[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Apr 6 21:10:30 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ed6edbf1 by security tracker role at 2020-04-06T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -59,10 +59,10 @@ CVE-2020-11547 (PRTG Network Monitor before 20.1.57.1745 allows remote unauthent
NOT-FOR-US: PRTG Network Monitor
CVE-2020-11546
RESERVED
-CVE-2020-11545
- RESERVED
-CVE-2020-11544
- RESERVED
+CVE-2020-11545 (Project Worlds Official Car Rental System 1 is vulnerable to multiple ...)
+ TODO: check
+CVE-2020-11544 (An issue was discovered in Project Worlds Official Car Rental System 1 ...)
+ TODO: check
CVE-2020-11543
RESERVED
CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...)
@@ -135,8 +135,8 @@ CVE-2020-11509
RESERVED
CVE-2020-11508
RESERVED
-CVE-2020-11507
- RESERVED
+CVE-2020-11507 (An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0. ...)
+ TODO: check
CVE-2020-11506
RESERVED
CVE-2020-11505
@@ -972,8 +972,7 @@ CVE-2020-11104 (An issue was discovered in USC iLab cereal through 1.3.0. Serial
NOT-FOR-US: USC iLab cereal
CVE-2020-11103
RESERVED
-CVE-2020-11102 [tulip: OOB access in tulip_copy_tx_buffers]
- RESERVED
+CVE-2020-11102 (hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying ...)
- qemu <unfixed>
- qemu-kvm <removed>
NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/1
@@ -3084,14 +3083,14 @@ CVE-2020-10269
RESERVED
CVE-2020-10268
RESERVED
-CVE-2020-10267
- RESERVED
-CVE-2020-10266
- RESERVED
-CVE-2020-10265
- RESERVED
-CVE-2020-10264
- RESERVED
+CVE-2020-10267 (Universal Robots control box CB 3.1 across firmware versions (tested o ...)
+ TODO: check
+CVE-2020-10266 (UR+ (Universal Robots+) is a platform of hardware and software compone ...)
+ TODO: check
+CVE-2020-10265 (Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, ...)
+ TODO: check
+CVE-2020-10264 (CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards al ...)
+ TODO: check
CVE-2019-20509
REJECTED
CVE-2020-10263
@@ -4844,7 +4843,7 @@ CVE-2020-9475
CVE-2020-9474
RESERVED
CVE-2020-9473
- RESERVED
+ REJECTED
CVE-2020-9472 (Umbraco CMS 8.5.3 allows an authenticated file upload (and consequentl ...)
NOT-FOR-US: Umbraco CMS
CVE-2020-9471 (Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequen ...)
@@ -8236,8 +8235,8 @@ CVE-2020-8006
RESERVED
CVE-2020-8005
RESERVED
-CVE-2020-8004
- RESERVED
+CVE-2020-8004 (STMicroelectronics STM32F1 devices have Incorrect Access Control. ...)
+ TODO: check
CVE-2019-20433 (libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a s ...)
- aspell 0.60.7-3 (bug #935128)
[buster] - aspell <no-dsa> (Minor issue)
@@ -9144,24 +9143,24 @@ CVE-2020-7641
RESERVED
CVE-2020-7640
RESERVED
-CVE-2020-7639
- RESERVED
-CVE-2020-7638
- RESERVED
-CVE-2020-7637
- RESERVED
-CVE-2020-7636
- RESERVED
-CVE-2020-7635
- RESERVED
-CVE-2020-7634
- RESERVED
-CVE-2020-7633
- RESERVED
-CVE-2020-7632
- RESERVED
-CVE-2020-7631
- RESERVED
+CVE-2020-7639 (eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.T ...)
+ TODO: check
+CVE-2020-7638 (confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDe ...)
+ TODO: check
+CVE-2020-7637 (class-transformer through 0.2.3 is vulnerable to Prototype Pollution. ...)
+ TODO: check
+CVE-2020-7636 (adb-driver through 0.1.8 is vulnerable to Command Injection.It allows ...)
+ TODO: check
+CVE-2020-7635 (compass-compile through 0.0.1 is vulnerable to Command Injection.It al ...)
+ TODO: check
+CVE-2020-7634 (heroku-addonpool through 0.1.15 is vulnerable to Command Injection. ...)
+ TODO: check
+CVE-2020-7633 (apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injectio ...)
+ TODO: check
+CVE-2020-7632 (node-mpv through 1.4.3 is vulnerable to Command Injection. It allows e ...)
+ TODO: check
+CVE-2020-7631 (diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allow ...)
+ TODO: check
CVE-2020-7630 (git-add-remote through 1.0.0 is vulnerable to Command Injection. It al ...)
NOT-FOR-US: git-add-remote node module
CVE-2020-7629 (install-package through 0.4.0 is vulnerable to Command Injection. It a ...)
@@ -9178,8 +9177,8 @@ CVE-2020-7624 (effect through 1.0.4 is vulnerable to Command Injection. It allow
NOT-FOR-US: effect node module
CVE-2020-7623 (jscover through 1.0.0 is vulnerable to Command Injection. It allows ex ...)
NOT-FOR-US: Node jscover
-CVE-2020-7622
- RESERVED
+CVE-2020-7622 (All versions before 2.2.1 are vulnerable to HTTP Response Splitting. T ...)
+ TODO: check
CVE-2020-7621 (strong-nginx-controller through 1.0.2 is vulnerable to Command Injecti ...)
NOT-FOR-US: Node strong-nginx-controller
CVE-2020-7620 (pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It all ...)
@@ -14471,8 +14470,8 @@ CVE-2020-5302
RESERVED
CVE-2020-5301
RESERVED
-CVE-2020-5300
- RESERVED
+CVE-2020-5300 (In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect ...)
+ TODO: check
CVE-2020-5299
RESERVED
CVE-2020-5298
@@ -22015,8 +22014,8 @@ CVE-2019-19701
RESERVED
CVE-2019-19700
RESERVED
-CVE-2019-19699
- RESERVED
+CVE-2019-19699 (There is Authenticated remote code execution in Centreon Infrastructur ...)
+ TODO: check
CVE-2019-19698 (marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav ...)
NOT-FOR-US: libwav
CVE-2019-19697 (An arbitrary code execution vulnerability exists in the Trend Micro Se ...)
@@ -24585,8 +24584,8 @@ CVE-2020-1730
CVE-2020-1729
RESERVED
NOT-FOR-US: SmallRye Config
-CVE-2020-1728
- RESERVED
+CVE-2020-1728 (A vulnerability was found in all versions of Keycloak where, the pages ...)
+ TODO: check
CVE-2020-1727
RESERVED
CVE-2020-1726 (A flaw was discovered in Podman where it incorrectly allows containers ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed6edbf1ef3392e5380570523bcb8fe2a722df43
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed6edbf1ef3392e5380570523bcb8fe2a722df43
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200406/ca70050f/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list