Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8384d9b6 by security tracker role at 2020-10-15T08:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,22 @@
-CVE-2020-27153 [shared/att: Fix possible crash on disconnect]
+CVE-2020-27160
+ RESERVED
+CVE-2020-27159
+ RESERVED
+CVE-2020-27158
+ RESERVED
+CVE-2020-27157 (Veritas APTARE versions prior to 10.5 included code that
bypassed the ...)
+ TODO: check
+CVE-2020-27156 (Veritas APTARE versions prior to 10.5 did not perform adequate
authori ...)
+ TODO: check
+CVE-2020-27155
+ RESERVED
+CVE-2020-27154
+ RESERVED
+CVE-2020-27152
+ RESERVED
+CVE-2020-27151
+ RESERVED
+CVE-2020-27153 (In BlueZ before 5.55, a double free was found in the gatttool
disconne ...)
- bluez 5.55-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1884817
NOTE:
https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a
@@ -28575,7 +28593,7 @@ CVE-2020-13957 (Apache Solr versions 6.6.0 to 6.6.6,
7.0.0 to 7.7.3 and 8.0.0 to
- lucene-solr <not-affected> (Vulnerable functionality not yet present)
CVE-2020-13956 [incorrect handling of malformed authority component in request
URIs]
RESERVED
- {DLA-2405-1}
+ {DSA-4772-1 DLA-2405-1}
- httpcomponents-client 4.5.13-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1886587
NOTE: Fixed by:
https://github.com/apache/httpcomponents-client/commit/e628b4c5c464c2fa346385596cc78e035a91a62e
(4.5.13-RC1)
@@ -44291,18 +44309,18 @@ CVE-2020-8352
RESERVED
CVE-2020-8351
RESERVED
-CVE-2020-8350
- RESERVED
-CVE-2020-8349
- RESERVED
+CVE-2020-8350 (An authentication bypass vulnerability was reported in Lenovo
ThinkPad ...)
+ TODO: check
+CVE-2020-8349 (An internal security review has identified an unauthenticated
remote c ...)
+ TODO: check
CVE-2020-8348 (A DOM-based cross-site scripting (XSS) vulnerability was
reported in L ...)
NOT-FOR-US: Lenovo
CVE-2020-8347 (A reflective cross-site scripting (XSS) vulnerability was
reported in ...)
NOT-FOR-US: Lenovo
CVE-2020-8346 (A denial of service vulnerability was reported in the Lenovo
Vantage c ...)
NOT-FOR-US: Lenovo
-CVE-2020-8345
- RESERVED
+CVE-2020-8345 (A DLL search path vulnerability was reported in the Lenovo
HardwareSca ...)
+ TODO: check
CVE-2020-8344
REJECTED
CVE-2020-8343
@@ -44315,8 +44333,8 @@ CVE-2020-8340 (A cross-site scripting (XSS)
vulnerability was discovered in the
NOT-FOR-US: IBM
CVE-2020-8339 (A cross-site scripting inclusion (XSSI) vulnerability was
reported in ...)
NOT-FOR-US: IBM
-CVE-2020-8338
- RESERVED
+CVE-2020-8338 (A DLL search path vulnerability was reported in Lenovo
Diagnostics pri ...)
+ TODO: check
CVE-2020-8337 (An unquoted search path vulnerability was reported in versions
prior t ...)
NOT-FOR-US: Synaptics Smart Audio UWP app
CVE-2020-8336 (Lenovo implemented Intel CSME Anti-rollback ARB protections on
some Th ...)
@@ -44327,8 +44345,8 @@ CVE-2020-8334 (The BIOS tamper detection mechanism was
not triggered in Lenovo T
NOT-FOR-US: Lenovo
CVE-2020-8333 (A potential vulnerability in the SMI callback function used in
the EEP ...)
NOT-FOR-US: Lenovo
-CVE-2020-8332
- RESERVED
+CVE-2020-8332 (A potential vulnerability in the SMI callback function used in
the leg ...)
+ TODO: check
CVE-2020-8331
REJECTED
CVE-2020-8330 (A denial of service vulnerability was reported in the firmware
prior t ...)
@@ -46681,8 +46699,8 @@ CVE-2020-7385
RESERVED
CVE-2020-7384
RESERVED
-CVE-2020-7383
- RESERVED
+CVE-2020-7383 (A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49
that m ...)
+ TODO: check
CVE-2020-7382 (Rapid7 Nexpose installer version prior to 6.6.40 contains an
Unquoted ...)
NOT-FOR-US: Rapid7 Nexpose installer
CVE-2020-7381 (In Rapid7 Nexpose installer versions prior to 6.6.40, the
Nexpose inst ...)
@@ -49496,34 +49514,34 @@ CVE-2020-6377 (Use after free in audio in Google
Chrome prior to 79.0.3945.117 a
{DSA-4606-1}
- chromium 79.0.3945.130-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6376
- RESERVED
-CVE-2020-6375
- RESERVED
-CVE-2020-6374
- RESERVED
-CVE-2020-6373
- RESERVED
-CVE-2020-6372
- RESERVED
-CVE-2020-6371
- RESERVED
+CVE-2020-6376 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6375 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6374 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6373 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6372 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2020-6371 (User enumeration vulnerability can be exploited to get a list
of user ...)
+ TODO: check
CVE-2020-6370
RESERVED
CVE-2020-6369
RESERVED
-CVE-2020-6368
- RESERVED
+CVE-2020-6368 (SAP Business Planning and Consolidation, versions - 750, 751,
752, 753 ...)
+ TODO: check
CVE-2020-6367
RESERVED
CVE-2020-6366
RESERVED
-CVE-2020-6365
- RESERVED
-CVE-2020-6364
- RESERVED
-CVE-2020-6363
- RESERVED
+CVE-2020-6365 (SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31,
7.40, ...)
+ TODO: check
+CVE-2020-6364 (SAP Solution Manager and SAP Focused Run (update provided in
WILY_INTR ...)
+ TODO: check
+CVE-2020-6363 (SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes
several ...)
+ TODO: check
CVE-2020-6362
RESERVED
CVE-2020-6361 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
@@ -49602,16 +49620,16 @@ CVE-2020-6325
RESERVED
CVE-2020-6324 (SAP Netweaver AS ABAP(BSP Test Application sbspext_table),
version-700 ...)
NOT-FOR-US: SAP
-CVE-2020-6323
- RESERVED
+CVE-2020-6323 (SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions
- 7.50 ...)
+ TODO: check
CVE-2020-6322 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
NOT-FOR-US: SAP
CVE-2020-6321 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
NOT-FOR-US: SAP
CVE-2020-6320 (SAP Marketing (Servlet), version-130,140,150, allows an
authenticated ...)
NOT-FOR-US: SAP
-CVE-2020-6319
- RESERVED
+CVE-2020-6319 (SAP NetWeaver Application Server Java, versions - 7.10, 7.11,
7.20, 7. ...)
+ TODO: check
CVE-2020-6318 (A Remote Code Execution vulnerability exists in the SAP
NetWeaver (ABA ...)
NOT-FOR-US: SAP
CVE-2020-6317
@@ -49704,8 +49722,8 @@ CVE-2020-6274
RESERVED
CVE-2020-6273 (SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions
103, 1 ...)
NOT-FOR-US: SAP
-CVE-2020-6272
- RESERVED
+CVE-2020-6272 (SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not
suffici ...)
+ TODO: check
CVE-2020-6271 (SAP Solution Manager (Problem Context Manager), version 7.2,
does not ...)
NOT-FOR-US: SAP
CVE-2020-6270 (SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711,
740, 75 ...)
@@ -51079,8 +51097,8 @@ CVE-2020-5644
RESERVED
CVE-2020-5643
RESERVED
-CVE-2020-5642
- RESERVED
+CVE-2020-5642 (Cross-site request forgery (CSRF) vulnerability in Live Chat -
Live su ...)
+ TODO: check
CVE-2020-5641
RESERVED
CVE-2020-5640
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8384d9b6a09e08122f8370abb3ffccf9ff3e4a4e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8384d9b6a09e08122f8370abb3ffccf9ff3e4a4e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
