automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-07-10 20:10:17 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-07-10 20:10:17 +0000
commit: 276eb8260a18112a55760a12810f34b880606dfd (patch)
tree: 2424149e46c9c3a26d5929334ff1a0d1017ce833 /data/CVE
parent: ff6743aa5868efa12e5e33db1256d39b56714554 (diff)
5 files changed, 174 insertions, 95 deletions
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 0b63b2ef00..87170150b4 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -660,45 +660,45 @@ CVE-2012-6494 (Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerab
 CVE-2012-6493 (Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Secu ...)
 	NOT-FOR-US: Rapid7 Nexpose Security Console
 CVE-2012-6492
-	RESERVED
+	REJECTED
 CVE-2012-6491
-	RESERVED
+	REJECTED
 CVE-2012-6490
-	RESERVED
+	REJECTED
 CVE-2012-6489
-	RESERVED
+	REJECTED
 CVE-2012-6488
-	RESERVED
+	REJECTED
 CVE-2012-6487
-	RESERVED
+	REJECTED
 CVE-2012-6486
-	RESERVED
+	REJECTED
 CVE-2012-6485
-	RESERVED
+	REJECTED
 CVE-2012-6484
-	RESERVED
+	REJECTED
 CVE-2012-6483
-	RESERVED
+	REJECTED
 CVE-2012-6482
-	RESERVED
+	REJECTED
 CVE-2012-6481
-	RESERVED
+	REJECTED
 CVE-2012-6480
-	RESERVED
+	REJECTED
 CVE-2012-6479
-	RESERVED
+	REJECTED
 CVE-2012-6478
-	RESERVED
+	REJECTED
 CVE-2012-6477
-	RESERVED
+	REJECTED
 CVE-2012-6476
-	RESERVED
+	REJECTED
 CVE-2012-6475
-	RESERVED
+	REJECTED
 CVE-2012-6474
-	RESERVED
+	REJECTED
 CVE-2012-6473
-	RESERVED
+	REJECTED
 CVE-2012-6472 (Opera before 12.12 on UNIX uses weak permissions for the profile direc ...)
 	NOT-FOR-US: Opera
 CVE-2012-6471 (Opera before 12.12 allows remote attackers to spoof the address field  ...)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index 321738cdd0..458eed11cb 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -15451,7 +15451,7 @@ CVE-2013-1704 (Use-after-free vulnerability in the nsINode::GetParentNode functi
 	- iceweasel <not-affected> (Only affects Firefox > 17)
 	- iceape <not-affected> (Only affects Firefox > 17)
 CVE-2013-1703
-	RESERVED
+	REJECTED
 CVE-2013-1702 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
 	- iceweasel <not-affected> (Only affects Firefox > 17)
 	- icedove <not-affected> (Only affects Firefox > 17)
@@ -17885,7 +17885,7 @@ CVE-2013-0804 (The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 befo
 CVE-2013-0803 (A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload ...)
 	NOT-FOR-US: PolarBear CMS
 CVE-2013-0802
-	RESERVED
+	REJECTED
 CVE-2013-0801 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
 	{DSA-2720-1 DSA-2699-1}
 	- iceweasel 17.0.6esr-1
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 555c967b54..d13b1bbbd2 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -6874,7 +6874,7 @@ CVE-2018-18808 (The domain management component of TIBCO Software Inc.'s TIBCO J
 CVE-2018-18807 (The web application of the TIBCO Statistica component of TIBCO Softwar ...)
 	NOT-FOR-US: TIBCO
 CVE-2018-19132 (Squid before 4.4, when SNMP is enabled, allows a denial of service (Me ...)
-	{DLA-1596-1}
+	{DLA-2278-1 DLA-1596-1}
 	- squid 4.4-1 (low; bug #912294)
 	- squid3 <removed> (low)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_5.txt
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index e48a2035b1..c1a2068bb4 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -5361,6 +5361,7 @@ CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and allow
 CVE-2019-18861
 	RESERVED
 CVE-2019-18860 (Squid before 4.9, when certain web browsers are used, mishandles HTML  ...)
+	{DLA-2278-1}
 	- squid 4.9-1 (low)
 	[buster] - squid <no-dsa> (Minor issue)
 	- squid3 <removed>
@@ -5817,26 +5818,26 @@ CVE-2019-18680 (An issue was discovered in the Linux kernel 4.4.x before 4.4.195
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://lkml.org/lkml/2019/9/18/337
 CVE-2019-18679 (An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to ...)
