[Git][security-tracker-team/security-tracker][master] various bugs

Moritz Muehlenhoff jmm at debian.org
Thu Oct 29 18:52:41 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
91e443d5 by Moritz Mühlenhoff at 2020-10-29T19:52:21+01:00
various bugs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -698,13 +698,13 @@ CVE-2020-27743 (libtac in pam_tacplus through 1.5.1 lacks a check for a failure
 	- libpam-tacplus <unfixed> (bug #973250)
 	NOTE: https://github.com/kravietz/pam_tacplus/pull/163
 CVE-2020-27742 (An Insecure Direct Object Reference vulnerability in Citadel WebCit th ...)
-	- webcit <unfixed>
+	- webcit <unfixed> (bug #973385)
 CVE-2020-27741 (Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit  ...)
-	- webcit <unfixed>
+	- webcit <unfixed> (bug #973385)
 CVE-2020-27740 (Citadel WebCit through 926 allows unauthenticated remote attackers to  ...)
-	- webcit <unfixed>
+	- webcit <unfixed> (bug #973385)
 CVE-2020-27739 (A Weak Session Management vulnerability in Citadel WebCit through 926  ...)
-	- webcit <unfixed>
+	- webcit <unfixed> (bug #973385)
 CVE-2020-27738
 	RESERVED
 CVE-2020-27737
@@ -20855,10 +20855,10 @@ CVE-2020-18187
 CVE-2020-18186
 	RESERVED
 CVE-2020-18185 (class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrar ...)
-	- pluxml <unfixed>
+	- pluxml <unfixed> (bug #973382)
 	NOTE: https://github.com/pluxml/PluXml/issues/321
 CVE-2020-18184 (In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_ ...)
-	- pluxml <unfixed>
+	- pluxml <unfixed> (bug #973382)
 	NOTE: https://github.com/pluxml/PluXml/issues/320
 CVE-2020-18183
 	RESERVED
@@ -52570,19 +52570,19 @@ CVE-2020-6110 (An exploitable partial path traversal vulnerability exists in the
 CVE-2020-6109 (An exploitable path traversal vulnerability exists in the Zoom client, ...)
 	NOT-FOR-US: Zoom
 CVE-2020-6108 (An exploitable code execution vulnerability exists in the fsck_chk_orp ...)
-	- f2fs-tools <unfixed>
+	- f2fs-tools <unfixed> (bug #973380)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1050
 CVE-2020-6107 (An exploitable information disclosure vulnerability exists in the dev_ ...)
-	- f2fs-tools <unfixed>
+	- f2fs-tools <unfixed> (bug #973380)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1049
 CVE-2020-6106 (An exploitable information disclosure vulnerability exists in the init ...)
-	- f2fs-tools <unfixed>
+	- f2fs-tools <unfixed> (bug #973380)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1048
 CVE-2020-6105 (An exploitable code execution vulnerability exists in the multiple dev ...)
-	- f2fs-tools <unfixed>
+	- f2fs-tools <unfixed> (bug #973380)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1047
 CVE-2020-6104 (An exploitable information disclosure vulnerability exists in the get_ ...)
-	- f2fs-tools <unfixed>
+	- f2fs-tools <unfixed> (bug #973380)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1046
 CVE-2020-6103 (An exploitable code execution vulnerability exists in the Shader funct ...)
 	NOT-FOR-US: AMD Radeon DirectX 11 Driver atidxx64.dll
@@ -54101,7 +54101,7 @@ CVE-2020-5423
 CVE-2020-5422 (BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA pas ...)
 	NOT-FOR-US: BOSH System Metrics Server
 CVE-2020-5421 (In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5. ...)
-	- libspring-java <unfixed>
+	- libspring-java <unfixed> (bug #973381)
 	[buster] - libspring-java <no-dsa> (Minor issue)
 	[stretch] - libspring-java <no-dsa> (Minor issue)
 	NOTE: https://tanzu.vmware.com/security/cve-2020-5421
@@ -93816,7 +93816,7 @@ CVE-2019-11029 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the D
 CVE-2019-11028 (GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing  ...)
 	NOT-FOR-US: GAT-Ship Web Module
 CVE-2015-9284 (The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vuln ...)
-	- ruby-omniauth <unfixed>
+	- ruby-omniauth <unfixed> (bug #973384)
 	[buster] - ruby-omniauth <no-dsa> (Minor issue)
 	[stretch] - ruby-omniauth <no-dsa> (Minor issue)
 	[jessie] - ruby-omniauth <no-dsa> (Fix is in additional gem and needs CSRF protection in apps)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91e443d5b9629243e306928b6bd820e17e9e1bde

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91e443d5b9629243e306928b6bd820e17e9e1bde
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201029/e53f09b6/attachment.html>

More information about the debian-security-tracker-commits mailing list