[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 06 Apr 2020 13:11:26 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ed6edbf1 by security tracker role at 2020-04-06T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -59,10 +59,10 @@ CVE-2020-11547 (PRTG Network Monitor before 20.1.57.1745 
allows remote unauthent
        NOT-FOR-US: PRTG Network Monitor
 CVE-2020-11546
        RESERVED
-CVE-2020-11545
-       RESERVED
-CVE-2020-11544
-       RESERVED
+CVE-2020-11545 (Project Worlds Official Car Rental System 1 is vulnerable to 
multiple  ...)
+       TODO: check
+CVE-2020-11544 (An issue was discovered in Project Worlds Official Car Rental 
System 1 ...)
+       TODO: check
 CVE-2020-11543
        RESERVED
 CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow 
Authenticat ...)
@@ -135,8 +135,8 @@ CVE-2020-11509
        RESERVED
 CVE-2020-11508
        RESERVED
-CVE-2020-11507
-       RESERVED
+CVE-2020-11507 (An Untrusted Search Path vulnerability in Malwarebytes 
AdwCleaner 8.0. ...)
+       TODO: check
 CVE-2020-11506
        RESERVED
 CVE-2020-11505
@@ -972,8 +972,7 @@ CVE-2020-11104 (An issue was discovered in USC iLab cereal 
through 1.3.0. Serial
        NOT-FOR-US: USC iLab cereal
 CVE-2020-11103
        RESERVED
-CVE-2020-11102 [tulip: OOB access in tulip_copy_tx_buffers]
-       RESERVED
+CVE-2020-11102 (hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the 
copying  ...)
        - qemu <unfixed>
        - qemu-kvm <removed>
        NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/1
@@ -3084,14 +3083,14 @@ CVE-2020-10269
        RESERVED
 CVE-2020-10268
        RESERVED
-CVE-2020-10267
-       RESERVED
-CVE-2020-10266
-       RESERVED
-CVE-2020-10265
-       RESERVED
-CVE-2020-10264
-       RESERVED
+CVE-2020-10267 (Universal Robots control box CB 3.1 across firmware versions 
(tested o ...)
+       TODO: check
+CVE-2020-10266 (UR+ (Universal Robots+) is a platform of hardware and software 
compone ...)
+       TODO: check
+CVE-2020-10265 (Universal Robots Robot Controllers Version CB2 SW Version 1.4 
upwards, ...)
+       TODO: check
+CVE-2020-10264 (CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and 
upwards al ...)
+       TODO: check
 CVE-2019-20509
        REJECTED
 CVE-2020-10263
@@ -4844,7 +4843,7 @@ CVE-2020-9475
 CVE-2020-9474
        RESERVED
 CVE-2020-9473
-       RESERVED
+       REJECTED
 CVE-2020-9472 (Umbraco CMS 8.5.3 allows an authenticated file upload (and 
consequentl ...)
        NOT-FOR-US: Umbraco CMS
 CVE-2020-9471 (Umbraco Cloud 8.5.3 allows an authenticated file upload (and 
consequen ...)
@@ -8236,8 +8235,8 @@ CVE-2020-8006
        RESERVED
 CVE-2020-8005
        RESERVED
-CVE-2020-8004
-       RESERVED
+CVE-2020-8004 (STMicroelectronics STM32F1 devices have Incorrect Access 
Control. ...)
+       TODO: check
 CVE-2019-20433 (libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read 
for a s ...)
        - aspell 0.60.7-3 (bug #935128)
        [buster] - aspell <no-dsa> (Minor issue)
@@ -9144,24 +9143,24 @@ CVE-2020-7641
        RESERVED
 CVE-2020-7640
        RESERVED
-CVE-2020-7639
-       RESERVED
-CVE-2020-7638
-       RESERVED
-CVE-2020-7637
-       RESERVED
-CVE-2020-7636
-       RESERVED
-CVE-2020-7635
-       RESERVED
-CVE-2020-7634
-       RESERVED
-CVE-2020-7633
-       RESERVED
-CVE-2020-7632
-       RESERVED
-CVE-2020-7631
-       RESERVED
+CVE-2020-7639 (eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype 
Pollution.T ...)
