[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Feb 5 08:10:27 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0a11362c by security tracker role at 2020-02-05T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -195,8 +195,7 @@ CVE-2020-8519
 	RESERVED
 CVE-2020-8518
 	RESERVED
-CVE-2020-8517
-	RESERVED
+CVE-2020-8517 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...)
 	- squid <unfixed>
 	- squid3 <removed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_3.txt
@@ -345,16 +344,14 @@ CVE-2020-8452
 	RESERVED
 CVE-2020-8451
 	RESERVED
-CVE-2020-8450
-	RESERVED
+CVE-2020-8450 (An issue was discovered in Squid before 4.10. Due to incorrect buffer  ...)
 	- squid <unfixed>
 	- squid3 <removed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
 	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch (Squid 3.5)
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch (Squid 4.8 and older)
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch (Squid 4.9)
-CVE-2020-8449
-	RESERVED
+CVE-2020-8449 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...)
 	- squid <unfixed>
 	- squid3 <removed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
@@ -1022,28 +1019,28 @@ CVE-2020-8127
 	RESERVED
 CVE-2020-8126
 	RESERVED
-CVE-2020-8125
-	RESERVED
-CVE-2020-8124
-	RESERVED
-CVE-2020-8123
-	RESERVED
-CVE-2020-8122
-	RESERVED
-CVE-2020-8121
-	RESERVED
-CVE-2020-8120
-	RESERVED
-CVE-2020-8119
-	RESERVED
-CVE-2020-8118
-	RESERVED
-CVE-2020-8117
-	RESERVED
-CVE-2020-8116
-	RESERVED
-CVE-2020-8115
-	RESERVED
+CVE-2020-8125 (Flaw in input validation in npm package klona version 1.1.0 and earlie ...)
+	TODO: check
+CVE-2020-8124 (Insufficient validation and sanitization of user input exists in url-p ...)
+	TODO: check
+CVE-2020-8123 (A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that ...)
+	TODO: check
+CVE-2020-8122 (A missing check in Nextcloud Server 14.0.3 could give recipient the po ...)
+	TODO: check
+CVE-2020-8121 (A bug in Nextcloud Server 14.0.4 could expose more data in reshared li ...)
+	TODO: check
+CVE-2020-8120 (A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16. ...)
+	TODO: check
+CVE-2020-8119 (Improper authorization in Nextcloud server 17.0.0 causes leaking of pr ...)
+	TODO: check
+CVE-2020-8118 (An authenticated server-side request forgery in Nextcloud server 16.0. ...)
+	TODO: check
+CVE-2020-8117 (Improper preservation of permissions in Nextcloud Server 14.0.3 causes ...)
+	TODO: check
+CVE-2020-8116 (Prototype pollution vulnerability in dot-prop npm package version 5.1. ...)
+	TODO: check
+CVE-2020-8115 (A reflected XSS vulnerability has been discovered in the publicly acce ...)
+	TODO: check
 CVE-2020-8114 [User Permissions Not Validated in ProjectExportWorker]
 	RESERVED
 	- gitlab <unfixed>
@@ -5583,12 +5580,12 @@ CVE-2020-6062
 	RESERVED
 CVE-2020-6061
 	RESERVED
-CVE-2020-6060
-	RESERVED
-CVE-2020-6059
-	RESERVED
-CVE-2020-6058
-	RESERVED
+CVE-2020-6060 (A stack buffer overflow vulnerability exists in the way MiniSNMPD vers ...)
+	TODO: check
+CVE-2020-6059 (An exploitable out of bounds read vulnerability exists in the way Mini ...)
+	TODO: check
+CVE-2020-6058 (An exploitable out-of-bounds read vulnerability exists in the way Mini ...)
+	TODO: check
 CVE-2020-6057
 	RESERVED
 CVE-2020-6056
@@ -27092,7 +27089,7 @@ CVE-2019-16772 (The serialize-to-js NPM package before version 3.0.1 is vulnerab
 	NOT-FOR-US: serialize-to-js Node package
 CVE-2019-16771 (Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable ...)
 	NOT-FOR-US: Armeria
-CVE-2019-16770 (In Puma before version 4.3.2, a poorly-behaved client could use keepal ...)
+CVE-2019-16770 (In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client coul ...)
 	- puma <unfixed> (bug #946312)
 	[buster] - puma <no-dsa> (Minor issue)
 	[stretch] - puma <no-dsa> (Minor issue)
@@ -30400,36 +30397,36 @@ CVE-2019-15626 (The Deep Security Manager application (Versions 10.0, 11.0 and 1
 	NOT-FOR-US: Deep Security Manager application (Trend Micro)
 CVE-2019-15625 (A memory usage vulnerability exists in Trend Micro Password Manager 3. ...)
 	NOT-FOR-US: Trend Micro
-CVE-2019-15624
-	RESERVED
-CVE-2019-15623
-	RESERVED
-CVE-2019-15622
-	RESERVED
-CVE-2019-15621
-	RESERVED
-CVE-2019-15620
-	RESERVED
-CVE-2019-15619
-	RESERVED
-CVE-2019-15618
-	RESERVED
-CVE-2019-15617
-	RESERVED
-CVE-2019-15616
-	RESERVED
-CVE-2019-15615
-	RESERVED
-CVE-2019-15614
-	RESERVED
-CVE-2019-15613
-	RESERVED
-CVE-2019-15612
-	RESERVED
-CVE-2019-15611
-	RESERVED
-CVE-2019-15610
-	RESERVED
+CVE-2019-15624 (Improper Input Validation in Nextcloud Server 15.0.7 allows group admi ...)
