[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Jun 17 09:10:24 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
946ecb8f by security tracker role at 2020-06-17T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2020-14215
+	RESERVED
+CVE-2020-14214 (Zammad before 3.3.1, when Domain Based Assignment is enabled, relies o ...)
+	TODO: check
+CVE-2020-14213 (In Zammad before 3.3.1, a Customer has ticket access that should only  ...)
+	TODO: check
+CVE-2020-14212 (FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in ...)
+	TODO: check
+CVE-2020-14211
+	RESERVED
+CVE-2020-14210 (MONITORAPP AIWAF-VE and AIWAF-4000 through 2020-06-16 allow reflected  ...)
+	TODO: check
+CVE-2020-14209
+	RESERVED
+CVE-2020-14208
+	RESERVED
 CVE-2020-14207
 	RESERVED
 CVE-2020-14206
@@ -1885,6 +1901,7 @@ CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datas
 CVE-2020-13429 (legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1. ...)
 	NOT-FOR-US: piechart-panel plugin for Grafana
 CVE-2020-13428 (A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in mod ...)
+	{DSA-4704-1}
 	- vlc 3.0.11-1
 	[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
 	NOTE: https://github.com/videolan/vlc-3.0/releases/tag/3.0.11
@@ -2488,8 +2505,8 @@ CVE-2020-13164 (In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.1
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2020-08.html
 CVE-2020-13163 (em-imap 0.5 uses the library eventmachine in an insecure way that allo ...)
 	NOT-FOR-US: em-imap
-CVE-2020-13162
-	RESERVED
+CVE-2020-13162 (A time-of-check time-of-use vulnerability in PulseSecureService.exe in ...)
+	TODO: check
 CVE-2020-13161
 	RESERVED
 CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerab ...)
@@ -13424,8 +13441,8 @@ CVE-2020-9291 (An Insecure Temporary File vulnerability in FortiClient for Windo
 	NOT-FOR-US: Fortiguard / FortiClient for Windows
 CVE-2020-9290 (An Unsafe Search Path vulnerability in FortiClient for Windows online  ...)
 	NOT-FOR-US: Fortiguard
-CVE-2020-9289
-	RESERVED
+CVE-2020-9289 (Use of a hard-coded cryptographic key to encrypt password data in CLI  ...)
+	TODO: check
 CVE-2020-9288
 	RESERVED
 CVE-2020-9287 (An Unsafe Search Path vulnerability in FortiClient EMS online installe ...)
@@ -17613,48 +17630,48 @@ CVE-2020-7515
 	RESERVED
 CVE-2020-7514
 	RESERVED
-CVE-2020-7513
-	RESERVED
-CVE-2020-7512
-	RESERVED
-CVE-2020-7511
-	RESERVED
-CVE-2020-7510
-	RESERVED
-CVE-2020-7509
-	RESERVED
-CVE-2020-7508
-	RESERVED
-CVE-2020-7507
-	RESERVED
-CVE-2020-7506
-	RESERVED
-CVE-2020-7505
-	RESERVED
-CVE-2020-7504
-	RESERVED
-CVE-2020-7503
-	RESERVED
-CVE-2020-7502
-	RESERVED
-CVE-2020-7501
-	RESERVED
-CVE-2020-7500
-	RESERVED
-CVE-2020-7499
-	RESERVED
-CVE-2020-7498
-	RESERVED
-CVE-2020-7497
-	RESERVED
-CVE-2020-7496
-	RESERVED
-CVE-2020-7495
-	RESERVED
-CVE-2020-7494
-	RESERVED
-CVE-2020-7493
-	RESERVED
+CVE-2020-7513 (A CWE-312: Cleartext Storage of Sensitive Information vulnerability ex ...)
+	TODO: check
+CVE-2020-7512 (A CWE-1103: Use of Platform-Dependent Third Party Components with vuln ...)
+	TODO: check
+CVE-2020-7511 (A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerabil ...)
+	TODO: check
+CVE-2020-7510 (A CWE-200: Information Exposure vulnerability exists in Easergy T300 ( ...)
+	TODO: check
+CVE-2020-7509 (A CWE-269: Improper privilege management (write) vulnerability exists  ...)
+	TODO: check
+CVE-2020-7508 (A CWE-307 Improper Restriction of Excessive Authentication Attempts vu ...)
+	TODO: check
+CVE-2020-7507 (A CWE-400: Uncontrolled Resource Consumption vulnerability exists in E ...)
+	TODO: check
+CVE-2020-7506 (A CWE-538: File and Directory Information Exposure vulnerability exist ...)
+	TODO: check
+CVE-2020-7505 (A CWE-494 Download of Code Without Integrity Check vulnerability exist ...)
+	TODO: check
+CVE-2020-7504 (A CWE-20: Improper Input Validation vulnerability exists in Easergy T3 ...)
+	TODO: check
+CVE-2020-7503 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in E ...)
+	TODO: check
+CVE-2020-7502 (A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Lo ...)
+	TODO: check
+CVE-2020-7501 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo ...)
+	TODO: check
+CVE-2020-7500 (A CWE-89:Improper Neutralization of Special Elements used in an SQL Co ...)
+	TODO: check
+CVE-2020-7499 (A CWE-284:Improper Access Control vulnerability exists in U.motion Ser ...)
+	TODO: check
+CVE-2020-7498 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in the U ...)
+	TODO: check
+CVE-2020-7497 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
+	TODO: check
+CVE-2020-7496 (A CWE-88: Argument Injection or Modification vulnerability exists in E ...)
+	TODO: check
+CVE-2020-7495 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
+	TODO: check
+CVE-2020-7494 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
+	TODO: check
+CVE-2020-7493 (A CWE-89: Improper Neutralization of Special Elements used in an SQL C ...)
+	TODO: check
 CVE-2020-7492 (A CWE-521: Weak Password Requirements vulnerability exists in the GP-P ...)
 	TODO: check
 CVE-2020-7491
@@ -25915,12 +25932,12 @@ CVE-2020-4056
 	RESERVED
 CVE-2020-4055
 	RESERVED
-CVE-2020-4054
-	RESERVED
-CVE-2020-4053
-	RESERVED
-CVE-2020-4052
-	RESERVED
+CVE-2020-4054 (In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less ...)
+	TODO: check
+CVE-2020-4053 (In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path tra ...)
+	TODO: check
+CVE-2020-4052 (In Wiki.js before 2.4.107, there is a stored cross-site scripting thro ...)
+	TODO: check
 CVE-2020-4051 (In Dijit before versions 1.11.11, and greater than or equal to 1.12.0  ...)
 	TODO: check
 CVE-2020-4045 (SSB-DB version 20.0.0 has an information disclosure vulnerability. The ...)
@@ -40977,8 +40994,8 @@ CVE-2019-17657 (An Uncontrolled Resource Consumption vulnerability in Fortinet F
 	NOT-FOR-US: Fortiguard
 CVE-2019-17656
 	RESERVED
-CVE-2019-17655
-	RESERVED
+CVE-2019-17655 (A cleartext storage in a file or on disk (CWE-313) vulnerability in Fo ...)
+	TODO: check
 CVE-2019-17654 (An Insufficient Verification of Data Authenticity vulnerability in For ...)
 	NOT-FOR-US: Fortiguard
 CVE-2019-17653 (A Cross-Site Request Forgery (CSRF) vulnerability in the user interfac ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/946ecb8fc3c4997f63f41f136cbd53c3f0602bf6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/946ecb8fc3c4997f63f41f136cbd53c3f0602bf6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200617/62645fc1/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list