[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Jul 29 09:10:27 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3cc5ad8c by security tracker role at 2020-07-29T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2020-16116
+	RESERVED
+CVE-2020-16115
+	RESERVED
+CVE-2020-16114
+	RESERVED
+CVE-2020-16113
+	RESERVED
+CVE-2020-16112
+	RESERVED
+CVE-2020-16111
+	RESERVED
+CVE-2020-16110
+	RESERVED
+CVE-2020-16109
+	RESERVED
+CVE-2020-16108
+	RESERVED
+CVE-2020-16107
+	RESERVED
+CVE-2020-16106
+	RESERVED
+CVE-2020-16105
+	RESERVED
+CVE-2020-16104
+	RESERVED
+CVE-2020-16103
+	RESERVED
+CVE-2020-16102
+	RESERVED
+CVE-2020-16101
+	RESERVED
+CVE-2020-16100
+	RESERVED
+CVE-2020-16099
+	RESERVED
+CVE-2020-16098
+	RESERVED
+CVE-2020-16097
+	RESERVED
+CVE-2020-16096
+	RESERVED
+CVE-2020-16095
+	RESERVED
 CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious  ...)
 	- claws-mail <unfixed>
 	NOTE: https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313
@@ -431,6 +475,7 @@ CVE-2020-15892 (An issue was discovered in apply.cgi on D-Link DAP-1520 devices
 CVE-2020-15891
 	RESERVED
 CVE-2020-15890 (LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc hand ...)
+	{DLA-2296-1}
 	- luajit <unfixed> (bug #966148)
 	NOTE: https://github.com/LuaJIT/LuaJIT/issues/601
 CVE-2020-15889 (Lua through 5.4.0 has a getobjname heap-based buffer over-read because ...)
@@ -5184,8 +5229,8 @@ CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafil
 	NOTE: Fixed upstream in 1.0.13
 CVE-2020-13998 (** UNSUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled ...)
 	NOT-FOR-US: Citrix
-CVE-2020-13997
-	RESERVED
+CVE-2020-13997 (In Shopware before 6.2.3, the database password is leaked to an unauth ...)
+	TODO: check
 CVE-2020-13996 (The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection at ...)
 	NOT-FOR-US: J2Store plugin for Joomla!
 CVE-2020-13995
@@ -5240,10 +5285,10 @@ CVE-2020-13973 (OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who co
 	NOT-FOR-US: OWASP json-sanitizer
 CVE-2020-13972
 	RESERVED
-CVE-2020-13971
-	RESERVED
-CVE-2020-13970
-	RESERVED
+CVE-2020-13971 (In Shopware before 6.2.3, authenticated users are allowed to use the M ...)
+	TODO: check
+CVE-2020-13970 (Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery ( ...)
+	TODO: check
 CVE-2020-13969
 	RESERVED
 CVE-2020-13968
@@ -12663,12 +12708,12 @@ CVE-2020-11478
 	RESERVED
 CVE-2020-11477
 	RESERVED
-CVE-2020-11476
-	RESERVED
+CVE-2020-11476 (Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangero ...)
+	TODO: check
 CVE-2020-11475
 	RESERVED
-CVE-2020-11474
-	RESERVED
+CVE-2020-11474 (NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic lin ...)
+	TODO: check
 CVE-2020-11473
 	RESERVED
 CVE-2020-11472
@@ -13921,14 +13966,14 @@ CVE-2020-10987 (The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15
 	NOT-FOR-US: Tenda
 CVE-2020-10986 (A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC190 ...)
 	NOT-FOR-US: Tenda
-CVE-2020-10985
-	RESERVED
-CVE-2020-10984
-	RESERVED
-CVE-2020-10983
-	RESERVED
-CVE-2020-10982
-	RESERVED
+CVE-2020-10985 (Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php. ...)
+	TODO: check
+CVE-2020-10984 (Gambio GX before 4.0.1.0 allows admin/admin.php CSRF. ...)
+	TODO: check
+CVE-2020-10983 (Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php. ...)
+	TODO: check
+CVE-2020-10982 (Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php. ...)
+	TODO: check
 CVE-2020-10981 (GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintaine ...)
 	[experimental] - gitlab 12.8.8-1
 	- gitlab <unfixed>
@@ -20977,6 +21022,7 @@ CVE-2020-8178 (Insufficient input validation in npm package `jison` <= 0.4.18
 	NOTE: ports/ is stripped/excluded in the src:node-jison source package.
 CVE-2020-8177
 	RESERVED
+	{DLA-2295-1}
 	- curl <unfixed> (bug #965281)
 	NOTE: https://curl.haxx.se/docs/CVE-2020-8177.html
 	NOTE: https://github.com/curl/curl/commit/8236aba58542c5f89f1d41ca09d84579efb05e22 (7.71.0)
@@ -26256,8 +26302,8 @@ CVE-2020-6100 (An exploitable memory corruption vulnerability exists in AMD atid
 	NOT-FOR-US: AMD
 CVE-2020-6099
 	RESERVED
-CVE-2020-6098
-	RESERVED
+CVE-2020-6098 (An exploitable denial of service vulnerability exists in the freeDiame ...)
+	TODO: check
 CVE-2020-6097
 	RESERVED
 CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...)
@@ -27308,12 +27354,12 @@ CVE-2020-5616
 	RESERVED
 CVE-2020-5615
 	RESERVED
-CVE-2020-5614
-	RESERVED
-CVE-2020-5613
-	RESERVED
-CVE-2020-5612
-	RESERVED
+CVE-2020-5614 (Directory traversal vulnerability in KonaWiki 3.1.0 and earlier allows ...)
+	TODO: check
+CVE-2020-5613 (Cross-site scripting vulnerability in KonaWiki 3.1.0 and earlier allow ...)
+	TODO: check
+CVE-2020-5612 (Cross-site scripting vulnerability in KonaWiki 2.2.0 and earlier allow ...)
+	TODO: check
 CVE-2020-5611 (Cross-site request forgery (CSRF) vulnerability in Social Sharing Plug ...)
 	TODO: check
 CVE-2020-5610
@@ -108720,12 +108766,14 @@ CVE-2018-15753 (An issue was discovered in the MensaMax (aka com.breustedt.mensa
 CVE-2018-15752 (An issue was discovered in the MensaMax (aka com.breustedt.mensamax) a ...)
 	NOT-FOR-US: MensaMax application for Android
 CVE-2018-15751 (SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remo ...)
+	{DLA-2294-1}
 	- salt 2018.3.3+dfsg1-1 (bug #913475)
 	[jessie] - salt <not-affected> (REST netapi code was first introduced with v2014.7)
 	NOTE: Fixed in 2016.11.10, 2017.7.8, 2018.3.3
 	NOTE: https://docs.saltstack.com/en/latest/topics/releases/2016.11.10.html#security-fix
 	NOTE: minimal patch: https://github.com/saltstack/salt/compare/v2016.11.9..v2016.11.10
 CVE-2018-15750 (Directory Traversal vulnerability in salt-api in SaltStack Salt before ...)
+	{DLA-2294-1}
 	- salt 2018.3.3+dfsg1-1 (bug #913476)
 	[jessie] - salt <not-affected> (REST netapi code was first introduced with v2014.7)
 	NOTE: Fixed in 2016.11.10, 2017.7.8, 2018.3.3



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cc5ad8c15a108c676e080a5572d01061a155c25

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cc5ad8c15a108c676e080a5572d01061a155c25
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200729/c63c4f7c/attachment.html>


More information about the debian-security-tracker-commits mailing list