[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 13 Jul 2020 13:11:35 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2941cd9f by security tracker role at 2020-07-13T20:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2020-15700
+       RESERVED
+CVE-2020-15699
+       RESERVED
+CVE-2020-15698
+       RESERVED
+CVE-2020-15697
+       RESERVED
+CVE-2020-15696
+       RESERVED
+CVE-2020-15695
+       RESERVED
+CVE-2020-15694
+       RESERVED
+CVE-2020-15693
+       RESERVED
+CVE-2020-15692
+       RESERVED
+CVE-2020-15691
+       RESERVED
+CVE-2020-15690
+       RESERVED
+CVE-2020-15689 (Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI 
support, ...)
+       TODO: check
+CVE-2020-15688
+       RESERVED
+CVE-2020-15687
+       RESERVED
+CVE-2019-20907 (In Lib/tarfile.py in Python through 3.8.3, an attacker is able 
to craf ...)
+       TODO: check
 CVE-2020-15686
        RESERVED
 CVE-2020-15685
@@ -3617,7 +3647,7 @@ CVE-2020-14174 (Affected versions of Atlassian Jira 
Server and Data Center allow
        NOT-FOR-US: Atlassian
 CVE-2020-14173 (The file upload feature in Atlassian Jira Server and Data 
Center in af ...)
        NOT-FOR-US: Atlassian
-CVE-2020-14172 (Affected versions of Atlassian Jira Server and Data Center 
allow remot ...)
+CVE-2020-14172 (This issue exists to document that a security improvement in 
the way t ...)
        NOT-FOR-US: Atlassian
 CVE-2020-14171 (Atlassian Bitbucket Server from version 4.9.0 before version 
7.2.4 all ...)
        NOT-FOR-US: Atlassian
@@ -10533,8 +10563,8 @@ CVE-2020-11751
        RESERVED
 CVE-2020-11750
        RESERVED
-CVE-2020-11749
-       RESERVED
+CVE-2020-11749 (Pandora FMS 7.0 NG &lt;= 746 suffers from Multiple XSS 
vulnerabilities ...)
+       TODO: check
 CVE-2020-11748
        RESERVED
 CVE-2020-11747
@@ -12798,14 +12828,14 @@ CVE-2020-10991 (Mulesoft APIkit through 1.3.0 allows 
XXE because of validation/R
        NOT-FOR-US: Mulesoft APIkit
 CVE-2020-10990 (An XXE issue exists in Accenture Mercury before 1.12.28 
because of the ...)
        NOT-FOR-US: Accenture Mercury
-CVE-2020-10989
-       RESERVED
-CVE-2020-10988
-       RESERVED
-CVE-2020-10987
-       RESERVED
-CVE-2020-10986
-       RESERVED
+CVE-2020-10989 (An XSS issue in the /goform/WifiBasicSet endpoint of Tenda 
AC15 AC1900 ...)
+       TODO: check
+CVE-2020-10988 (A hard-coded telnet credential in the tenda_login binary of 
Tenda AC15 ...)
+       TODO: check
+CVE-2020-10987 (The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 
15.03.05 ...)
+       TODO: check
+CVE-2020-10986 (A CSRF issue in the /goform/SysToolReboot endpoint of Tenda 
AC15 AC190 ...)
+       TODO: check
 CVE-2020-10985
        RESERVED
 CVE-2020-10984
@@ -25784,8 +25814,8 @@ CVE-2020-5768
        RESERVED
 CVE-2020-5767
        RESERVED
-CVE-2020-5766
-       RESERVED
+CVE-2020-5766 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
 CVE-2020-5765
        RESERVED
 CVE-2020-5764 (MX Player Android App versions prior to v1.24.5, are vulnerable 
to a d ...)
@@ -37462,8 +37492,7 @@ CVE-2019-19340 (A flaw was found in Ansible Tower, 
versions 3.6.x before 3.6.2 a
        NOT-FOR-US: Ansible Tower
 CVE-2019-19339 (It was found that the Red Hat Enterprise Linux 8 kpatch update 
did not ...)
        NOT-FOR-US: Red Hat specific kpatch update which was incomplete to 
address CVE-2018-12207
-CVE-2019-19338 [KVM: export MSR_IA32_TSX_CTRL to guest -  incomplete fix for 
TAA (CVE-2019-11135)]
-       RESERVED
+CVE-2019-19338 (A flaw was found in the fix for CVE-2019-11135, in the Linux 
upstream  ...)
        - linux <not-affected> (Only affects specific distro kernels which do 
not include commit e1d38b63acd8)
        NOTE: https://www.openwall.com/lists/oss-security/2019/12/10/3
        NOTE: https://www.openwall.com/lists/oss-security/2019/12/11/1
@@ -83944,8 +83973,8 @@ CVE-2019-4593 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 
generates an error message that
        NOT-FOR-US: IBM
 CVE-2019-4592 (IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 
could allow ...)
        NOT-FOR-US: IBM
-CVE-2019-4591
-       RESERVED
+CVE-2019-4591 (IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate 
sessio ...)
+       TODO: check
 CVE-2019-4590
        RESERVED
 CVE-2019-4589



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2941cd9f63dd6c45594627b5e076a9e786bf68a1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2941cd9f63dd6c45594627b5e076a9e786bf68a1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to