[Git][security-tracker-team/security-tracker][master] automatic update

Wed Jul 8 09:10:24 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
beacee24 by security tracker role at 2020-07-08T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,123 @@
+CVE-2020-15645
+	RESERVED
+CVE-2020-15644
+	RESERVED
+CVE-2020-15643
+	RESERVED
+CVE-2020-15642
+	RESERVED
+CVE-2020-15641
+	RESERVED
+CVE-2020-15640
+	RESERVED
+CVE-2020-15639
+	RESERVED
+CVE-2020-15638
+	RESERVED
+CVE-2020-15637
+	RESERVED
+CVE-2020-15636
+	RESERVED
+CVE-2020-15635
+	RESERVED
+CVE-2020-15634
+	RESERVED
+CVE-2020-15633
+	RESERVED
+CVE-2020-15632
+	RESERVED
+CVE-2020-15631
+	RESERVED
+CVE-2020-15630
+	RESERVED
+CVE-2020-15629
+	RESERVED
+CVE-2020-15628
+	RESERVED
+CVE-2020-15627
+	RESERVED
+CVE-2020-15626
+	RESERVED
+CVE-2020-15625
+	RESERVED
+CVE-2020-15624
+	RESERVED
+CVE-2020-15623
+	RESERVED
+CVE-2020-15622
+	RESERVED
+CVE-2020-15621
+	RESERVED
+CVE-2020-15620
+	RESERVED
+CVE-2020-15619
+	RESERVED
+CVE-2020-15618
+	RESERVED
+CVE-2020-15617
+	RESERVED
+CVE-2020-15616
+	RESERVED
+CVE-2020-15615
+	RESERVED
+CVE-2020-15614
+	RESERVED
+CVE-2020-15613
+	RESERVED
+CVE-2020-15612
+	RESERVED
+CVE-2020-15611
+	RESERVED
+CVE-2020-15610
+	RESERVED
+CVE-2020-15609
+	RESERVED
+CVE-2020-15608
+	RESERVED
+CVE-2020-15607
+	RESERVED
+CVE-2020-15606
+	RESERVED
+CVE-2020-15605
+	RESERVED
+CVE-2020-15604
+	RESERVED
+CVE-2020-15603
+	RESERVED
+CVE-2020-15602
+	RESERVED
+CVE-2020-15601
+	RESERVED
+CVE-2020-15600 (An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to ...)
+	TODO: check
+CVE-2020-15599 (Victor CMS through 2019-02-28 allows XSS via the register.php user_fir ...)
+	TODO: check
+CVE-2020-15598
+	RESERVED
+CVE-2020-15597
+	RESERVED
+CVE-2020-15596
+	RESERVED
+CVE-2019-20906
+	RESERVED
+CVE-2019-20905
+	RESERVED
+CVE-2019-20904
+	RESERVED
+CVE-2019-20903
+	RESERVED
+CVE-2019-20902
+	RESERVED
+CVE-2019-20901
+	RESERVED
+CVE-2019-20900
+	RESERVED
+CVE-2019-20899
+	RESERVED
+CVE-2019-20898
+	RESERVED
+CVE-2019-20897
+	RESERVED
 CVE-2020-XXXX [veyon-configurator tmp handling]
 	- veyon <unfixed>
 	[buster] - veyon <no-dsa> (Minor issue)
@@ -124,6 +244,7 @@ CVE-2020-15542 (SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD
 CVE-2020-15541 (SolarWinds Serv-U FTP server before 15.2.1 allows remote command execu ...)
 	NOT-FOR-US: SolarWinds Serv-U FTP server
 CVE-2020-15562 (An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x befo ...)
+	{DSA-4720-1}
 	- roundcube 1.4.7+dfsg.1-1 (bug #964355)
 	[stretch] - roundcube <no-dsa> (Minor issue; will be fixed via point release)
 	NOTE: 1.4.x https://github.com/roundcube/roundcubemail/commit/3e8832d029b035e3fcfb4c75839567a9580b4f82
@@ -1276,8 +1397,8 @@ CVE-2020-15010
 	RESERVED
 CVE-2020-15009
 	RESERVED
-CVE-2020-15008
-	RESERVED
+CVE-2020-15008 (A SQLi exists in the probe code of all Connectwise Automate versions b ...)
+	TODO: check
 CVE-2020-15007 (A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tec ...)
 	- rbdoom3bfg <unfixed> (unimportant)
 	NOTE: https://github.com/AXDOOMER/doom-vanille/commit/8a6d9a02fa991a91ff90ccdc73b5ceabaa6cb9ec
@@ -6685,8 +6806,8 @@ CVE-2020-12823 (OpenConnect 8.09 has a buffer overflow, causing a denial of serv
 	NOTE: Only triggerable by local certs, which are under the control of the user
 CVE-2020-12822
 	RESERVED
-CVE-2020-12821
-	RESERVED
+CVE-2020-12821 (Gossipsub 1.0 does not properly resist invalid message spam, such as a ...)
+	TODO: check
 CVE-2020-12820
 	RESERVED
 CVE-2020-12819
@@ -6931,8 +7052,8 @@ CVE-2020-12738
 	RESERVED
 CVE-2020-12737 (An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authen ...)
 	NOT-FOR-US: Maxum Rumpus
-CVE-2020-12736
-	RESERVED
+CVE-2020-12736 (Code42 environments with on-premises server versions 7.0.4 and earlier ...)
+	TODO: check
 CVE-2020-12735 (reset.php in DomainMOD 4.13.0 uses insufficient entropy for password r ...)
 	NOT-FOR-US: DomainMOD
 CVE-2020-12734
@@ -17845,8 +17966,8 @@ CVE-2020-8918
 	RESERVED
 CVE-2020-8917
 	RESERVED
-CVE-2020-8916
-	RESERVED
+CVE-2020-8916 (A memory leak in Openthread's wpantund versions up to commit 0e5d1601f ...)
+	TODO: check
 CVE-2020-8915
 	RESERVED
 CVE-2020-8914
@@ -18794,12 +18915,12 @@ CVE-2020-8523
 	RESERVED
 CVE-2020-8522
 	RESERVED
-CVE-2020-8521
-	RESERVED
-CVE-2020-8520
-	RESERVED
-CVE-2020-8519
-	RESERVED
+CVE-2020-8521 (SQL injection with start and length parameters in Records.php for phpz ...)
+	TODO: check
+CVE-2020-8520 (SQL injection in order and column parameters in Records.php for phpzag ...)
+	TODO: check
+CVE-2020-8519 (SQL injection with the search parameter in Records.php for phpzag live ...)
+	TODO: check
 CVE-2020-8518 (Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary P ...)
 	{DLA-2174-1}
 	- php-horde-data <unfixed> (bug #951537)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/beacee245983daa883e5994add1e822a4f7f8715

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/beacee245983daa883e5994add1e822a4f7f8715
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200708/f82c2ef6/attachment.html>
