[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Aug 6 09:10:34 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
20d77209 by security tracker role at 2020-08-06T08:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2020-17371
+ RESERVED
+CVE-2020-17370
+ RESERVED
+CVE-2020-17369
+ RESERVED
+CVE-2020-17368
+ RESERVED
+CVE-2020-17367
+ RESERVED
+CVE-2020-17366 (An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. ...)
+ TODO: check
+CVE-2020-17365
+ RESERVED
CVE-2020-17364 (USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs. ...)
NOT-FOR-US: User-friendly SVN
CVE-2020-17363
@@ -2222,8 +2236,8 @@ CVE-2020-16256
RESERVED
CVE-2020-16255
RESERVED
-CVE-2020-16254
- RESERVED
+CVE-2020-16254 (The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets ...)
+ TODO: check
CVE-2020-16253 (The PgHero gem through 2.6.0 for Ruby allows CSRF. ...)
- ruby-pghero <itp> (bug #882288)
CVE-2020-16252 (The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. ...)
@@ -4839,8 +4853,8 @@ CVE-2020-15133 (In faye-websocket before version 0.11.0, there is a lack of cert
NOTE: https://github.com/faye/faye-websocket-ruby/security/advisories/GHSA-2v5c-755p-p4gv
NOTE: https://github.com/faye/faye-websocket-ruby/pull/129
NOTE: https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/
-CVE-2020-15132
- RESERVED
+CVE-2020-15132 (In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget pa ...)
+ TODO: check
CVE-2020-15131 (In SLP Validate (npm package slp-validate) before version 1.2.2, there ...)
NOT-FOR-US: Node slp-validate
CVE-2020-15130 (In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnera ...)
@@ -4849,8 +4863,8 @@ CVE-2020-15129 (In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there e
NOT-FOR-US: Traefik
CVE-2020-15128 (In OctoberCMS before version 1.0.468, encrypted cookie values were not ...)
NOT-FOR-US: October CMS
-CVE-2020-15127
- RESERVED
+CVE-2020-15127 (In Contour ( Ingress controller for Kubernetes) before version 1.7.0, ...)
+ TODO: check
CVE-2020-15126 (In parser-server from version 3.5.0 and before 4.3.0, an authenticated ...)
NOT-FOR-US: Node parser-server
CVE-2020-15125 (In auth0 (npm package) versions before 2.27.1, a DenyList of specific ...)
@@ -4883,10 +4897,10 @@ CVE-2020-15115
RESERVED
CVE-2020-15114
RESERVED
-CVE-2020-15113
- RESERVED
-CVE-2020-15112
- RESERVED
+CVE-2020-15113 (In etcd before versions 3.3.23 and 3.4.10, certain directory paths are ...)
+ TODO: check
+CVE-2020-15112 (In etcd before versions 3.3.23 and 3.4.10, it is possible to have an e ...)
+ TODO: check
CVE-2020-15111 (In Fiber before version 1.12.6, the filename that is given in c.Attach ...)
NOT-FOR-US: Fiber
CVE-2020-15110 (In jupyterhub-kubespawner before 0.12, certain usernames will be able ...)
@@ -9338,8 +9352,8 @@ CVE-2020-13406
RESERVED
CVE-2020-13405 (userfiles/modules/users/controller/controller.php in Microweber before ...)
NOT-FOR-US: Microweber
-CVE-2020-13404
- RESERVED
+CVE-2020-13404 (The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for M ...)
+ TODO: check
CVE-2020-13403
RESERVED
CVE-2020-13402
@@ -10856,7 +10870,7 @@ CVE-2020-12764 (Gnuteca 3.8 allows file.php?folder=/&file= Directory Travers
CVE-2020-12763 (TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable t ...)
NOT-FOR-US: TRENDnet ProView
CVE-2020-12762 (json-c through 0.14 has an integer overflow and out-of-bounds write vi ...)
- {DLA-2301-1 DLA-2228-2 DLA-2228-1}
+ {DSA-4741-1 DLA-2301-1 DLA-2228-2 DLA-2228-1}
- json-c 0.13.1+dfsg-8 (bug #960326)
NOTE: https://github.com/json-c/json-c/pull/592
NOTE: https://github.com/json-c/json-c/commit/099016b7e8d70a6d5dd814e788bba08d33d48426
@@ -21673,8 +21687,8 @@ CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...)
NOT-FOR-US: Joplin
CVE-2020-9037
RESERVED
-CVE-2020-9036
- RESERVED
+CVE-2020-9036 (Jeedom through 4.0.38 allows XSS. ...)
+ TODO: check
CVE-2020-9035
RESERVED
CVE-2019-20474 (An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.4 ...)
@@ -25835,8 +25849,8 @@ CVE-2020-7300
RESERVED
CVE-2020-7299
RESERVED
-CVE-2020-7298
- RESERVED
+CVE-2020-7298 (Unexpected behavior violation in McAfee Total Protection (MTP) prior t ...)
+ TODO: check
CVE-2020-7297
RESERVED
CVE-2020-7296
@@ -36205,6 +36219,7 @@ CVE-2020-3483
CVE-2020-3482
RESERVED
CVE-2020-3481 (A vulnerability in the EGG archive parsing module in Clam AntiVirus (C ...)
+ {DLA-2314-1}
- clamav 0.102.4+dfsg-1
[buster] - clamav 0.102.4+dfsg-0+deb10u1
NOTE: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html
@@ -36469,6 +36484,7 @@ CVE-2020-3352
CVE-2020-3351 (A vulnerability in Cisco SD-WAN Solution Software could allow an unaut ...)
NOT-FOR-US: Cisco
CVE-2020-3350 (A vulnerability in the endpoint software of Cisco AMP for Endpoints an ...)
+ {DLA-2314-1}
- clamav 0.102.4+dfsg-1
[buster] - clamav 0.102.4+dfsg-0+deb10u1
NOTE: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html
@@ -36521,7 +36537,7 @@ CVE-2020-3329 (A vulnerability in role-based access control of Cisco Integrated
CVE-2020-3328
RESERVED
CVE-2020-3327 (A vulnerability in the ARJ archive parsing module in Clam AntiVirus (C ...)
- {DLA-2215-1}
+ {DLA-2314-1 DLA-2215-1}
- clamav 0.102.4+dfsg-1
[buster] - clamav 0.102.4+dfsg-0+deb10u1
NOTE: https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20d7720913874be232fecc45de8534c2c8be2ec8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20d7720913874be232fecc45de8534c2c8be2ec8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200806/5166ee6b/attachment.html>
More information about the debian-security-tracker-commits
mailing list