+       TODO: check
+CVE-2020-7638 (confinit through 0.3.0 is vulnerable to Prototype Pollution.The 
'setDe ...)
+       TODO: check
+CVE-2020-7637 (class-transformer through 0.2.3 is vulnerable to Prototype 
Pollution.  ...)
+       TODO: check
+CVE-2020-7636 (adb-driver through 0.1.8 is vulnerable to Command Injection.It 
allows  ...)
+       TODO: check
+CVE-2020-7635 (compass-compile through 0.0.1 is vulnerable to Command 
Injection.It al ...)
+       TODO: check
+CVE-2020-7634 (heroku-addonpool through 0.1.15 is vulnerable to Command 
Injection. ...)
+       TODO: check
+CVE-2020-7633 (apiconnect-cli-plugins through 6.0.1 is vulnerable to Command 
Injectio ...)
+       TODO: check
+CVE-2020-7632 (node-mpv through 1.4.3 is vulnerable to Command Injection. It 
allows e ...)
+       TODO: check
+CVE-2020-7631 (diskusage-ng through 0.2.4 is vulnerable to Command 
Injection.It allow ...)
+       TODO: check
 CVE-2020-7630 (git-add-remote through 1.0.0 is vulnerable to Command 
Injection. It al ...)
        NOT-FOR-US: git-add-remote node module
 CVE-2020-7629 (install-package through 0.4.0 is vulnerable to Command 
Injection. It a ...)
@@ -9178,8 +9177,8 @@ CVE-2020-7624 (effect through 1.0.4 is vulnerable to 
Command Injection. It allow
        NOT-FOR-US: effect node module
 CVE-2020-7623 (jscover through 1.0.0 is vulnerable to Command Injection. It 
allows ex ...)
        NOT-FOR-US: Node jscover
-CVE-2020-7622
-       RESERVED
+CVE-2020-7622 (All versions before 2.2.1 are vulnerable to HTTP Response 
Splitting. T ...)
+       TODO: check
 CVE-2020-7621 (strong-nginx-controller through 1.0.2 is vulnerable to Command 
Injecti ...)
        NOT-FOR-US: Node strong-nginx-controller
 CVE-2020-7620 (pomelo-monitor through 0.3.7 is vulnerable to Command 
Injection.It all ...)
@@ -14471,8 +14470,8 @@ CVE-2020-5302
        RESERVED
 CVE-2020-5301
        RESERVED
-CVE-2020-5300
-       RESERVED
+CVE-2020-5300 (In Hydra (an OAuth2 Server and OpenID Certified&#8482; OpenID 
Connect  ...)
+       TODO: check
 CVE-2020-5299
        RESERVED
 CVE-2020-5298
@@ -22015,8 +22014,8 @@ CVE-2019-19701
        RESERVED
 CVE-2019-19700
        RESERVED
-CVE-2019-19699
-       RESERVED
+CVE-2019-19699 (There is Authenticated remote code execution in Centreon 
Infrastructur ...)
+       TODO: check
 CVE-2019-19698 (marc-q libwav through 2017-04-20 has a NULL pointer 
dereference in wav ...)
        NOT-FOR-US: libwav
 CVE-2019-19697 (An arbitrary code execution vulnerability exists in the Trend 
Micro Se ...)
@@ -24585,8 +24584,8 @@ CVE-2020-1730
 CVE-2020-1729
        RESERVED
        NOT-FOR-US: SmallRye Config
-CVE-2020-1728
-       RESERVED
+CVE-2020-1728 (A vulnerability was found in all versions of Keycloak where, 
the pages ...)
+       TODO: check
 CVE-2020-1727
        RESERVED
 CVE-2020-1726 (A flaw was discovered in Podman where it incorrectly allows 
containers ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed6edbf1ef3392e5380570523bcb8fe2a722df43

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed6edbf1ef3392e5380570523bcb8fe2a722df43
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to