[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Oct 16 09:10:25 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a1fa9308 by security tracker role at 2020-10-16T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2020-27177
+	RESERVED
+CVE-2020-27176 (Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote C ...)
+	TODO: check
+CVE-2020-27175
+	RESERVED
+CVE-2020-27174 (In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the ...)
+	TODO: check
+CVE-2020-27173 (In vm-superio before 0.1.1, the serial console FIFO can grow to unlimi ...)
+	TODO: check
+CVE-2020-27172
+	RESERVED
+CVE-2020-27171
+	RESERVED
+CVE-2020-27170
+	RESERVED
+CVE-2020-27169
+	RESERVED
+CVE-2020-27168
+	RESERVED
+CVE-2020-27167
+	RESERVED
+CVE-2020-27166
+	RESERVED
+CVE-2020-27165
+	RESERVED
+CVE-2020-27164
+	RESERVED
+CVE-2020-27163 (phpRedisAdmin before 1.13.2 allows XSS via the login.php username para ...)
+	TODO: check
+CVE-2020-27162
+	RESERVED
+CVE-2020-27161
+	RESERVED
 CVE-2020-27160
 	RESERVED
 CVE-2020-27159
@@ -434,8 +468,8 @@ CVE-2020-26945 (MyBatis before 3.5.6 mishandles deserialization of object stream
 	NOT-FOR-US: MyBatis
 CVE-2020-26944
 	RESERVED
-CVE-2020-26943
-	RESERVED
+CVE-2020-26943 (An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2. ...)
+	TODO: check
 CVE-2020-26942
 	RESERVED
 CVE-2020-26941
@@ -1159,10 +1193,10 @@ CVE-2020-26586
 	RESERVED
 CVE-2020-26585
 	RESERVED
-CVE-2020-26584
-	RESERVED
-CVE-2020-26583
-	RESERVED
+CVE-2020-26584 (An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. The  ...)
+	TODO: check
+CVE-2020-26583 (An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It a ...)
+	TODO: check
 CVE-2020-26582 (D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users ...)
 	NOT-FOR-US: D-Link
 CVE-2020-26581
@@ -2799,8 +2833,7 @@ CVE-2020-25831
 	RESERVED
 CVE-2020-25830 (An issue was discovered in MantisBT before 2.24.3. Improper escaping o ...)
 	- mantis <removed>
-CVE-2020-25829 [cache pollution issue]
-	RESERVED
+CVE-2020-25829 (An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x befo ...)
 	- pdns-recursor <unfixed> (bug #972159)
 	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html
 CVE-2020-25828 (An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through ...)
@@ -6114,8 +6147,7 @@ CVE-2020-24354 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and p
 	NOT-FOR-US: Zyxel
 CVE-2020-24353
 	RESERVED
-CVE-2020-24352
-	RESERVED
+CVE-2020-24352 (An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory ...)
 	- qemu <unfixed> (unimportant; bug #968820)
 	[buster] - qemu <not-affected> (Vulnerable code introduced in ATI VGA device emulation added later)
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
@@ -27968,8 +28000,8 @@ CVE-2020-14187
 	RESERVED
 CVE-2020-14186
 	RESERVED
-CVE-2020-14185
-	RESERVED
+CVE-2020-14185 (Affected versions of Jira Server allow remote unauthenticated attacker ...)
+	TODO: check
 CVE-2020-14184 (Affected versions of Atlassian Jira Server allow remote attackers to i ...)
 	NOT-FOR-US: Atlassian
 CVE-2020-14183 (Affected versions of Jira Server & Data Center allow a remote atta ...)
@@ -70220,8 +70252,8 @@ CVE-2019-17642 (An issue was discovered in Centreon before 18.10.8, 19.10.1, and
 	- centreon-web <itp> (bug #913903)
 CVE-2019-17641
 	RESERVED
-CVE-2019-17640
-	RESERVED
+CVE-2019-17640 (In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone ...)
+	TODO: check
 CVE-2019-17639 (In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling th ...)
 	NOT-FOR-US: IBM JDK specific issue on on AIX and Linux on the Power platform
 CVE-2019-17638 (In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in ca ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1fa9308054776cc44e1bfed5b6589fde9a475db

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1fa9308054776cc44e1bfed5b6589fde9a475db
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201016/4c2249c7/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list