[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri May 1 21:10:35 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
77ce1c02 by security tracker role at 2020-05-01T20:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2020-12619
+	RESERVED
+CVE-2020-12618
+	RESERVED
 CVE-2020-12617
 	RESERVED
 CVE-2020-12616
@@ -284,8 +288,8 @@ CVE-2020-12476
 	RESERVED
 CVE-2020-12475
 	RESERVED
-CVE-2020-12474
-	RESERVED
+CVE-2020-12474 (Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, an ...)
+	TODO: check
 CVE-2020-12473 (MonoX through 5.1.40.5152 allows admins to execute arbitrary programs  ...)
 	NOT-FOR-US: MonoX
 CVE-2020-12472 (MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comm ...)
@@ -1104,8 +1108,8 @@ CVE-2020-12119
 	RESERVED
 CVE-2020-12118 (The keygen protocol implementation in Binance tss-lib before 1.2.0 all ...)
 	NOT-FOR-US: Binance tss-lib
-CVE-2020-12117
-	RESERVED
+CVE-2020-12117 (Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allo ...)
+	TODO: check
 CVE-2020-12116
 	RESERVED
 CVE-2020-12115
@@ -4772,7 +4776,7 @@ CVE-2020-11025 (In affected versions of WordPress, a cross-site scripting (XSS)
 	NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
 CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable  ...)
 	NOT-FOR-US: Moonlight iOS/tvOS
-CVE-2020-11023 (In jQuery before 3.5.0, passing HTML containing <option> element ...)
+CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ...)
 	- jquery <unfixed>
 	[jessie] - jquery <not-affected> (Vulnerable code note present)
 	NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
@@ -5879,8 +5883,7 @@ CVE-2020-10684 (A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x an
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1815519
 	NOTE: https://github.com/ansible/ansible/pull/68431
 	NOTE: https://github.com/ansible/ansible/commit/a9d2ceafe429171c0e2ad007058b88bae57c74ce
-CVE-2020-10683 [XML External Entity vulnerability in default SAX parser]
-	RESERVED
+CVE-2020-10683 (dom4j before 2.1.3 allows external DTDs and External Entities by defau ...)
 	{DLA-2191-1}
 	- dom4j <unfixed> (bug #958055)
 	NOTE: https://github.com/dom4j/dom4j/commit/1707bf3d898a8ada3b213acb0e3b38f16eaae73d (the fix?)
@@ -8582,6 +8585,7 @@ CVE-2020-9483
 CVE-2020-9482 (If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other ...)
 	NOT-FOR-US: Apache NiFi
 CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulne ...)
+	{DSA-4672-1}
 	- trafficserver 8.0.7+ds-1
 	NOTE: https://lists.apache.org/thread.html/rcb8bae0b289d71d18a3220be256c1dfcc4d9ab49d2d6e07d1eac7c9d%40%3Cannounce.trafficserver.apache.org%3E
 CVE-2020-9480
@@ -13542,8 +13546,8 @@ CVE-2020-7353
 	RESERVED
 CVE-2020-7352
 	RESERVED
-CVE-2020-7351
-	RESERVED
+CVE-2020-7351 (An OS Command Injection vulnerability in the endpoint_devicemap.php co ...)
+	TODO: check
 CVE-2020-7350 (Rapid7 Metasploit Framework versions before 5.0.85 suffers from an ins ...)
 	NOT-FOR-US: Rapid7 Metasploit Framework
 CVE-2020-7349
@@ -27721,6 +27725,7 @@ CVE-2020-1946
 CVE-2020-1945
 	RESERVED
 CVE-2020-1944 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...)
+	{DSA-4672-1}
 	- trafficserver 8.0.6+ds-1
 	NOTE: https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E
 CVE-2020-1943 (Data sent with contentId to /control/stream is not sanitized, allowing ...)
@@ -36681,6 +36686,7 @@ CVE-2019-17567
 CVE-2019-17566
 	RESERVED
 CVE-2019-17565 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...)
+	{DSA-4672-1}
 	- trafficserver 8.0.6+ds-1
 	NOTE: https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E
 CVE-2019-17564 (Unsafe deserialization occurs within a Dubbo application which has HTT ...)
@@ -36703,6 +36709,7 @@ CVE-2019-17560 (The "Apache NetBeans" autoupdate system does not validate SSL ce
 	- netbeans <unfixed> (unimportant)
 	NOTE: Debian packages updated via apt
 CVE-2019-17559 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...)
+	{DSA-4672-1}
 	- trafficserver 8.0.6+ds-1
 	NOTE: https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E
 CVE-2019-17558 (Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code ...)
@@ -40236,7 +40243,7 @@ CVE-2019-16289 (The insert-php (aka Woody ad snippets) plugin before 2.2.8 for W
 	NOT-FOR-US: Wordpress plugin
 CVE-2019-16288 (On Tenda N301 wireless routers, a long string in the wifiSSID paramete ...)
 	NOT-FOR-US: Tenda
-CVE-2019-16287 (An attacker may be able to leverage the application filter bypass vuln ...)
+CVE-2019-16287 (In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able t ...)
 	NOT-FOR-US: HP
 CVE-2019-16286 (An attacker may be able to bypass the OS application filter meant to r ...)
 	NOT-FOR-US: HP
@@ -75945,8 +75952,8 @@ CVE-2019-4211 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting
 	NOT-FOR-US: IBM
 CVE-2019-4210 (IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication expo ...)
 	NOT-FOR-US: IBM
-CVE-2019-4209
-	RESERVED
+CVE-2019-4209 (HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnera ...)
+	TODO: check
 CVE-2019-4208 (IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an X ...)
 	NOT-FOR-US: IBM
 CVE-2019-4207 (IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitiv ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77ce1c02fe49209b0bf2388a339b14fdf25f673f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77ce1c02fe49209b0bf2388a339b14fdf25f673f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200501/f00ca715/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list