[Git][security-tracker-team/security-tracker][master] new bareos issues

Moritz Muehlenhoff jmm at debian.org
Wed Jul 15 18:50:47 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c429bee6 by Moritz Muehlenhoff at 2020-07-15T19:48:52+02:00
new bareos issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12792,7 +12792,8 @@ CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS oc
 	NOTE: https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and  ...)
-	TODO: check
+	- bareos <unfixed>
+	NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4
 CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by abusi ...)
 	- glpi <removed> (unimportant)
 	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-cvvq-3fww-5v6f
@@ -30303,7 +30304,8 @@ CVE-2020-4044 (The xrdp-sesman service before version 0.9.13.1 can be crashed by
 CVE-2020-4043 (phpMussel from versions 1.0.0 and less than 1.6.0 has an unserializati ...)
 	NOT-FOR-US: phpMussel
 CVE-2020-4042 (Bareos before version 19.2.8 and earlier allows a malicious client to  ...)
-	TODO: check
+	- bareos <unfixed>
+	NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752
 CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded files was v ...)
 	NOT-FOR-US: Bolt CMS
 CVE-2020-4040 (Bolt CMS before version 3.7.1 lacked CSRF protection in the preview ge ...)
@@ -30311,13 +30313,13 @@ CVE-2020-4040 (Bolt CMS before version 3.7.1 lacked CSRF protection in the previ
 CVE-2020-4039
 	RESERVED
 CVE-2020-4038 (GraphQL Playground (graphql-playground-html NPM package) before versio ...)
-	TODO: check
+	NOT-FOR-US: Node graphql-playground-html
 CVE-2020-4037 (In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users  ...)
-	TODO: check
+	NOT-FOR-US: OAuth2 Proxy
 CVE-2020-4036
 	RESERVED
 CVE-2020-4035 (In WatermelonDB (NPM package "@nozbe/watermelondb") before versions 0. ...)
-	TODO: check
+	NOT-FOR-US: WatermelonDB
 CVE-2020-4034
 	RESERVED
 CVE-2020-4033 (In FreeRDP before version 2.1.2, there is an out of bounds read in RLE ...)
@@ -31107,7 +31109,7 @@ CVE-2019-19937 (In JFrog Artifactory before 6.18, it is not possible to restrict
 CVE-2019-19936
 	RESERVED
 CVE-2019-19935 (Froala Editor before 3.0.6 allows XSS. ...)
-	TODO: check
+	NOT-FOR-US: Froala Editor
 CVE-2019-19934
 	RESERVED
 CVE-2019-19933
@@ -31202,7 +31204,7 @@ CVE-2020-3933 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance M
 CVE-2020-3932 (A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may ...)
 	NOT-FOR-US: Draytek VigorAP910C
 CVE-2020-3931 (Buffer overflow exists in Geovision Door Access Control device family, ...)
-	TODO: check
+	NOT-FOR-US: Geovision Door Access Control
 CVE-2020-3930 (GeoVision Door Access Control device family improperly stores and cont ...)
 	NOT-FOR-US: GeoVision Door Access Control
 CVE-2020-3929 (GeoVision Door Access Control device family employs shared cryptograph ...)
@@ -36654,7 +36656,7 @@ CVE-2020-1950 (A carefully crafted or corrupt PSD file can cause excessive memor
 CVE-2020-1949 (Scripts in Sling CMS before 0.16.0 do not property escape the Sling Se ...)
 	NOT-FOR-US: Apache Sling
 CVE-2020-1948 (This vulnerability can affect all Dubbo users stay on version 2.7.6 or ...)
-	TODO: check
+	NOT-FOR-US: Apache Dubbo
 CVE-2020-1947 (In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingS ...)
 	NOT-FOR-US: Apache ShardingSphere
 CVE-2020-1946
@@ -61544,9 +61546,9 @@ CVE-2019-12786 (An issue was discovered on D-Link DIR-818LW devices from 2.05.B0
 CVE-2019-12785
 	RESERVED
 CVE-2019-12784 (An issue was discovered in Verint Impact 360 15.1. At wfo/control/sign ...)
-	TODO: check
+	NOT-FOR-US: Verint Impact
 CVE-2019-12783 (An issue was discovered in Verint Impact 360 15.1. At wfo/control/sign ...)
-	TODO: check
+	NOT-FOR-US: Verint Impact
 CVE-2019-12782 (An authorization bypass vulnerability in pinboard updates in ThoughtSp ...)
 	NOT-FOR-US: ThoughtSpot
 CVE-2019-12781 (An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1. ...)
@@ -61584,7 +61586,7 @@ CVE-2019-12775 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pi
 CVE-2019-12774 (A number of stored XSS vulnerabilities have been identified in the web ...)
 	NOT-FOR-US: ENTTEC
 CVE-2019-12773 (An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_po ...)
-	TODO: check
+	NOT-FOR-US: Verint Impact
 CVE-2019-12772
 	RESERVED
 CVE-2019-12771 (Command injection is possible in ThinStation through 6.1.1 via shell m ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c429bee6da8b1dd8b7c4e46365ded6055369502f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c429bee6da8b1dd8b7c4e46365ded6055369502f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200715/dd1c21c8/attachment.html>

More information about the debian-security-tracker-commits mailing list