[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Aug 5 21:10:32 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a24d6317 by security tracker role at 2020-08-05T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2020-17364 (USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs. ...)
+ TODO: check
+CVE-2020-17363
+ RESERVED
+CVE-2020-17362
+ RESERVED
+CVE-2020-17361
+ RESERVED
+CVE-2020-17360
+ RESERVED
+CVE-2020-17359
+ RESERVED
+CVE-2020-17358
+ RESERVED
+CVE-2020-17357
+ RESERVED
+CVE-2020-17356
+ RESERVED
+CVE-2020-17355
+ RESERVED
+CVE-2020-17354
+ RESERVED
+CVE-2020-17353 (scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x ...)
+ TODO: check
+CVE-2020-17352
+ RESERVED
CVE-2020-17351
RESERVED
CVE-2020-17350
@@ -2197,10 +2223,10 @@ CVE-2020-16255
RESERVED
CVE-2020-16254
RESERVED
-CVE-2020-16253
- RESERVED
-CVE-2020-16252
- RESERVED
+CVE-2020-16253 (The PgHero gem through 2.6.0 for Ruby allows CSRF. ...)
+ TODO: check
+CVE-2020-16252 (The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. ...)
+ TODO: check
CVE-2020-16251
RESERVED
CVE-2020-16250
@@ -2319,8 +2345,8 @@ CVE-2020-16194
RESERVED
CVE-2020-16193
RESERVED
-CVE-2020-16192
- RESERVED
+CVE-2020-16192 (LimeSurvey 4.3.2 allows reflected XSS because application/controllers/ ...)
+ TODO: check
CVE-2020-16191
RESERVED
CVE-2020-16190
@@ -4868,8 +4894,8 @@ CVE-2020-15108 (In glpi before 9.5.1, there is a SQL injection for all usages of
NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-15107 (In openenclave before 0.10.0, enclaves that use x87 FPU operations are ...)
NOT-FOR-US: openenclave
-CVE-2020-15106
- RESERVED
+CVE-2020-15106 (In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic ...)
+ TODO: check
CVE-2020-15105 (Django Two-Factor Authentication before 1.12, stores the user's passwo ...)
NOT-FOR-US: Django Two-Factor Authentication
CVE-2020-15104 (In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when valid ...)
@@ -6847,8 +6873,7 @@ CVE-2020-14349
CVE-2020-14348
RESERVED
NOT-FOR-US: AMQ Online
-CVE-2020-14347 [X Server Pixel Data Uninitialized Memory Information Disclosure]
- RESERVED
+CVE-2020-14347 (A flaw was found in the way xserver memory was not properly initialize ...)
- xorg-server <unfixed>
[stretch] - xorg-server <postponed> (Minor issue, can be fixed along in next release)
NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003051.html
@@ -6857,8 +6882,7 @@ CVE-2020-14346
RESERVED
CVE-2020-14345
RESERVED
-CVE-2020-14344 [Heap corruption in the X input method client in libX11]
- RESERVED
+CVE-2020-14344 (An integer overflow leading to a heap-buffer overflow was found in The ...)
{DLA-2312-1}
- libx11 2:1.6.10-1
[buster] - libx11 <no-dsa> (Minor issue)
@@ -7987,8 +8011,8 @@ CVE-2020-13923 (IDOR vulnerability in the order processing feature from ecommerc
NOT-FOR-US: Apache OFBiz
CVE-2020-13922
RESERVED
-CVE-2020-13921
- RESERVED
+CVE-2020-13921 (**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storag ...)
+ TODO: check
CVE-2020-13920
RESERVED
CVE-2020-13919 (emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow ...)
@@ -8241,8 +8265,8 @@ CVE-2020-13821
RESERVED
CVE-2020-13820 (Extreme Management Center 8.4.1.24 allows unauthenticated reflected XS ...)
NOT-FOR-US: Extreme Management Center
-CVE-2020-13819
- RESERVED
+CVE-2020-13819 (Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS vi ...)
+ TODO: check
CVE-2020-13818 (In Zoho ManageEngine OpManager before 125144, when <cachestart> ...)
NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2020-13817 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote att ...)
@@ -9891,8 +9915,8 @@ CVE-2020-13153 (app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 h
CVE-2020-13152 (A remote user can create a specially crafted M3U file, media playlist ...)
- amarok <removed> (unimportant)
NOTE: Elevated resource usage in client application, no security impact
-CVE-2020-13151
- RESERVED
+CVE-2020-13151 (Aerospike Community Edition 4.9.0.5 allows for unauthenticated submiss ...)
+ TODO: check
CVE-2020-13150 (D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 secon ...)
NOT-FOR-US: D-link
CVE-2020-13149 (Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dr ...)
@@ -22719,8 +22743,8 @@ CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snpr
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/30648c03b27fb8d9611b723184216cd3174b6775
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed.
-CVE-2020-8607
- RESERVED
+CVE-2020-8607 (An input validation vulnerability found in multiple Trend Micro produc ...)
+ TODO: check
CVE-2020-8606 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...)
NOT-FOR-US: Trend Micro
CVE-2020-8605 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...)
@@ -25078,7 +25102,7 @@ CVE-2020-7639 (eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollut
NOT-FOR-US: Node eivindfjeldstad-dot
CVE-2020-7638 (confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDe ...)
NOT-FOR-US: Node confinit
-CVE-2020-7637 (class-transformer through 0.2.3 is vulnerable to Prototype Pollution. ...)
+CVE-2020-7637 (class-transformer before 0.3.1 allow attackers to perform Prototype Po ...)
NOT-FOR-US: Node class-transformer
CVE-2020-7636 (adb-driver through 0.1.8 is vulnerable to Command Injection.It allows ...)
NOT-FOR-US: Node adb-driver
@@ -30033,10 +30057,10 @@ CVE-2020-5611 (Cross-site request forgery (CSRF) vulnerability in Social Sharing
NOT-FOR-US: Social Sharing Plugin for WordPress
CVE-2020-5610 (Global TechStream (GTS) for TOYOTA dealers version 15.10.032 and earli ...)
NOT-FOR-US: Global TechStream (GTS) for TOYOTA dealers
-CVE-2020-5609
- RESERVED
-CVE-2020-5608
- RESERVED
+CVE-2020-5609 (Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (incl ...)
+ TODO: check
+CVE-2020-5608 (CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 t ...)
+ TODO: check
CVE-2020-5607 (Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows re ...)
NOT-FOR-US: SHIRASAGI
CVE-2020-5606
@@ -32977,8 +33001,8 @@ CVE-2020-4483
RESERVED
CVE-2020-4482
RESERVED
-CVE-2020-4481
- RESERVED
+CVE-2020-4481 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is v ...)
+ TODO: check
CVE-2020-4480
RESERVED
CVE-2020-4479
@@ -33453,8 +33477,8 @@ CVE-2020-4245 (IBM Security Identity Governance and Intelligence 5.2.6 does not
NOT-FOR-US: IBM
CVE-2020-4244 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...)
NOT-FOR-US: IBM
-CVE-2020-4243
- RESERVED
+CVE-2020-4243 (IBM Security Identity Governance and Intelligence 5.2.6 Virtual Applia ...)
+ TODO: check
CVE-2020-4242 (IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 ...)
NOT-FOR-US: IBM
CVE-2020-4241 (IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a24d63179b179ca256ff2310779e0e6238691fa4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a24d63179b179ca256ff2310779e0e6238691fa4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200805/69810820/attachment.html>
More information about the debian-security-tracker-commits
mailing list