[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Apr 3 09:10:21 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
88f15ac0 by security tracker role at 2020-04-03T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,14 @@
-CVE-2020-11494 [slcan: Don't transmit uninitialized stack data in padding]
+CVE-2020-11499 (Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when upd ...)
+ TODO: check
+CVE-2020-11498 (Slack Nebula through 1.1.0 contains a relative path vulnerability that ...)
+ TODO: check
+CVE-2020-11497
+ RESERVED
+CVE-2020-11496
+ RESERVED
+CVE-2020-11495
+ RESERVED
+CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c in the ...)
- linux <unfixed>
NOTE: https://lore.kernel.org/netdev/20200401100639.20199-1-rpalethorpe@suse.com/
CVE-2020-11493
@@ -1116,6 +1126,7 @@ CVE-2020-10961
RESERVED
CVE-2020-10960 [mediawiki: makeCollapsible allows applying event handler to any CSS selector]
RESERVED
+ {DSA-4651-1}
- mediawiki 1:1.31.7-1
[stretch] - mediawiki <not-affected> (Vulnerable code introduced later)
NOTE: https://phabricator.wikimedia.org/T246602
@@ -2396,8 +2407,8 @@ CVE-2020-10517
RESERVED
CVE-2020-10516
RESERVED
-CVE-2020-10515
- RESERVED
+CVE-2020-10515 (STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting ...)
+ TODO: check
CVE-2020-10514
RESERVED
CVE-2020-10513
@@ -5623,8 +5634,8 @@ CVE-2020-9069
RESERVED
CVE-2020-9068
RESERVED
-CVE-2020-9067
- RESERVED
+CVE-2020-9067 (There is a buffer overflow vulnerability in some Huawei products. The ...)
+ TODO: check
CVE-2020-9066 (Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169 ...)
NOT-FOR-US: Huawei
CVE-2020-9065 (Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203( ...)
@@ -8969,30 +8980,30 @@ CVE-2020-7632
RESERVED
CVE-2020-7631
RESERVED
-CVE-2020-7630
- RESERVED
-CVE-2020-7629
- RESERVED
-CVE-2020-7628
- RESERVED
-CVE-2020-7627
- RESERVED
-CVE-2020-7626
- RESERVED
-CVE-2020-7625
- RESERVED
-CVE-2020-7624
- RESERVED
-CVE-2020-7623
- RESERVED
+CVE-2020-7630 (git-add-remote through 1.0.0 is vulnerable to Command Injection. It al ...)
+ TODO: check
+CVE-2020-7629 (install-package through 0.4.0 is vulnerable to Command Injection. It a ...)
+ TODO: check
+CVE-2020-7628 (install-package through 1.1.6 is vulnerable to Command Injection. It a ...)
+ TODO: check
+CVE-2020-7627 (node-key-sender through 1.0.11 is vulnerable to Command Injection. It ...)
+ TODO: check
+CVE-2020-7626 (karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows ...)
+ TODO: check
+CVE-2020-7625 (op-browser through 1.0.6 is vulnerable to Command Injection. It allows ...)
+ TODO: check
+CVE-2020-7624 (effect through 1.0.4 is vulnerable to Command Injection. It allows exe ...)
+ TODO: check
+CVE-2020-7623 (jscover through 1.0.0 is vulnerable to Command Injection. It allows ex ...)
+ TODO: check
CVE-2020-7622
RESERVED
-CVE-2020-7621
- RESERVED
-CVE-2020-7620
- RESERVED
-CVE-2020-7619
- RESERVED
+CVE-2020-7621 (strong-nginx-controller through 1.0.2 is vulnerable to Command Injecti ...)
+ TODO: check
+CVE-2020-7620 (pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It all ...)
+ TODO: check
+CVE-2020-7619 (get-git-data through 1.3.1 is vulnerable to Command Injection. It is p ...)
+ TODO: check
CVE-2020-7618
RESERVED
CVE-2020-7617 (ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The libr ...)
@@ -14302,8 +14313,8 @@ CVE-2020-5285
RESERVED
CVE-2020-5284 (Next.js versions before 9.3.2 have a directory traversal vulnerability ...)
NOT-FOR-US: next.js
-CVE-2020-5283
- RESERVED
+CVE-2020-5283 (ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS ...)
+ TODO: check
CVE-2020-5282 (In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in ...)
NOT-FOR-US: Nick Chan Bot
CVE-2020-5281 (In Perun before version 3.9.1, VO or group manager can modify configur ...)
