Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b8684443 by security tracker role at 2020-02-22T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-9335
+ RESERVED
+CVE-2020-9334
+ RESERVED
+CVE-2020-9333
+ RESERVED
+CVE-2020-9332
+ RESERVED
+CVE-2020-9331
+ RESERVED
+CVE-2020-9330 (Certain Xerox WorkCentre printers before 073.xxx.000.02300 do
not requ ...)
+ TODO: check
+CVE-2020-9329 (Gogs through 0.11.91 allows attackers to violate the
admin-specified r ...)
+ TODO: check
+CVE-2020-9328
+ RESERVED
+CVE-2020-9327 (In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to
trigger ...)
+ TODO: check
CVE-2020-9326
RESERVED
CVE-2020-9325
@@ -108,6 +126,7 @@ CVE-2020-9275
CVE-2020-9274
RESERVED
CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by
interru ...)
+ {DLA-2115-1}
- proftpd-dfsg 1.3.6c-1 (bug #951800)
NOTE: https://github.com/proftpd/proftpd/issues/903
NOTE:
https://github.com/proftpd/proftpd/commit/d388f7904d4c9a6d0ea54237b8b54a57c19d8d49
(master)
@@ -601,8 +620,8 @@ CVE-2020-9041
RESERVED
CVE-2020-9040
RESERVED
-CVE-2020-9039
- RESERVED
+CVE-2020-9039 (Couchbase Server 4.x and 5.x before 6.0.0 has Insecure
Permissions for ...)
+ TODO: check
CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...)
NOT-FOR-US: Joplin
CVE-2020-9037
@@ -1025,12 +1044,12 @@ CVE-2020-8864
RESERVED
CVE-2020-8863
RESERVED
-CVE-2020-8862
- RESERVED
-CVE-2020-8861
- RESERVED
-CVE-2020-8860
- RESERVED
+CVE-2020-8862 (This vulnerability allows network-adjacent attackers to bypass
authent ...)
+ TODO: check
+CVE-2020-8861 (This vulnerability allows network-adjacent attackers to bypass
authent ...)
+ TODO: check
+CVE-2020-8860 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
+ TODO: check
CVE-2020-8859
RESERVED
CVE-2020-8858 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
@@ -1148,8 +1167,8 @@ CVE-2017-18641 (In LXC 2.0, many template scripts
download code over cleartext H
NOTE: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447
NOTE: Some of the templates were switched to fetch the pacakges over
HTTPS, cf.
NOTE: https://github.com/lxc/lxc/pull/1371 for the lxc-fedora template.
-CVE-2020-8813
- RESERVED
+CVE-2020-8813 (graph_realtime.php in Cacti 1.2.8 allows remote attackers to
execute a ...)
+ TODO: check
CVE-2020-8812 (** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to
insert m ...)
NOT-FOR-US: Bludit
CVE-2020-8811 (ajax/profile-picture-upload.php in Bludit 3.10.0 allows
authenticated ...)
@@ -3212,8 +3231,8 @@ CVE-2020-7909 (In JetBrains TeamCity before 2019.1.5,
some server-stored passwor
NOT-FOR-US: JetBrains
CVE-2020-7908 (In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was
possible ...)
NOT-FOR-US: JetBrains
-CVE-2020-7907
- RESERVED
+CVE-2020-7907 (In the JetBrains Scala plugin before 2019.2.1, some artefact
dependenc ...)
+ TODO: check
CVE-2020-7906 (In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7,
there wer ...)
NOT-FOR-US: JetBrains
CVE-2020-7905 (Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were
expose ...)
@@ -8697,6 +8716,7 @@ CVE-2020-5392
CVE-2020-5391
RESERVED
CVE-2020-5390 (PySAML2 before 5.0.0 does not check that the signature in a
SAML docum ...)
+ {DSA-4630-1}
- python-pysaml2 4.5.0-7 (bug #949322)
NOTE:
https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25
(v5.0.0)
CVE-2020-5389
@@ -8858,11 +8878,11 @@ CVE-2019-20331
CVE-2020-5314
RESERVED
CVE-2020-5313 (libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer
overfl ...)
- {DLA-2057-1}
+ {DSA-4631-1 DLA-2057-1}
- pillow 7.0.0-1 (bug #948224)
NOTE:
https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b
(6.2.2)
CVE-2020-5312 (libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode
buffer ...)
- {DLA-2057-1}
+ {DSA-4631-1 DLA-2057-1}
- pillow 7.0.0-1 (bug #948224)
NOTE:
https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd
(6.2.2)
CVE-2020-5311 (libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI
buffer ove ...)
@@ -12822,7 +12842,7 @@ CVE-2019-19913
CVE-2019-19912
RESERVED
CVE-2019-19911 (There is a DoS vulnerability in Pillow before 6.2.2 caused by
FpxImage ...)
- {DLA-2057-1}
+ {DSA-4631-1 DLA-2057-1}
- pillow 7.0.0-1 (bug #948224)
NOTE:
https://github.com/python-pillow/Pillow/commit/774e53bb132461d8d5ebefec1162e29ec0ebc63d
(6.2.2)
CVE-2019-19910 (The MinervaNeue Skin in MediaWiki from 2019-11-05 to
2019-12-13 (1.35 ...)
@@ -20362,8 +20382,8 @@ CVE-2019-18848 (The json-jwt gem before 1.11.0 for Ruby
lacks an element count d
NOTE:
https://github.com/nov/json-jwt/commit/ada16e772906efdd035e3df49cb2ae372f0f948a
CVE-2019-18847
RESERVED
-CVE-2019-18846
- RESERVED
+CVE-2019-18846 (OX App Suite through 7.10.2 allows SSRF. ...)
+ TODO: check
CVE-2019-18845 (The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB
before 1.1 ...)
NOT-FOR-US: Patriot Viper RGB
CVE-2019-18844 (The Device Model in ACRN before 2019w25.5-140000p relies on
assert cal ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b86844431694e746311b5ae36231b7f816b020ee
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b86844431694e746311b5ae36231b7f816b020ee
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
