[Git][security-tracker-team/security-tracker][master] automatic update

Mon Aug 10 09:10:27 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c438f6ae by security tracker role at 2020-08-10T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2020-17464
+	RESERVED
+CVE-2020-17463
+	RESERVED
+CVE-2020-17462
+	RESERVED
+CVE-2020-17461
+	RESERVED
+CVE-2020-17460
+	RESERVED
+CVE-2020-17459
+	RESERVED
+CVE-2020-17458
+	RESERVED
+CVE-2020-17457
+	RESERVED
+CVE-2020-17456
+	RESERVED
+CVE-2020-17455
+	RESERVED
+CVE-2020-17454
+	RESERVED
 CVE-2020-17453
 	RESERVED
 CVE-2020-17452 (flatCore before 1.5.7 allows upload and execution of a .php file by an ...)
@@ -11036,16 +11058,16 @@ CVE-2020-12784 (cPanel before 86.0.14 allows remote attackers to trigger a bandw
 	NOT-FOR-US: cPanel
 CVE-2020-12782 (Openfind MailGates contains a Command Injection flaw, when receiving e ...)
 	NOT-FOR-US: Openfind MailGates
-CVE-2020-12781
-	RESERVED
-CVE-2020-12780
-	RESERVED
-CVE-2020-12779
-	RESERVED
-CVE-2020-12778
-	RESERVED
-CVE-2020-12777
-	RESERVED
+CVE-2020-12781 (Combodo iTop contains a cross-site request forgery (CSRF) vulnerabilit ...)
+	TODO: check
+CVE-2020-12780 (A security misconfiguration exists in Combodo iTop, which can expose s ...)
+	TODO: check
+CVE-2020-12779 (Combodo iTop contains a stored Cross-site Scripting vulnerability, whi ...)
+	TODO: check
+CVE-2020-12778 (Combodo iTop does not validate inputted parameters, attackers can inje ...)
+	TODO: check
+CVE-2020-12777 (A function in Combodo iTop contains a vulnerability of Broken Access C ...)
+	TODO: check
 CVE-2020-12776
 	RESERVED
 CVE-2020-12775
@@ -69074,6 +69096,7 @@ CVE-2019-11502 (snap-confine in snapd before 2.38 incorrectly set the ownership
 	[stretch] - snapd <no-dsa> (Minor issue)
 	NOTE: https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1
 CVE-2017-18367 (libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR ...)
+	{DLA-2320-1}
 	- golang-github-seccomp-libseccomp-golang 0.9.0-2 (bug #927981)
 	NOTE: https://github.com/seccomp/libseccomp-golang/issues/22
 	NOTE: https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c438f6aedc5058e62636be2fdcc7a092a94baafe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c438f6aedc5058e62636be2fdcc7a092a94baafe
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200810/057f5ee2/attachment.html>
