[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 03 Apr 2020 01:11:10 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
88f15ac0 by security tracker role at 2020-04-03T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,14 @@
-CVE-2020-11494 [slcan: Don't transmit uninitialized stack data in padding]
+CVE-2020-11499 (Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS 
when upd ...)
+       TODO: check
+CVE-2020-11498 (Slack Nebula through 1.1.0 contains a relative path 
vulnerability that ...)
+       TODO: check
+CVE-2020-11497
+       RESERVED
+CVE-2020-11496
+       RESERVED
+CVE-2020-11495
+       RESERVED
+CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c 
in the  ...)
        - linux <unfixed>
        NOTE: 
https://lore.kernel.org/netdev/[email protected]/
 CVE-2020-11493
@@ -1116,6 +1126,7 @@ CVE-2020-10961
        RESERVED
 CVE-2020-10960 [mediawiki: makeCollapsible allows applying event handler to 
any CSS selector]
        RESERVED
+       {DSA-4651-1}
        - mediawiki 1:1.31.7-1
        [stretch] - mediawiki <not-affected> (Vulnerable code introduced later)
        NOTE: https://phabricator.wikimedia.org/T246602
@@ -2396,8 +2407,8 @@ CVE-2020-10517
        RESERVED
 CVE-2020-10516
        RESERVED
-CVE-2020-10515
-       RESERVED
+CVE-2020-10515 (STARFACE UCC Client before 6.7.1.204 on WIndows allows binary 
planting ...)
+       TODO: check
 CVE-2020-10514
        RESERVED
 CVE-2020-10513
@@ -5623,8 +5634,8 @@ CVE-2020-9069
        RESERVED
 CVE-2020-9068
        RESERVED
-CVE-2020-9067
-       RESERVED
+CVE-2020-9067 (There is a buffer overflow vulnerability in some Huawei 
products. The  ...)
+       TODO: check
 CVE-2020-9066 (Huawei smartphones OxfordP-AN10B with versions earlier than 
10.0.1.169 ...)
        NOT-FOR-US: Huawei
 CVE-2020-9065 (Huawei smart phone Taurus-AL00B with versions earlier than 
10.0.0.203( ...)
@@ -8969,30 +8980,30 @@ CVE-2020-7632
        RESERVED
 CVE-2020-7631
        RESERVED
-CVE-2020-7630
-       RESERVED
-CVE-2020-7629
-       RESERVED
-CVE-2020-7628
-       RESERVED
-CVE-2020-7627
-       RESERVED
-CVE-2020-7626
-       RESERVED
-CVE-2020-7625
-       RESERVED
-CVE-2020-7624
-       RESERVED
-CVE-2020-7623
-       RESERVED
+CVE-2020-7630 (git-add-remote through 1.0.0 is vulnerable to Command 
Injection. It al ...)
+       TODO: check
+CVE-2020-7629 (install-package through 0.4.0 is vulnerable to Command 
Injection. It a ...)
+       TODO: check
+CVE-2020-7628 (install-package through 1.1.6 is vulnerable to Command 
Injection. It a ...)
+       TODO: check
+CVE-2020-7627 (node-key-sender through 1.0.11 is vulnerable to Command 
Injection. It  ...)
+       TODO: check
+CVE-2020-7626 (karma-mojo through 1.0.1 is vulnerable to Command Injection. It 
allows ...)
+       TODO: check
+CVE-2020-7625 (op-browser through 1.0.6 is vulnerable to Command Injection. It 
allows ...)
+       TODO: check
+CVE-2020-7624 (effect through 1.0.4 is vulnerable to Command Injection. It 
allows exe ...)
+       TODO: check
+CVE-2020-7623 (jscover through 1.0.0 is vulnerable to Command Injection. It 
allows ex ...)
+       TODO: check
 CVE-2020-7622
        RESERVED
-CVE-2020-7621
-       RESERVED
-CVE-2020-7620
-       RESERVED
-CVE-2020-7619
-       RESERVED
+CVE-2020-7621 (strong-nginx-controller through 1.0.2 is vulnerable to Command 
Injecti ...)
+       TODO: check
+CVE-2020-7620 (pomelo-monitor through 0.3.7 is vulnerable to Command 
Injection.It all ...)
+       TODO: check
+CVE-2020-7619 (get-git-data through 1.3.1 is vulnerable to Command Injection. 
It is p ...)
+       TODO: check
 CVE-2020-7618
        RESERVED
 CVE-2020-7617 (ini-parser through 0.0.2 is vulnerable to Prototype 
Pollution.The libr ...)
@@ -14302,8 +14313,8 @@ CVE-2020-5285
        RESERVED
 CVE-2020-5284 (Next.js versions before 9.3.2 have a directory traversal 
vulnerability ...)
        NOT-FOR-US: next.js
-CVE-2020-5283
-       RESERVED
+CVE-2020-5283 (ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability 
in CVS ...)
+       TODO: check
 CVE-2020-5282 (In Nick Chan Bot before version 1.0.0-beta there is a 
vulnerability in ...)
        NOT-FOR-US: Nick Chan Bot
 CVE-2020-5281 (In Perun before version 3.9.1, VO or group manager can modify 
configur ...)
