net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup] - RESERVED +CVE-2020-1749 (A flaw was found in the Linux kernel's implementation of some networki ...) {DLA-2241-1} - linux 5.4.6-1 [buster] - linux 4.19.118-1 @@ -122801,26 +122796,26 @@ CVE-2018-17776 (PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for NOT-FOR-US: PCProtect Anti-Virus CVE-2018-17775 (Seqrite End Point Security v7.4 has "Everyone: (F)" permission for %PR ...) NOT-FOR-US: Seqrite End Point Security -CVE-2018-17774 - RESERVED -CVE-2018-17773 - RESERVED -CVE-2018-17772 - RESERVED -CVE-2018-17771 - RESERVED -CVE-2018-17770 - RESERVED -CVE-2018-17769 - RESERVED -CVE-2018-17768 - RESERVED -CVE-2018-17767 - RESERVED -CVE-2018-17766 - RESERVED -CVE-2018-17765 - RESERVED +CVE-2018-17774 (Ingenico Telium 2 POS terminals have an insecure NTPT3 protocol. This ...) + TODO: check +CVE-2018-17773 (Ingenico Telium 2 POS terminals have a buffer overflow via SOCKET_TASK ...) + TODO: check +CVE-2018-17772 (Ingenico Telium 2 POS terminals allow arbitrary code execution via the ...) + TODO: check +CVE-2018-17771 (Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This i ...) + TODO: check +CVE-2018-17770 (Ingenico Telium 2 POS terminals have a buffer overflow via the RemoteP ...) + TODO: check +CVE-2018-17769 (Ingenico Telium 2 POS terminals have a buffer overflow via the 0x26 co ...) + TODO: check +CVE-2018-17768 (Ingenico Telium 2 POS terminals have an insecure TRACE protocol. This ...) + TODO: check +CVE-2018-17767 (Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This i ...) + TODO: check +CVE-2018-17766 (Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrict ...) + TODO: check +CVE-2018-17765 (Ingenico Telium 2 POS terminals have undeclared TRACE protocol command ...) + TODO: check CVE-2018-17764 RESERVED CVE-2018-17763 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87b7fb870e9e9ec0dc81a5a0454cbee036bfc123 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87b7fb870e9e9ec0dc81a5a0454cbee036bfc123 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits