Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f3dd47dd by security tracker role at 2020-07-01T08:10:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,109 @@ +CVE-2020-15468 (Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit ...) + TODO: check +CVE-2020-15467 + RESERVED +CVE-2020-15466 + RESERVED +CVE-2020-15465 + RESERVED +CVE-2020-15464 + RESERVED +CVE-2020-15463 + RESERVED +CVE-2020-15462 + RESERVED +CVE-2020-15461 + RESERVED +CVE-2020-15460 + RESERVED +CVE-2020-15459 + RESERVED +CVE-2020-15458 + RESERVED +CVE-2020-15457 + RESERVED +CVE-2020-15456 + RESERVED +CVE-2020-15455 + RESERVED +CVE-2020-15454 + RESERVED +CVE-2020-15453 + RESERVED +CVE-2020-15452 + RESERVED +CVE-2020-15451 + RESERVED +CVE-2020-15450 + RESERVED +CVE-2020-15449 + RESERVED +CVE-2020-15448 + RESERVED +CVE-2020-15447 + RESERVED +CVE-2020-15446 + RESERVED +CVE-2020-15445 + RESERVED +CVE-2020-15444 + RESERVED +CVE-2020-15443 + RESERVED +CVE-2020-15442 + RESERVED +CVE-2020-15441 + RESERVED +CVE-2020-15440 + RESERVED +CVE-2020-15439 + RESERVED +CVE-2020-15438 + RESERVED +CVE-2020-15437 + RESERVED +CVE-2020-15436 + RESERVED +CVE-2020-15435 + RESERVED +CVE-2020-15434 + RESERVED +CVE-2020-15433 + RESERVED +CVE-2020-15432 + RESERVED +CVE-2020-15431 + RESERVED +CVE-2020-15430 + RESERVED +CVE-2020-15429 + RESERVED +CVE-2020-15428 + RESERVED +CVE-2020-15427 + RESERVED +CVE-2020-15426 + RESERVED +CVE-2020-15425 + RESERVED +CVE-2020-15424 + RESERVED +CVE-2020-15423 + RESERVED +CVE-2020-15422 + RESERVED +CVE-2020-15421 + RESERVED +CVE-2020-15420 + RESERVED +CVE-2020-15419 + RESERVED +CVE-2020-15418 + RESERVED +CVE-2020-15417 + RESERVED +CVE-2020-15416 + RESERVED CVE-2020-15415 (On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, c ...) NOT-FOR-US: DrayTek CVE-2020-15414 @@ -988,8 +1094,8 @@ CVE-2020-14949 RESERVED CVE-2020-14948 RESERVED -CVE-2020-14947 - RESERVED +CVE-2020-14947 (OCS Inventory NG 2.7 allows Remote Command Execution via shell metacha ...) + TODO: check CVE-2020-14946 (downloadFile.ashx in the Administrator section of the Surveillance mod ...) NOT-FOR-US: Surveillance module in Global RADAR BSA Radar CVE-2020-14945 (A privilege escalation vulnerability exists within Global RADAR BSA Ra ...) @@ -2314,7 +2420,7 @@ CVE-2016-11062 (An issue was discovered in Mattermost Server before 3.5.1. E-mai CVE-2015-9548 (An issue was discovered in Mattermost Server before 1.2.0. It allows a ...) NOT-FOR-US: Mattermost CVE-2020-14954 (Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffe ...) - {DSA-4708-1 DSA-4707-1} + {DSA-4708-1 DSA-4707-1 DLA-2268-2 DLA-2268-1} - mutt 1.14.4-1 - neomutt 20200619+dfsg.1-1 NOTE: https://gitlab.com/muttmua/mutt/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4 @@ -2945,18 +3051,18 @@ CVE-2020-14171 RESERVED CVE-2020-14170 RESERVED -CVE-2020-14169 - RESERVED -CVE-2020-14168 - RESERVED -CVE-2020-14167 - RESERVED -CVE-2020-14166 - RESERVED -CVE-2020-14165 - RESERVED -CVE-2020-14164 - RESERVED +CVE-2020-14169 (The quick search component in Atlassian Jira Server and Data Center be ...) + TODO: check +CVE-2020-14168 (The email client in Jira Server and Data Center before version 7.13.16 ...) + TODO: check +CVE-2020-14167 (The MessageBundleResource resource in Jira Server and Data Center befo ...) + TODO: check +CVE-2020-14166 (The /servicedesk/customer/portals resource in Jira Service Desk Server ...) + TODO: check +CVE-2020-14165 (The UniversalAvatarResource.getAvatars resource in Jira Server and Dat ...) + TODO: check +CVE-2020-14164 (The WYSIWYG editor resource in Jira Server and Data Center before vers ...) + TODO: check CVE-2020-14163 (An issue was discovered in ecma/operations/ecma-container-object.c in ...) NOT-FOR-US: JerryScript CVE-2020-14162 @@ -3154,7 +3260,7 @@ CVE-2017-18869 (A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10 NOTE: https://github.com/isaacs/chownr/issues/14 NOTE: https://snyk.io/vuln/npm:chownr:20180731 CVE-2020-14093 (Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attac ...) - {DSA-4708-1 DSA-4707-1} + {DSA-4708-1 DSA-4707-1 DLA-2268-2 DLA-2268-1} - mutt 1.14.3-1 (bug #962897) - neomutt 20200619+dfsg.1-1 NOTE: Fixed by: https://gitlab.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01 @@ -16167,10 +16273,10 @@ CVE-2020-9416 RESERVED CVE-2020-9415 RESERVED -CVE-2020-9414 - RESERVED -CVE-2020-9413 - RESERVED +CVE-2020-9414 (The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed ...) + TODO: check +CVE-2020-9413 (The MFT Browser file transfer client and MFT Browser admin client comp ...) + TODO: check CVE-2020-9412 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...) NOT-FOR-US: TIBCO CVE-2020-9411 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...) @@ -19800,8 +19906,8 @@ CVE-2019-20410 (Affected versions of Atlassian Jira Server and Data Center allow NOT-FOR-US: Atlassian CVE-2019-20409 (The way in which velocity templates were used in Atlassian Jira Server ...) NOT-FOR-US: Atlassian -CVE-2019-20408 - RESERVED +CVE-2019-20408 (The /plugins/servlet/gadgets/makeRequest resource in Jira before versi ...) + TODO: check CVE-2019-20407 (The ConfigureBambooRelease resource in Jira Software and Jira Software ...) NOT-FOR-US: Atlassian Jira CVE-2019-20406 (The usage of Tomcat in Confluence on the Microsoft Windows operating s ...) @@ -24504,18 +24610,18 @@ CVE-2020-5975 RESERVED CVE-2020-5974 RESERVED -CVE-2020-5973 - RESERVED -CVE-2020-5972 - RESERVED -CVE-2020-5971 - RESERVED -CVE-2020-5970 - RESERVED -CVE-2020-5969 - RESERVED -CVE-2020-5968 - RESERVED +CVE-2020-5973 (NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerabili ...) + TODO: check +CVE-2020-5972 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) + TODO: check +CVE-2020-5971 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) + TODO: check +CVE-2020-5970 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) + TODO: check +CVE-2020-5969 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) + TODO: check +CVE-2020-5968 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) + TODO: check CVE-2020-5967 (NVIDIA Linux GPU Display Driver, all versions, contains a vulnerabilit ...) - nvidia-graphics-drivers 440.100-1 (bug #963766) [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) @@ -29112,22 +29218,22 @@ CVE-2020-4030 (In FreeRDP before version 2.1.2, there is an out of bounds read i - freerdp <removed> [stretch] - freerdp <no-dsa> (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98 -CVE-2020-4029 - RESERVED +CVE-2020-4029 (The /rest/project-templates/1.0/createshared resource in Atlassian Jir ...) + TODO: check CVE-2020-4028 (Versions before 8.9.1, Various resources in Jira responded with a 404 ...) NOT-FOR-US: Atlassian -CVE-2020-4027 - RESERVED +CVE-2020-4027 (Atlassian Confluence Server and Data Center before version 7.5.1 allow ...) + TODO: check CVE-2020-4026 (The CustomAppsRestResource list resource in Atlassian Navigator Links ...) NOT-FOR-US: Atlassian -CVE-2020-4025 - RESERVED -CVE-2020-4024 - RESERVED +CVE-2020-4025 (The attachment download resource in Atlassian Jira Server and Data Cen ...) + TODO: check +CVE-2020-4024 (The attachment download resource in Atlassian Jira Server and Data Cen ...) + TODO: check CVE-2020-4023 (The review coverage resource in Atlassian Fisheye and Crucible before ...) NOT-FOR-US: Atlassian Fisheye and Crucible -CVE-2020-4022 - RESERVED +CVE-2020-4022 (The attachment download resource in Atlassian Jira Server and Data Cen ...) + TODO: check CVE-2020-4021 (Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of At ...) NOT-FOR-US: Atlassian CVE-2020-4020 (The file downloading functionality in the Atlassian Companion App befo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3dd47ddf07d45be07771ed3beaf622667786c94 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3dd47ddf07d45be07771ed3beaf622667786c94 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits