[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 29 09:10:27 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3cc5ad8c by security tracker role at 2020-07-29T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2020-16116
+ RESERVED
+CVE-2020-16115
+ RESERVED
+CVE-2020-16114
+ RESERVED
+CVE-2020-16113
+ RESERVED
+CVE-2020-16112
+ RESERVED
+CVE-2020-16111
+ RESERVED
+CVE-2020-16110
+ RESERVED
+CVE-2020-16109
+ RESERVED
+CVE-2020-16108
+ RESERVED
+CVE-2020-16107
+ RESERVED
+CVE-2020-16106
+ RESERVED
+CVE-2020-16105
+ RESERVED
+CVE-2020-16104
+ RESERVED
+CVE-2020-16103
+ RESERVED
+CVE-2020-16102
+ RESERVED
+CVE-2020-16101
+ RESERVED
+CVE-2020-16100
+ RESERVED
+CVE-2020-16099
+ RESERVED
+CVE-2020-16098
+ RESERVED
+CVE-2020-16097
+ RESERVED
+CVE-2020-16096
+ RESERVED
+CVE-2020-16095
+ RESERVED
CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious ...)
- claws-mail <unfixed>
NOTE: https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313
@@ -431,6 +475,7 @@ CVE-2020-15892 (An issue was discovered in apply.cgi on D-Link DAP-1520 devices
CVE-2020-15891
RESERVED
CVE-2020-15890 (LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc hand ...)
+ {DLA-2296-1}
- luajit <unfixed> (bug #966148)
NOTE: https://github.com/LuaJIT/LuaJIT/issues/601
CVE-2020-15889 (Lua through 5.4.0 has a getobjname heap-based buffer over-read because ...)
@@ -5184,8 +5229,8 @@ CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafil
NOTE: Fixed upstream in 1.0.13
CVE-2020-13998 (** UNSUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled ...)
NOT-FOR-US: Citrix
-CVE-2020-13997
- RESERVED
+CVE-2020-13997 (In Shopware before 6.2.3, the database password is leaked to an unauth ...)
+ TODO: check
CVE-2020-13996 (The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection at ...)
NOT-FOR-US: J2Store plugin for Joomla!
CVE-2020-13995
@@ -5240,10 +5285,10 @@ CVE-2020-13973 (OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who co
NOT-FOR-US: OWASP json-sanitizer
CVE-2020-13972
RESERVED
-CVE-2020-13971
- RESERVED
-CVE-2020-13970
- RESERVED
+CVE-2020-13971 (In Shopware before 6.2.3, authenticated users are allowed to use the M ...)
+ TODO: check
+CVE-2020-13970 (Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery ( ...)
+ TODO: check
CVE-2020-13969
RESERVED
CVE-2020-13968
@@ -12663,12 +12708,12 @@ CVE-2020-11478
RESERVED
CVE-2020-11477
RESERVED
-CVE-2020-11476
- RESERVED
+CVE-2020-11476 (Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangero ...)
+ TODO: check
CVE-2020-11475
RESERVED
-CVE-2020-11474
- RESERVED
+CVE-2020-11474 (NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic lin ...)
+ TODO: check
CVE-2020-11473
RESERVED
CVE-2020-11472
@@ -13921,14 +13966,14 @@ CVE-2020-10987 (The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15
NOT-FOR-US: Tenda
CVE-2020-10986 (A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC190 ...)
NOT-FOR-US: Tenda
-CVE-2020-10985
- RESERVED
-CVE-2020-10984
- RESERVED
-CVE-2020-10983
- RESERVED
-CVE-2020-10982
- RESERVED
+CVE-2020-10985 (Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php. ...)
+ TODO: check
+CVE-2020-10984 (Gambio GX before 4.0.1.0 allows admin/admin.php CSRF. ...)
+ TODO: check
+CVE-2020-10983 (Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php. ...)
+ TODO: check
+CVE-2020-10982 (Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php. ...)
+ TODO: check
CVE-2020-10981 (GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintaine ...)
[experimental] - gitlab 12.8.8-1
- gitlab <unfixed>
@@ -20977,6 +21022,7 @@ CVE-2020-8178 (Insufficient input validation in npm package `jison` <= 0.4.18
NOTE: ports/ is stripped/excluded in the src:node-jison source package.
CVE-2020-8177
RESERVED
+ {DLA-2295-1}
- curl <unfixed> (bug #965281)
NOTE: https://curl.haxx.se/docs/CVE-2020-8177.html
NOTE: https://github.com/curl/curl/commit/8236aba58542c5f89f1d41ca09d84579efb05e22 (7.71.0)
@@ -26256,8 +26302,8 @@ CVE-2020-6100 (An exploitable memory corruption vulnerability exists in AMD atid
NOT-FOR-US: AMD
CVE-2020-6099
RESERVED
-CVE-2020-6098
- RESERVED
+CVE-2020-6098 (An exploitable denial of service vulnerability exists in the freeDiame ...)
+ TODO: check
CVE-2020-6097
RESERVED
CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...)
@@ -27308,12 +27354,12 @@ CVE-2020-5616
RESERVED
CVE-2020-5615
RESERVED
-CVE-2020-5614
- RESERVED
-CVE-2020-5613
- RESERVED
-CVE-2020-5612
- RESERVED
+CVE-2020-5614 (Directory traversal vulnerability in KonaWiki 3.1.0 and earlier allows ...)
+ TODO: check
+CVE-2020-5613 (Cross-site scripting vulnerability in KonaWiki 3.1.0 and earlier allow ...)
+ TODO: check
+CVE-2020-5612 (Cross-site scripting vulnerability in KonaWiki 2.2.0 and earlier allow ...)
+ TODO: check
CVE-2020-5611 (Cross-site request forgery (CSRF) vulnerability in Social Sharing Plug ...)
TODO: check
CVE-2020-5610
@@ -108720,12 +108766,14 @@ CVE-2018-15753 (An issue was discovered in the MensaMax (aka com.breustedt.mensa
CVE-2018-15752 (An issue was discovered in the MensaMax (aka com.breustedt.mensamax) a ...)
NOT-FOR-US: MensaMax application for Android
CVE-2018-15751 (SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remo ...)
+ {DLA-2294-1}
- salt 2018.3.3+dfsg1-1 (bug #913475)
[jessie] - salt <not-affected> (REST netapi code was first introduced with v2014.7)
NOTE: Fixed in 2016.11.10, 2017.7.8, 2018.3.3
NOTE: https://docs.saltstack.com/en/latest/topics/releases/2016.11.10.html#security-fix
NOTE: minimal patch: https://github.com/saltstack/salt/compare/v2016.11.9..v2016.11.10
CVE-2018-15750 (Directory Traversal vulnerability in salt-api in SaltStack Salt before ...)
+ {DLA-2294-1}
- salt 2018.3.3+dfsg1-1 (bug #913476)
[jessie] - salt <not-affected> (REST netapi code was first introduced with v2014.7)
NOTE: Fixed in 2016.11.10, 2017.7.8, 2018.3.3
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cc5ad8c15a108c676e080a5572d01061a155c25
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cc5ad8c15a108c676e080a5572d01061a155c25
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200729/c63c4f7c/attachment.html>
More information about the debian-security-tracker-commits
mailing list