[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Jul 1 09:10:30 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f3dd47dd by security tracker role at 2020-07-01T08:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,109 @@
+CVE-2020-15468 (Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit ...)
+	TODO: check
+CVE-2020-15467
+	RESERVED
+CVE-2020-15466
+	RESERVED
+CVE-2020-15465
+	RESERVED
+CVE-2020-15464
+	RESERVED
+CVE-2020-15463
+	RESERVED
+CVE-2020-15462
+	RESERVED
+CVE-2020-15461
+	RESERVED
+CVE-2020-15460
+	RESERVED
+CVE-2020-15459
+	RESERVED
+CVE-2020-15458
+	RESERVED
+CVE-2020-15457
+	RESERVED
+CVE-2020-15456
+	RESERVED
+CVE-2020-15455
+	RESERVED
+CVE-2020-15454
+	RESERVED
+CVE-2020-15453
+	RESERVED
+CVE-2020-15452
+	RESERVED
+CVE-2020-15451
+	RESERVED
+CVE-2020-15450
+	RESERVED
+CVE-2020-15449
+	RESERVED
+CVE-2020-15448
+	RESERVED
+CVE-2020-15447
+	RESERVED
+CVE-2020-15446
+	RESERVED
+CVE-2020-15445
+	RESERVED
+CVE-2020-15444
+	RESERVED
+CVE-2020-15443
+	RESERVED
+CVE-2020-15442
+	RESERVED
+CVE-2020-15441
+	RESERVED
+CVE-2020-15440
+	RESERVED
+CVE-2020-15439
+	RESERVED
+CVE-2020-15438
+	RESERVED
+CVE-2020-15437
+	RESERVED
+CVE-2020-15436
+	RESERVED
+CVE-2020-15435
+	RESERVED
+CVE-2020-15434
+	RESERVED
+CVE-2020-15433
+	RESERVED
+CVE-2020-15432
+	RESERVED
+CVE-2020-15431
+	RESERVED
+CVE-2020-15430
+	RESERVED
+CVE-2020-15429
+	RESERVED
+CVE-2020-15428
+	RESERVED
+CVE-2020-15427
+	RESERVED
+CVE-2020-15426
+	RESERVED
+CVE-2020-15425
+	RESERVED
+CVE-2020-15424
+	RESERVED
+CVE-2020-15423
+	RESERVED
+CVE-2020-15422
+	RESERVED
+CVE-2020-15421
+	RESERVED
+CVE-2020-15420
+	RESERVED
+CVE-2020-15419
+	RESERVED
+CVE-2020-15418
+	RESERVED
+CVE-2020-15417
+	RESERVED
+CVE-2020-15416
+	RESERVED
 CVE-2020-15415 (On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, c ...)
 	NOT-FOR-US: DrayTek
 CVE-2020-15414
@@ -988,8 +1094,8 @@ CVE-2020-14949
 	RESERVED
 CVE-2020-14948
 	RESERVED
-CVE-2020-14947
-	RESERVED
+CVE-2020-14947 (OCS Inventory NG 2.7 allows Remote Command Execution via shell metacha ...)
+	TODO: check
 CVE-2020-14946 (downloadFile.ashx in the Administrator section of the Surveillance mod ...)
 	NOT-FOR-US: Surveillance module in Global RADAR BSA Radar
 CVE-2020-14945 (A privilege escalation vulnerability exists within Global RADAR BSA Ra ...)
@@ -2314,7 +2420,7 @@ CVE-2016-11062 (An issue was discovered in Mattermost Server before 3.5.1. E-mai
 CVE-2015-9548 (An issue was discovered in Mattermost Server before 1.2.0. It allows a ...)
 	NOT-FOR-US: Mattermost
 CVE-2020-14954 (Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffe ...)
-	{DSA-4708-1 DSA-4707-1}
+	{DSA-4708-1 DSA-4707-1 DLA-2268-2 DLA-2268-1}
 	- mutt 1.14.4-1
 	- neomutt 20200619+dfsg.1-1
 	NOTE: https://gitlab.com/muttmua/mutt/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4
@@ -2945,18 +3051,18 @@ CVE-2020-14171
 	RESERVED
 CVE-2020-14170
 	RESERVED
-CVE-2020-14169
-	RESERVED
-CVE-2020-14168
-	RESERVED
-CVE-2020-14167
-	RESERVED
-CVE-2020-14166
-	RESERVED
-CVE-2020-14165
-	RESERVED
-CVE-2020-14164
-	RESERVED
+CVE-2020-14169 (The quick search component in Atlassian Jira Server and Data Center be ...)
+	TODO: check
+CVE-2020-14168 (The email client in Jira Server and Data Center before version 7.13.16 ...)
+	TODO: check
+CVE-2020-14167 (The MessageBundleResource resource in Jira Server and Data Center befo ...)
+	TODO: check
+CVE-2020-14166 (The /servicedesk/customer/portals resource in Jira Service Desk Server ...)
+	TODO: check
+CVE-2020-14165 (The UniversalAvatarResource.getAvatars resource in Jira Server and Dat ...)
