Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
233e8ce7 by security tracker role at 2020-09-23T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2020-25850
+ RESERVED
+CVE-2020-25849
+ RESERVED
+CVE-2020-25848
+ RESERVED
+CVE-2020-25847
+ RESERVED
+CVE-2020-25846
+ RESERVED
+CVE-2020-25845
+ RESERVED
+CVE-2020-25844
+ RESERVED
+CVE-2020-25843
+ RESERVED
+CVE-2020-25842
+ RESERVED
+CVE-2020-25841
+ RESERVED
+CVE-2020-25840
+ RESERVED
+CVE-2020-25839
+ RESERVED
+CVE-2020-25838
+ RESERVED
+CVE-2020-25837
+ RESERVED
+CVE-2020-25836
+ RESERVED
+CVE-2020-25835
+ RESERVED
+CVE-2020-25834
+ RESERVED
+CVE-2020-25833
+ RESERVED
+CVE-2020-25832
+ RESERVED
+CVE-2020-25831
+ RESERVED
+CVE-2020-25830
+ RESERVED
+CVE-2020-25829
+ RESERVED
+CVE-2020-25828
+ RESERVED
+CVE-2020-25827
+ RESERVED
CVE-2020-25826 (PingID Integration for Windows Login before 2.4.2 allows local
users t ...)
NOT-FOR-US: PingID Integration for Windows Login
CVE-2020-25825
@@ -191,8 +239,8 @@ CVE-2020-25741
RESERVED
CVE-2020-25740
RESERVED
-CVE-2020-25739
- RESERVED
+CVE-2020-25739 (An issue was discovered in the gon gem before gon-6.4.0 for
Ruby. Mult ...)
+ TODO: check
CVE-2020-25738
RESERVED
CVE-2020-25737
@@ -2617,12 +2665,12 @@ CVE-2020-24628
RESERVED
CVE-2020-24627
RESERVED
-CVE-2020-24626
- RESERVED
-CVE-2020-24625
- RESERVED
-CVE-2020-24624
- RESERVED
+CVE-2020-24626 (Unathenticated directory traversal in the ReceiverServlet
class doPost ...)
+ TODO: check
+CVE-2020-24625 (Unathenticated directory traversal in the ReceiverServlet
class doGet( ...)
+ TODO: check
+CVE-2020-24624 (Unathenticated directory traversal in the DownloadServlet
class execut ...)
+ TODO: check
CVE-2020-24623 (A potential security vulnerability has been identified in
Hewlett Pack ...)
NOT-FOR-US: Hewlett Packard Enterprise Universal API Framework
CVE-2020-24622 (In Sonatype Nexus Repository 3.26.1, an S3 secret key can be
exposed b ...)
@@ -3531,8 +3579,8 @@ CVE-2020-24215
RESERVED
CVE-2020-24214
RESERVED
-CVE-2020-24213
- RESERVED
+CVE-2020-24213 (An integer overflow was discovered in YGOPro ygocore v13.51.
Attackers ...)
+ TODO: check
CVE-2020-24212
REJECTED
CVE-2020-24211
@@ -19615,16 +19663,16 @@ CVE-2020-16246
RESERVED
CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product
is vulne ...)
NOT-FOR-US: Advantech
-CVE-2020-16244
- RESERVED
+CVE-2020-16244 (GE Digital APM Classic, Versions 4.4 and prior. Salt is not
used for h ...)
+ TODO: check
CVE-2020-16243
RESERVED
CVE-2020-16242
RESERVED
CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior. The software does
not restr ...)
NOT-FOR-US: Philips SureSigns
-CVE-2020-16240
- RESERVED
+CVE-2020-16240 (GE Digital APM Classic, Versions 4.4 and prior. An insecure
direct obj ...)
+ TODO: check
CVE-2020-16239 (Philips SureSigns VS4, A.07.107 and prior. When an actor
claims to hav ...)
NOT-FOR-US: Philips SureSigns
CVE-2020-16238
@@ -24401,8 +24449,8 @@ CVE-2020-14372
CVE-2020-14371
RESERVED
NOT-FOR-US: Red Hat Satellite
-CVE-2020-14370
- RESERVED
+CVE-2020-14370 (An information disclosure vulnerability was found in
containers/podman ...)
+ TODO: check
CVE-2020-14369
RESERVED
NOT-FOR-US: Red Hat CloudForm
@@ -24419,8 +24467,7 @@ CVE-2020-14367 (A flaw was found in chrony versions
before 3.5.1 when creating t
NOTE: additionally mitigating the issue. Earlier versions used
/var/run/chronyd.pid.
CVE-2020-14366
RESERVED
-CVE-2020-14365 [dnf module install packages with no GPG signature]
- RESERVED
+CVE-2020-14365 (A flaw was found in the Ansible Engine, in ansible-engine
2.8.x before ...)
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869154
CVE-2020-14364 (An out-of-bounds read/write access flaw was found in the USB
emulator ...)
@@ -34244,8 +34291,8 @@ CVE-2020-11032 (In GLPI before version 9.4.6, there is
a SQL injection vulnerabi
- glpi <removed> (unimportant)
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-344w-34h9-wwhh
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2020-11031
- RESERVED
+CVE-2020-11031 (In GLPI before version 9.5.0, the encryption algorithm used is
insecur ...)
