[Git][security-tracker-team/security-tracker][master] automatic update

Sat Feb 22 08:10:21 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b8684443 by security tracker role at 2020-02-22T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-9335
+	RESERVED
+CVE-2020-9334
+	RESERVED
+CVE-2020-9333
+	RESERVED
+CVE-2020-9332
+	RESERVED
+CVE-2020-9331
+	RESERVED
+CVE-2020-9330 (Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not requ ...)
+	TODO: check
+CVE-2020-9329 (Gogs through 0.11.91 allows attackers to violate the admin-specified r ...)
+	TODO: check
+CVE-2020-9328
+	RESERVED
+CVE-2020-9327 (In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger  ...)
+	TODO: check
 CVE-2020-9326
 	RESERVED
 CVE-2020-9325
@@ -108,6 +126,7 @@ CVE-2020-9275
 CVE-2020-9274
 	RESERVED
 CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interru ...)
+	{DLA-2115-1}
 	- proftpd-dfsg 1.3.6c-1 (bug #951800)
 	NOTE: https://github.com/proftpd/proftpd/issues/903
 	NOTE: https://github.com/proftpd/proftpd/commit/d388f7904d4c9a6d0ea54237b8b54a57c19d8d49 (master)
@@ -601,8 +620,8 @@ CVE-2020-9041
 	RESERVED
 CVE-2020-9040
 	RESERVED
-CVE-2020-9039
-	RESERVED
+CVE-2020-9039 (Couchbase Server 4.x and 5.x before 6.0.0 has Insecure Permissions for ...)
+	TODO: check
 CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...)
 	NOT-FOR-US: Joplin
 CVE-2020-9037
@@ -1025,12 +1044,12 @@ CVE-2020-8864
 	RESERVED
 CVE-2020-8863
 	RESERVED
-CVE-2020-8862
-	RESERVED
-CVE-2020-8861
-	RESERVED
-CVE-2020-8860
-	RESERVED
+CVE-2020-8862 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+	TODO: check
+CVE-2020-8861 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+	TODO: check
+CVE-2020-8860 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2020-8859
 	RESERVED
 CVE-2020-8858 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -1148,8 +1167,8 @@ CVE-2017-18641 (In LXC 2.0, many template scripts download code over cleartext H
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447
 	NOTE: Some of the templates were switched to fetch the pacakges over HTTPS, cf.
 	NOTE: https://github.com/lxc/lxc/pull/1371 for the lxc-fedora template.
-CVE-2020-8813
-	RESERVED
+CVE-2020-8813 (graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute a ...)
+	TODO: check
 CVE-2020-8812 (** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert m ...)
 	NOT-FOR-US: Bludit
 CVE-2020-8811 (ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated  ...)
@@ -3212,8 +3231,8 @@ CVE-2020-7909 (In JetBrains TeamCity before 2019.1.5, some server-stored passwor
 	NOT-FOR-US: JetBrains
 CVE-2020-7908 (In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible ...)
 	NOT-FOR-US: JetBrains
-CVE-2020-7907
-	RESERVED
+CVE-2020-7907 (In the JetBrains Scala plugin before 2019.2.1, some artefact dependenc ...)
+	TODO: check
 CVE-2020-7906 (In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there wer ...)
 	NOT-FOR-US: JetBrains
 CVE-2020-7905 (Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were expose ...)
@@ -8697,6 +8716,7 @@ CVE-2020-5392
 CVE-2020-5391
 	RESERVED
 CVE-2020-5390 (PySAML2 before 5.0.0 does not check that the signature in a SAML docum ...)
+	{DSA-4630-1}
 	- python-pysaml2 4.5.0-7 (bug #949322)
 	NOTE: https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25 (v5.0.0)
 CVE-2020-5389
@@ -8858,11 +8878,11 @@ CVE-2019-20331
 CVE-2020-5314
 	RESERVED
 CVE-2020-5313 (libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overfl ...)
-	{DLA-2057-1}
+	{DSA-4631-1 DLA-2057-1}
 	- pillow 7.0.0-1 (bug #948224)
 	NOTE: https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b (6.2.2)
 CVE-2020-5312 (libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer  ...)
-	{DLA-2057-1}
+	{DSA-4631-1 DLA-2057-1}
 	- pillow 7.0.0-1 (bug #948224)
 	NOTE: https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd (6.2.2)
 CVE-2020-5311 (libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer ove ...)
@@ -12822,7 +12842,7 @@ CVE-2019-19913
 CVE-2019-19912
 	RESERVED
 CVE-2019-19911 (There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImage ...)
-	{DLA-2057-1}
+	{DSA-4631-1 DLA-2057-1}
 	- pillow 7.0.0-1 (bug #948224)
 	NOTE: https://github.com/python-pillow/Pillow/commit/774e53bb132461d8d5ebefec1162e29ec0ebc63d (6.2.2)
 CVE-2019-19910 (The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35  ...)
@@ -20362,8 +20382,8 @@ CVE-2019-18848 (The json-jwt gem before 1.11.0 for Ruby lacks an element count d
 	NOTE: https://github.com/nov/json-jwt/commit/ada16e772906efdd035e3df49cb2ae372f0f948a
 CVE-2019-18847
 	RESERVED
-CVE-2019-18846
-	RESERVED
+CVE-2019-18846 (OX App Suite through 7.10.2 allows SSRF. ...)
+	TODO: check
 CVE-2019-18845 (The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1  ...)
 	NOT-FOR-US: Patriot Viper RGB
 CVE-2019-18844 (The Device Model in ACRN before 2019w25.5-140000p relies on assert cal ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b86844431694e746311b5ae36231b7f816b020ee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b86844431694e746311b5ae36231b7f816b020ee
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200222/88f27f8f/attachment.html>