-	{DSA-4682-1 DLA-2028-1}
+	{DSA-4682-1 DLA-2278-1 DLA-2028-1}
 	- squid 4.9-1
 	- squid3 <removed>
 	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-6f2841090dffbec1a2b2417e18bb3dc71d62dd2e.patch
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_11.txt
 CVE-2019-18678 (An issue was discovered in Squid 3.x and 4.x through 4.8. It allows at ...)
-	{DSA-4682-1 DLA-2028-1}
+	{DSA-4682-1 DLA-2278-1 DLA-2028-1}
 	- squid 4.9-1
 	- squid3 <removed>
 	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_10.txt
 CVE-2019-18677 (An issue was discovered in Squid 3.x and 4.x through 4.8 when the appe ...)
-	{DSA-4682-1 DLA-2028-1}
+	{DSA-4682-1 DLA-2278-1 DLA-2028-1}
 	- squid 4.9-1
 	- squid3 <removed>
 	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch
 	NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_9.txt
 CVE-2019-18676 (An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incor ...)
-	{DSA-4682-1}
+	{DSA-4682-1 DLA-2278-1}
 	- squid 4.9-1
 	- squid3 <removed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
@@ -19419,7 +19420,7 @@ CVE-2019-13347 (An issue was discovered in the SAML Single Sign On (SSO) plugin
 CVE-2019-13346 (In MyT 1.5.1, the User[username] parameter has XSS. ...)
 	NOT-FOR-US: MyT
 CVE-2019-13345 (The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_ ...)
-	{DSA-4507-1 DLA-1847-1}
+	{DSA-4507-1 DLA-2278-1 DLA-1847-1}
 	- squid 4.8-1 (bug #931478)
 	- squid3 <removed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_6.txt
@@ -20512,6 +20513,7 @@ CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in cod
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1515
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b4391bdd60df0a77e97a6ef1674f2ffef0e19e24
 CVE-2019-12973 (In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_c ...)
+	{DLA-2277-1}
 	- openjpeg2 <unfixed> (bug #931292)
 	[buster] - openjpeg2 <no-dsa> (Minor issue)
 	[jessie] - openjpeg2 <not-affected> (vulnerable code is not present)
@@ -21582,13 +21584,13 @@ CVE-2019-12531
 CVE-2019-12530 (Incorrect access control was discovered in the stdonato Dashboard plug ...)
 	NOT-FOR-US: Dashboard plugin for GLPI
 CVE-2019-12529 (An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through  ...)
-	{DSA-4507-1 DLA-1858-1}
+	{DSA-4507-1 DLA-2278-1 DLA-1858-1}
 	- squid 4.8-1
 	- squid3 <removed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_2.txt
 	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch
 CVE-2019-12528 (An issue was discovered in Squid before 4.10. It allows a crafted FTP  ...)
-	{DSA-4682-1}
+	{DSA-4682-1 DLA-2278-1}
 	- squid 4.10-1 (bug #950925)
 	- squid3 <removed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_2.txt
@@ -21604,26 +21606,26 @@ CVE-2019-12527 (An issue was discovered in Squid 4.0.23 through 4.7. When checki
 	NOTE: than the length of the target buffer, whilst in 4.x the entire input is decoded
 	NOTE: without regard for the size of the target buffer.
 CVE-2019-12526 (An issue was discovered in Squid before 4.9. URN response handling in  ...)
-	{DSA-4682-1 DLA-2028-1}
+	{DSA-4682-1 DLA-2278-1 DLA-2028-1}
 	- squid 4.9-1
 	- squid3 <removed>
 	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-7aa0184a720fd216191474e079f4fe87de7c4f5a.patch
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_7.txt
 CVE-2019-12525 (An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through  ...)
-	{DSA-4507-1 DLA-1858-1}
+	{DSA-4507-1 DLA-2278-1 DLA-1858-1}
 	- squid 4.8-1
 	- squid3 <removed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_3.txt
 	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-409956536647b3a05ee1e367424a24ae6b8f13fd.patch
 	NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-ec0d0f39cf28da14eead0ba5e777e95855bc2f67.patch
 CVE-2019-12524 (An issue was discovered in Squid through 4.7. When handling requests f ...)
-	{DSA-4682-1}
+	{DSA-4682-1 DLA-2278-1}
 	- squid 4.8-1
 	- squid3 <removed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_4.txt
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2019_4.patch
 CVE-2019-12523 (An issue was discovered in Squid before 4.9. When handling a URN reque ...)
