Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 73ebf25b by security tracker role at 2020-07-28T20:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,11 +1,17 @@ +CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious ...) + TODO: check +CVE-2020-16093 + RESERVED +CVE-2020-16092 + RESERVED CVE-2020-16091 RESERVED CVE-2020-16090 RESERVED CVE-2020-16089 RESERVED -CVE-2020-16088 - RESERVED +CVE-2020-16088 (iked in OpenIKED, as used in OpenBSD through 6.7, allows authenticatio ...) + TODO: check CVE-2020-16087 RESERVED CVE-2020-16086 @@ -395,16 +401,15 @@ CVE-2020-15902 (Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link NOT-FOR-US: Nagios XI CVE-2020-15901 (ajaxhelper.php in Nagios XI before 5.7.2 allows remote attackers to ex ...) NOT-FOR-US: Nagios XI -CVE-2020-15900 [Memory Corruption] - RESERVED +CVE-2020-15900 (A memory corruption issue was found in Artifex Ghostscript 9.50 and 9. ...) - ghostscript <unfixed> [buster] - ghostscript <not-affected> (Vulnerable code introduced later) [stretch] - ghostscript <not-affected> (Vulnerable code introduced later) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702582 NOTE: Introduced by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff (9.28rc1) NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b -CVE-2020-15899 - RESERVED +CVE-2020-15899 (Grin 3.0.0 before 4.0.0 has insufficient validation of data related to ...) + TODO: check CVE-2020-15898 RESERVED CVE-2020-15897 @@ -498,8 +503,7 @@ CVE-2020-15865 RESERVED CVE-2020-15864 RESERVED -CVE-2020-15863 [stack-based overflow in xgmac_enet_send() in hw/net/xgmac.c] - RESERVED +CVE-2020-15863 (hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2 ...) {DLA-2288-1} - qemu 1:5.0-12 [buster] - qemu <postponed> (Minor issue, can be fixed along in next DSA) @@ -849,14 +853,14 @@ CVE-2020-15717 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper valida NOT-FOR-US: RosarioSIS CVE-2020-15716 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...) NOT-FOR-US: RosarioSIS -CVE-2020-15715 - RESERVED -CVE-2020-15714 - RESERVED -CVE-2020-15713 - RESERVED -CVE-2020-15712 - RESERVED +CVE-2020-15715 (rConfig 3.9.5 could allow a remote authenticated attacker to execute a ...) + TODO: check +CVE-2020-15714 (rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated a ...) + TODO: check +CVE-2020-15713 (rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated a ...) + TODO: check +CVE-2020-15712 (rConfig 3.9.5 could allow a remote authenticated attacker to traverse ...) + TODO: check CVE-2020-15711 (In MISP before 2.4.129, setting a favourite homepage was not CSRF prot ...) NOT-FOR-US: MISP CVE-2020-15710 @@ -1045,52 +1049,52 @@ CVE-2020-15630 RESERVED CVE-2020-15629 RESERVED -CVE-2020-15628 - RESERVED -CVE-2020-15627 - RESERVED -CVE-2020-15626 - RESERVED -CVE-2020-15625 - RESERVED -CVE-2020-15624 - RESERVED -CVE-2020-15623 - RESERVED -CVE-2020-15622 - RESERVED -CVE-2020-15621 - RESERVED -CVE-2020-15620 - RESERVED -CVE-2020-15619 - RESERVED -CVE-2020-15618 - RESERVED -CVE-2020-15617 - RESERVED -CVE-2020-15616 - RESERVED -CVE-2020-15615 - RESERVED -CVE-2020-15614 - RESERVED -CVE-2020-15613 - RESERVED -CVE-2020-15612 - RESERVED -CVE-2020-15611 - RESERVED -CVE-2020-15610 - RESERVED -CVE-2020-15609 - RESERVED -CVE-2020-15608 - RESERVED -CVE-2020-15607 - RESERVED -CVE-2020-15606 - RESERVED +CVE-2020-15628 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-15627 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-15626 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-15625 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-15624 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-15623 (This vulnerability allows remote attackers to write arbitrary files on ...) + TODO: check +CVE-2020-15622 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-15621 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-15620 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-15619 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-15618 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-15617 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-15616 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-15615 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15614 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15613 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15612 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15611 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15610 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15609 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15608 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15607 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15606 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check CVE-2020-15605 