Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9626ddcc by security tracker role at 2020-09-03T08:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2020-25100
+ RESERVED
+CVE-2020-25099
+ RESERVED
+CVE-2020-25098
+ RESERVED
+CVE-2020-25097
+ RESERVED
+CVE-2020-25096
+ RESERVED
+CVE-2020-25095
+ RESERVED
+CVE-2020-25094
+ RESERVED
+CVE-2020-25093 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS
in blog.p ...)
+ TODO: check
+CVE-2020-25092 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS
in _parts ...)
+ TODO: check
+CVE-2020-25091 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS
in applic ...)
+ TODO: check
+CVE-2020-25090 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS
in applic ...)
+ TODO: check
+CVE-2020-25089 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS
in applic ...)
+ TODO: check
+CVE-2020-25088 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS
in applic ...)
+ TODO: check
+CVE-2020-25087 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS
in applic ...)
+ TODO: check
+CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS
in applic ...)
+ TODO: check
+CVE-2020-25085
+ RESERVED
+CVE-2020-25084
+ RESERVED
CVE-2020-25083
RESERVED
CVE-2020-25082
@@ -76,12 +110,12 @@ CVE-2020-25047 (An issue was discovered on Samsung mobile
devices with P(9.0) an
NOT-FOR-US: Samsung mobile devices
CVE-2020-25046 (An issue was discovered on Samsung mobile devices with O(8.x),
P(9.0), ...)
NOT-FOR-US: Samsung mobile devices
-CVE-2020-25045
- RESERVED
-CVE-2020-25044
- RESERVED
-CVE-2020-25043
- RESERVED
+CVE-2020-25045 (Installers of Kaspersky Security Center and Kaspersky Security
Center ...)
+ TODO: check
+CVE-2020-25044 (Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was
vulnerable ...)
+ TODO: check
+CVE-2020-25043 (The installer of Kaspersky VPN Secure Connection prior to 5.0
was vuln ...)
+ TODO: check
CVE-2020-25042
RESERVED
CVE-2020-25041
@@ -15399,6 +15433,7 @@ CVE-2020-17448 (Telegram Desktop through 2.1.13 allows
a spoofed file type to by
CVE-2020-17447
REJECTED
CVE-2020-17446 (asyncpg before 0.21.0 allows a malicious PostgreSQL server to
trigger ...)
+ {DLA-2363-1}
- asyncpg 0.21.0-1
NOTE:
https://github.com/MagicStack/asyncpg/commit/69bcdf5bf7696b98ee708be5408fd7d854e910d0
CVE-2020-17445
@@ -28881,7 +28916,7 @@ CVE-2020-11985 (IP address spoofing when proxying using
mod_remoteip and mod_rew
NOTE: Upstream patch: https://svn.apache.org/r1688399
NOTE:
https://github.com/apache/httpd/commit/dd6c959b3625048ee15ba4ad72e6cb7bcaf91020
CVE-2020-11984 (Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info
disclosure an ...)
- {DSA-4757-1}
+ {DSA-4757-1 DLA-2362-1}
- apache2 2.4.46-1
[stretch] - apache2 <not-affected> (Vulnerable code not present)
- uwsgi <unfixed> (unimportant)
@@ -38921,8 +38956,8 @@ CVE-2020-8578
RESERVED
CVE-2020-8577
RESERVED
-CVE-2020-8576
- RESERVED
+CVE-2020-8576 (Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9
and 9.7 a ...)
+ TODO: check
CVE-2020-8575 (Active IQ Unified Manager for VMware vSphere and Windows
versions prio ...)
NOT-FOR-US: Active IQ Unified Manager
CVE-2020-8574 (Active IQ Unified Manager for Linux versions prior to 9.6 ship
with th ...)
@@ -40835,8 +40870,8 @@ CVE-2020-7832
RESERVED
CVE-2020-7831 (A vulnerability in the web-based contract management service
interface ...)
NOT-FOR-US: Inogard Ebiz4u
-CVE-2020-7830
- RESERVED
+CVE-2020-7830 (RAONWIZ v2018.0.2.50 and earlier versions contains a
vulnerability tha ...)
+ TODO: check
CVE-2020-7829 (DaviewIndy 8.98.4 and earlier version contain Heap-based
overflow vuln ...)
NOT-FOR-US: DaviewIndy
CVE-2020-7828 (DaviewIndy 8.98.4 and earlier version contain Heap-based
overflow vuln ...)
@@ -41055,7 +41090,7 @@ CVE-2020-7722 (All versions of package nodee-utils are
vulnerable to Prototype P
TODO: check
CVE-2020-7721 (All versions of package node-oojs are vulnerable to Prototype
Pollutio ...)
TODO: check
-CVE-2020-7720 (All versions of package node-forge are vulnerable to Prototype
Polluti ...)
+CVE-2020-7720 (The package node-forge before 0.10.0 is vulnerable to Prototype
Pollut ...)
- node-node-forge <unfixed>
NOTE: https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677
NOTE:
https://github.com/digitalbazaar/forge/commit/6a1e3ef74f6eb345bcff1b82184201d1e28b6756
@@ -45938,10 +45973,10 @@ CVE-2020-5781
RESERVED
CVE-2020-5780
RESERVED
-CVE-2020-5779
- RESERVED
-CVE-2020-5778
- RESERVED
+CVE-2020-5779 (A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe)
relates t ...)
+ TODO: check
+CVE-2020-5778 (A flaw exists in Trading Technologies Messaging 7.1.28.3
(ttmd.exe) du ...)
+ TODO: check
CVE-2020-5777 (MAGMI versions prior to 0.7.24 are vulnerable to a remote
authenticati ...)
NOT-FOR-US: MAGMI
CVE-2020-5776 (Currently, all versions of MAGMI are vulnerable to CSRF due to
the lac ...)
@@ -46715,12 +46750,12 @@ CVE-2020-5422
RESERVED
CVE-2020-5421
RESERVED
-CVE-2020-5420
- RESERVED
+CVE-2020-5420 (Cloud Foundry Routing (Gorouter) versions prior to 0.206.0
allow a mal ...)
+ TODO: check
CVE-2020-5419 (RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a
Windows-specific ...)
- rabbitmq-server <not-affected> (Windows-specific vulnerability)
-CVE-2020-5418
- RESERVED
+CVE-2020-5418 (Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0
allow a ...)
+ TODO: check
CVE-2020-5417 (Cloud Foundry CAPI (Cloud Controller), versions prior to
1.97.0, when ...)
NOT-FOR-US: Cloud Foundry
CVE-2020-5416 (Cloud Foundry Routing (Gorouter), versions prior to 0.204.0,
when used ...)
@@ -46807,8 +46842,8 @@ CVE-2020-5388
RESERVED
CVE-2020-5387
RESERVED
-CVE-2020-5386
- RESERVED
+CVE-2020-5386 (Dell EMC ECS, versions prior to 3.5, contains an Exposure of
Resource ...)
+ TODO: check
CVE-2020-5385 (Dell Encryption versions prior to 10.8 and Dell Endpoint
Security Suit ...)
NOT-FOR-US: Dell
CVE-2020-5384 (Authentication Bypass Vulnerability RSA MFA Agent 2.0 for
Microsoft Wi ...)
@@ -46821,14 +46856,14 @@ CVE-2020-5381
RESERVED
CVE-2020-5380
RESERVED
-CVE-2020-5379
- RESERVED
-CVE-2020-5378
- RESERVED
+CVE-2020-5379 (Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI
BIOS Boot ...)
+ TODO: check
+CVE-2020-5378 (Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI
BIOS Boot ...)
+ TODO: check
CVE-2020-5377 (Dell EMC OpenManage Server Administrator (OMSA) versions 9.4
and prior ...)
NOT-FOR-US: EMC
-CVE-2020-5376
- RESERVED
+CVE-2020-5376 (Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI
BIOS Boot ...)
+ TODO: check
CVE-2020-5375
RESERVED
CVE-2020-5374 (Dell EMC OpenManage Integration for Microsoft System Center
(OMIMSSC) ...)
@@ -46841,8 +46876,8 @@ CVE-2020-5371 (Dell EMC Isilon OneFS versions 8.2.2 and
earlier and Dell EMC Pow
NOT-FOR-US: EMC
CVE-2020-5370
RESERVED
-CVE-2020-5369
- RESERVED
+CVE-2020-5369 (Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC
PowerSca ...)
+ TODO: check
CVE-2020-5368 (Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an
improper authe ...)
NOT-FOR-US: EMC
CVE-2020-5367 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17,
Dell EMC U ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9626ddcc9ab9b1d97dcd8eeacd6742e0ac7ca60e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9626ddcc9ab9b1d97dcd8eeacd6742e0ac7ca60e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