-	{DSA-4682-1}
+	{DSA-4682-1 DLA-2278-1}
 	- squid 4.9-1
 	- squid3 <removed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
@@ -21631,19 +21633,19 @@ CVE-2019-12523 (An issue was discovered in Squid before 4.9. When handling a URN
 CVE-2019-12522 (An issue was discovered in Squid through 4.7. When Squid is run as roo ...)
 	TODO: check
 CVE-2019-12521 (An issue was discovered in Squid through 4.7. When Squid is parsing ES ...)
-	{DSA-4682-1}
+	{DSA-4682-1 DLA-2278-1}
 	- squid 4.11-1
 	- squid3 <removed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_12.txt
 	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-fdd4123629320aa1ee4c3481bb392437c90d188d.patch
 CVE-2019-12520 (An issue was discovered in Squid through 4.7 and 5. When receiving a r ...)
-	{DSA-4682-1}
+	{DSA-4682-1 DLA-2278-1}
 	- squid 4.8-1
 	- squid3 <removed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_4.txt
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2019_4.patch
 CVE-2019-12519 (An issue was discovered in Squid through 4.7. When handling the tag es ...)
-	{DSA-4682-1}
+	{DSA-4682-1 DLA-2278-1}
 	- squid 4.11-1
 	- squid3 <removed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_12.txt
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 613a92f5b4..a19aeae4cc 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,85 @@
+CVE-2020-15686
+	RESERVED
+CVE-2020-15685
+	RESERVED
+CVE-2020-15684
+	RESERVED
+CVE-2020-15683
+	RESERVED
+CVE-2020-15682
+	RESERVED
+CVE-2020-15681
+	RESERVED
+CVE-2020-15680
+	RESERVED
+CVE-2020-15679
+	RESERVED
+CVE-2020-15678
+	RESERVED
+CVE-2020-15677
+	RESERVED
+CVE-2020-15676
+	RESERVED
+CVE-2020-15675
+	RESERVED
+CVE-2020-15674
+	RESERVED
+CVE-2020-15673
+	RESERVED
+CVE-2020-15672
+	RESERVED
+CVE-2020-15671
+	RESERVED
+CVE-2020-15670
+	RESERVED
+CVE-2020-15669
+	RESERVED
+CVE-2020-15668
+	RESERVED
+CVE-2020-15667
+	RESERVED
+CVE-2020-15666
+	RESERVED
+CVE-2020-15665
+	RESERVED
+CVE-2020-15664
+	RESERVED
+CVE-2020-15663
+	RESERVED
+CVE-2020-15662
+	RESERVED
+CVE-2020-15661
+	RESERVED
+CVE-2020-15660
+	RESERVED
+CVE-2020-15659
+	RESERVED
+CVE-2020-15658
+	RESERVED
+CVE-2020-15657
+	RESERVED
+CVE-2020-15656
+	RESERVED
+CVE-2020-15655
+	RESERVED
+CVE-2020-15654
+	RESERVED
+CVE-2020-15653
+	RESERVED
+CVE-2020-15652
+	RESERVED
+CVE-2020-15651
+	RESERVED
+CVE-2020-15650
+	RESERVED
+CVE-2020-15649
+	RESERVED
+CVE-2020-15648
+	RESERVED
+CVE-2020-15647
+	RESERVED
+CVE-2020-15646
+	RESERVED
 CVE-2020-15645
 	RESERVED
 CVE-2020-15644
@@ -302,8 +384,8 @@ CVE-2020-15506 (An Authentication Bypass vulnerability in MobileIron Core and Co
 	NOT-FOR-US: MobileIron Core and Connector
 CVE-2020-15505 (A remote code execution vulnerability in MobileIron Core and Connector ...)
 	NOT-FOR-US: MobileIron Core and Connector
-CVE-2020-15504
-	RESERVED
+CVE-2020-15504 (A SQL injection vulnerability in the user and admin web interfaces of  ...)
+	TODO: check
 CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affect ...)
 	- libraw <unfixed> (bug #964747)
 	[buster] - libraw <no-dsa> (Minor issue)
@@ -570,6 +652,7 @@ CVE-2020-15391
 CVE-2020-15390
 	RESERVED
 CVE-2020-15389 (jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free th ...)
+	{DLA-2277-1}
 	- openjpeg2 <unfixed>
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1261
 	NOTE: https://github.com/uclouvain/openjpeg/commit/e8e258ab049240c2dd1f1051b4e773b21e2d3dc0
@@ -1353,7 +1436,7 @@ CVE-2020-15013
 CVE-2020-15012
 	RESERVED
 CVE-2020-15011 (GNU Mailman before 2.1.33 allows arbitrary content injection via the C ...)
