[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 9 21:10:35 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4d1e8570 by security tracker role at 2020-04-09T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2020-11668
+ RESERVED
+CVE-2020-11667
+ RESERVED
+CVE-2020-11666
+ RESERVED
+CVE-2020-11665
+ RESERVED
+CVE-2020-11664
+ RESERVED
+CVE-2020-11663
+ RESERVED
+CVE-2020-11662
+ RESERVED
+CVE-2020-11661
+ RESERVED
+CVE-2020-11660
+ RESERVED
+CVE-2020-11659
+ RESERVED
+CVE-2020-11658
+ RESERVED
CVE-2020-11657
RESERVED
CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...)
@@ -514,16 +536,16 @@ CVE-2020-11558 (An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstra
NOTE: https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c
NOTE: https://github.com/gpac/gpac/issues/1440
TODO: check
-CVE-2020-11557
- RESERVED
-CVE-2020-11556
- RESERVED
-CVE-2020-11555
- RESERVED
-CVE-2020-11554
- RESERVED
-CVE-2020-11553
- RESERVED
+CVE-2020-11557 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...)
+ TODO: check
+CVE-2020-11556 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...)
+ TODO: check
+CVE-2020-11555 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...)
+ TODO: check
+CVE-2020-11554 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...)
+ TODO: check
+CVE-2020-11553 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...)
+ TODO: check
CVE-2020-11552
RESERVED
CVE-2020-11551
@@ -2818,36 +2840,36 @@ CVE-2020-10633 (A non-persistent XSS (cross-site scripting) vulnerability exists
NOT-FOR-US: eWON Flexy and Cosy
CVE-2020-10632
RESERVED
-CVE-2020-10631
- RESERVED
+CVE-2020-10631 (An attacker could use a specially crafted URL to delete or read files ...)
+ TODO: check
CVE-2020-10630
RESERVED
-CVE-2020-10629
- RESERVED
+CVE-2020-10629 (WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. S ...)
+ TODO: check
CVE-2020-10628
RESERVED
CVE-2020-10627
RESERVED
CVE-2020-10626
RESERVED
-CVE-2020-10625
- RESERVED
+CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remo ...)
+ TODO: check
CVE-2020-10624
RESERVED
-CVE-2020-10623
- RESERVED
+CVE-2020-10623 (Multiple vulnerabilities could allow an attacker with low privileges t ...)
+ TODO: check
CVE-2020-10622
RESERVED
-CVE-2020-10621
- RESERVED
+CVE-2020-10621 (Multiple issues exist that allow files to be uploaded and executed on ...)
+ TODO: check
CVE-2020-10620
RESERVED
-CVE-2020-10619
- RESERVED
+CVE-2020-10619 (An attacker could use a specially crafted URL to delete files outside ...)
+ TODO: check
CVE-2020-10618
RESERVED
-CVE-2020-10617
- RESERVED
+CVE-2020-10617 (There are multiple ways an unauthenticated attacker could perform SQL ...)
+ TODO: check
CVE-2020-10616
RESERVED
CVE-2020-10615
@@ -2874,8 +2896,8 @@ CVE-2020-10605
RESERVED
CVE-2020-10604
RESERVED
-CVE-2020-10603
- RESERVED
+CVE-2020-10603 (WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize use ...)
+ TODO: check
CVE-2020-10602
RESERVED
CVE-2020-10601 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow ...)
@@ -2999,8 +3021,8 @@ CVE-2020-10553
RESERVED
CVE-2020-10552
RESERVED
-CVE-2020-10551
- RESERVED
+CVE-2020-10551 (QQBrowser before 10.5.3870.400 installs a Windows service TsService.ex ...)
+ TODO: check
CVE-2020-10550
RESERVED
CVE-2020-10549
@@ -5284,10 +5306,10 @@ CVE-2020-9502
RESERVED
CVE-2020-9501
RESERVED
-CVE-2020-9500
- RESERVED
-CVE-2020-9499
- RESERVED
+CVE-2020-9500 (Some products of Dahua have Denial of Service vulnerabilities. After t ...)
+ TODO: check
+CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After the su ...)
+ TODO: check
CVE-2020-9498
RESERVED
CVE-2020-9497
@@ -6938,8 +6960,8 @@ CVE-2020-8815 (Improper connection handling in the base connection handler in IK
NOT-FOR-US: BearFTP
CVE-2020-8814
RESERVED
-CVE-2018-21034
- RESERVED
+CVE-2018-21034 (In Argo versions prior to v1.5.0-rc1, it was possible for authenticate ...)
+ TODO: check
CVE-2017-18641 (In LXC 2.0, many template scripts download code over cleartext HTTP, a ...)
- lxc-templates <unfixed>
- lxc 1:3.0.3-1 (low)
@@ -8986,8 +9008,8 @@ CVE-2020-7924
RESERVED
CVE-2020-7923
RESERVED
-CVE-2020-7922
- RESERVED
+CVE-2020-7922 (X.509 certificates generated by the MongoDB Enterprise Kubernetes Oper ...)
+ TODO: check
CVE-2020-7921
RESERVED
CVE-2019-20419
@@ -15147,8 +15169,8 @@ CVE-2020-5265
RESERVED
CVE-2020-5264
RESERVED
-CVE-2020-5263
- RESERVED
+CVE-2020-5263 (auth0.js (NPM package auth0-js) greater than version 8.0.0 and before ...)
+ TODO: check
CVE-2020-5262 (In EasyBuild before version 4.1.2, the GitHub Personal Access Token (P ...)
NOT-FOR-US: EasyBuild
CVE-2020-5261 (Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Sa ...)
@@ -24394,8 +24416,8 @@ CVE-2020-1897
RESERVED
CVE-2020-1896
RESERVED
-CVE-2020-1895
- RESERVED
+CVE-2020-1895 (A large heap overflow could occur in Instagram for Android when attemp ...)
+ TODO: check
CVE-2020-1894
RESERVED
CVE-2020-1893 (Insufficient boundary checks when decoding JSON in TryParse reads out ...)
@@ -25054,6 +25076,7 @@ CVE-2020-1761
NOT-FOR-US: OpenShift
CVE-2020-1760 [header-splitting in RGW GetObject has a possible XSS]
RESERVED
+ {DLA-2171-1}
- ceph <unfixed> (bug #956142)
NOTE: Introduced with: https://github.com/ceph/ceph-ci/commit/f4a0b2d9260a4523745875e3977a8a1ef9dc5e2e
NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/8aa1f77363ec32bdc57744a143035033291ab5e1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d1e8570d60909a9cdbdf200cb353c95e64447e5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d1e8570d60909a9cdbdf200cb353c95e64447e5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200409/a06779f5/attachment.html>
More information about the debian-security-tracker-commits
mailing list