[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Aug 9 09:10:29 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8766a87c by security tracker role at 2020-08-09T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3332,36 +3332,36 @@ CVE-2020-15833
 	RESERVED
 CVE-2020-15832
 	RESERVED
-CVE-2020-15831
-	RESERVED
-CVE-2020-15830
-	RESERVED
-CVE-2020-15829
-	RESERVED
-CVE-2020-15828
-	RESERVED
-CVE-2020-15827
-	RESERVED
-CVE-2020-15826
-	RESERVED
-CVE-2020-15825
-	RESERVED
-CVE-2020-15824
-	RESERVED
-CVE-2020-15823
-	RESERVED
+CVE-2020-15831 (JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in t ...)
+	TODO: check
+CVE-2020-15830 (JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the  ...)
+	TODO: check
+CVE-2020-15829 (In JetBrains TeamCity before 2019.2.3, password parameters could be di ...)
+	TODO: check
+CVE-2020-15828 (In JetBrains TeamCity before 2020.1.1, project parameter values can be ...)
+	TODO: check
+CVE-2020-15827 (In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signatu ...)
+	TODO: check
+CVE-2020-15826 (In JetBrains TeamCity before 2020.1, users are able to assign more per ...)
+	TODO: check
+CVE-2020-15825 (In JetBrains TeamCity before 2020.1, users with the Modify Group permi ...)
+	TODO: check
+CVE-2020-15824 (In JetBrains Kotlin before 1.4.0, there is a script-cache privilege es ...)
+	TODO: check
+CVE-2020-15823 (JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Wor ...)
+	TODO: check
 CVE-2020-15822
 	RESERVED
-CVE-2020-15821
-	RESERVED
-CVE-2020-15820
-	RESERVED
-CVE-2020-15819
-	RESERVED
-CVE-2020-15818
-	RESERVED
-CVE-2020-15817
-	RESERVED
+CVE-2020-15821 (In JetBrains YouTrack before 2020.2.6881, a user without permission is ...)
+	TODO: check
+CVE-2020-15820 (In JetBrains YouTrack before 2020.2.6881, the markdown parser could di ...)
+	TODO: check
+CVE-2020-15819 (JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that all ...)
+	TODO: check
+CVE-2020-15818 (In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could  ...)
+	TODO: check
+CVE-2020-15817 (In JetBrains YouTrack before 2020.1.1331, an external user could execu ...)
+	TODO: check
 CVE-2020-15862 [privilege escalation]
 	RESERVED
 	{DLA-2299-1}
@@ -11252,7 +11252,7 @@ CVE-2020-12697 (The direct_mail extension through 5.2.3 for TYPO3 allows Denial
 CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a URL. ...)
 	NOT-FOR-US: iframe plugin for WordPress
 CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-04-17  ...)
-	{DLA-2315-1}
+	{DLA-2318-1 DLA-2315-1}
 	- wpa <unfixed>
 	[buster] - wpa <no-dsa> (Minor issue)
 	- gupnp 1.2.3-1
@@ -34142,7 +34142,7 @@ CVE-2020-4051 (In Dijit before versions 1.11.11, and greater than or equal to 1.
 CVE-2020-4045 (SSB-DB version 20.0.0 has an information disclosure vulnerability. The ...)
 	NOT-FOR-US: SSB-DB
 CVE-2020-4044 (The xrdp-sesman service before version 0.9.13.1 can be crashed by conn ...)
-	{DSA-4737-1}
+	{DSA-4737-1 DLA-2319-1}
 	- xrdp 0.9.12-1.1 (bug #964573)
 	NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j9fv-6fwf-p3g4
 	NOTE: Fixed by: https://github.com/neutrinolabs/xrdp/commit/e593f58a82bf79b556601ae08e9e25e366a662fb
@@ -38804,8 +38804,8 @@ CVE-2019-19706
 	RESERVED
 CVE-2019-19705
 	RESERVED
-CVE-2019-19704
-	RESERVED
+CVE-2019-19704 (In JetBrains Upsource before 2020.1, information disclosure is possibl ...)
+	TODO: check
 CVE-2019-19703 (In Ktor through 1.2.6, the client resends data from the HTTP Authoriza ...)
 	NOT-FOR-US: Ktor
 CVE-2019-19702 (The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML Ext ...)
@@ -73121,7 +73121,7 @@ CVE-2019-10065 (An issue was discovered in Open Ticket Request System (OTRS) 7.0
 	- otrs2 <not-affected> (Only affects 7.x series)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2019-07/
 CVE-2019-10064 (hostapd before 2.6, in EAP mode, makes calls to the rand() and random( ...)
-	{DLA-2138-1}
+	{DLA-2318-1 DLA-2138-1}
 	- wpa 2:2.6-7
 	NOTE: https://www.openwall.com/lists/oss-security/2020/02/27/1
 	NOTE: Comment from upstream: https://www.openwall.com/lists/oss-security/2020/02/27/2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8766a87ceeef264e0fe8550ab49cc35124dc617a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8766a87ceeef264e0fe8550ab49cc35124dc617a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200809/27042d80/attachment.html>


More information about the debian-security-tracker-commits mailing list