+ TODO: check
CVE-2020-11030 (In affected versions of WordPress, a special payload can be
crafted th ...)
- wordpress 5.4.1+dfsg1-1 (bug #959391)
[buster] - wordpress <not-affected> (Vulnerable code not present)
@@ -35466,8 +35513,7 @@ CVE-2020-10716
NOT-FOR-US: tfm-rubygem-foreman_ansible / Red Hat Satellite's Job
Invocation
CVE-2020-10715 (A content spoofing vulnerability was found in the
openshift/console 3. ...)
NOT-FOR-US: Openshift Web Console
-CVE-2020-10714
- RESERVED
+CVE-2020-10714 (A flaw was found in WildFly Elytron version 1.11.3.Final and
before. W ...)
NOT-FOR-US: WildFly Elytron
CVE-2020-10713 (A flaw was found in grub2, prior to version 2.06. An attacker
may use ...)
{DSA-4735-1}
@@ -35588,8 +35634,7 @@ CVE-2020-10688
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974
NOTE: https://github.com/quarkusio/quarkus/issues/7248
NOTE: https://issues.redhat.com/browse/RESTEASY-2519 (restricted)
-CVE-2020-10687
- RESERVED
+CVE-2020-10687 (A flaw was discovered in all versions of Undertow before
Undertow 2.2. ...)
- undertow 2.2.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1785049
NOTE: https://issues.jboss.org/browse/UNDERTOW-1780
@@ -44167,10 +44212,10 @@ CVE-2020-7124
RESERVED
CVE-2020-7123
RESERVED
-CVE-2020-7122
- RESERVED
-CVE-2020-7121
- RESERVED
+CVE-2020-7122 (Two memory corruption vulnerabilities in the Aruba CX Switches
Series ...)
+ TODO: check
+CVE-2020-7121 (Two memory corruption vulnerabilities in the Aruba CX Switches
Series ...)
+ TODO: check
CVE-2020-7120
RESERVED
CVE-2020-7119 (A vulnerability exists in the Aruba Analytics and Location
Engine (ALE ...)
@@ -47686,12 +47731,12 @@ CVE-2020-5785
RESERVED
CVE-2020-5784
RESERVED
-CVE-2020-5783
- RESERVED
-CVE-2020-5782
- RESERVED
-CVE-2020-5781
- RESERVED
+CVE-2020-5783 (In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality
does n ...)
+ TODO: check
+CVE-2020-5782 (In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and
sets the ...)
+ TODO: check
+CVE-2020-5781 (In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection
parameter is ...)
+ TODO: check
CVE-2020-5780 (Missing Authentication for Critical Function in Icegram Email
Subscrib ...)
NOT-FOR-US: Icegram Email Subscribers & Newsletters Plugin for WordPress
CVE-2020-5779 (A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe)
relates t ...)
@@ -51262,8 +51307,8 @@ CVE-2020-4342 (IBM Security Secret Server 10.7 could
disclose sensitive informat
NOT-FOR-US: IBM
CVE-2020-4341 (IBM Security Secret Server 10.7 could allow a remote attacker
to obtai ...)
NOT-FOR-US: IBM
-CVE-2020-4340
- RESERVED
+CVE-2020-4340 (IBM Security Secret Server prior to 10.9 could allow an
attacker to by ...)
+ TODO: check
CVE-2020-4339
RESERVED
CVE-2020-4338 (IBM MQ 9.1.4 could allow a local attacker to obtain sensitive
informat ...)
@@ -51294,8 +51339,8 @@ CVE-2020-4326
RESERVED
CVE-2020-4325 (The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1,
19.0.0 ...)
NOT-FOR-US: IBM
-CVE-2020-4324
- RESERVED
+CVE-2020-4324 (IBM Security Secret Server proir to 10.9 could allow a remote
attacker ...)
+ TODO: check
CVE-2020-4323 (IBM Security Secret Server 10.7 is vulnerable to cross-site
scripting. ...)
NOT-FOR-US: IBM
CVE-2020-4322 (IBM Security Secret Server 10.7 could allow a remote attacker
to hijac ...)
@@ -57249,26 +57294,19 @@ CVE-2020-2287
RESERVED
CVE-2020-2286
RESERVED
-CVE-2020-2285
- RESERVED
+CVE-2020-2285 (A missing permission check in Jenkins Liquibase Runner Plugin
1.4.7 an ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2284
- RESERVED
+CVE-2020-2284 (Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not
configure i ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2283
- RESERVED
+CVE-2020-2283 (Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not
escape chan ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2282
- RESERVED
+CVE-2020-2282 (Jenkins Implied Labels Plugin 0.6 and earlier does not perform
a permi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2281
- RESERVED
+CVE-2020-2281 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Lockable ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2280
- RESERVED
+CVE-2020-2280 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Warnings ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2279
- RESERVED
+CVE-2020-2279 (A sandbox bypass vulnerability in Jenkins Script Security
Plugin 1.74 ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2278 (Jenkins Storable Configs Plugin 1.0 and earlier does not
restrict the ...)
NOT-FOR-US: Jenkins plugin
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/233e8ce73f4222f3060d61158d8925e0641d75fd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/233e8ce73f4222f3060d61158d8925e0641d75fd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
