Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b6c09455 by security tracker role at 2020-09-17T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2020-25739
+ RESERVED
+CVE-2020-25738
+ RESERVED
+CVE-2020-25737
+ RESERVED
+CVE-2020-25736
+ RESERVED
+CVE-2020-25735
+ RESERVED
+CVE-2020-25734
+ RESERVED
+CVE-2020-25733
+ RESERVED
+CVE-2020-25732
+ RESERVED
+CVE-2020-25731
+ RESERVED
+CVE-2020-25730
+ RESERVED
+CVE-2020-25729 (ZoneMinder before 1.34.21 has XSS via the connkey parameter to
downloa ...)
+ TODO: check
+CVE-2020-25728 (The Reset Password add-on before 1.2.0 for Alfresco has a
broken algor ...)
+ TODO: check
+CVE-2020-25727 (The Reset Password add-on before 1.2.0 for Alfresco suffers
from CMIS- ...)
+ TODO: check
CVE-2020-25726
RESERVED
CVE-2020-25725
@@ -472,10 +498,10 @@ CVE-2020-25492
RESERVED
CVE-2020-25491
RESERVED
-CVE-2020-25490
- RESERVED
-CVE-2020-25489
- RESERVED
+CVE-2020-25490 (Lack of cryptographic signature verification in the Sqreen PHP
agent d ...)
+ TODO: check
+CVE-2020-25489 (A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer)
before 0 ...)
+ TODO: check
CVE-2020-25488
RESERVED
CVE-2020-25487
@@ -1024,7 +1050,7 @@ CVE-2020-25227
RESERVED
CVE-2020-25226
RESERVED
-CVE-2019-20919 [NULL porfile dereference in dbi_profile()]
+CVE-2019-20919 (An issue was discovered in the DBI module before 1.643 for
Perl. The h ...)
- libdbi-perl 1.643-1
[buster] - libdbi-perl <no-dsa> (Minor issue)
NOTE:
https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff
@@ -1064,10 +1090,10 @@ CVE-2020-25218
RESERVED
CVE-2020-25217
RESERVED
-CVE-2020-25216
- RESERVED
-CVE-2020-25215
- RESERVED
+CVE-2020-25216 (yWorks yEd Desktop before 3.20.1 allows code execution via an
XSL Tran ...)
+ TODO: check
+CVE-2020-25215 (yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML
or Grap ...)
+ TODO: check
CVE-2020-25214
RESERVED
CVE-2020-25213 (The File Manager (wp-file-manager) plugin before 6.9 for
WordPress all ...)
@@ -2061,14 +2087,14 @@ CVE-2020-24755
RESERVED
CVE-2020-24754
RESERVED
-CVE-2020-24753
- RESERVED
+CVE-2020-24753 (A memory corruption vulnerability in Objective Open CBOR
Run-time (ooc ...)
+ TODO: check
CVE-2020-24752
RESERVED
CVE-2020-24751
RESERVED
-CVE-2020-24750
- RESERVED
+CVE-2020-24750 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the
interact ...)
+ TODO: check
CVE-2020-24749
RESERVED
CVE-2020-24748
@@ -3574,10 +3600,10 @@ CVE-2020-24048
RESERVED
CVE-2020-24047
RESERVED
-CVE-2020-24046
- RESERVED
-CVE-2020-24045
- RESERVED
+CVE-2020-24046 (A sandbox escape issue was discovered in TitanHQ SpamTitan
Gateway 7.0 ...)
+ TODO: check
+CVE-2020-24045 (A sandbox escape issue was discovered in TitanHQ SpamTitan
Gateway 7.0 ...)
+ TODO: check
CVE-2020-24044
RESERVED
CVE-2020-24043
@@ -24220,8 +24246,7 @@ CVE-2020-14339 [leak of /dev/mapper/control into QEMU
guests]
NOTE:
https://www.redhat.com/archives/libvir-list/2020-July/msg01500.html
NOTE: Proposed patch:
https://www.redhat.com/archives/libvir-list/2020-July/msg01501.html
NOTE:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=22494556542c676d1b9e7f1c1f2ea13ac17e1e3e
(v6.6.0)
-CVE-2020-14338
- RESERVED
+CVE-2020-14338 (A flaw was found in Wildfly's implementation of Xerces,
specifically i ...)