+	TODO: check
+CVE-2019-15623 (Exposure of Private Information in Nextcloud Server 16.0.1 causes the  ...)
+	TODO: check
+CVE-2019-15622 (Not strictly enough sanitization in the Nextcloud Android app 3.6.0 al ...)
+	TODO: check
+CVE-2019-15621 (Improper permissions preservation in Nextcloud Server 16.0.1 causes sh ...)
+	TODO: check
+CVE-2019-15620 (Improper access control in Nextcloud Talk 6.0.3 leaks the existance an ...)
+	TODO: check
+CVE-2019-15619 (Improper neutralization of file names, conversation names and board na ...)
+	TODO: check
+CVE-2019-15618 (Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a  ...)
+	TODO: check
+CVE-2019-15617 (A missing check in Nextcloud Server 17.0.0 allowed an attacker to set  ...)
+	TODO: check
+CVE-2019-15616 (Dangling remote share attempts in Nextcloud 16 allow a DNS pollution w ...)
+	TODO: check
+CVE-2019-15615 (A wrong check for the system time in the Android App 3.9.0 causes a by ...)
+	TODO: check
+CVE-2019-15614 (Missing sanitization in the iOS App 2.24.4 causes an XSS when opening  ...)
+	TODO: check
+CVE-2019-15613 (A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend t ...)
+	TODO: check
+CVE-2019-15612 (A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be c ...)
+	TODO: check
+CVE-2019-15611 (Violation of Secure Design Principles in the iOS App 2.23.0 causes the ...)
+	TODO: check
+CVE-2019-15610 (Improper authorization in the Circles app 0.17.7 causes retaining acce ...)
+	TODO: check
 CVE-2019-15609
 	RESERVED
 CVE-2019-15608
@@ -40894,8 +40891,7 @@ CVE-2019-12529 (An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x th
 	- squid3 <removed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_2.txt
 	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch
-CVE-2019-12528
-	RESERVED
+CVE-2019-12528 (An issue was discovered in Squid before 4.10. It allows a crafted FTP  ...)
 	- squid <unfixed>
 	- squid3 <removed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_2.txt
@@ -45899,12 +45895,12 @@ CVE-2019-10790
 	RESERVED
 CVE-2019-10789
 	RESERVED
-CVE-2019-10788
-	RESERVED
-CVE-2019-10787
-	RESERVED
-CVE-2019-10786
-	RESERVED
+CVE-2019-10788 (im-metadata through 3.0.1 allows remote attackers to execute arbitrary ...)
+	TODO: check
+CVE-2019-10787 (im-resize through 2.3.2 allows remote attackers to execute arbitrary c ...)
+	TODO: check
+CVE-2019-10786 (network-manager through 1.0.2 allows remote attackers to execute arbit ...)
+	TODO: check
 CVE-2019-10785
 	RESERVED
 CVE-2019-10784 (phppgadmin through 7.12.1 allows sensitive actions to be performed wit ...)
@@ -226863,12 +226859,12 @@ CVE-2015-3615 (Cross-site scripting (XSS) vulnerability in Fortinet FortiManager
 	NOT-FOR-US: Fortinet
 CVE-2015-3614 (Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows r ...)
 	NOT-FOR-US: Fortinet
-CVE-2015-3613
-	RESERVED
-CVE-2015-3612
-	RESERVED
-CVE-2015-3611
-	RESERVED
+CVE-2015-3613 (A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 ...)
+	TODO: check
+CVE-2015-3612 (A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2. ...)
+	TODO: check
+CVE-2015-3611 (A Command Injection vulnerability exists in FortiManager 5.2.1 and ear ...)
+	TODO: check
 CVE-2015-3610 (The Siemens HomeControl for Room Automation application before 2.0.1 f ...)
 	NOT-FOR-US: Siemens HomeControl for Room Automation application for Android
 CVE-2015-3609
@@ -229290,8 +229286,8 @@ CVE-2015-2804 (The management web interface in Alcatel-Lucent OmniSwitch 6450, 6
 	NOT-FOR-US: Alcatel-Lucent OmniSwitch
 CVE-2015-2803 (SQL injection vulnerability in mod1/index.php in the Akronymmanager (s ...)
 	NOT-FOR-US: TYPO3 extension sb_akronymmanager
-CVE-2015-2802
-	RESERVED
+CVE-2015-2802 (An Information Disclosure vulnerability exists in HP SiteScope 11.2 an ...)
+	TODO: check
 CVE-2015-2801
 	RESERVED
 CVE-2015-2800 (The user authentication module in Huawei Campus switches S5700, S5300, ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0a11362cbd9a0ef9472443db2c8a1968cdb29cb1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0a11362cbd9a0ef9472443db2c8a1968cdb29cb1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200205/d72f49e4/attachment.html>

More information about the debian-security-tracker-commits mailing list