-	{DLA-2265-1}
+	{DLA-2276-1 DLA-2265-1}
 	- mailman <removed>
 	NOTE: https://bugs.launchpad.net/mailman/+bug/1877379
 CVE-2020-15010
@@ -3666,7 +3749,7 @@ CVE-2020-13985
 CVE-2020-13984
 	RESERVED
 CVE-2020-13983
-	RESERVED
+	REJECTED
 CVE-2020-13982
 	RESERVED
 CVE-2020-13981
@@ -8059,7 +8142,7 @@ CVE-2020-12110 (Certain TP-Link devices have a Hardcoded Encryption Key. This af
 CVE-2020-12109 (Certain TP-Link devices allow Command Injection. This affects NC200 2. ...)
 	NOT-FOR-US: TP-Link
 CVE-2020-12108 (/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content ...)
-	{DLA-2204-1}
+	{DLA-2276-1 DLA-2204-1}
 	- mailman <removed>
 	NOTE: https://bugs.launchpad.net/mailman/+bug/1873722
 CVE-2020-12107
@@ -8441,7 +8524,7 @@ CVE-2020-11947
 CVE-2020-11946 (Zoho ManageEngine OpManager before 125120 allows an unauthenticated us ...)
 	NOT-FOR-US: Zoho ManageEngine OpManager
 CVE-2020-11945 (An issue was discovered in Squid before 5.0.2. A remote attacker can r ...)
-	{DSA-4682-1}
+	{DSA-4682-1 DLA-2278-1}
 	- squid 4.11-1
 	- squid3 <removed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_4.txt
@@ -9467,7 +9550,7 @@ CVE-2020-11545 (Project Worlds Official Car Rental System 1 is vulnerable to mul
 	NOT-FOR-US: Project Worlds Official Car Rental System 1
 CVE-2020-11544 (An issue was discovered in Project Worlds Official Car Rental System 1 ...)
 	NOT-FOR-US: Project Worlds Official Car Rental System 1
-CVE-2020-11543 (OpsRamp Gateway before 5.5.0 has a backdoor account vadmin with the pa ...)
+CVE-2020-11543 (OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the pa ...)
 	NOT-FOR-US: OpsRamp Gateway
 CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...)
 	NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices
@@ -10517,8 +10600,8 @@ CVE-2020-11082 (In Kaminari before 1.2.1, there is a vulnerability that would al
 	[jessie] - ruby-kaminari <no-dsa> (No reverse dependency)
 	NOTE: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433
 	NOTE: https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8
-CVE-2020-11081
-	RESERVED
+CVE-2020-11081 (osquery before version 4.4.0 enables a priviledge escalation vulnerabi ...)
+	TODO: check
 CVE-2020-11080 (In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ...)
 	{DSA-4696-1}
 	- nodejs 10.21.0~dfsg-1 (bug #962145)
@@ -12505,7 +12588,7 @@ CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in libIma
 	[jessie] - pillow <not-affected> (Support for old-JPEG compressed TIFFs introduced in 6.0.0)
 	NOTE: https://github.com/python-pillow/Pillow/pull/4538
 	NOTE: Fixed in 6.2.3 and 7.1.0
-CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before before 7.1.0, an out-of-bou ...)
+CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds rea ...)
 	- pillow <unfixed>
 	[buster] - pillow <no-dsa> (Minor issue)
 	[jessie] - pillow <no-dsa> (Minor issue)
@@ -13599,7 +13682,6 @@ CVE-2020-9852 (An integer overflow was addressed through improved input validati
 CVE-2020-9851 (An access issue was addressed with improved access restrictions. This  ...)
 	NOT-FOR-US: Apple
 CVE-2020-9850 (A logic issue was addressed with improved restrictions. This issue is  ...)
-	RESERVED
 	- webkit2gtk 2.28.3-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -13618,7 +13700,6 @@ CVE-2020-9845
 CVE-2020-9844 (A double free issue was addressed with improved memory management. Thi ...)
 	NOT-FOR-US: Apple
 CVE-2020-9843 (An input validation issue was addressed with improved input validation ...)
-	RESERVED
 	- webkit2gtk 2.28.3-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -13695,21 +13776,18 @@ CVE-2020-9809 (An information disclosure issue was addressed with improved state
 CVE-2020-9808 (A memory corruption issue was addressed with improved state management ...)
