[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Mar 14 08:10:27 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
33aaec07 by security tracker role at 2020-03-14T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2020-10566 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-1 ...)
+	TODO: check
+CVE-2020-10565 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-1 ...)
+	TODO: check
+CVE-2020-10564 (An issue was discovered in the File Upload plugin before 4.13.0 for Wo ...)
+	TODO: check
+CVE-2020-10563 (An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.ph ...)
+	TODO: check
+CVE-2020-10562 (An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.p ...)
+	TODO: check
+CVE-2020-10561
+	RESERVED
+CVE-2020-10560
+	RESERVED
+CVE-2020-10559
+	RESERVED
 CVE-2020-10558
 	RESERVED
 CVE-2020-10557
@@ -11899,8 +11915,8 @@ CVE-2020-5258 (In affected versions of dojo (NPM package), the deepCopy method i
 	[buster] - dojo <no-dsa> (Minor issue)
 	NOTE: https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2
 	NOTE: https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d
-CVE-2020-5257
-	RESERVED
+CVE-2020-5257 (In Administrate (rubygem) before version 0.13.0, when sorting by attri ...)
+	TODO: check
 CVE-2020-5256 (BookStack before version 0.25.5 has a vulnerability where a user could ...)
 	NOT-FOR-US: BookStack
 CVE-2020-5255
@@ -11948,8 +11964,8 @@ CVE-2020-5242 (openHAB before 2.5.2 allow a remote attacker to use REST calls to
 	NOT-FOR-US: openHAB
 CVE-2020-5241 (matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script i ...)
 	NOT-FOR-US: matestack-ui-core Ruby gem
-CVE-2020-5240
-	RESERVED
+CVE-2020-5240 (In wagtail-2fa before 1.4.1, any user with access to the CMS can view  ...)
+	TODO: check
 CVE-2020-5239 (In Mailu before version 1.7, an authenticated user can exploit a vulne ...)
 	NOT-FOR-US: Mailu
 CVE-2020-5238
@@ -26241,12 +26257,12 @@ CVE-2019-18580 (Dell EMC Storage Monitoring and Reporting version 4.3.1 contains
 	NOT-FOR-US: EMC
 CVE-2019-18579 (Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1. ...)
 	NOT-FOR-US: Dell
-CVE-2019-18578
-	RESERVED
-CVE-2019-18577
-	RESERVED
-CVE-2019-18576
-	RESERVED
+CVE-2019-18578 (Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-si ...)
+	TODO: check
+CVE-2019-18577 (Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect perm ...)
+	TODO: check
+CVE-2019-18576 (Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information di ...)
+	TODO: check
 CVE-2019-18575 (Dell Command Configure versions prior to 4.2.1 contain an uncontrolled ...)
 	NOT-FOR-US: Dell Command Configure
 CVE-2019-18574 (RSA Authentication Manager software versions prior to 8.4 P8 contain a ...)
@@ -70175,10 +70191,10 @@ CVE-2019-3772 (Spring Integration (spring-integration-xml and spring-integration
 	NOT-FOR-US: Spring Integration
 CVE-2019-3771
 	RESERVED
-CVE-2019-3770
-	RESERVED
-CVE-2019-3769
-	RESERVED
+CVE-2019-3770 (Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cr ...)
+	TODO: check
+CVE-2019-3769 (Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cr ...)
+	TODO: check
 CVE-2019-3768 (RSA Authentication Manager versions prior to 8.4 P7 contain an XML Ent ...)
 	NOT-FOR-US: RSA Authentication Manager
 CVE-2019-3767 (Dell ImageAssist versions prior to 8.7.15 contain an information discl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33aaec07fcd61bafa0c1c6bf4e27b40c52b0a43e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33aaec07fcd61bafa0c1c6bf4e27b40c52b0a43e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200314/1568c511/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list