+	TODO: check
+CVE-2020-14164 (The WYSIWYG editor resource in Jira Server and Data Center before vers ...)
+	TODO: check
 CVE-2020-14163 (An issue was discovered in ecma/operations/ecma-container-object.c in  ...)
 	NOT-FOR-US: JerryScript
 CVE-2020-14162
@@ -3154,7 +3260,7 @@ CVE-2017-18869 (A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10
 	NOTE: https://github.com/isaacs/chownr/issues/14
 	NOTE: https://snyk.io/vuln/npm:chownr:20180731
 CVE-2020-14093 (Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attac ...)
-	{DSA-4708-1 DSA-4707-1}
+	{DSA-4708-1 DSA-4707-1 DLA-2268-2 DLA-2268-1}
 	- mutt 1.14.3-1 (bug #962897)
 	- neomutt 20200619+dfsg.1-1
 	NOTE: Fixed by: https://gitlab.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01
@@ -16167,10 +16273,10 @@ CVE-2020-9416
 	RESERVED
 CVE-2020-9415
 	RESERVED
-CVE-2020-9414
-	RESERVED
-CVE-2020-9413
-	RESERVED
+CVE-2020-9414 (The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed ...)
+	TODO: check
+CVE-2020-9413 (The MFT Browser file transfer client and MFT Browser admin client comp ...)
+	TODO: check
 CVE-2020-9412 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...)
 	NOT-FOR-US: TIBCO
 CVE-2020-9411 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...)
@@ -19800,8 +19906,8 @@ CVE-2019-20410 (Affected versions of Atlassian Jira Server and Data Center allow
 	NOT-FOR-US: Atlassian
 CVE-2019-20409 (The way in which velocity templates were used in Atlassian Jira Server ...)
 	NOT-FOR-US: Atlassian
-CVE-2019-20408
-	RESERVED
+CVE-2019-20408 (The /plugins/servlet/gadgets/makeRequest resource in Jira before versi ...)
+	TODO: check
 CVE-2019-20407 (The ConfigureBambooRelease resource in Jira Software and Jira Software ...)
 	NOT-FOR-US: Atlassian Jira
 CVE-2019-20406 (The usage of Tomcat in Confluence on the Microsoft Windows operating s ...)
@@ -24504,18 +24610,18 @@ CVE-2020-5975
 	RESERVED
 CVE-2020-5974
 	RESERVED
-CVE-2020-5973
-	RESERVED
-CVE-2020-5972
-	RESERVED
-CVE-2020-5971
-	RESERVED
-CVE-2020-5970
-	RESERVED
-CVE-2020-5969
-	RESERVED
-CVE-2020-5968
-	RESERVED
+CVE-2020-5973 (NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerabili ...)
+	TODO: check
+CVE-2020-5972 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+	TODO: check
+CVE-2020-5971 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+	TODO: check
+CVE-2020-5970 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+	TODO: check
+CVE-2020-5969 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+	TODO: check
+CVE-2020-5968 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+	TODO: check
 CVE-2020-5967 (NVIDIA Linux GPU Display Driver, all versions, contains a vulnerabilit ...)
 	- nvidia-graphics-drivers 440.100-1 (bug #963766)
 	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -29112,22 +29218,22 @@ CVE-2020-4030 (In FreeRDP before version 2.1.2, there is an out of bounds read i
 	- freerdp <removed>
 	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
-CVE-2020-4029
-	RESERVED
+CVE-2020-4029 (The /rest/project-templates/1.0/createshared resource in Atlassian Jir ...)
+	TODO: check
 CVE-2020-4028 (Versions before 8.9.1, Various resources in Jira responded with a 404  ...)
 	NOT-FOR-US: Atlassian
-CVE-2020-4027
-	RESERVED
+CVE-2020-4027 (Atlassian Confluence Server and Data Center before version 7.5.1 allow ...)
+	TODO: check
 CVE-2020-4026 (The CustomAppsRestResource list resource in Atlassian Navigator Links  ...)
 	NOT-FOR-US: Atlassian
-CVE-2020-4025
-	RESERVED
-CVE-2020-4024
-	RESERVED
+CVE-2020-4025 (The attachment download resource in Atlassian Jira Server and Data Cen ...)
+	TODO: check
+CVE-2020-4024 (The attachment download resource in Atlassian Jira Server and Data Cen ...)
+	TODO: check
 CVE-2020-4023 (The review coverage resource in Atlassian Fisheye and Crucible before  ...)
 	NOT-FOR-US: Atlassian Fisheye and Crucible
-CVE-2020-4022
-	RESERVED
+CVE-2020-4022 (The attachment download resource in Atlassian Jira Server and Data Cen ...)
+	TODO: check
 CVE-2020-4021 (Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of At ...)
 	NOT-FOR-US: Atlassian
 CVE-2020-4020 (The file downloading functionality in the Atlassian Companion App befo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3dd47ddf07d45be07771ed3beaf622667786c94

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3dd47ddf07d45be07771ed3beaf622667786c94
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200701/edb5979a/attachment.html>

More information about the debian-security-tracker-commits mailing list