Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8e40455d by security tracker role at 2020-03-19T08:10:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,20 @@
-CVE-2020-10674 [shell injection RCE]
+CVE-2020-10673 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interact ...)
+ TODO: check
+CVE-2020-10672 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interact ...)
+ TODO: check
+CVE-2020-10671
+ RESERVED
+CVE-2020-10670
+ RESERVED
+CVE-2020-10669
+ RESERVED
+CVE-2020-10668
+ RESERVED
+CVE-2020-10667
+ RESERVED
+CVE-2020-10666
+ RESERVED
+CVE-2020-10674 (PerlSpeak through 2.01 allows attackers to execute arbitrary
OS comman ...)
- libperlspeak-perl <unfixed> (bug #954238)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=132173
CVE-2020-10665 (Docker Desktop allows local privilege escalation to NT
AUTHORITY\SYSTE ...)
@@ -189,7 +205,7 @@ CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x
before 1.15.1. It allo
NOT-FOR-US: drf-jwt
CVE-2020-10593
RESERVED
- - tor 0.4.2.7-1
+ - tor 0.4.2.7-1
[buster] - tor <not-affected> (Only affects tor 0.4.0.1-alpha onwards)
[stretch] - tor <not-affected> (Only affects tor 0.4.0.1-alpha onwards)
[jessie] - tor <not-affected> (Only affects tor 0.4.0.1-alpha onwards)
@@ -197,7 +213,7 @@ CVE-2020-10593
NOTE: https://bugs.torproject.org/33119
CVE-2020-10592
RESERVED
- - tor 0.4.2.7-1
+ - tor 0.4.2.7-1
NOTE: https://blog.torproject.org/new-releases-03510-0419-0427
NOTE: https://bugs.torproject.org/33119
CVE-2020-10591 (An issue was discovered in Walmart Labs Concord before 1.44.0.
CORS Ac ...)
@@ -669,8 +685,8 @@ CVE-2020-10367
RESERVED
CVE-2020-10366
RESERVED
-CVE-2020-10365
- RESERVED
+CVE-2020-10365 (LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc
populates the ...)
+ TODO: check
CVE-2020-10364
RESERVED
CVE-2020-10363
@@ -2594,8 +2610,7 @@ CVE-2020-9480
RESERVED
CVE-2020-9479
RESERVED
-CVE-2019-20485 [potential DoS by holding a monitor job while querying QEMU
guest-agent]
- RESERVED
+CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the
holding of a ...)
[experimental] - libvirt 6.0.0-1
- libvirt <unfixed> (low; bug #953078)
[buster] - libvirt <no-dsa> (Minor issue)
@@ -2713,8 +2728,8 @@ CVE-2020-9425
RESERVED
CVE-2020-9424
RESERVED
-CVE-2020-9423
- RESERVED
+CVE-2020-9423 (LogicalDoc before 8.3.3 could allow an attacker to upload
arbitrary fi ...)
+ TODO: check
CVE-2020-9422
RESERVED
CVE-2020-9421
@@ -7661,12 +7676,12 @@ CVE-2020-7260
RESERVED
CVE-2020-7259
RESERVED
-CVE-2020-7258
- RESERVED
+CVE-2020-7258 (Cross site scripting vulnerability in McAfee Network Security
Manageme ...)
+ TODO: check
CVE-2020-7257
RESERVED
-CVE-2020-7256
- RESERVED
+CVE-2020-7256 (Cross site scripting vulnerability in McAfee Network Security
Manageme ...)
+ TODO: check
CVE-2020-7255
RESERVED
CVE-2020-7254 (Privilege Escalation vulnerability in the command line
interface in Mc ...)
@@ -19720,10 +19735,10 @@ CVE-2019-19679 (In "Xray Test Management for Jira"
prior to version 3.5.5, remot
NOT-FOR-US: Xray Test Management for Jira
CVE-2019-19678 (In "Xray Test Management for Jira" prior to version 3.5.5,
remote auth ...)
NOT-FOR-US: Xray Test Management for Jira
-CVE-2019-19677
- RESERVED
-CVE-2019-19676
- RESERVED
+CVE-2019-19677 (arxes-tolina 3.0.0 allows User Enumeration. ...)
+ TODO: check
+CVE-2019-19676 (A CSV injection in arxes-tolina 3.0.0 allows malicious users
to gain r ...)
+ TODO: check
CVE-2019-19675 (In Ivanti Workspace Control before 10.3.180.0. a locally
authenticated ...)
NOT-FOR-US: Ivanti Workspace Control
CVE-2019-19674
@@ -23411,8 +23426,8 @@ CVE-2019-18981 (Pimcore before 6.2.2 lacks an Access
Denied outcome for a certai
NOT-FOR-US: Pimcore
CVE-2019-18980 (On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb
9290022 ...)
NOT-FOR-US: Signify Philips Taolight
-CVE-2019-18979
- RESERVED
+CVE-2019-18979 (Adaware antivirus 12.6.1005.11662 and 12.7.1055.0 has a
quarantine fla ...)
+ TODO: check
CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS
Middleware) ge ...)
{DLA-2096-1}
- ruby-rack-cors 1.1.1-1 (bug #944849)
@@ -30281,7 +30296,7 @@ CVE-2019-17547 (In ImageMagick before 7.0.8-62,
TraceBezier in MagickCore/draw.c
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16537
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/ecf7c6b288e11e7e7f75387c5e9e93e423b98397
CVE-2019-17546 (tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL
through 3.0. ...)
- {DSA-4608-1 DLA-2009-1}
+ {DSA-4608-1 DLA-2147-1 DLA-2009-1}
- gdal <unfixed> (unimportant)
- tiff 4.0.10+git190818-1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e40455d634246cac16c7dafdca594bd25cd43a9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e40455d634246cac16c7dafdca594bd25cd43a9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