- wildfly <itp> (bug #752018)
CVE-2020-14337 (A data exposure flaw was found in Tower, where sensitive data
was reve ...)
NOT-FOR-US: Ansible Tower
@@ -25255,8 +25280,7 @@ CVE-2020-13950
RESERVED
CVE-2020-13949
RESERVED
-CVE-2020-13948
- RESERVED
+CVE-2020-13948 (While investigating a bug report on Apache Superset, it was
determined ...)
NOT-FOR-US: Apache Superset
CVE-2020-13947
RESERVED
@@ -25264,8 +25288,7 @@ CVE-2020-13946 (In Apache Cassandra, all versions prior
to 2.1.22, 2.2.18, 3.0.2
- cassandra <itp> (bug #585905)
CVE-2020-13945
RESERVED
-CVE-2020-13944
- RESERVED
+CVE-2020-13944 (In Apache Airflow < 1.10.12, the "origin" parameter passed
to some ...)
- airflow <itp> (bug #819700)
CVE-2020-13943
RESERVED
@@ -27272,8 +27295,8 @@ CVE-2020-13170 (HashiCorp Consul and Consul Enterprise
did not appropriately enf
[buster] - consul <not-affected> (Vulnerable code not present)
NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
NOTE: https://github.com/hashicorp/consul/pull/8068
-CVE-2020-13169
- RESERVED
+CVE-2020-13169 (Stored XSS (Cross-Site Scripting) exists in the SolarWinds
Orion Platf ...)
+ TODO: check
CVE-2020-13168
RESERVED
CVE-2020-13167 (Netsweeper through 6.4.3 allows unauthenticated remote code
execution ...)
@@ -31390,10 +31413,10 @@ CVE-2020-11806 (In MailStore Outlook Add-in (and
Email Archive Outlook Add-in) t
NOT-FOR-US: MailStore Outlook Add-in
CVE-2020-11805
RESERVED
-CVE-2020-11804
- RESERVED
-CVE-2020-11803
- RESERVED
+CVE-2020-11804 (An issue was discovered in Titan SpamTitan 7.07. Due to
improper sanit ...)
+ TODO: check
+CVE-2020-11803 (An issue was discovered in Titan SpamTitan 7.07. Improper
sanitization ...)
+ TODO: check
CVE-2020-11802
RESERVED
CVE-2020-11801
@@ -31957,12 +31980,12 @@ CVE-2020-11702 (An issue was discovered in ProVide
(formerly zFTPServer) through
NOT-FOR-US: ProVide (formerly zFTPServer)
CVE-2020-11701 (An issue was discovered in ProVide (formerly zFTPServer)
through 13.1. ...)
NOT-FOR-US: ProVide (formerly zFTPServer)
-CVE-2020-11700
- RESERVED
-CVE-2020-11699
- RESERVED
-CVE-2020-11698
- RESERVED
+CVE-2020-11700 (An issue was discovered in Titan SpamTitan 7.07. Improper
sanitization ...)
+ TODO: check
+CVE-2020-11699 (An issue was discovered in Titan SpamTitan 7.07. Improper
validation o ...)
+ TODO: check
+CVE-2020-11698 (An issue was discovered in Titan SpamTitan 7.07. Improper
input saniti ...)
+ TODO: check
CVE-2020-11697 (In Combodo iTop, dashboard ids can be exploited with a
reflective XSS ...)
NOT-FOR-US: Combodo iTop
CVE-2020-11696 (In Combodo iTop a menu shortcut name can be exploited with a
stored XS ...)
@@ -33709,7 +33732,7 @@ CVE-2020-11082 (In Kaminari before 1.2.1, there is a
vulnerability that would al
[jessie] - ruby-kaminari <no-dsa> (No reverse dependency)
NOTE:
https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433
NOTE:
https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8
-CVE-2020-11081 (osquery before version 4.4.0 enables a priviledge escalation
vulnerabi ...)
