[Git][security-tracker-team/security-tracker][master] automatic update

Tue, 31 Mar 2020 01:10:53 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f12f7024 by security tracker role at 2020-03-31T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2020-11113 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the 
interact ...)
+       TODO: check
+CVE-2020-11112 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the 
interact ...)
+       TODO: check
+CVE-2020-11111 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the 
interact ...)
+       TODO: check
+CVE-2020-11110
+       RESERVED
+CVE-2020-11109
+       RESERVED
+CVE-2020-11108
+       RESERVED
+CVE-2020-11107
+       RESERVED
+CVE-2020-11106 (An issue was discovered in Responsive Filemanager through 
9.14.0. In t ...)
+       TODO: check
+CVE-2020-11105 (An issue was discovered in USC iLab cereal through 1.3.0. It 
employs c ...)
+       TODO: check
+CVE-2020-11104 (An issue was discovered in USC iLab cereal through 1.3.0. 
Serializatio ...)
+       TODO: check
+CVE-2020-11103
+       RESERVED
+CVE-2020-11102
+       RESERVED
+CVE-2020-11101
+       RESERVED
+CVE-2020-11100
+       RESERVED
+CVE-2019-20634 (An issue was discovered in Proofpoint Email Protection through 
2019-09 ...)
+       TODO: check
+CVE-2016-11024 (odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL 
injection. NOTE: ...)
+       TODO: check
+CVE-2016-11023 (odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL 
injection. NOTE ...)
+       TODO: check
 CVE-2020-11099
        RESERVED
 CVE-2020-11098
@@ -1824,8 +1858,8 @@ CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 
devices allow remote attack
        NOT-FOR-US: Technicolor
 CVE-2020-10375
        RESERVED
-CVE-2020-10374
-       RESERVED
+CVE-2020-10374 (A webserver component in Paessler PRTG Network Monitor 19.2.50 
to PRTG ...)
+       TODO: check
 CVE-2020-10373
        RESERVED
 CVE-2020-10372 (Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated 
Stored XS ...)
@@ -4794,8 +4828,8 @@ CVE-2020-9057
        RESERVED
 CVE-2020-9056
        RESERVED
-CVE-2020-9055
-       RESERVED
+CVE-2020-9055 (Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is 
vulnera ...)
+       TODO: check
 CVE-2020-9054 (Multiple ZyXEL network-attached storage (NAS) devices running 
firmware ...)
        NOT-FOR-US: ZyXEL
 CVE-2020-9053
@@ -8152,8 +8186,8 @@ CVE-2020-7613
        RESERVED
 CVE-2020-7612
        RESERVED
-CVE-2020-7611
-       RESERVED
+CVE-2020-7611 (All versions of io.micronaut:micronaut-http-client before 
1.2.11 and a ...)
+       TODO: check
 CVE-2020-7610 (All versions of bson before 1.1.4 are vulnerable to 
Deserialization of ...)
        TODO: check, might affect node-mongodb embedding bson
 CVE-2020-7609
@@ -13410,8 +13444,8 @@ CVE-2020-5291
        RESERVED
 CVE-2020-5290
        RESERVED
-CVE-2020-5289
-       RESERVED
+CVE-2020-5289 (In Elide before 4.5.14, it is possible for an adversary to 
"guess and  ...)
+       TODO: check
 CVE-2020-5288
        RESERVED
 CVE-2020-5287
@@ -13420,8 +13454,8 @@ CVE-2020-5286
        RESERVED
 CVE-2020-5285
        RESERVED
-CVE-2020-5284
-       RESERVED
+CVE-2020-5284 (Next.js versions before 9.3.2 have a directory traversal 
vulnerability ...)
+       TODO: check
 CVE-2020-5283
        RESERVED
 CVE-2020-5282 (In Nick Chan Bot before version 1.0.0-beta there is a 
vulnerability in ...)
@@ -13438,13 +13472,13 @@ CVE-2020-5277 (PrestaShop module ps_facetedsearch 
versions before 3.5.0 has a re
        NOT-FOR-US: PrestaShop
 CVE-2020-5276
        RESERVED
-CVE-2020-5275 [All "access_control" rules are required when a firewall uses 
the unanimous strategy]
+CVE-2020-5275 (In symfony/security-http before versions 4.4.7 and 5.0.7, when 
a `Fire ...)
