[Git][security-tracker-team/security-tracker][master] new freedroidrpg issues
Moritz Muehlenhoff
jmm at debian.org
Wed Jun 24 17:12:59 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9a53a188 by Moritz Muehlenhoff at 2020-06-24T18:12:19+02:00
new freedroidrpg issues
new gitlab issues
i2p n/a
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -83,7 +83,7 @@ CVE-2020-14962 (Multiple XSS vulnerabilities in the Final Tiles Gallery plugin b
CVE-2020-14961 (Concrete5 before 8.5.3 does not constrain the sort direction to a vali ...)
NOT-FOR-US: Concrete5
CVE-2020-14960 (A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoi ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2020-14959 (Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3. ...)
NOT-FOR-US: Easy Testimonials plugin for WordPress
CVE-2020-14958 (In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not ...)
@@ -128,9 +128,17 @@ CVE-2020-14940 (An issue was discovered in io/gpx/GPXDocumentReader.java in TuxG
NOTE: https://logicaltrust.net/blog/2020/06/tuxguitar.html
NOTE: https://sourceforge.net/p/tuxguitar/bugs/126/
CVE-2020-14939 (An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc ...)
- TODO: check
+ - freedroidrpg <unfixed> (low)
+ [buster] - freedroidrpg <no-dsa> (Minor issue)
+ [stretch] - freedroidrpg <no-dsa> (Minor issue)
+ NOTE: https://bugs.freedroid.org/b/issue953
+ NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html
CVE-2020-14938 (An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes le ...)
- TODO: check
+ - freedroidrpg <unfixed> (low)
+ [buster] - freedroidrpg <no-dsa> (Minor issue)
+ [stretch] - freedroidrpg <no-dsa> (Minor issue)
+ NOTE: https://bugs.freedroid.org/b/issue952
+ NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html
CVE-2020-14937
RESERVED
CVE-2020-14936
@@ -1089,7 +1097,7 @@ CVE-2020-14464
CVE-2020-14463
RESERVED
CVE-2020-14462 (CALDERA 2.7.0 allows XSS via the Operation Name box. ...)
- TODO: check
+ NOT-FOR-US: CALDERA
CVE-2020-14461 (Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversa ...)
NOT-FOR-US: Zyxel
CVE-2020-14460 (An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5. ...)
@@ -2269,7 +2277,7 @@ CVE-2020-14075 (TRENDnet TEW-827DRU devices through 2.06B04 contain multiple com
CVE-2020-14074 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...)
NOT-FOR-US: TRENDnet
CVE-2020-14073 (XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map proper ...)
- TODO: check
+ NOT-FOR-US: PRTG Network Monitor
CVE-2020-14072
RESERVED
CVE-2020-14071
@@ -2558,7 +2566,7 @@ CVE-2020-13962 (Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble
NOTE: https://github.com/mumble-voip/mumble/issues/3679
NOTE: https://github.com/mumble-voip/mumble/pull/4032
CVE-2020-13961 (Strapi before 3.0.2 could allow a remote authenticated attacker to byp ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2020-13960 (D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have t ...)
NOT-FOR-US: D-Link
CVE-2020-13959
@@ -3876,7 +3884,7 @@ CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer
CVE-2020-13432 (rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual file ...)
NOT-FOR-US: Rejetto HTTP File Server
CVE-2020-13431 (I2P before 0.9.46 allows local users to gain privileges via a Trojan h ...)
- TODO: check
+ - i2p <not-affected> (Windows-specific)
CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. ...)
- grafana <removed>
NOTE: https://github.com/grafana/grafana/pull/24539
@@ -4224,21 +4232,21 @@ CVE-2020-13281
CVE-2020-13280
RESERVED
CVE-2020-13279 (Client side code execution in gitlab-vscode-extension v2.2.0 allows at ...)
- TODO: check
+ NOT-FOR-US: gitlab-vscode-extension
CVE-2020-13278
RESERVED
CVE-2020-13277 (An authorization issue in the mirroring logic allowed read access to p ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2020-13276 (User is allowed to set an email as a notification email even without v ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2020-13275 (A user with an unverified email address could request an access to dom ...)
- TODO: check
+ - gitlab <not-affected> (Specific to EE)
CVE-2020-13274 (A security issue allowed achieving Denial of Service attacks through m ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2020-13273 (A Denial of Service vulnerability allowed exhausting the system resour ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2020-13272 (OAuth flow missing verification checks CE/EE 12.3 and later through 13 ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2020-13271 (A Stored Cross-Site Scripting vulnerability allowed the execution of a ...)
- gitlab <unfixed>
CVE-2020-13270 (Missing permission check on fork relation creation in GitLab CE/EE 11. ...)
@@ -4252,15 +4260,15 @@ CVE-2020-13267 (A Stored Cross-Site Scripting vulnerability allowed the executio
CVE-2020-13266 (Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and ...)
- gitlab <unfixed>
CVE-2020-13265 (User email verification bypass in GitLab CE/EE 12.5 and later through ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2020-13264 (Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later thr ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2020-13263 (An authorization issue relating to project maintainer impersonation wa ...)
- TODO: check
+ - gitlab <not-affected> (Specific to EE)
CVE-2020-13262 (Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2020-13261 (Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later throu ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2020-13260
RESERVED
CVE-2020-13259
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a53a1882bee57230f103ae9588ab18affe7e88e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a53a1882bee57230f103ae9588ab18affe7e88e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200624/7a0447ed/attachment.html>
More information about the debian-security-tracker-commits
mailing list