[Git][security-tracker-team/security-tracker][master] automatic update

Mon Jul 13 21:10:36 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2941cd9f by security tracker role at 2020-07-13T20:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2020-15700
+	RESERVED
+CVE-2020-15699
+	RESERVED
+CVE-2020-15698
+	RESERVED
+CVE-2020-15697
+	RESERVED
+CVE-2020-15696
+	RESERVED
+CVE-2020-15695
+	RESERVED
+CVE-2020-15694
+	RESERVED
+CVE-2020-15693
+	RESERVED
+CVE-2020-15692
+	RESERVED
+CVE-2020-15691
+	RESERVED
+CVE-2020-15690
+	RESERVED
+CVE-2020-15689 (Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, ...)
+	TODO: check
+CVE-2020-15688
+	RESERVED
+CVE-2020-15687
+	RESERVED
+CVE-2019-20907 (In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craf ...)
+	TODO: check
 CVE-2020-15686
 	RESERVED
 CVE-2020-15685
@@ -3617,7 +3647,7 @@ CVE-2020-14174 (Affected versions of Atlassian Jira Server and Data Center allow
 	NOT-FOR-US: Atlassian
 CVE-2020-14173 (The file upload feature in Atlassian Jira Server and Data Center in af ...)
 	NOT-FOR-US: Atlassian
-CVE-2020-14172 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+CVE-2020-14172 (This issue exists to document that a security improvement in the way t ...)
 	NOT-FOR-US: Atlassian
 CVE-2020-14171 (Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 all ...)
 	NOT-FOR-US: Atlassian
@@ -10533,8 +10563,8 @@ CVE-2020-11751
 	RESERVED
 CVE-2020-11750
 	RESERVED
-CVE-2020-11749
-	RESERVED
+CVE-2020-11749 (Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities ...)
+	TODO: check
 CVE-2020-11748
 	RESERVED
 CVE-2020-11747
@@ -12798,14 +12828,14 @@ CVE-2020-10991 (Mulesoft APIkit through 1.3.0 allows XXE because of validation/R
 	NOT-FOR-US: Mulesoft APIkit
 CVE-2020-10990 (An XXE issue exists in Accenture Mercury before 1.12.28 because of the ...)
 	NOT-FOR-US: Accenture Mercury
-CVE-2020-10989
-	RESERVED
-CVE-2020-10988
-	RESERVED
-CVE-2020-10987
-	RESERVED
-CVE-2020-10986
-	RESERVED
+CVE-2020-10989 (An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 ...)
+	TODO: check
+CVE-2020-10988 (A hard-coded telnet credential in the tenda_login binary of Tenda AC15 ...)
+	TODO: check
+CVE-2020-10987 (The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05 ...)
+	TODO: check
+CVE-2020-10986 (A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC190 ...)
+	TODO: check
 CVE-2020-10985
 	RESERVED
 CVE-2020-10984
@@ -25784,8 +25814,8 @@ CVE-2020-5768
 	RESERVED
 CVE-2020-5767
 	RESERVED
-CVE-2020-5766
-	RESERVED
+CVE-2020-5766 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
 CVE-2020-5765
 	RESERVED
 CVE-2020-5764 (MX Player Android App versions prior to v1.24.5, are vulnerable to a d ...)
@@ -37462,8 +37492,7 @@ CVE-2019-19340 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 a
 	NOT-FOR-US: Ansible Tower
 CVE-2019-19339 (It was found that the Red Hat Enterprise Linux 8 kpatch update did not ...)
 	NOT-FOR-US: Red Hat specific kpatch update which was incomplete to address CVE-2018-12207
-CVE-2019-19338 [KVM: export MSR_IA32_TSX_CTRL to guest -  incomplete fix for TAA (CVE-2019-11135)]
-	RESERVED
+CVE-2019-19338 (A flaw was found in the fix for CVE-2019-11135, in the Linux upstream  ...)
 	- linux <not-affected> (Only affects specific distro kernels which do not include commit e1d38b63acd8)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/12/10/3
 	NOTE: https://www.openwall.com/lists/oss-security/2019/12/11/1
@@ -83944,8 +83973,8 @@ CVE-2019-4593 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 generates an error message that
 	NOT-FOR-US: IBM
 CVE-2019-4592 (IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow ...)
 	NOT-FOR-US: IBM
-CVE-2019-4591
-	RESERVED
+CVE-2019-4591 (IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate sessio ...)
+	TODO: check
 CVE-2019-4590
 	RESERVED
 CVE-2019-4589



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2941cd9f63dd6c45594627b5e076a9e786bf68a1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2941cd9f63dd6c45594627b5e076a9e786bf68a1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200713/1ca5195d/attachment.html>
