[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 25 Apr 2020 01:10:39 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
354ece62 by security tracker role at 2020-04-25T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2020-12248
+       RESERVED
+CVE-2020-12247
+       RESERVED
+CVE-2020-12246
+       RESERVED
+CVE-2020-12245 (Grafana before 6.7.3 allows table-panel XSS via column.title 
or cellLi ...)
+       TODO: check
+CVE-2020-12244
+       RESERVED
+CVE-2020-12243
+       RESERVED
 CVE-2020-12242
        RESERVED
 CVE-2020-12241
@@ -351,8 +363,8 @@ CVE-2020-12072
        RESERVED
 CVE-2020-12071 (Anchor 0.12.7 allows admins to cause XSS via crafted post 
content. ...)
        TODO: check
-CVE-2020-12070
-       RESERVED
+CVE-2020-12070 (The Advanced Woo Search plugin version through 1.99 for 
Wordpress suff ...)
+       TODO: check
 CVE-2020-12069
        RESERVED
 CVE-2020-12068
@@ -3852,8 +3864,8 @@ CVE-2020-11015
        RESERVED
 CVE-2020-11014
        RESERVED
-CVE-2020-11013
-       RESERVED
+CVE-2020-11013 (Their is an information disclosure vulnerability in Helm from 
version  ...)
+       TODO: check
 CVE-2020-11012 (MinIO versions before RELEASE.2020-04-23T00-58-49Z have an 
authenticat ...)
        TODO: check
 CVE-2020-11011 (In Phproject before version 1.7.8, there's a vulnerability 
which allow ...)
@@ -3882,8 +3894,8 @@ CVE-2020-11006
        RESERVED
 CVE-2020-11005 (The WindowsHello open source library (NuGet 
HaemmerElectronics.SeppPen ...)
        NOT-FOR-US: WindowsHello
-CVE-2020-11004
-       RESERVED
+CVE-2020-11004 (SQL Injection was discovered in Admidio before version 3.3.13. 
The mai ...)
+       TODO: check
 CVE-2020-11003 (Oasis before version 2.15.0 has a potential DNS rebinding or 
CSRF vuln ...)
        NOT-FOR-US: Oasis (not the same as src:oasis)
 CVE-2020-11002 (dropwizard-validation before versions 2.0.3 and 1.3.21 has a 
remote co ...)
@@ -15331,10 +15343,10 @@ CVE-2020-6215 (SAP NetWeaver AS ABAP Business Server 
Pages Test Application IT00
        NOT-FOR-US: SAP
 CVE-2020-6214 (SAP S/4HANA (Financial Products Subledger), version 100, uses 
an incor ...)
        NOT-FOR-US: SAP
-CVE-2020-6213
-       RESERVED
-CVE-2020-6212
-       RESERVED
+CVE-2020-6213 (SAP NetWeaver AS ABAP Business Server Pages Test Application 
SBSPEXT_P ...)
+       TODO: check
+CVE-2020-6212 (Egypt localized withholding tax reports Clearing of Liabilities 
and Re ...)
+       TODO: check
 CVE-2020-6211 (SAP Business Objects Business Intelligence Platform 
(AdminTools), vers ...)
        NOT-FOR-US: SAP
 CVE-2020-6210 (SAP Fiori Launchpad, versions- 753, 754, does not sufficiently 
encode  ...)
@@ -62405,7 +62417,7 @@ CVE-2019-9185 (Controller/Async/FilesystemManager.php 
in the filemanager in Bolt
        NOT-FOR-US: Bolt CMS
 CVE-2019-9184 (SQL injection vulnerability in the J2Store plugin 3.x before 
3.3.7 for ...)
        NOT-FOR-US: J2Store plugin for Joomla!
-CVE-2019-9183 (An issue was discovered in Contiki-NG through 4.2 and Contiki 
through  ...)
+CVE-2019-9183 (An issue was discovered in Contiki-NG through 4.3 and Contiki 
through  ...)
        TODO: check
 CVE-2019-9182 (There is a CSRF in ZZZCMS zzzphp V1.6.1 via a 
/admin015/save.php?act=e ...)
        NOT-FOR-US: ZZZCMS
@@ -64759,7 +64771,7 @@ CVE-2019-8361 (PHP Scripts Mall Responsive Video News 
Script has XSS via the Sea
        NOT-FOR-US: PHP Scripts Mall Responsive Video News Script
 CVE-2019-8360 (Themerig Find a Place CMS Directory 1.5 has SQL Injection via 
the find ...)
        NOT-FOR-US: Themerig Find a Place CMS Directory
-CVE-2019-8359 (An issue was discovered in Contiki-NG through 4.2 and Contiki 
through  ...)
+CVE-2019-8359 (An issue was discovered in Contiki-NG through 4.3 and Contiki 
through  ...)
        TODO: check
 CVE-2019-8358 (In Hiawatha before 10.8.4, a remote attacker is able to do 
directory t ...)
        NOT-FOR-US: Hiawatha



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/354ece6214f1e4ba2160a0185912f4f7b712a0c6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/354ece6214f1e4ba2160a0185912f4f7b712a0c6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to