        - symfony <unfixed>
        [buster] - symfony <not-affected> (Introduced in 4.4.0)
        [stretch] - symfony <not-affected> (Introduced in 4.4.0)
        NOTE: 
https://symfony.com/blog/cve-2020-5275-all-access-control-rules-are-required-when-a-firewall-uses-the-unanimous-strategy
        NOTE: 
https://github.com/symfony/symfony/commit/c935e4a3fba6cc2ab463a6ca382858068d63cebf
-CVE-2020-5274 [Fix Exception message escaping rendered by ErrorHandler]
+CVE-2020-5274 (In Symfony before versions 5.0.5 and 4.4.5, some properties of 
the Exc ...)
        - symfony <unfixed>
        [buster] - symfony <not-affected> (Introduced in 4.4.0)
        [stretch] - symfony <not-affected> (Introduced in 4.4.0)
@@ -13500,7 +13534,7 @@ CVE-2020-5257 (In Administrate (rubygem) before version 
0.13.0, when sorting by
        NOT-FOR-US: Administrate ruby gem
 CVE-2020-5256 (BookStack before version 0.25.5 has a vulnerability where a 
user could ...)
        NOT-FOR-US: BookStack
-CVE-2020-5255 [Prevent cache poisoning via a Response Content-Type header]
+CVE-2020-5255 (In Symfony before versions 4.4.7 and 5.0.7, when a `Response` 
does not ...)
        - symfony <unfixed>
        [buster] - symfony <not-affected> (Introduced in 4.4.0)
        [stretch] - symfony <not-affected> (Introduced in 4.4.0)
@@ -17361,10 +17395,10 @@ CVE-2019-19915 (The "301 Redirects - Easy Redirect 
Manager" plugin before 2.45 f
        NOT-FOR-US: "301 Redirects - Easy Redirect Manager" plugin for WordPress
 CVE-2019-19914
        RESERVED
-CVE-2019-19913
-       RESERVED
-CVE-2019-19912
-       RESERVED
+CVE-2019-19913 (In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS 
via the ...)
+       TODO: check
+CVE-2019-19912 (In Intland codeBeamer ALM 9.5 and earlier, a cross-site 
scripting (XSS ...)
+       TODO: check
 CVE-2019-19911 (There is a DoS vulnerability in Pillow before 6.2.2 caused by 
FpxImage ...)
        {DSA-4631-1 DLA-2057-1}
        - pillow 7.0.0-1 (bug #948224)
@@ -21160,10 +21194,10 @@ CVE-2019-19608 (A SQL injection vulnerability in in 
the web conferencing compone
        NOT-FOR-US: Mitel
 CVE-2019-19607 (A SQL injection vulnerability in the web conferencing 
component of Mit ...)
        NOT-FOR-US: Mitel
-CVE-2019-19606
-       RESERVED
-CVE-2019-19605
-       RESERVED
+CVE-2019-19606 (X-Plane 11.41 and earlier has multiple improper path 
validations that  ...)
+       TODO: check
+CVE-2019-19605 (X-Plane 11.41 and earlier allows Arbitrary Memory Write via 
crafted ne ...)
+       TODO: check
 CVE-2019-19604 (Arbitrary command execution is possible in Git before 2.20.2, 
2.21.x b ...)
        - git 1:2.24.0-2
        [buster] - git 1:2.20.1-2+deb10u1
@@ -57453,12 +57487,12 @@ CVE-2019-9511 (Some HTTP/2 implementations are 
vulnerable to window size manipul
        NOTE: https://github.com/nghttp2/nghttp2/releases/tag/v1.39.2
 CVE-2019-9510 (A vulnerability in Microsoft Windows 10 1803 and Windows Server 
2019 a ...)
        NOT-FOR-US: Microsoft
-CVE-2019-9509
-       RESERVED
-CVE-2019-9508
-       RESERVED
-CVE-2019-9507
-       RESERVED
+CVE-2019-9509 (The web interface of the Vertiv Avocent UMG-4000 version 
4.2.1.19 is v ...)
+       TODO: check
+CVE-2019-9508 (The web interface of the Vertiv Avocent UMG-4000 version 
4.2.1.19 is v ...)
+       TODO: check
+CVE-2019-9507 (The web interface of the Vertiv Avocent UMG-4000 version 
4.2.1.19 is v ...)
+       TODO: check
 CVE-2019-9506 (The Bluetooth BR/EDR specification up to and including version 
5.1 per ...)
        {DLA-1930-1 DLA-1919-1}
        - linux 5.2.6-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f12f702421299dce5756911fb0028c8f47b5956e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f12f702421299dce5756911fb0028c8f47b5956e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to