[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 29 Jul 2020 01:11:19 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3cc5ad8c by security tracker role at 2020-07-29T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2020-16116
+       RESERVED
+CVE-2020-16115
+       RESERVED
+CVE-2020-16114
+       RESERVED
+CVE-2020-16113
+       RESERVED
+CVE-2020-16112
+       RESERVED
+CVE-2020-16111
+       RESERVED
+CVE-2020-16110
+       RESERVED
+CVE-2020-16109
+       RESERVED
+CVE-2020-16108
+       RESERVED
+CVE-2020-16107
+       RESERVED
+CVE-2020-16106
+       RESERVED
+CVE-2020-16105
+       RESERVED
+CVE-2020-16104
+       RESERVED
+CVE-2020-16103
+       RESERVED
+CVE-2020-16102
+       RESERVED
+CVE-2020-16101
+       RESERVED
+CVE-2020-16100
+       RESERVED
+CVE-2020-16099
+       RESERVED
+CVE-2020-16098
+       RESERVED
+CVE-2020-16097
+       RESERVED
+CVE-2020-16096
+       RESERVED
+CVE-2020-16095
+       RESERVED
 CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a 
malicious  ...)
        - claws-mail <unfixed>
        NOTE: 
https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313
@@ -431,6 +475,7 @@ CVE-2020-15892 (An issue was discovered in apply.cgi on 
D-Link DAP-1520 devices
 CVE-2020-15891
        RESERVED
 CVE-2020-15890 (LuaJit through 2.1.0-beta3 has an out-of-bounds read because 
__gc hand ...)
+       {DLA-2296-1}
        - luajit <unfixed> (bug #966148)
        NOTE: https://github.com/LuaJIT/LuaJIT/issues/601
 CVE-2020-15889 (Lua through 5.4.0 has a getobjname heap-based buffer over-read 
because ...)
@@ -5184,8 +5229,8 @@ CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in 
libEMF (aka ECMA-234 Metafil
        NOTE: Fixed upstream in 1.0.13
 CVE-2020-13998 (** UNSUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is 
enabled ...)
        NOT-FOR-US: Citrix
-CVE-2020-13997
-       RESERVED
+CVE-2020-13997 (In Shopware before 6.2.3, the database password is leaked to 
an unauth ...)
+       TODO: check
 CVE-2020-13996 (The J2Store plugin before 3.3.13 for Joomla! allows a SQL 
injection at ...)
        NOT-FOR-US: J2Store plugin for Joomla!
 CVE-2020-13995
@@ -5240,10 +5285,10 @@ CVE-2020-13973 (OWASP json-sanitizer before 1.2.1 
allows XSS. An attacker who co
        NOT-FOR-US: OWASP json-sanitizer
 CVE-2020-13972
        RESERVED
-CVE-2020-13971
-       RESERVED
-CVE-2020-13970
-       RESERVED
+CVE-2020-13971 (In Shopware before 6.2.3, authenticated users are allowed to 
use the M ...)
+       TODO: check
+CVE-2020-13970 (Shopware before 6.2.3 is vulnerable to a Server-Side Request 
Forgery ( ...)
+       TODO: check
 CVE-2020-13969
        RESERVED
 CVE-2020-13968
@@ -12663,12 +12708,12 @@ CVE-2020-11478
        RESERVED
 CVE-2020-11477
        RESERVED
-CVE-2020-11476
-       RESERVED
+CVE-2020-11476 (Concrete5 before 8.5.3 allows Unrestricted Upload of File with 
Dangero ...)
+       TODO: check
 CVE-2020-11475
        RESERVED
-CVE-2020-11474
-       RESERVED
+CVE-2020-11474 (NCP Secure Enterprise Client before 10.15 r47589 allows a 
symbolic lin ...)
+       TODO: check
 CVE-2020-11473
        RESERVED
 CVE-2020-11472
@@ -13921,14 +13966,14 @@ CVE-2020-10987 (The goform/setUsbUnload endpoint of 
Tenda AC15 AC1900 version 15
        NOT-FOR-US: Tenda
 CVE-2020-10986 (A CSRF issue in the /goform/SysToolReboot endpoint of Tenda 
AC15 AC190 ...)
        NOT-FOR-US: Tenda
-CVE-2020-10985
-       RESERVED
-CVE-2020-10984
-       RESERVED
-CVE-2020-10983
-       RESERVED
-CVE-2020-10982
-       RESERVED
+CVE-2020-10985 (Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php. 
...)
+       TODO: check
+CVE-2020-10984 (Gambio GX before 4.0.1.0 allows admin/admin.php CSRF. ...)
+       TODO: check
+CVE-2020-10983 (Gambio GX before 4.0.1.0 allows SQL Injection in 
admin/mobile.php. ...)
+       TODO: check
+CVE-2020-10982 (Gambio GX before 4.0.1.0 allows SQL Injection in 
admin/gv_mail.php. ...)
+       TODO: check
 CVE-2020-10981 (GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other 
maintaine ...)
        [experimental] - gitlab 12.8.8-1
        - gitlab <unfixed>
@@ -20977,6 +21022,7 @@ CVE-2020-8178 (Insufficient input validation in npm 
package `jison` &lt;= 0.4.18
        NOTE: ports/ is stripped/excluded in the src:node-jison source package.
 CVE-2020-8177
        RESERVED
+       {DLA-2295-1}
        - curl <unfixed> (bug #965281)
        NOTE: https://curl.haxx.se/docs/CVE-2020-8177.html
        NOTE: 
https://github.com/curl/curl/commit/8236aba58542c5f89f1d41ca09d84579efb05e22 
(7.71.0)
@@ -26256,8 +26302,8 @@ CVE-2020-6100 (An exploitable memory corruption 
vulnerability exists in AMD atid
        NOT-FOR-US: AMD
 CVE-2020-6099
        RESERVED
-CVE-2020-6098
-       RESERVED
+CVE-2020-6098 (An exploitable denial of service vulnerability exists in the 
freeDiame ...)
+       TODO: check
 CVE-2020-6097
        RESERVED
 CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the 
ARMv7 mem ...)
@@ -27308,12 +27354,12 @@ CVE-2020-5616
        RESERVED
 CVE-2020-5615
        RESERVED
-CVE-2020-5614
-       RESERVED
-CVE-2020-5613
-       RESERVED
-CVE-2020-5612
-       RESERVED
+CVE-2020-5614 (Directory traversal vulnerability in KonaWiki 3.1.0 and earlier 
allows ...)
+       TODO: check
+CVE-2020-5613 (Cross-site scripting vulnerability in KonaWiki 3.1.0 and 
earlier allow ...)
+       TODO: check
+CVE-2020-5612 (Cross-site scripting vulnerability in KonaWiki 2.2.0 and 
earlier allow ...)
+       TODO: check
 CVE-2020-5611 (Cross-site request forgery (CSRF) vulnerability in Social 
Sharing Plug ...)
        TODO: check
 CVE-2020-5610
@@ -108720,12 +108766,14 @@ CVE-2018-15753 (An issue was discovered in the 
MensaMax (aka com.breustedt.mensa
 CVE-2018-15752 (An issue was discovered in the MensaMax (aka 
com.breustedt.mensamax) a ...)
        NOT-FOR-US: MensaMax application for Android
 CVE-2018-15751 (SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 
allow remo ...)
+       {DLA-2294-1}
        - salt 2018.3.3+dfsg1-1 (bug #913475)
        [jessie] - salt <not-affected> (REST netapi code was first introduced 
with v2014.7)
        NOTE: Fixed in 2016.11.10, 2017.7.8, 2018.3.3
        NOTE: 
https://docs.saltstack.com/en/latest/topics/releases/2016.11.10.html#security-fix
        NOTE: minimal patch: 
https://github.com/saltstack/salt/compare/v2016.11.9..v2016.11.10
 CVE-2018-15750 (Directory Traversal vulnerability in salt-api in SaltStack 
Salt before ...)
+       {DLA-2294-1}
        - salt 2018.3.3+dfsg1-1 (bug #913476)
        [jessie] - salt <not-affected> (REST netapi code was first introduced 
with v2014.7)
        NOTE: Fixed in 2016.11.10, 2017.7.8, 2018.3.3



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cc5ad8c15a108c676e080a5572d01061a155c25

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cc5ad8c15a108c676e080a5572d01061a155c25
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to