[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1b0144e3 by security tracker role at 2020-05-19T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2020-13162
+	RESERVED
+CVE-2020-13161
+	RESERVED
+CVE-2020-13160
+	RESERVED
+CVE-2020-13159
+	RESERVED
+CVE-2020-13158
+	RESERVED
+CVE-2020-13157
+	RESERVED
+CVE-2020-13156
+	RESERVED
+CVE-2020-13155
+	RESERVED
+CVE-2020-13154 (Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-priv ...)
+	TODO: check
+CVE-2020-13153 (app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS ...)
+	TODO: check
+CVE-2020-13152
+	RESERVED
+CVE-2020-13151
+	RESERVED
+CVE-2020-13150
+	RESERVED
+CVE-2020-13149 (Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dr ...)
+	TODO: check
+CVE-2020-13148
+	RESERVED
+CVE-2020-13147
+	RESERVED
 CVE-2020-13146 (Studio in Open edX Ironwood 2.5 allows CSV injection because an added  ...)
 	TODO: check
 CVE-2020-13145 (Studio in Open edX Ironwood 2.5 allows users to upload SVG files via t ...)
@@ -118,8 +150,8 @@ CVE-2020-13096
 	RESERVED
 CVE-2020-13095
 	RESERVED
-CVE-2020-13094
-	RESERVED
+CVE-2020-13094 (Dolibarr before 11.0.4 allows XSS. ...)
+	TODO: check
 CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. ...)
 	NOT-FOR-US: iSpyConnect.com Agent DVR
 CVE-2020-13092 (** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unseriali ...)
@@ -29380,8 +29412,8 @@ CVE-2020-1899
 	RESERVED
 CVE-2020-1898
 	RESERVED
-CVE-2020-1897
-	RESERVED
+CVE-2020-1897 (A use-after-free is possible due to an error in lifetime management in ...)
+	TODO: check
 CVE-2020-1896
 	RESERVED
 CVE-2020-1895 (A large heap overflow could occur in Instagram for Android when attemp ...)
@@ -39601,8 +39633,8 @@ CVE-2019-17068 (PuTTY before 0.73 mishandles the "bracketed paste mode" protecti
 CVE-2019-17067 (PuTTY before 0.73 on Windows improperly opens port-forwarding listenin ...)
 	- putty <not-affected> (Windows-specific)
 	NOTE: https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html
-CVE-2019-17066
-	RESERVED
+CVE-2019-17066 (In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate right ...)
+	TODO: check
 CVE-2019-17065
 	RESERVED
 CVE-2019-17064 (Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b0144e3131b13a01066599a32997f69c6f4a558

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b0144e3131b13a01066599a32997f69c6f4a558
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200519/2c53745a/attachment.html>