@@ -18243,7 +18254,7 @@ CVE-2019-19916 (In Midori Browser 0.5.11 (on Windows 
10), Content Security Polic
 CVE-2019-19915 (The "301 Redirects - Easy Redirect Manager" plugin before 2.45 
for Wor ...)
        NOT-FOR-US: "301 Redirects - Easy Redirect Manager" plugin for WordPress
 CVE-2019-19914
-       RESERVED
+       REJECTED
 CVE-2019-19913 (In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS 
via the ...)
        NOT-FOR-US: Intland codeBeamer ALM
 CVE-2019-19912 (In Intland codeBeamer ALM 9.5 and earlier, a cross-site 
scripting (XSS ...)
@@ -24536,13 +24547,11 @@ CVE-2019-19350
 CVE-2019-19349
        RESERVED
        NOT-FOR-US: openshift
-CVE-2019-19348
-       RESERVED
+CVE-2019-19348 (An insecure modification vulnerability in the /etc/passwd file 
was fou ...)
        NOT-FOR-US: openshift
 CVE-2019-19347
        REJECTED
-CVE-2019-19346
-       RESERVED
+CVE-2019-19346 (An insecure modification vulnerability in the /etc/passwd file 
was fou ...)
        NOT-FOR-US: openshift
 CVE-2019-19345 (A vulnerability was found in all openshift/mediawiki-apb 4.x.x 
version ...)
        NOT-FOR-US: openshift
@@ -25205,24 +25214,24 @@ CVE-2019-19099
        RESERVED
 CVE-2019-19098
        RESERVED
-CVE-2019-19097
-       RESERVED
-CVE-2019-19096
-       RESERVED
-CVE-2019-19095
-       RESERVED
-CVE-2019-19094
-       RESERVED
-CVE-2019-19093
-       RESERVED
-CVE-2019-19092
-       RESERVED
-CVE-2019-19091
-       RESERVED
-CVE-2019-19090
-       RESERVED
-CVE-2019-19089
-       RESERVED
+CVE-2019-19097 (ABB eSOMS versions 4.0 to 6.0.3 accept connections using 
medium streng ...)
+       TODO: check
+CVE-2019-19096 (The Redis data structure component used in ABB eSOMS versions 
6.0 to 6 ...)
+       TODO: check
+CVE-2019-19095 (Lack of adequate input/output validation for ABB eSOMS 
versions 4.0 to ...)
+       TODO: check
+CVE-2019-19094 (Lack of input checks for SQL queries in ABB eSOMS versions 3.9 
to 6.0. ...)
+       TODO: check
+CVE-2019-19093 (eSOMS versions 4.0 to 6.0.3 do not enforce password complexity 
setting ...)
+       TODO: check
+CVE-2019-19092 (ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without 
Message  ...)
+       TODO: check
+CVE-2019-19091 (For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain 
comments  ...)
+       TODO: check
+CVE-2019-19090 (For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not 
set in the ...)
+       TODO: check
+CVE-2019-19089 (For ABB eSOMS versions 4.0 to 6.0.3, the 
X-Content-Type-Options Header ...)
+       TODO: check
 CVE-2019-19088 (Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows 
Directory Tr ...)
        - gitlab <not-affected> (Only affects Gitlab EE)
        NOTE: 
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
@@ -25541,14 +25550,14 @@ CVE-2019-19005
        RESERVED
 CVE-2019-19004
        RESERVED
-CVE-2019-19003
-       RESERVED
-CVE-2019-19002
-       RESERVED
-CVE-2019-19001
-       RESERVED
-CVE-2019-19000
-       RESERVED
+CVE-2019-19003 (For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not 
set. Thi ...)
+       TODO: check
+CVE-2019-19002 (For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP 
respons ...)
+       TODO: check
+CVE-2019-19001 (For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options 
header is not ...)
+       TODO: check
+CVE-2019-19000 (For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP 
header(s ...)
+       TODO: check
 CVE-2019-18999
        RESERVED
 CVE-2019-18998 (Insufficient access control in the web interface of ABB Asset 
Suite ve ...)
@@ -44648,6 +44657,7 @@ CVE-2019-13642
 CVE-2019-13641
        RESERVED
 CVE-2019-13640 (In qBittorrent before 4.1.7, the function 
Application::runExternalProg ...)
+       {DSA-4650-1}
        - qbittorrent 4.1.7-1 (bug #932539)
        [jessie] - qbittorrent <not-affected> (Vulnerable code not present in 
3.1.x series)
        NOTE: https://github.com/qbittorrent/qBittorrent/issues/10925
@@ -88520,8 +88530,8 @@ CVE-2018-17956 (In yast2-samba-provision up to and 
including version 1.0.1 the p
        NOT-FOR-US: yast2-samba-provision
 CVE-2018-17955 (In yast2-multipath before version 4.1.1 a static temporary 
filename al ...)
        NOT-FOR-US: yast2-multipath
-CVE-2018-17954
-       RESERVED
+CVE-2018-17954 (A Least Privilege Violation vulnerability in crowbar of SUSE 
OpenStack ...)
+       TODO: check
 CVE-2018-17953 (A incorrect variable in a SUSE specific patch for pam_access 
rule matc ...)
        - pam <not-affected> (Issue introduced by SUSE specific patch)
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1115640



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88f15ac080fb2de5c27dc7227cc6150d74533133

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88f15ac080fb2de5c27dc7227cc6150d74533133
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to