RESERVED CVE-2020-15604 @@ -1518,46 +1522,46 @@ CVE-2020-15437 RESERVED CVE-2020-15436 RESERVED -CVE-2020-15435 - RESERVED -CVE-2020-15434 - RESERVED -CVE-2020-15433 - RESERVED -CVE-2020-15432 - RESERVED -CVE-2020-15431 - RESERVED -CVE-2020-15430 - RESERVED -CVE-2020-15429 - RESERVED -CVE-2020-15428 - RESERVED -CVE-2020-15427 - RESERVED -CVE-2020-15426 - RESERVED -CVE-2020-15425 - RESERVED -CVE-2020-15424 - RESERVED -CVE-2020-15423 - RESERVED -CVE-2020-15422 - RESERVED -CVE-2020-15421 - RESERVED -CVE-2020-15420 - RESERVED -CVE-2020-15419 - RESERVED -CVE-2020-15418 - RESERVED -CVE-2020-15417 - RESERVED -CVE-2020-15416 - RESERVED +CVE-2020-15435 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15434 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15433 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15432 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15431 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15430 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15429 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15428 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15427 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15426 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15425 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15424 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15423 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15422 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15421 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15420 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-15419 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-15418 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-15417 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + TODO: check +CVE-2020-15416 (This vulnerability allows network-adjacent attackers to bypass authent ...) + TODO: check CVE-2020-15415 (On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, c ...) NOT-FOR-US: DrayTek CVE-2020-15414 @@ -1572,8 +1576,8 @@ CVE-2020-15410 RESERVED CVE-2020-15409 RESERVED -CVE-2020-15408 - RESERVED +CVE-2020-15408 (An issue was discovered in Pulse Secure Pulse Connect Secure before 9. ...) + TODO: check CVE-2020-15407 RESERVED CVE-2020-15406 @@ -2194,7 +2198,7 @@ CVE-2020-15121 (In radare2 before version 4.5.0, malformed PDB file names in the NOTE: https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9 NOTE: https://github.com/radareorg/radare2/issues/16945 NOTE: https://github.com/radareorg/radare2/pull/16966 -CVE-2020-15120 (An authenticated member of one project can modify and delete members o ...) +CVE-2020-15120 (In "I hate money" before version 4.1.5, an authenticated member of one ...) NOT-FOR-US: ihatemoney CVE-2020-15119 RESERVED @@ -5311,20 +5315,20 @@ CVE-2020-13921 RESERVED CVE-2020-13920 RESERVED -CVE-2020-13919 - RESERVED -CVE-2020-13918 - RESERVED -CVE-2020-13917 - RESERVED -CVE-2020-13916 - RESERVED -CVE-2020-13915 - RESERVED -CVE-2020-13914 - RESERVED -CVE-2020-13913 - RESERVED +CVE-2020-13919 (emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow ...) + TODO: check +CVE-2020-13918 (Incorrect access control in webs in Ruckus Wireless Unleashed through ...) + TODO: check +CVE-2020-13917 (rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remot ...) + TODO: check +CVE-2020-13916 (A stack buffer overflow in webs in Ruckus Wireless Unleashed through 2 ...) + TODO: check +CVE-2020-13915 (Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed throu ...) + TODO: check +CVE-2020-13914 (webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a rem ...) + TODO: check +CVE-2020-13913 (An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102 ...) + TODO: check CVE-2020-13912 (SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users ...) NOT-FOR-US: SolarWinds Advanced Monitoring Agent CVE-2020-13911 (Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a ...) @@ -13375,7 +13379,7 @@ CVE-2020-11111 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the in NOTE: https://github.com/FasterXML/jackson-databind/issues/2664 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. -CVE-2020-11110 (Grafana through 6.7.1 allows stored XSS. ...) +CVE-2020-11110 (Grafana through 6.7.1 allows stored XSS due to insufficient input prot ...) - grafana <removed> CVE-2020-11109 RESERVED @@ -14068,22 +14072,22 @@ CVE-2020-10932 (An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x [stretch] - mbedtls <no-dsa> (Minor issue) NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04 -CVE-2020-10930 - RESERVED -CVE-2020-10929 - RESERVED -CVE-2020-10928 - RESERVED -CVE-2020-10927 - RESERVED -CVE-2020-10926 - RESERVED -CVE-2020-10925 - RESERVED -CVE-2020-10924 - RESERVED -CVE-2020-10923 - RESERVED +CVE-2020-10930 (This vulnerability allows network-adjacent