+CVE-2020-11081 (osquery before version 4.4.0 enables a privilege escalation
vulnerabil ...)
- osquery <itp> (bug #803502)
CVE-2020-11080 (In nghttp2 before version 1.41.0, the overly large HTTP/2
SETTINGS fra ...)
{DSA-4696-1}
@@ -41677,8 +41700,8 @@ CVE-2020-8030
RESERVED
CVE-2020-8029
RESERVED
-CVE-2020-8028
- RESERVED
+CVE-2020-8028 (A Improper Access Control vulnerability in the configuration of
salt o ...)
+ TODO: check
CVE-2020-8027
RESERVED
CVE-2020-8026 (A Incorrect Default Permissions vulnerability in the packaging
of inn ...)
@@ -46631,16 +46654,16 @@ CVE-2020-6118 (SQL injection vulnerabilities exist in
the CheckDuplicateStudent.
NOT-FOR-US: OS4Ed openSIS
CVE-2020-6117 (SQL injection vulnerabilities exist in the
CheckDuplicateStudent.php p ...)
NOT-FOR-US: OS4Ed openSIS
-CVE-2020-6116
- RESERVED
-CVE-2020-6115
- RESERVED
+CVE-2020-6116 (An arbitrary code execution vulnerability exists in the
rendering func ...)
+ TODO: check
+CVE-2020-6115 (An exploitable vulnerability exists in the cross-reference
table repai ...)
+ TODO: check
CVE-2020-6114 (An exploitable SQL injection vulnerability exists in the Admin
Reports ...)
NOT-FOR-US: Glacies IceHRM
-CVE-2020-6113
- RESERVED
-CVE-2020-6112
- RESERVED
+CVE-2020-6113 (An exploitable vulnerability exists in the object stream
parsing funct ...)
+ TODO: check
+CVE-2020-6112 (An exploitable code execution vulnerability exists in the
JPEG2000 Str ...)
+ TODO: check
CVE-2020-6111
RESERVED
CVE-2020-6110 (An exploitable partial path traversal vulnerability exists in
the way ...)
@@ -64696,24 +64719,24 @@ CVE-2020-0437
RESERVED
CVE-2020-0436
RESERVED
-CVE-2020-0435
- RESERVED
-CVE-2020-0434
- RESERVED
-CVE-2020-0433
- RESERVED
-CVE-2020-0432
- RESERVED
-CVE-2020-0431
- RESERVED
-CVE-2020-0430
- RESERVED
-CVE-2020-0429
- RESERVED
-CVE-2020-0428
- RESERVED
-CVE-2020-0427
- RESERVED
+CVE-2020-0435 (In inline_data_addr of f2fs.h, there is a possible out of
bounds write ...)
+ TODO: check
+CVE-2020-0434 (In Pixel's use of the Catpipe library, there is possible memory
corrup ...)
+ TODO: check
+CVE-2020-0433 (In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a
possible use ...)
+ TODO: check
+CVE-2020-0432 (In skb_to_mamac of networking.c, there is a possible out of
bounds wri ...)
+ TODO: check
+CVE-2020-0431 (In kbd_keycode of keyboard.c, there is a possible out of bounds
write ...)
+ TODO: check
+CVE-2020-0430 (In skb_headlen of /include/linux/skbuff.h, there is a possible
out of ...)
+ TODO: check
+CVE-2020-0429 (In l2tp_session_delete and related functions of l2tp_core.c,
there is ...)
+ TODO: check
+CVE-2020-0428 (In CamX code, there is a possible use after free due to a race
conditi ...)
+ TODO: check
+CVE-2020-0427 (In create_pinctrl of core.c, there is a possible out of bounds
read du ...)
+ TODO: check
CVE-2020-0426
RESERVED
CVE-2020-0425
@@ -64752,69 +64775,68 @@ CVE-2020-0409
RESERVED
CVE-2020-0408
RESERVED
-CVE-2020-0407
- RESERVED
+CVE-2020-0407 (In various functions in fscrypt_ice.c and related files in some
implem ...)