@@ -18243,7 +18254,7 @@ CVE-2019-19916 (In Midori Browser 0.5.11 (on Windows 10), Content Security Polic
CVE-2019-19915 (The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for Wor ...)
NOT-FOR-US: "301 Redirects - Easy Redirect Manager" plugin for WordPress
CVE-2019-19914
- RESERVED
+ REJECTED
CVE-2019-19913 (In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the ...)
NOT-FOR-US: Intland codeBeamer ALM
CVE-2019-19912 (In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS ...)
@@ -24536,13 +24547,11 @@ CVE-2019-19350
CVE-2019-19349
RESERVED
NOT-FOR-US: openshift
-CVE-2019-19348
- RESERVED
+CVE-2019-19348 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
CVE-2019-19347
REJECTED
-CVE-2019-19346
- RESERVED
+CVE-2019-19346 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
CVE-2019-19345 (A vulnerability was found in all openshift/mediawiki-apb 4.x.x version ...)
NOT-FOR-US: openshift
@@ -25205,24 +25214,24 @@ CVE-2019-19099
RESERVED
CVE-2019-19098
RESERVED
-CVE-2019-19097
- RESERVED
-CVE-2019-19096
- RESERVED
-CVE-2019-19095
- RESERVED
-CVE-2019-19094
- RESERVED
-CVE-2019-19093
- RESERVED
-CVE-2019-19092
- RESERVED
-CVE-2019-19091
- RESERVED
-CVE-2019-19090
- RESERVED
-CVE-2019-19089
- RESERVED
+CVE-2019-19097 (ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium streng ...)
+ TODO: check
+CVE-2019-19096 (The Redis data structure component used in ABB eSOMS versions 6.0 to 6 ...)
+ TODO: check
+CVE-2019-19095 (Lack of adequate input/output validation for ABB eSOMS versions 4.0 to ...)
+ TODO: check
+CVE-2019-19094 (Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0. ...)
+ TODO: check
+CVE-2019-19093 (eSOMS versions 4.0 to 6.0.3 do not enforce password complexity setting ...)
+ TODO: check
+CVE-2019-19092 (ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message ...)
+ TODO: check
+CVE-2019-19091 (For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments ...)
+ TODO: check
+CVE-2019-19090 (For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the ...)
+ TODO: check
+CVE-2019-19089 (For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header ...)
+ TODO: check
CVE-2019-19088 (Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Tr ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
@@ -25541,14 +25550,14 @@ CVE-2019-19005
RESERVED
CVE-2019-19004
RESERVED
-CVE-2019-19003
- RESERVED
-CVE-2019-19002
- RESERVED
-CVE-2019-19001
- RESERVED
-CVE-2019-19000
- RESERVED
+CVE-2019-19003 (For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. Thi ...)
+ TODO: check
+CVE-2019-19002 (For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP respons ...)
+ TODO: check
+CVE-2019-19001 (For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not ...)
+ TODO: check
+CVE-2019-19000 (For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s ...)
+ TODO: check
CVE-2019-18999
RESERVED
CVE-2019-18998 (Insufficient access control in the web interface of ABB Asset Suite ve ...)
@@ -44648,6 +44657,7 @@ CVE-2019-13642
CVE-2019-13641
RESERVED
CVE-2019-13640 (In qBittorrent before 4.1.7, the function Application::runExternalProg ...)
+ {DSA-4650-1}
- qbittorrent 4.1.7-1 (bug #932539)
[jessie] - qbittorrent <not-affected> (Vulnerable code not present in 3.1.x series)
NOTE: https://github.com/qbittorrent/qBittorrent/issues/10925
@@ -88520,8 +88530,8 @@ CVE-2018-17956 (In yast2-samba-provision up to and including version 1.0.1 the p
NOT-FOR-US: yast2-samba-provision
CVE-2018-17955 (In yast2-multipath before version 4.1.1 a static temporary filename al ...)
NOT-FOR-US: yast2-multipath
-CVE-2018-17954
- RESERVED
+CVE-2018-17954 (A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack ...)
+ TODO: check
CVE-2018-17953 (A incorrect variable in a SUSE specific patch for pam_access rule matc ...)
- pam <not-affected> (Issue introduced by SUSE specific patch)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1115640
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88f15ac080fb2de5c27dc7227cc6150d74533133
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88f15ac080fb2de5c27dc7227cc6150d74533133
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200403/418f4b3d/attachment.html>
More information about the debian-security-tracker-commits
mailing list