[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 03 Aug 2020 13:11:05 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
853578fd by security tracker role at 2020-08-03T20:10:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2020-16286
+       RESERVED
+CVE-2020-16285
+       RESERVED
+CVE-2020-16284
+       RESERVED
+CVE-2020-16283
+       RESERVED
+CVE-2020-16282
+       RESERVED
+CVE-2020-16281
+       RESERVED
+CVE-2020-16280
+       RESERVED
+CVE-2020-16279
+       RESERVED
+CVE-2020-16278
+       RESERVED
+CVE-2020-16277
+       RESERVED
+CVE-2020-16276
+       RESERVED
+CVE-2020-16275
+       RESERVED
+CVE-2020-16274
+       RESERVED
+CVE-2020-16273
+       RESERVED
+CVE-2020-16272 (The SRP-6a implementation in Kee Vault KeePassRPC before 
1.12.0 is mis ...)
+       TODO: check
+CVE-2020-16271 (The SRP-6a implementation in Kee Vault KeePassRPC before 
1.12.0 genera ...)
+       TODO: check
+CVE-2020-16270
+       RESERVED
+CVE-2020-16269 (radare2 4.5.0 misparses DWARF information in executable files, 
causing ...)
+       TODO: check
+CVE-2020-16268
+       RESERVED
+CVE-2020-16267
+       RESERVED
+CVE-2020-16266
+       RESERVED
+CVE-2015-9549 (A reflected Cross-site Scripting (XSS) vulnerability exists in 
OcPorta ...)
+       TODO: check
 CVE-2020-16265
        RESERVED
 CVE-2020-16264
@@ -273,8 +317,8 @@ CVE-2020-16132
        RESERVED
 CVE-2017-18923 (beroNet VoIP Gateways before 3.0.16 have a PHP script that 
allows down ...)
        NOT-FOR-US: beroNet
-CVE-2020-16131
-       RESERVED
+CVE-2020-16131 (Tiki before 21.2 allows XSS because [\s\/"\'] is not properly 
consider ...)
+       TODO: check
 CVE-2020-16130
        RESERVED
 CVE-2020-16129
@@ -1023,6 +1067,7 @@ CVE-2020-15805
 CVE-2020-15804
        RESERVED
 CVE-2020-15803 (Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 
4.4.x bef ...)
+       {DLA-2311-1}
        - zabbix 1:5.0.2+dfsg-1 (bug #966146)
        [buster] - zabbix <no-dsa> (Minor issue)
        NOTE: https://support.zabbix.com/browse/ZBX-18057
@@ -4766,8 +4811,7 @@ CVE-2020-14321
        RESERVED
 CVE-2020-14320
        RESERVED
-CVE-2020-14319
-       RESERVED
+CVE-2020-14319 (It was found that the AMQ Online console is vulnerable to a 
Cross-Site ...)
        NOT-FOR-US: AMQ Online
 CVE-2020-14318
        RESERVED
@@ -6055,8 +6099,8 @@ CVE-2020-13822 (The Elliptic package 6.5.2 for Node.js 
allows ECDSA signature ma
        NOTE: https://github.com/indutny/elliptic/issues/226
 CVE-2020-13821
        RESERVED
-CVE-2020-13820
-       RESERVED
+CVE-2020-13820 (Extreme Management Center 8.4.1.24 allows unauthenticated 
reflected XS ...)
+       TODO: check
 CVE-2020-13819
        RESERVED
 CVE-2020-13818 (In Zoho ManageEngine OpManager before 125144, when 
&lt;cachestart&gt;  ...)
@@ -8716,8 +8760,8 @@ CVE-2020-12740 (tcprewrite in Tcpreplay through 4.3.2 has 
a heap-based buffer ov
        NOTE: Fixed with: https://github.com/appneta/tcpreplay/issues/578
        NOTE: --fuzz-seed in PoC not present until version 4.2.0
        NOTE: Crash in CLI tool, no security impact
-CVE-2020-12739
-       RESERVED
+CVE-2020-12739 (A vulnerability in the Fanuc i Series CNC (0i-MD and 0i 
Mate-MD) could ...)
+       TODO: check
 CVE-2020-12738
        RESERVED
 CVE-2020-12737 (An issue was discovered in Maxum Rumpus before 8.2.12 on 
macOS. Authen ...)
@@ -20589,10 +20633,10 @@ CVE-2020-8577
        RESERVED
 CVE-2020-8576
        RESERVED
-CVE-2020-8575
-       RESERVED
-CVE-2020-8574
-       RESERVED
+CVE-2020-8575 (Active IQ Unified Manager for VMware vSphere and Windows 
versions prio ...)
+       TODO: check
+CVE-2020-8574 (Active IQ Unified Manager for Linux versions prior to 9.6 ship 
with th ...)
+       TODO: check
 CVE-2020-8573 (The NetApp HCI H610C, H615C and H610S Baseboard Management 
Controllers ...)
        NOT-FOR-US: NetApp
 CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior 
to vers ...)
@@ -21692,8 +21736,8 @@ CVE-2020-8110
        RESERVED
 CVE-2020-8109
        RESERVED
-CVE-2020-8108
-       RESERVED
+CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint 
Security ...)