+ TODO: check
CVE-2020-0406
RESERVED
CVE-2020-0405
RESERVED
-CVE-2020-0404
- RESERVED
+CVE-2020-0404 (In uvc_scan_chain_forward of uvc_driver.c, there is a possible
linked ...)
- linux 5.4.19-1
[buster] - linux 4.19.118-1
[stretch] - linux 4.9.228-1
NOTE:
https://git.kernel.org/linus/68035c80e129c4cfec659aac4180354530b26527
-CVE-2020-0403
- RESERVED
+CVE-2020-0403 (In the FPC TrustZone fingerprint App, there is a possible
invalid comm ...)
+ TODO: check
CVE-2020-0402
RESERVED
NOTE: Duplicate assignment for CVE-2019-19769 (Android security
informed)
-CVE-2020-0401
- RESERVED
+CVE-2020-0401 (In setInstallerPackageName of PackageManagerService.java, there
is a m ...)
+ TODO: check
CVE-2020-0400
RESERVED
-CVE-2020-0399
- RESERVED
+CVE-2020-0399 (In showLimitedSimFunctionWarningNotification of
NotificationMgr.java, ...)
+ TODO: check
CVE-2020-0398
RESERVED
-CVE-2020-0397
- RESERVED
-CVE-2020-0396
- RESERVED
-CVE-2020-0395
- RESERVED
-CVE-2020-0394
- RESERVED
-CVE-2020-0393
- RESERVED
-CVE-2020-0392
- RESERVED
-CVE-2020-0391
- RESERVED
-CVE-2020-0390
- RESERVED
-CVE-2020-0389
- RESERVED
-CVE-2020-0388
- RESERVED
-CVE-2020-0387
- RESERVED
-CVE-2020-0386
- RESERVED
-CVE-2020-0385
- RESERVED
-CVE-2020-0384
- RESERVED
-CVE-2020-0383
- RESERVED
-CVE-2020-0382
- RESERVED
-CVE-2020-0381
- RESERVED
-CVE-2020-0380
- RESERVED
-CVE-2020-0379
- RESERVED
+CVE-2020-0397 (In getNotificationBuilder of CarrierServiceStateTracker.java,
there is ...)
+ TODO: check
+CVE-2020-0396 (In various places in Telephony, there is a possible permission
bypass ...)
+ TODO: check
+CVE-2020-0395 (In showNotification of EmergencyCallbackModeService.java, there
is a p ...)
+ TODO: check
+CVE-2020-0394 (In onCreate of BluetoothPairingDialog.java, there is a possible
tapjac ...)
+ TODO: check
+CVE-2020-0393 (In decrypt and decrypt_1_2 of CryptoPlugin.cpp, there is a
possible ou ...)
+ TODO: check
+CVE-2020-0392 (In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible
code e ...)
+ TODO: check
+CVE-2020-0391 (In applyPolicy of PackageManagerService.java, there is possible
arbitr ...)
+ TODO: check
+CVE-2020-0390 (In the app zygote SE Policy, there is a possible permissions
bypass. T ...)
+ TODO: check
+CVE-2020-0389 (In createSaveNotification of RecordingService.java, there is a
possibl ...)
+ TODO: check
+CVE-2020-0388 (In createEmergencyLocationUserNotification of
GnssVisibilityControl.ja ...)
+ TODO: check
+CVE-2020-0387 (In manifest files of the SmartSpace package, there is a
possible tapja ...)
+ TODO: check
+CVE-2020-0386 (In onCreate of RequestPermissionActivity.java, there is a
possible tap ...)
+ TODO: check
+CVE-2020-0385 (In Parse_insh of eas_mdls.c, there is a possible out of bounds
write d ...)
+ TODO: check
+CVE-2020-0384 (In Parse_art of eas_mdls.c, there is a possible out of bounds
write du ...)
+ TODO: check
+CVE-2020-0383 (In Parse_ins of eas_mdls.c, there is a possible out of bounds
write du ...)
+ TODO: check
+CVE-2020-0382 (In RunInternal of dumpstate.cpp, there is a possible user
consent bypa ...)
+ TODO: check
+CVE-2020-0381 (In Parse_wave of eas_mdls.c, there is a possible out of bounds
write d ...)
+ TODO: check
+CVE-2020-0380 (In allocExcessBits of bitalloc.c, there is a possible out of
bounds wr ...)
+ TODO: check
+CVE-2020-0379 (In the Bluetooth service, there is a possible spoofing attack
due to a ...)
+ TODO: check
CVE-2020-0378
RESERVED
CVE-2020-0377
@@ -64887,8 +64909,8 @@ CVE-2020-0344
RESERVED
CVE-2020-0343
RESERVED
-CVE-2020-0342
- RESERVED
+CVE-2020-0342 (There is a possible out of bounds write due to an incorrect
bounds che ...)
+ TODO: check
CVE-2020-0341
RESERVED
CVE-2020-0340
@@ -65019,8 +65041,8 @@ CVE-2020-0280
RESERVED
CVE-2020-0279
RESERVED
-CVE-2020-0278
- RESERVED
+CVE-2020-0278 (There is a possible out of bounds write due to an incorrect
bounds che ...)
+ TODO: check
CVE-2020-0277
RESERVED
CVE-2020-0276
@@ -65085,8 +65107,8 @@ CVE-2020-0247 (In Threshold::getHistogram of
ImageProcessHelper.java, there is a
NOT-FOR-US: Android
CVE-2020-0246
RESERVED
-CVE-2020-0245
- RESERVED
+CVE-2020-0245 (In DecodeFrameCombinedMode of combined_decode.cpp, there is a
possible ...)
+ TODO: check
CVE-2020-0244
RESERVED
CVE-2020-0243 (In clearPropValue of MediaAnalyticsItem.cpp, there is a
possible use-a ...)
@@ -65117,8 +65139,8 @@ CVE-2020-0231 (There is a possible out of bounds write
due to an incorrect bound
NOT-FOR-US: MediaTek components for Android
CVE-2020-0230 (There is a possible out of bounds write due to an incorrect
bounds che ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2020-0229
- RESERVED
+CVE-2020-0229 (There is a possible out of bounds write due to an incorrect
bounds che ...)
+ TODO: check
CVE-2020-0228 (There is an improper configuration of recorder related service.
Produc ...)
NOT-FOR-US: MediaTek components for Android
CVE-2020-0227 (In onCommand of CompanionDeviceManagerService.java, there is a
possibl ...)
@@ -65342,8 +65364,8 @@ CVE-2020-0125
RESERVED
CVE-2020-0124 (In markBootComplete of InstalldNativeService.cpp, there is a
possible ...)
NOT-FOR-US: Android
-CVE-2020-0123
- RESERVED
+CVE-2020-0123 (There is a possible out of bounds write due to an incorrect
bounds che ...)
+ TODO: check
CVE-2020-0122 (In the permission declaration for
com.google.android.providers.gsf.per ...)
NOT-FOR-US: Android
CVE-2020-0121 (In updateUidProcState of AppOpsService.java, there is a
possible permi ...)
@@ -65450,8 +65472,8 @@ CVE-2020-0076 (In get_auth_result of the FPC IRIS
TrustZone app, there is a poss
NOT-FOR-US: Android
CVE-2020-0075 (In set_shared_key of the FPC IRIS TrustZone app, there is a
possible o ...)
NOT-FOR-US: Android
-CVE-2020-0074
- RESERVED
+CVE-2020-0074 (In verifyIntentFiltersIfNeeded of PackageManagerService.java,
there is ...)
+ TODO: check
CVE-2020-0073 (In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a
possible ...)
NOT-FOR-US: Android
CVE-2020-0072 (In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a
possible ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6c094554b239bd76ebfd126d30906916de531ba
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6c094554b239bd76ebfd126d30906916de531ba
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