attackers to disclose sensi ...) + TODO: check +CVE-2020-10929 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + TODO: check +CVE-2020-10928 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + TODO: check +CVE-2020-10927 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + TODO: check +CVE-2020-10926 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + TODO: check +CVE-2020-10925 (This vulnerability allows network-adjacent attackers to compromise the ...) + TODO: check +CVE-2020-10924 (This vulnerability allows network-adjacent attackers to bypass authent ...) + TODO: check +CVE-2020-10923 (This vulnerability allows network-adjacent attackers to bypass authent ...) + TODO: check CVE-2020-10922 (This vulnerability allows remote attackers to create a denial-of-servi ...) NOT-FOR-US: C-MORE HMI CVE-2020-10921 (This vulnerability allows remote attackers to issue commands on affect ...) @@ -15048,7 +15052,7 @@ CVE-2020-10684 (A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x an NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1815519 NOTE: https://github.com/ansible/ansible/pull/68431 NOTE: https://github.com/ansible/ansible/commit/a9d2ceafe429171c0e2ad007058b88bae57c74ce -CVE-2020-10683 (dom4j before 2.1.3 allows external DTDs and External Entities by defau ...) +CVE-2020-10683 (dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and Ext ...) {DLA-2191-1} - dom4j <unfixed> (bug #958055) [buster] - dom4j <no-dsa> (Minor issue) @@ -22221,8 +22225,8 @@ CVE-2020-7687 (This affects all versions of package fast-http. There is no path TODO: check CVE-2020-7686 (This affects all versions of package rollup-plugin-dev-server. There i ...) TODO: check -CVE-2020-7685 - RESERVED +CVE-2020-7685 (This affects all versions of package UmbracoForms. When using the defa ...) + TODO: check CVE-2020-7684 (This affects all versions of package rollup-plugin-serve. There is no ...) TODO: check CVE-2020-7683 (This affects all versions of package rollup-plugin-server. There is no ...) @@ -27807,8 +27811,8 @@ CVE-2020-5379 RESERVED CVE-2020-5378 RESERVED -CVE-2020-5377 - RESERVED +CVE-2020-5377 (Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior ...) + TODO: check CVE-2020-5376 RESERVED CVE-2020-5375 @@ -30236,8 +30240,8 @@ CVE-2020-4467 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote at NOT-FOR-US: IBM CVE-2020-4466 (IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authentica ...) NOT-FOR-US: IBM -CVE-2020-4465 - RESERVED +CVE-2020-4465 (IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and ...) + TODO: check CVE-2020-4464 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional co ...) NOT-FOR-US: IBM CVE-2020-4463 @@ -30416,8 +30420,8 @@ CVE-2020-4377 RESERVED CVE-2020-4376 (IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could ...) NOT-FOR-US: IBM -CVE-2020-4375 - RESERVED +CVE-2020-4375 (IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 ...) + TODO: check CVE-2020-4374 RESERVED CVE-2020-4373 @@ -30528,12 +30532,12 @@ CVE-2020-4321 RESERVED CVE-2020-4320 (IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9 ...) NOT-FOR-US: IBM -CVE-2020-4319 - RESERVED -CVE-2020-4318 - RESERVED -CVE-2020-4317 - RESERVED +CVE-2020-4319 (IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and ...) + TODO: check +CVE-2020-4318 (IBM Intelligent Operations Center for Emergency Management, Intelligen ...) + TODO: check +CVE-2020-4317 (IBM Intelligent Operations Center for Emergency Management, Intelligen ...) + TODO: check CVE-2020-4316 (IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure ...) NOT-FOR-US: IBM CVE-2020-4315 @@ -84927,8 +84931,8 @@ CVE-2019-4733 RESERVED CVE-2019-4732 (IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7. ...) NOT-FOR-US: IBM -CVE-2019-4731 - RESERVED +CVE-2019-4731 (IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highl ...) + TODO: check CVE-2019-4730 RESERVED CVE-2019-4729 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...) @@ -119515,7 +119519,7 @@ CVE-2018-11696 (An issue was discovered in LibSass through 3.5.4. A NULL pointer [stretch] - libsass <no-dsa> (Minor issue) NOTE: https://github.com/sass/libsass/issues/2665 NOTE: https://github.com/sass/libsass/commit/38f4c3699d06b64128bebc7cf1e8b3125be74dc4 -CVE-2018-11695 (An issue was discovered in LibSass through 3.5.2. A NULL pointer deref ...) +CVE-2018-11695 (An issue was discovered in LibSass <3.5.3. A NULL pointer dereferen ...) - libsass 3.5.4-1 (low) [stretch] - libsass <no-dsa> (Minor issue) NOTE: https://github.com/sass/libsass/issues/2664 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73ebf25bdc13edb2e79818734769eef7563e8c4b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73ebf25bdc13edb2e79818734769eef7563e8c4b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits