[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Mar 31 09:10:21 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f12f7024 by security tracker role at 2020-03-31T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2020-11113 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
+	TODO: check
+CVE-2020-11112 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
+	TODO: check
+CVE-2020-11111 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
+	TODO: check
+CVE-2020-11110
+	RESERVED
+CVE-2020-11109
+	RESERVED
+CVE-2020-11108
+	RESERVED
+CVE-2020-11107
+	RESERVED
+CVE-2020-11106 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...)
+	TODO: check
+CVE-2020-11105 (An issue was discovered in USC iLab cereal through 1.3.0. It employs c ...)
+	TODO: check
+CVE-2020-11104 (An issue was discovered in USC iLab cereal through 1.3.0. Serializatio ...)
+	TODO: check
+CVE-2020-11103
+	RESERVED
+CVE-2020-11102
+	RESERVED
+CVE-2020-11101
+	RESERVED
+CVE-2020-11100
+	RESERVED
+CVE-2019-20634 (An issue was discovered in Proofpoint Email Protection through 2019-09 ...)
+	TODO: check
+CVE-2016-11024 (odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: ...)
+	TODO: check
+CVE-2016-11023 (odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE ...)
+	TODO: check
 CVE-2020-11099
 	RESERVED
 CVE-2020-11098
@@ -1824,8 +1858,8 @@ CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attack
 	NOT-FOR-US: Technicolor
 CVE-2020-10375
 	RESERVED
-CVE-2020-10374
-	RESERVED
+CVE-2020-10374 (A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG ...)
+	TODO: check
 CVE-2020-10373
 	RESERVED
 CVE-2020-10372 (Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XS ...)
@@ -4794,8 +4828,8 @@ CVE-2020-9057
 	RESERVED
 CVE-2020-9056
 	RESERVED
-CVE-2020-9055
-	RESERVED
+CVE-2020-9055 (Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnera ...)
+	TODO: check
 CVE-2020-9054 (Multiple ZyXEL network-attached storage (NAS) devices running firmware ...)
 	NOT-FOR-US: ZyXEL
 CVE-2020-9053
@@ -8152,8 +8186,8 @@ CVE-2020-7613
 	RESERVED
 CVE-2020-7612
 	RESERVED
-CVE-2020-7611
-	RESERVED
+CVE-2020-7611 (All versions of io.micronaut:micronaut-http-client before 1.2.11 and a ...)
+	TODO: check
 CVE-2020-7610 (All versions of bson before 1.1.4 are vulnerable to Deserialization of ...)
 	TODO: check, might affect node-mongodb embedding bson
 CVE-2020-7609
@@ -13410,8 +13444,8 @@ CVE-2020-5291
 	RESERVED
 CVE-2020-5290
 	RESERVED
-CVE-2020-5289
-	RESERVED
+CVE-2020-5289 (In Elide before 4.5.14, it is possible for an adversary to "guess and  ...)
+	TODO: check
 CVE-2020-5288
 	RESERVED
 CVE-2020-5287
@@ -13420,8 +13454,8 @@ CVE-2020-5286
 	RESERVED
 CVE-2020-5285
 	RESERVED
-CVE-2020-5284
-	RESERVED
+CVE-2020-5284 (Next.js versions before 9.3.2 have a directory traversal vulnerability ...)
+	TODO: check
 CVE-2020-5283
 	RESERVED
 CVE-2020-5282 (In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in ...)
@@ -13438,13 +13472,13 @@ CVE-2020-5277 (PrestaShop module ps_facetedsearch versions before 3.5.0 has a re
 	NOT-FOR-US: PrestaShop
 CVE-2020-5276
 	RESERVED
-CVE-2020-5275 [All "access_control" rules are required when a firewall uses the unanimous strategy]
+CVE-2020-5275 (In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Fire ...)
