[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 01 Jul 2020 01:10:53 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f3dd47dd by security tracker role at 2020-07-01T08:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,109 @@
+CVE-2020-15468 (Persian VIP Download Script 1.0 allows SQL Injection via the 
cart_edit ...)
+       TODO: check
+CVE-2020-15467
+       RESERVED
+CVE-2020-15466
+       RESERVED
+CVE-2020-15465
+       RESERVED
+CVE-2020-15464
+       RESERVED
+CVE-2020-15463
+       RESERVED
+CVE-2020-15462
+       RESERVED
+CVE-2020-15461
+       RESERVED
+CVE-2020-15460
+       RESERVED
+CVE-2020-15459
+       RESERVED
+CVE-2020-15458
+       RESERVED
+CVE-2020-15457
+       RESERVED
+CVE-2020-15456
+       RESERVED
+CVE-2020-15455
+       RESERVED
+CVE-2020-15454
+       RESERVED
+CVE-2020-15453
+       RESERVED
+CVE-2020-15452
+       RESERVED
+CVE-2020-15451
+       RESERVED
+CVE-2020-15450
+       RESERVED
+CVE-2020-15449
+       RESERVED
+CVE-2020-15448
+       RESERVED
+CVE-2020-15447
+       RESERVED
+CVE-2020-15446
+       RESERVED
+CVE-2020-15445
+       RESERVED
+CVE-2020-15444
+       RESERVED
+CVE-2020-15443
+       RESERVED
+CVE-2020-15442
+       RESERVED
+CVE-2020-15441
+       RESERVED
+CVE-2020-15440
+       RESERVED
+CVE-2020-15439
+       RESERVED
+CVE-2020-15438
+       RESERVED
+CVE-2020-15437
+       RESERVED
+CVE-2020-15436
+       RESERVED
+CVE-2020-15435
+       RESERVED
+CVE-2020-15434
+       RESERVED
+CVE-2020-15433
+       RESERVED
+CVE-2020-15432
+       RESERVED
+CVE-2020-15431
+       RESERVED
+CVE-2020-15430
+       RESERVED
+CVE-2020-15429
+       RESERVED
+CVE-2020-15428
+       RESERVED
+CVE-2020-15427
+       RESERVED
+CVE-2020-15426
+       RESERVED
+CVE-2020-15425
+       RESERVED
+CVE-2020-15424
+       RESERVED
+CVE-2020-15423
+       RESERVED
+CVE-2020-15422
+       RESERVED
+CVE-2020-15421
+       RESERVED
+CVE-2020-15420
+       RESERVED
+CVE-2020-15419
+       RESERVED
+CVE-2020-15418
+       RESERVED
+CVE-2020-15417
+       RESERVED
+CVE-2020-15416
+       RESERVED
 CVE-2020-15415 (On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 
1.5.1, c ...)
        NOT-FOR-US: DrayTek
 CVE-2020-15414
@@ -988,8 +1094,8 @@ CVE-2020-14949
        RESERVED
 CVE-2020-14948
        RESERVED
-CVE-2020-14947
-       RESERVED
+CVE-2020-14947 (OCS Inventory NG 2.7 allows Remote Command Execution via shell 
metacha ...)
+       TODO: check
 CVE-2020-14946 (downloadFile.ashx in the Administrator section of the 
Surveillance mod ...)
        NOT-FOR-US: Surveillance module in Global RADAR BSA Radar
 CVE-2020-14945 (A privilege escalation vulnerability exists within Global 
RADAR BSA Ra ...)
@@ -2314,7 +2420,7 @@ CVE-2016-11062 (An issue was discovered in Mattermost 
Server before 3.5.1. E-mai
 CVE-2015-9548 (An issue was discovered in Mattermost Server before 1.2.0. It 
allows a ...)
        NOT-FOR-US: Mattermost
 CVE-2020-14954 (Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a 
STARTTLS buffe ...)
-       {DSA-4708-1 DSA-4707-1}
+       {DSA-4708-1 DSA-4707-1 DLA-2268-2 DLA-2268-1}
        - mutt 1.14.4-1
        - neomutt 20200619+dfsg.1-1
        NOTE: 
https://gitlab.com/muttmua/mutt/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4
@@ -2945,18 +3051,18 @@ CVE-2020-14171
        RESERVED
 CVE-2020-14170
        RESERVED
-CVE-2020-14169
-       RESERVED
-CVE-2020-14168
-       RESERVED
-CVE-2020-14167
-       RESERVED
-CVE-2020-14166
-       RESERVED
-CVE-2020-14165
-       RESERVED
-CVE-2020-14164
-       RESERVED
+CVE-2020-14169 (The quick search component in Atlassian Jira Server and Data 
Center be ...)
+       TODO: check
+CVE-2020-14168 (The email client in Jira Server and Data Center before version 
7.13.16 ...)
+       TODO: check
+CVE-2020-14167 (The MessageBundleResource resource in Jira Server and Data 
Center befo ...)
+       TODO: check
+CVE-2020-14166 (The /servicedesk/customer/portals resource in Jira Service 
Desk Server ...)
+       TODO: check
+CVE-2020-14165 (The UniversalAvatarResource.getAvatars resource in Jira Server 
and Dat ...)
+       TODO: check
+CVE-2020-14164 (The WYSIWYG editor resource in Jira Server and Data Center 
before vers ...)
+       TODO: check
 CVE-2020-14163 (An issue was discovered in 
ecma/operations/ecma-container-object.c in  ...)
