[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Apr 25 09:10:22 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
354ece62 by security tracker role at 2020-04-25T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2020-12248
+	RESERVED
+CVE-2020-12247
+	RESERVED
+CVE-2020-12246
+	RESERVED
+CVE-2020-12245 (Grafana before 6.7.3 allows table-panel XSS via column.title or cellLi ...)
+	TODO: check
+CVE-2020-12244
+	RESERVED
+CVE-2020-12243
+	RESERVED
 CVE-2020-12242
 	RESERVED
 CVE-2020-12241
@@ -351,8 +363,8 @@ CVE-2020-12072
 	RESERVED
 CVE-2020-12071 (Anchor 0.12.7 allows admins to cause XSS via crafted post content. ...)
 	TODO: check
-CVE-2020-12070
-	RESERVED
+CVE-2020-12070 (The Advanced Woo Search plugin version through 1.99 for Wordpress suff ...)
+	TODO: check
 CVE-2020-12069
 	RESERVED
 CVE-2020-12068
@@ -3852,8 +3864,8 @@ CVE-2020-11015
 	RESERVED
 CVE-2020-11014
 	RESERVED
-CVE-2020-11013
-	RESERVED
+CVE-2020-11013 (Their is an information disclosure vulnerability in Helm from version  ...)
+	TODO: check
 CVE-2020-11012 (MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authenticat ...)
 	TODO: check
 CVE-2020-11011 (In Phproject before version 1.7.8, there's a vulnerability which allow ...)
@@ -3882,8 +3894,8 @@ CVE-2020-11006
 	RESERVED
 CVE-2020-11005 (The WindowsHello open source library (NuGet HaemmerElectronics.SeppPen ...)
 	NOT-FOR-US: WindowsHello
-CVE-2020-11004
-	RESERVED
+CVE-2020-11004 (SQL Injection was discovered in Admidio before version 3.3.13. The mai ...)
+	TODO: check
 CVE-2020-11003 (Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vuln ...)
 	NOT-FOR-US: Oasis (not the same as src:oasis)
 CVE-2020-11002 (dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote co ...)
@@ -15331,10 +15343,10 @@ CVE-2020-6215 (SAP NetWeaver AS ABAP Business Server Pages Test Application IT00
 	NOT-FOR-US: SAP
 CVE-2020-6214 (SAP S/4HANA (Financial Products Subledger), version 100, uses an incor ...)
 	NOT-FOR-US: SAP
-CVE-2020-6213
-	RESERVED
-CVE-2020-6212
-	RESERVED
+CVE-2020-6213 (SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_P ...)
+	TODO: check
+CVE-2020-6212 (Egypt localized withholding tax reports Clearing of Liabilities and Re ...)
+	TODO: check
 CVE-2020-6211 (SAP Business Objects Business Intelligence Platform (AdminTools), vers ...)
 	NOT-FOR-US: SAP
 CVE-2020-6210 (SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode  ...)
@@ -62405,7 +62417,7 @@ CVE-2019-9185 (Controller/Async/FilesystemManager.php in the filemanager in Bolt
 	NOT-FOR-US: Bolt CMS
 CVE-2019-9184 (SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for ...)
 	NOT-FOR-US: J2Store plugin for Joomla!
-CVE-2019-9183 (An issue was discovered in Contiki-NG through 4.2 and Contiki through  ...)
+CVE-2019-9183 (An issue was discovered in Contiki-NG through 4.3 and Contiki through  ...)
 	TODO: check
 CVE-2019-9182 (There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=e ...)
 	NOT-FOR-US: ZZZCMS
@@ -64759,7 +64771,7 @@ CVE-2019-8361 (PHP Scripts Mall Responsive Video News Script has XSS via the Sea
 	NOT-FOR-US: PHP Scripts Mall Responsive Video News Script
 CVE-2019-8360 (Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find ...)
 	NOT-FOR-US: Themerig Find a Place CMS Directory
-CVE-2019-8359 (An issue was discovered in Contiki-NG through 4.2 and Contiki through  ...)
+CVE-2019-8359 (An issue was discovered in Contiki-NG through 4.3 and Contiki through  ...)
 	TODO: check
 CVE-2019-8358 (In Hiawatha before 10.8.4, a remote attacker is able to do directory t ...)
 	NOT-FOR-US: Hiawatha



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/354ece6214f1e4ba2160a0185912f4f7b712a0c6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/354ece6214f1e4ba2160a0185912f4f7b712a0c6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200425/4134a3e3/attachment.html>

More information about the debian-security-tracker-commits mailing list