 	NOT-FOR-US: Apple
 CVE-2020-9807 (A memory corruption issue was addressed with improved state management ...)
-	RESERVED
 	- webkit2gtk 2.28.3-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
 	- wpewebkit 2.28.3-1
 	NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
 CVE-2020-9806 (A memory corruption issue was addressed with improved state management ...)
-	RESERVED
 	- webkit2gtk 2.28.3-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
 	- wpewebkit 2.28.3-1
 	NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
 CVE-2020-9805 (A logic issue was addressed with improved restrictions. This issue is  ...)
-	RESERVED
 	- webkit2gtk 2.28.3-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -13718,14 +13796,12 @@ CVE-2020-9805 (A logic issue was addressed with improved restrictions. This issu
 CVE-2020-9804 (A logic issue was addressed with improved restrictions. This issue is  ...)
 	NOT-FOR-US: Apple
 CVE-2020-9803 (A memory corruption issue was addressed with improved validation. This ...)
-	RESERVED
 	- webkit2gtk 2.28.3-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
 	- wpewebkit 2.28.3-1
 	NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
 CVE-2020-9802 (A logic issue was addressed with improved restrictions. This issue is  ...)
-	RESERVED
 	- webkit2gtk 2.28.3-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -15044,12 +15120,12 @@ CVE-2020-9262 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3)
 	NOT-FOR-US: HUAWEI
 CVE-2020-9261 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...)
 	NOT-FOR-US: HUAWEI
-CVE-2020-9260
-	RESERVED
+CVE-2020-9260 (HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 1 ...)
+	TODO: check
 CVE-2020-9259
 	RESERVED
-CVE-2020-9258
-	RESERVED
+CVE-2020-9258 (HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P ...)
+	TODO: check
 CVE-2020-9257
 	RESERVED
 CVE-2020-9256
@@ -16834,7 +16910,7 @@ CVE-2020-8452
 CVE-2020-8451
 	RESERVED
 CVE-2020-8450 (An issue was discovered in Squid before 4.10. Due to incorrect buffer  ...)
-	{DSA-4682-1}
+	{DSA-4682-1 DLA-2278-1}
 	- squid 4.10-1 (bug #950802)
 	- squid3 <removed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
@@ -16842,7 +16918,7 @@ CVE-2020-8450 (An issue was discovered in Squid before 4.10. Due to incorrect bu
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch (Squid 4.8 and older)
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch (Squid 4.9)
 CVE-2020-8449 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...)
-	{DSA-4682-1}
+	{DSA-4682-1 DLA-2278-1}
 	- squid 4.10-1 (bug #950802)
 	- squid3 <removed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
@@ -17357,47 +17433,48 @@ CVE-2020-8201
 	RESERVED
 CVE-2020-8200
 	RESERVED
-CVE-2020-8199
-	RESERVED
-CVE-2020-8198
-	RESERVED
-CVE-2020-8197
-	RESERVED
-CVE-2020-8196
-	RESERVED
-CVE-2020-8195
-	RESERVED
-CVE-2020-8194
-	RESERVED
-CVE-2020-8193
-	RESERVED
+CVE-2020-8199 (Improper access control in Citrix ADC Gateway Linux client versions be ...)
+	TODO: check
+CVE-2020-8198 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...)
+	TODO: check
+CVE-2020-8197 (Privilege escalation vulnerability on Citrix ADC and Citrix Gateway ve ...)
+	TODO: check
+CVE-2020-8196 (Improper access control in Citrix ADC and Citrix Gateway versions befo ...)
+	TODO: check
+CVE-2020-8195 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...)
+	TODO: check
+CVE-2020-8194 (Reflected code injection in Citrix ADC and Citrix Gateway versions bef ...)
+	TODO: check
+CVE-2020-8193 (Improper access control in Citrix ADC and Citrix Gateway versions befo ...)
+	TODO: check
 CVE-2020-8192
 	RESERVED
-CVE-2020-8191
-	RESERVED
-CVE-2020-8190
-	RESERVED
+CVE-2020-8191 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...)
+	TODO: check
+CVE-2020-8190 (Incorrect file permissions in Citrix ADC and Citrix Gateway before ver ...)
+	TODO: check
 CVE-2020-8189
 	RESERVED
 CVE-2020-8188 (We have recently released new version of UniFi Protect firmware v1.13. ...)
