[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 01 May 2020 13:11:21 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
77ce1c02 by security tracker role at 2020-05-01T20:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2020-12619
+       RESERVED
+CVE-2020-12618
+       RESERVED
 CVE-2020-12617
        RESERVED
 CVE-2020-12616
@@ -284,8 +288,8 @@ CVE-2020-12476
        RESERVED
 CVE-2020-12475
        RESERVED
-CVE-2020-12474
-       RESERVED
+CVE-2020-12474 (Telegram Desktop through 2.0.1, Telegram through 6.0.1 for 
Android, an ...)
+       TODO: check
 CVE-2020-12473 (MonoX through 5.1.40.5152 allows admins to execute arbitrary 
programs  ...)
        NOT-FOR-US: MonoX
 CVE-2020-12472 (MonoX through 5.1.40.5152 allows stored XSS via User Status, 
Blog Comm ...)
@@ -1104,8 +1108,8 @@ CVE-2020-12119
        RESERVED
 CVE-2020-12118 (The keygen protocol implementation in Binance tss-lib before 
1.2.0 all ...)
        NOT-FOR-US: Binance tss-lib
-CVE-2020-12117
-       RESERVED
+CVE-2020-12117 (Moxa Service in Moxa NPort 5150A firmware version 1.5 and 
earlier allo ...)
+       TODO: check
 CVE-2020-12116
        RESERVED
 CVE-2020-12115
@@ -4772,7 +4776,7 @@ CVE-2020-11025 (In affected versions of WordPress, a 
cross-site scripting (XSS)
        NOTE: 
https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
 CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is 
vulnerable  ...)
        NOT-FOR-US: Moonlight iOS/tvOS
-CVE-2020-11023 (In jQuery before 3.5.0, passing HTML containing &lt;option&gt; 
element ...)
+CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 
3.5.0, pa ...)
        - jquery <unfixed>
        [jessie] - jquery <not-affected> (Vulnerable code note present)
        NOTE: 
https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
@@ -5879,8 +5883,7 @@ CVE-2020-10684 (A flaw was found in Ansible Engine, all 
versions 2.7.x, 2.8.x an
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1815519
        NOTE: https://github.com/ansible/ansible/pull/68431
        NOTE: 
https://github.com/ansible/ansible/commit/a9d2ceafe429171c0e2ad007058b88bae57c74ce
-CVE-2020-10683 [XML External Entity vulnerability in default SAX parser]
-       RESERVED
+CVE-2020-10683 (dom4j before 2.1.3 allows external DTDs and External Entities 
by defau ...)
        {DLA-2191-1}
        - dom4j <unfixed> (bug #958055)
        NOTE: 
https://github.com/dom4j/dom4j/commit/1707bf3d898a8ada3b213acb0e3b38f16eaae73d 
(the fix?)
@@ -8582,6 +8585,7 @@ CVE-2020-9483
 CVE-2020-9482 (If NiFi Registry 0.1.0 to 0.5.0 uses an authentication 
mechanism other ...)
        NOT-FOR-US: Apache NiFi
 CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 
is vulne ...)
+       {DSA-4672-1}
        - trafficserver 8.0.7+ds-1
        NOTE: 
https://lists.apache.org/thread.html/rcb8bae0b289d71d18a3220be256c1dfcc4d9ab49d2d6e07d1eac7c9d%40%3Cannounce.trafficserver.apache.org%3E
 CVE-2020-9480
@@ -13542,8 +13546,8 @@ CVE-2020-7353
        RESERVED
 CVE-2020-7352
        RESERVED
-CVE-2020-7351
-       RESERVED
+CVE-2020-7351 (An OS Command Injection vulnerability in the 
endpoint_devicemap.php co ...)
+       TODO: check
 CVE-2020-7350 (Rapid7 Metasploit Framework versions before 5.0.85 suffers from 
an ins ...)
        NOT-FOR-US: Rapid7 Metasploit Framework
 CVE-2020-7349
@@ -27721,6 +27725,7 @@ CVE-2020-1946
 CVE-2020-1945
        RESERVED
 CVE-2020-1944 (There is a vulnerability in Apache Traffic Server 6.0.0 to 
6.2.3, 7.0. ...)
+       {DSA-4672-1}
        - trafficserver 8.0.6+ds-1
        NOTE: 
https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E
 CVE-2020-1943 (Data sent with contentId to /control/stream is not sanitized, 
allowing ...)
@@ -36681,6 +36686,7 @@ CVE-2019-17567
 CVE-2019-17566
        RESERVED
 CVE-2019-17565 (There is a vulnerability in Apache Traffic Server 6.0.0 to 
6.2.3, 7.0. ...)
+       {DSA-4672-1}
        - trafficserver 8.0.6+ds-1
        NOTE: 
https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E
 CVE-2019-17564 (Unsafe deserialization occurs within a Dubbo application which 
has HTT ...)
@@ -36703,6 +36709,7 @@ CVE-2019-17560 (The "Apache NetBeans" autoupdate system 
does not validate SSL ce
        - netbeans <unfixed> (unimportant)
        NOTE: Debian packages updated via apt
 CVE-2019-17559 (There is a vulnerability in Apache Traffic Server 6.0.0 to 
6.2.3, 7.0. ...)
+       {DSA-4672-1}
        - trafficserver 8.0.6+ds-1
        NOTE: 
https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E
 CVE-2019-17558 (Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a 
Remote Code ...)
@@ -40236,7 +40243,7 @@ CVE-2019-16289 (The insert-php (aka Woody ad snippets) 
plugin before 2.2.8 for W
        NOT-FOR-US: Wordpress plugin
 CVE-2019-16288 (On Tenda N301 wireless routers, a long string in the wifiSSID 
paramete ...)
        NOT-FOR-US: Tenda
-CVE-2019-16287 (An attacker may be able to leverage the application filter 
bypass vuln ...)
+CVE-2019-16287 (In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may 
be able t ...)
        NOT-FOR-US: HP
 CVE-2019-16286 (An attacker may be able to bypass the OS application filter 
meant to r ...)
        NOT-FOR-US: HP
@@ -75945,8 +75952,8 @@ CVE-2019-4211 (IBM QRadar SIEM 7.2 and 7.3 is 
vulnerable to cross-site scripting
        NOT-FOR-US: IBM
 CVE-2019-4210 (IBM QRadar SIEM 7.3.2 could allow a user to bypass 
authentication expo ...)
        NOT-FOR-US: IBM
-CVE-2019-4209
-       RESERVED
+CVE-2019-4209 (HCL Connections v5.5, v6.0, and v6.5 contains an open redirect 
vulnera ...)
+       TODO: check
 CVE-2019-4208 (IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable 
to an X ...)
        NOT-FOR-US: IBM
 CVE-2019-4207 (IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose 
sensitiv ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77ce1c02fe49209b0bf2388a339b14fdf25f673f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77ce1c02fe49209b0bf2388a339b14fdf25f673f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to