        NOT-FOR-US: JerryScript
 CVE-2020-14162
@@ -3154,7 +3260,7 @@ CVE-2017-18869 (A TOCTOU issue in the chownr package 
before 1.1.0 for Node.js 10
        NOTE: https://github.com/isaacs/chownr/issues/14
        NOTE: https://snyk.io/vuln/npm:chownr:20180731
 CVE-2020-14093 (Mutt before 1.14.3 allows an IMAP fcc/postpone 
man-in-the-middle attac ...)
-       {DSA-4708-1 DSA-4707-1}
+       {DSA-4708-1 DSA-4707-1 DLA-2268-2 DLA-2268-1}
        - mutt 1.14.3-1 (bug #962897)
        - neomutt 20200619+dfsg.1-1
        NOTE: Fixed by: 
https://gitlab.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01
@@ -16167,10 +16273,10 @@ CVE-2020-9416
        RESERVED
 CVE-2020-9415
        RESERVED
-CVE-2020-9414
-       RESERVED
-CVE-2020-9413
-       RESERVED
+CVE-2020-9414 (The MFT admin service component of TIBCO Software Inc.'s TIBCO 
Managed ...)
+       TODO: check
+CVE-2020-9413 (The MFT Browser file transfer client and MFT Browser admin 
client comp ...)
+       TODO: check
 CVE-2020-9412 (The file transfer component of TIBCO Software Inc.'s TIBCO 
Managed Fil ...)
        NOT-FOR-US: TIBCO
 CVE-2020-9411 (The file transfer component of TIBCO Software Inc.'s TIBCO 
Managed Fil ...)
@@ -19800,8 +19906,8 @@ CVE-2019-20410 (Affected versions of Atlassian Jira 
Server and Data Center allow
        NOT-FOR-US: Atlassian
 CVE-2019-20409 (The way in which velocity templates were used in Atlassian 
Jira Server ...)
        NOT-FOR-US: Atlassian
-CVE-2019-20408
-       RESERVED
+CVE-2019-20408 (The /plugins/servlet/gadgets/makeRequest resource in Jira 
before versi ...)
+       TODO: check
 CVE-2019-20407 (The ConfigureBambooRelease resource in Jira Software and Jira 
Software ...)
        NOT-FOR-US: Atlassian Jira
 CVE-2019-20406 (The usage of Tomcat in Confluence on the Microsoft Windows 
operating s ...)
@@ -24504,18 +24610,18 @@ CVE-2020-5975
        RESERVED
 CVE-2020-5974
        RESERVED
-CVE-2020-5973
-       RESERVED
-CVE-2020-5972
-       RESERVED
-CVE-2020-5971
-       RESERVED
-CVE-2020-5970
-       RESERVED
-CVE-2020-5969
-       RESERVED
-CVE-2020-5968
-       RESERVED
+CVE-2020-5973 (NVIDIA Virtual GPU Manager and the guest drivers contain a 
vulnerabili ...)
+       TODO: check
+CVE-2020-5972 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU 
plugin ...)
+       TODO: check
+CVE-2020-5971 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU 
plugin ...)
+       TODO: check
+CVE-2020-5970 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU 
plugin ...)
+       TODO: check
+CVE-2020-5969 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU 
plugin ...)
+       TODO: check
+CVE-2020-5968 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU 
plugin ...)
+       TODO: check
 CVE-2020-5967 (NVIDIA Linux GPU Display Driver, all versions, contains a 
vulnerabilit ...)
        - nvidia-graphics-drivers 440.100-1 (bug #963766)
        [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -29112,22 +29218,22 @@ CVE-2020-4030 (In FreeRDP before version 2.1.2, there 
is an out of bounds read i
        - freerdp <removed>
        [stretch] - freerdp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
-CVE-2020-4029
-       RESERVED
+CVE-2020-4029 (The /rest/project-templates/1.0/createshared resource in 
Atlassian Jir ...)
+       TODO: check
 CVE-2020-4028 (Versions before 8.9.1, Various resources in Jira responded with 
a 404  ...)
        NOT-FOR-US: Atlassian
-CVE-2020-4027
-       RESERVED
+CVE-2020-4027 (Atlassian Confluence Server and Data Center before version 
7.5.1 allow ...)
+       TODO: check
 CVE-2020-4026 (The CustomAppsRestResource list resource in Atlassian Navigator 
Links  ...)
        NOT-FOR-US: Atlassian
-CVE-2020-4025
-       RESERVED
-CVE-2020-4024
-       RESERVED
+CVE-2020-4025 (The attachment download resource in Atlassian Jira Server and 
Data Cen ...)
+       TODO: check
+CVE-2020-4024 (The attachment download resource in Atlassian Jira Server and 
Data Cen ...)
+       TODO: check
 CVE-2020-4023 (The review coverage resource in Atlassian Fisheye and Crucible 
before  ...)
        NOT-FOR-US: Atlassian Fisheye and Crucible
-CVE-2020-4022
-       RESERVED
+CVE-2020-4022 (The attachment download resource in Atlassian Jira Server and 
Data Cen ...)
+       TODO: check
 CVE-2020-4021 (Affected versions are: Before 8.5.5, and from 8.6.0 before 
8.8.1 of At ...)
        NOT-FOR-US: Atlassian
 CVE-2020-4020 (The file downloading functionality in the Atlassian Companion 
App befo ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3dd47ddf07d45be07771ed3beaf622667786c94

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3dd47ddf07d45be07771ed3beaf622667786c94
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to