 	NOT-FOR-US: UniFi Protect
-CVE-2020-8187
-	RESERVED
-CVE-2020-8186
-	RESERVED
+CVE-2020-8187 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...)
+	TODO: check
+CVE-2020-8186 (A command injection vulnerability in the `devcert` module may lead to  ...)
+	TODO: check
 CVE-2020-8185 (A denial of service vulnerability exists in Rails &lt;6.0.3.2 that all ...)
 	[experimental] - rails 6.0.3.2+dfsg-1 (bug #964081)
 	- rails <not-affected> (Introduced in rails 6.x)
 	NOTE: https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0
 CVE-2020-8184 (A reliance on cookies without validation/integrity check security vuln ...)
+	{DLA-2275-1}
 	- ruby-rack <unfixed> (bug #963477)
 	NOTE: Fixed by: https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c
 CVE-2020-8183
 	RESERVED
 CVE-2020-8182
 	RESERVED
-CVE-2020-8181
-	RESERVED
+CVE-2020-8181 (A missing file type check in Nextcloud Contacts 3.2.0 allowed a malici ...)
+	TODO: check
 CVE-2020-8180 (A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a cod ...)
 	NOT-FOR-US: Nextcloud Talk
 CVE-2020-8179 (Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to ...)
@@ -17482,7 +17559,7 @@ CVE-2020-8162 (A client side enforcement of server side security vulnerability e
 	NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
 	NOTE: https://github.com/rails/rails/commit/e8df5648515a0e8324d3b3c4bdb7bde6802cd8be
 CVE-2020-8161 (A directory traversal vulnerability exists in rack &lt; 2.2.0 that all ...)
-	{DLA-2216-1}
+	{DLA-2275-1 DLA-2216-1}
 	- ruby-rack 2.1.1-5
 	[buster] - ruby-rack <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://groups.google.com/forum/#!msg/rubyonrails-security/IOO1vNZTzPA/Ylzi1UYLAAAJ
@@ -17609,7 +17686,7 @@ CVE-2020-8113 (GitLab 10.7 and later through 12.7.2 has Incorrect Access Control
 	- gitlab 12.6.8-3
 	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through ...)
-	{DLA-2089-1}
+	{DLA-2277-1 DLA-2089-1}
 	- openjpeg2 <unfixed> (bug #950184)
 	[buster] - openjpeg2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1231
@@ -18263,10 +18340,10 @@ CVE-2020-7817
 	RESERVED
 CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+ ...)
 	NOT-FOR-US: DaView
-CVE-2020-7815
-	RESERVED
-CVE-2020-7814
-	RESERVED
+CVE-2020-7815 (XPLATFORM v9.2.260 and eariler versions contain a vulnerability that c ...)
+	TODO: check
+CVE-2020-7814 (RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability tha ...)
+	TODO: check
 CVE-2020-7813 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...)
 	NOT-FOR-US: Kaoni
 CVE-2020-7812 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...)
@@ -20388,7 +20465,7 @@ CVE-2020-6853
 CVE-2020-6852 (CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3. ...)
 	NOT-FOR-US: CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP
 CVE-2020-6851 (OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl ...)
-	{DLA-2081-1}
+	{DLA-2277-1 DLA-2081-1}
 	- openjpeg2 <unfixed> (bug #950000)
 	[buster] - openjpeg2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1228
@@ -22306,8 +22383,8 @@ CVE-2020-6116
 	RESERVED
 CVE-2020-6115
 	RESERVED
-CVE-2020-6114
-	RESERVED
+CVE-2020-6114 (An exploitable SQL injection vulnerability exists in the Admin Reports ...)
+	TODO: check
 CVE-2020-6113
 	RESERVED
 CVE-2020-6112
@@ -26858,8 +26935,8 @@ CVE-2020-3976
 	RESERVED
 CVE-2020-3975
 	RESERVED
-CVE-2020-3974
-	RESERVED
+CVE-2020-3974 (VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11. ...)
+	TODO: check
 CVE-2020-3973 (The VeloCloud Orchestrator does not apply correct input validation whi ...)
 	TODO: check
 CVE-2020-3972 (VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a den ...)
author	security tracker role <sectracker@soriano.debian.org>	2020-07-10 20:10:17 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-07-10 20:10:17 +0000
commit	276eb8260a18112a55760a12810f34b880606dfd (patch)
tree	2424149e46c9c3a26d5929334ff1a0d1017ce833 /data/CVE
parent	ff6743aa5868efa12e5e33db1256d39b56714554 (diff)