+       TODO: check
 CVE-2020-8107
        RESERVED
 CVE-2020-8106
@@ -30619,8 +30663,8 @@ CVE-2020-4562
        RESERVED
 CVE-2020-4561
        RESERVED
-CVE-2020-4560
-       RESERVED
+CVE-2020-4560 (IBM Financial Transaction Manager 3.2.4 is vulnerable to 
cross-site sc ...)
+       TODO: check
 CVE-2020-4559
        RESERVED
 CVE-2020-4558
@@ -30631,18 +30675,18 @@ CVE-2020-4556
        RESERVED
 CVE-2020-4555
        RESERVED
-CVE-2020-4554
-       RESERVED
-CVE-2020-4553
-       RESERVED
-CVE-2020-4552
-       RESERVED
-CVE-2020-4551
-       RESERVED
-CVE-2020-4550
-       RESERVED
-CVE-2020-4549
-       RESERVED
+CVE-2020-4554 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local 
attacker t ...)
+       TODO: check
+CVE-2020-4553 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local 
attacker t ...)
+       TODO: check
+CVE-2020-4552 (IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to 
execute  ...)
+       TODO: check
+CVE-2020-4551 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local 
attacker t ...)
+       TODO: check
+CVE-2020-4550 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local 
attacker t ...)
+       TODO: check
+CVE-2020-4549 (IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to 
execute  ...)
+       TODO: check
 CVE-2020-4548
        RESERVED
 CVE-2020-4547
@@ -30671,8 +30715,8 @@ CVE-2020-4536
        RESERVED
 CVE-2020-4535
        RESERVED
-CVE-2020-4534
-       RESERVED
+CVE-2020-4534 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could 
allow a  ...)
+       TODO: check
 CVE-2020-4533
        RESERVED
 CVE-2020-4532 (IBM Business Automation Workflow and IBM Business Process 
Manager (IBM ...)
@@ -30985,8 +31029,8 @@ CVE-2020-4379 (IBM Spectrum Scale 5.0.0.0 through 
5.0.4.4 uses weaker than expec
        NOT-FOR-US: IBM
 CVE-2020-4378 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a 
privileged au ...)
        NOT-FOR-US: IBM
-CVE-2020-4377
-       RESERVED
+CVE-2020-4377 (IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML 
External Ent ...)
+       TODO: check
 CVE-2020-4376 (IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 
8.1.0 could ...)
        NOT-FOR-US: IBM
 CVE-2020-4375 (IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, 
and 9.1  ...)
@@ -31083,8 +31127,8 @@ CVE-2020-4330
        RESERVED
 CVE-2020-4329 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 
17.0.0 ...)
        NOT-FOR-US: IBM
-CVE-2020-4328
-       RESERVED
+CVE-2020-4328 (IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL 
injection ...)
+       TODO: check
 CVE-2020-4327 (IBM Security Secret Server 10.7 could allow a remote attacker 
to obtai ...)
        NOT-FOR-US: IBM
 CVE-2020-4326
@@ -38540,12 +38584,12 @@ CVE-2019-19457 (SALTO ProAccess SPACE 5.4.3.0 allows 
XSS. ...)
        NOT-FOR-US: SALTO ProAccess SPACE
 CVE-2019-19456 (A Reflected XSS was found in the server selection box inside 
the login ...)
        NOT-FOR-US: Wowza Streaming Engine
-CVE-2019-19455
-       RESERVED
+CVE-2019-19455 (Wowza Streaming Engine through 2019-11-28 has Insecure 
Permissions. ...)
+       TODO: check
 CVE-2019-19454 (An arbitrary file download was found in the "Download Log" 
functionali ...)
        NOT-FOR-US: Wowza Streaming Engine
-CVE-2019-19453
-       RESERVED
+CVE-2019-19453 (Wowza Streaming Engine through 2019-11-28 allows XSS (issue 1 
of 2). ...)
+       TODO: check
 CVE-2019-19452 (A buffer overflow was found in Patriot Viper RGB through 1.1 
when proc ...)
        NOT-FOR-US: Patriot Viper RGB
 CVE-2019-19451 (When GNOME Dia before 2019-11-27 is launched with a filename 
argument  ...)
@@ -85782,8 +85826,8 @@ CVE-2019-4591 (IBM Maximo Asset Management 7.6.0 and 
7.6.1 does not invalidate s
        NOT-FOR-US: IBM
 CVE-2019-4590
        RESERVED
-CVE-2019-4589
-       RESERVED
+CVE-2019-4589 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege 
escalatio ...)
+       TODO: check
 CVE-2019-4588
        RESERVED
 CVE-2019-4587
@@ -86228,8 +86272,8 @@ CVE-2019-4368
        RESERVED
 CVE-2019-4367
        RESERVED
-CVE-2019-4366
-       RESERVED
+CVE-2019-4366 (IBM Cognos Analytics 11.0 and 11.1 is susceptible to an 
information di ...)
+       TODO: check
 CVE-2019-4365
        RESERVED
 CVE-2019-4364 (IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, 
which  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/853578fde2e750e07e1516a218bc401a067054f1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/853578fde2e750e07e1516a218bc401a067054f1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to