[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Jul 24 09:10:21 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
50c3f052 by security tracker role at 2020-07-24T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2020-15932
+	RESERVED
+CVE-2020-15931
+	RESERVED
+CVE-2020-15930
+	RESERVED
+CVE-2020-15929
+	RESERVED
+CVE-2020-15928
+	RESERVED
+CVE-2020-15927
+	RESERVED
+CVE-2020-15926
+	RESERVED
+CVE-2020-15925
+	RESERVED
+CVE-2020-15924 (There is a SQL Injection in Mida eFramework through 2.9.0 that leads t ...)
+	TODO: check
+CVE-2020-15923 (Mida eFramework through 2.9.0 allows unauthenticated ../ directory tra ...)
+	TODO: check
+CVE-2020-15922 (There is an OS Command Injection in Mida eFramework 2.9.0 that allows  ...)
+	TODO: check
+CVE-2020-15921 (Mida eFramework through 2.9.0 has a back door that permits a change of ...)
+	TODO: check
+CVE-2020-15920 (There is an OS Command Injection in Mida eFramework through 2.9.0 that ...)
+	TODO: check
+CVE-2020-15919 (A Reflected Cross Site Scripting (XSS) vulnerability was discovered in ...)
+	TODO: check
+CVE-2020-15918 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discov ...)
+	TODO: check
 CVE-2020-15917 (common/session.c in Claws Mail before 3.17.6 has a protocol violation  ...)
 	- claws-mail 3.17.6-1
 	NOTE: https://git.claws-mail.org/?p=claws.git;a=commit;h=fcc25329049b6f9bd8d890f1197ed61eb12e14d5
@@ -641,12 +671,12 @@ CVE-2020-15635
 	RESERVED
 CVE-2020-15634
 	RESERVED
-CVE-2020-15633
-	RESERVED
-CVE-2020-15632
-	RESERVED
-CVE-2020-15631
-	RESERVED
+CVE-2020-15633 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+	TODO: check
+CVE-2020-15632 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+	TODO: check
+CVE-2020-15631 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
 CVE-2020-15630
 	RESERVED
 CVE-2020-15629
@@ -989,8 +1019,8 @@ CVE-2020-15494
 	RESERVED
 CVE-2020-15493
 	RESERVED
-CVE-2020-15492
-	RESERVED
+CVE-2020-15492 (An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784  ...)
+	TODO: check
 CVE-2020-15491
 	RESERVED
 CVE-2020-15490 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...)
@@ -1019,8 +1049,8 @@ CVE-2020-15479
 	RESERVED
 CVE-2020-15478 (The Journal theme before 3.1.0 for OpenCart allows exposure of sensiti ...)
 	NOT-FOR-US: Journal theme for OpenCart
-CVE-2020-15477
-	RESERVED
+CVE-2020-15477 (The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable t ...)
+	TODO: check
 CVE-2020-15476 (In nDPI through 3.2, the Oracle protocol dissector has a heap-based bu ...)
 	- ndpi <unfixed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780
@@ -1230,8 +1260,8 @@ CVE-2020-15393 (In the Linux kernel through 5.7.6, usbtest_disconnect in drivers
 	NOTE: https://git.kernel.org/linus/28ebeb8db77035e058a510ce9bd17c2b9a009dba
 CVE-2020-15392 (A user enumeration vulnerability flaw was found in Venki Supravizio BP ...)
 	NOT-FOR-US: Venki
-CVE-2020-15391
-	RESERVED
+CVE-2020-15391 (The UI in DevSpace 4.13.0 allows web sites to execute actions on pods  ...)
+	TODO: check
 CVE-2020-15390
 	RESERVED
 CVE-2020-15389 (jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free th ...)
@@ -4214,8 +4244,8 @@ CVE-2020-14177
 	RESERVED
 CVE-2020-14176
 	RESERVED
-CVE-2020-14175
-	RESERVED
+CVE-2020-14175 (Affected versions of Atlassian Confluence Server and Data Center allow ...)
+	TODO: check
 CVE-2020-14174 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
 	NOT-FOR-US: Atlassian
 CVE-2020-14173 (The file upload feature in Atlassian Jira Server and Data Center in af ...)
@@ -11540,12 +11570,12 @@ CVE-2020-11627 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before
 	NOT-FOR-US: EJBCA / PrimeKey
 CVE-2020-11626 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...)
 	NOT-FOR-US: EJBCA / PrimeKey
-CVE-2020-11625
-	RESERVED
-CVE-2020-11624
-	RESERVED
-CVE-2020-11623
-	RESERVED
+CVE-2020-11625 (An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Ou ...)
+	TODO: check
+CVE-2020-11624 (An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Ou ...)
+	TODO: check
+CVE-2020-11623 (An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Ou ...)
+	TODO: check
 CVE-2020-11622 (A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M a ...)
 	NOT-FOR-US: Cloud EOS
 CVE-2020-11621
@@ -22168,20 +22198,20 @@ CVE-2020-7522
 	RESERVED
 CVE-2020-7521
 	RESERVED
-CVE-2020-7520
-	RESERVED
-CVE-2020-7519
-	RESERVED
-CVE-2020-7518
-	RESERVED
-CVE-2020-7517
-	RESERVED
-CVE-2020-7516
-	RESERVED
-CVE-2020-7515
-	RESERVED
-CVE-2020-7514
-	RESERVED
+CVE-2020-7520 (A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnera ...)
+	TODO: check
+CVE-2020-7519 (A CWE-521: Weak Password Requirements vulnerability exists in Easergy  ...)
+	TODO: check
+CVE-2020-7518 (A CWE-20: Improper input validation vulnerability exists in Easergy Bu ...)
+	TODO: check
+CVE-2020-7517 (A CWE-312: Cleartext Storage of Sensitive Information vulnerability ex ...)
+	TODO: check
+CVE-2020-7516 (A CWE-316: Cleartext Storage of Sensitive Information in Memory vulner ...)
+	TODO: check
+CVE-2020-7515 (A CWE-321: Use of hard-coded cryptographic key stored in cleartext vul ...)
+	TODO: check
+CVE-2020-7514 (A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerabil ...)
+	TODO: check
 CVE-2020-7513 (A CWE-312: Cleartext Storage of Sensitive Information vulnerability ex ...)
 	NOT-FOR-US: Schneider
 CVE-2020-7512 (A CWE-1103: Use of Platform-Dependent Third Party Components with vuln ...)
@@ -22226,8 +22256,8 @@ CVE-2020-7493 (A CWE-89: Improper Neutralization of Special Elements used in an
 	NOT-FOR-US: Schneider
 CVE-2020-7492 (A CWE-521: Weak Password Requirements vulnerability exists in the GP-P ...)
 	NOT-FOR-US: Schneider
-CVE-2020-7491
-	RESERVED
+CVE-2020-7491 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in ...)
+	TODO: check
 CVE-2020-7490 (A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designe ...)
 	NOT-FOR-US: Schneider
 CVE-2020-7489 (A CWE-74: Improper Neutralization of Special Elements in Output Used b ...)
@@ -39588,8 +39618,8 @@ CVE-2019-18835 (Matrix Synapse before 1.5.0 mishandles signature checking on som
 	- matrix-synapse 1.5.0-1 (bug #944355)
 	NOTE: https://github.com/matrix-org/synapse/pull/6262
 	NOTE: https://github.com/matrix-org/synapse/releases/tag/v1.5.0
-CVE-2019-18834
-	RESERVED
+CVE-2019-18834 (Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 fo ...)
+	TODO: check
 CVE-2019-18833 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Informa ...)
 	NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
 CVE-2019-18832 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrec ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50c3f052a0ac73b1246d255b7a7d87b1d3fe9ad9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50c3f052a0ac73b1246d255b7a7d87b1d3fe9ad9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200724/47e81654/attachment.html>

More information about the debian-security-tracker-commits mailing list