[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 31 09:10:21 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f12f7024 by security tracker role at 2020-03-31T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2020-11113 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
+ TODO: check
+CVE-2020-11112 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
+ TODO: check
+CVE-2020-11111 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
+ TODO: check
+CVE-2020-11110
+ RESERVED
+CVE-2020-11109
+ RESERVED
+CVE-2020-11108
+ RESERVED
+CVE-2020-11107
+ RESERVED
+CVE-2020-11106 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...)
+ TODO: check
+CVE-2020-11105 (An issue was discovered in USC iLab cereal through 1.3.0. It employs c ...)
+ TODO: check
+CVE-2020-11104 (An issue was discovered in USC iLab cereal through 1.3.0. Serializatio ...)
+ TODO: check
+CVE-2020-11103
+ RESERVED
+CVE-2020-11102
+ RESERVED
+CVE-2020-11101
+ RESERVED
+CVE-2020-11100
+ RESERVED
+CVE-2019-20634 (An issue was discovered in Proofpoint Email Protection through 2019-09 ...)
+ TODO: check
+CVE-2016-11024 (odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: ...)
+ TODO: check
+CVE-2016-11023 (odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE ...)
+ TODO: check
CVE-2020-11099
RESERVED
CVE-2020-11098
@@ -1824,8 +1858,8 @@ CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attack
NOT-FOR-US: Technicolor
CVE-2020-10375
RESERVED
-CVE-2020-10374
- RESERVED
+CVE-2020-10374 (A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG ...)
+ TODO: check
CVE-2020-10373
RESERVED
CVE-2020-10372 (Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XS ...)
@@ -4794,8 +4828,8 @@ CVE-2020-9057
RESERVED
CVE-2020-9056
RESERVED
-CVE-2020-9055
- RESERVED
+CVE-2020-9055 (Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnera ...)
+ TODO: check
CVE-2020-9054 (Multiple ZyXEL network-attached storage (NAS) devices running firmware ...)
NOT-FOR-US: ZyXEL
CVE-2020-9053
@@ -8152,8 +8186,8 @@ CVE-2020-7613
RESERVED
CVE-2020-7612
RESERVED
-CVE-2020-7611
- RESERVED
+CVE-2020-7611 (All versions of io.micronaut:micronaut-http-client before 1.2.11 and a ...)
+ TODO: check
CVE-2020-7610 (All versions of bson before 1.1.4 are vulnerable to Deserialization of ...)
TODO: check, might affect node-mongodb embedding bson
CVE-2020-7609
@@ -13410,8 +13444,8 @@ CVE-2020-5291
RESERVED
CVE-2020-5290
RESERVED
-CVE-2020-5289
- RESERVED
+CVE-2020-5289 (In Elide before 4.5.14, it is possible for an adversary to "guess and ...)
+ TODO: check
CVE-2020-5288
RESERVED
CVE-2020-5287
@@ -13420,8 +13454,8 @@ CVE-2020-5286
RESERVED
CVE-2020-5285
RESERVED
-CVE-2020-5284
- RESERVED
+CVE-2020-5284 (Next.js versions before 9.3.2 have a directory traversal vulnerability ...)
+ TODO: check
CVE-2020-5283
RESERVED
CVE-2020-5282 (In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in ...)
@@ -13438,13 +13472,13 @@ CVE-2020-5277 (PrestaShop module ps_facetedsearch versions before 3.5.0 has a re
NOT-FOR-US: PrestaShop
CVE-2020-5276
RESERVED
-CVE-2020-5275 [All "access_control" rules are required when a firewall uses the unanimous strategy]
+CVE-2020-5275 (In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Fire ...)
- symfony <unfixed>
[buster] - symfony <not-affected> (Introduced in 4.4.0)
[stretch] - symfony <not-affected> (Introduced in 4.4.0)
NOTE: https://symfony.com/blog/cve-2020-5275-all-access-control-rules-are-required-when-a-firewall-uses-the-unanimous-strategy
NOTE: https://github.com/symfony/symfony/commit/c935e4a3fba6cc2ab463a6ca382858068d63cebf
-CVE-2020-5274 [Fix Exception message escaping rendered by ErrorHandler]
+CVE-2020-5274 (In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exc ...)
- symfony <unfixed>
[buster] - symfony <not-affected> (Introduced in 4.4.0)
[stretch] - symfony <not-affected> (Introduced in 4.4.0)
@@ -13500,7 +13534,7 @@ CVE-2020-5257 (In Administrate (rubygem) before version 0.13.0, when sorting by
NOT-FOR-US: Administrate ruby gem
CVE-2020-5256 (BookStack before version 0.25.5 has a vulnerability where a user could ...)
NOT-FOR-US: BookStack
-CVE-2020-5255 [Prevent cache poisoning via a Response Content-Type header]
+CVE-2020-5255 (In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not ...)
- symfony <unfixed>
[buster] - symfony <not-affected> (Introduced in 4.4.0)
[stretch] - symfony <not-affected> (Introduced in 4.4.0)
@@ -17361,10 +17395,10 @@ CVE-2019-19915 (The "301 Redirects - Easy Redirect Manager" plugin before 2.45 f
NOT-FOR-US: "301 Redirects - Easy Redirect Manager" plugin for WordPress
CVE-2019-19914
RESERVED
-CVE-2019-19913
- RESERVED
-CVE-2019-19912
- RESERVED
+CVE-2019-19913 (In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the ...)
+ TODO: check
+CVE-2019-19912 (In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS ...)
+ TODO: check
CVE-2019-19911 (There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImage ...)
{DSA-4631-1 DLA-2057-1}
- pillow 7.0.0-1 (bug #948224)
@@ -21160,10 +21194,10 @@ CVE-2019-19608 (A SQL injection vulnerability in in the web conferencing compone
NOT-FOR-US: Mitel
CVE-2019-19607 (A SQL injection vulnerability in the web conferencing component of Mit ...)
NOT-FOR-US: Mitel
-CVE-2019-19606
- RESERVED
-CVE-2019-19605
- RESERVED
+CVE-2019-19606 (X-Plane 11.41 and earlier has multiple improper path validations that ...)
+ TODO: check
+CVE-2019-19605 (X-Plane 11.41 and earlier allows Arbitrary Memory Write via crafted ne ...)
+ TODO: check
CVE-2019-19604 (Arbitrary command execution is possible in Git before 2.20.2, 2.21.x b ...)
- git 1:2.24.0-2
[buster] - git 1:2.20.1-2+deb10u1
@@ -57453,12 +57487,12 @@ CVE-2019-9511 (Some HTTP/2 implementations are vulnerable to window size manipul
NOTE: https://github.com/nghttp2/nghttp2/releases/tag/v1.39.2
CVE-2019-9510 (A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 a ...)
NOT-FOR-US: Microsoft
-CVE-2019-9509
- RESERVED
-CVE-2019-9508
- RESERVED
-CVE-2019-9507
- RESERVED
+CVE-2019-9509 (The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is v ...)
+ TODO: check
+CVE-2019-9508 (The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is v ...)
+ TODO: check
+CVE-2019-9507 (The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is v ...)
+ TODO: check
CVE-2019-9506 (The Bluetooth BR/EDR specification up to and including version 5.1 per ...)
{DLA-1930-1 DLA-1919-1}
- linux 5.2.6-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f12f702421299dce5756911fb0028c8f47b5956e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f12f702421299dce5756911fb0028c8f47b5956e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200331/acae55d3/attachment.html>
More information about the debian-security-tracker-commits
mailing list