 	- symfony <unfixed>
 	[buster] - symfony <not-affected> (Introduced in 4.4.0)
 	[stretch] - symfony <not-affected> (Introduced in 4.4.0)
 	NOTE: https://symfony.com/blog/cve-2020-5275-all-access-control-rules-are-required-when-a-firewall-uses-the-unanimous-strategy
 	NOTE: https://github.com/symfony/symfony/commit/c935e4a3fba6cc2ab463a6ca382858068d63cebf
-CVE-2020-5274 [Fix Exception message escaping rendered by ErrorHandler]
+CVE-2020-5274 (In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exc ...)
 	- symfony <unfixed>
 	[buster] - symfony <not-affected> (Introduced in 4.4.0)
 	[stretch] - symfony <not-affected> (Introduced in 4.4.0)
@@ -13500,7 +13534,7 @@ CVE-2020-5257 (In Administrate (rubygem) before version 0.13.0, when sorting by
 	NOT-FOR-US: Administrate ruby gem
 CVE-2020-5256 (BookStack before version 0.25.5 has a vulnerability where a user could ...)
 	NOT-FOR-US: BookStack
-CVE-2020-5255 [Prevent cache poisoning via a Response Content-Type header]
+CVE-2020-5255 (In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not ...)
 	- symfony <unfixed>
 	[buster] - symfony <not-affected> (Introduced in 4.4.0)
 	[stretch] - symfony <not-affected> (Introduced in 4.4.0)
@@ -17361,10 +17395,10 @@ CVE-2019-19915 (The "301 Redirects - Easy Redirect Manager" plugin before 2.45 f
 	NOT-FOR-US: "301 Redirects - Easy Redirect Manager" plugin for WordPress
 CVE-2019-19914
 	RESERVED
-CVE-2019-19913
-	RESERVED
-CVE-2019-19912
-	RESERVED
+CVE-2019-19913 (In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the ...)
+	TODO: check
+CVE-2019-19912 (In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS ...)
+	TODO: check
 CVE-2019-19911 (There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImage ...)
 	{DSA-4631-1 DLA-2057-1}
 	- pillow 7.0.0-1 (bug #948224)
@@ -21160,10 +21194,10 @@ CVE-2019-19608 (A SQL injection vulnerability in in the web conferencing compone
 	NOT-FOR-US: Mitel
 CVE-2019-19607 (A SQL injection vulnerability in the web conferencing component of Mit ...)
 	NOT-FOR-US: Mitel
-CVE-2019-19606
-	RESERVED
-CVE-2019-19605
-	RESERVED
+CVE-2019-19606 (X-Plane 11.41 and earlier has multiple improper path validations that  ...)
+	TODO: check
+CVE-2019-19605 (X-Plane 11.41 and earlier allows Arbitrary Memory Write via crafted ne ...)
+	TODO: check
 CVE-2019-19604 (Arbitrary command execution is possible in Git before 2.20.2, 2.21.x b ...)
 	- git 1:2.24.0-2
 	[buster] - git 1:2.20.1-2+deb10u1
@@ -57453,12 +57487,12 @@ CVE-2019-9511 (Some HTTP/2 implementations are vulnerable to window size manipul
 	NOTE: https://github.com/nghttp2/nghttp2/releases/tag/v1.39.2
 CVE-2019-9510 (A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 a ...)
 	NOT-FOR-US: Microsoft
-CVE-2019-9509
-	RESERVED
-CVE-2019-9508
-	RESERVED
-CVE-2019-9507
-	RESERVED
+CVE-2019-9509 (The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is v ...)
+	TODO: check
+CVE-2019-9508 (The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is v ...)
+	TODO: check
+CVE-2019-9507 (The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is v ...)
+	TODO: check
 CVE-2019-9506 (The Bluetooth BR/EDR specification up to and including version 5.1 per ...)
 	{DLA-1930-1 DLA-1919-1}
 	- linux 5.2.6-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f12f702421299dce5756911fb0028c8f47b5956e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f12f702421299dce5756911fb0028c8f47b5956e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200331/acae55d3/attachment.html>


More information about the debian-security-tracker-commits mailing list