Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
50c3f052 by security tracker role at 2020-07-24T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2020-15932
+ RESERVED
+CVE-2020-15931
+ RESERVED
+CVE-2020-15930
+ RESERVED
+CVE-2020-15929
+ RESERVED
+CVE-2020-15928
+ RESERVED
+CVE-2020-15927
+ RESERVED
+CVE-2020-15926
+ RESERVED
+CVE-2020-15925
+ RESERVED
+CVE-2020-15924 (There is a SQL Injection in Mida eFramework through 2.9.0 that
leads t ...)
+ TODO: check
+CVE-2020-15923 (Mida eFramework through 2.9.0 allows unauthenticated ../
directory tra ...)
+ TODO: check
+CVE-2020-15922 (There is an OS Command Injection in Mida eFramework 2.9.0 that
allows ...)
+ TODO: check
+CVE-2020-15921 (Mida eFramework through 2.9.0 has a back door that permits a
change of ...)
+ TODO: check
+CVE-2020-15920 (There is an OS Command Injection in Mida eFramework through
2.9.0 that ...)
+ TODO: check
+CVE-2020-15919 (A Reflected Cross Site Scripting (XSS) vulnerability was
discovered in ...)
+ TODO: check
+CVE-2020-15918 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities
were discov ...)
+ TODO: check
CVE-2020-15917 (common/session.c in Claws Mail before 3.17.6 has a protocol
violation ...)
- claws-mail 3.17.6-1
NOTE:
https://git.claws-mail.org/?p=claws.git;a=commit;h=fcc25329049b6f9bd8d890f1197ed61eb12e14d5
@@ -641,12 +671,12 @@ CVE-2020-15635
RESERVED
CVE-2020-15634
RESERVED
-CVE-2020-15633
- RESERVED
-CVE-2020-15632
- RESERVED
-CVE-2020-15631
- RESERVED
+CVE-2020-15633 (This vulnerability allows network-adjacent attackers to bypass
authent ...)
+ TODO: check
+CVE-2020-15632 (This vulnerability allows network-adjacent attackers to bypass
authent ...)
+ TODO: check
+CVE-2020-15631 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
+ TODO: check
CVE-2020-15630
RESERVED
CVE-2020-15629
@@ -989,8 +1019,8 @@ CVE-2020-15494
RESERVED
CVE-2020-15493
RESERVED
-CVE-2020-15492
- RESERVED
+CVE-2020-15492 (An issue was discovered in INNEO Startup TOOLS 2017 M021
12.0.66.3784 ...)
+ TODO: check
CVE-2020-15491
RESERVED
CVE-2020-15490 (An issue was discovered on Wavlink WL-WN530HG4
M30HG4.V5030.191116 dev ...)
@@ -1019,8 +1049,8 @@ CVE-2020-15479
RESERVED
CVE-2020-15478 (The Journal theme before 3.1.0 for OpenCart allows exposure of
sensiti ...)
NOT-FOR-US: Journal theme for OpenCart
-CVE-2020-15477
- RESERVED
+CVE-2020-15477 (The WebControl in RaspberryTortoise through 2012-10-28 is
vulnerable t ...)
+ TODO: check
CVE-2020-15476 (In nDPI through 3.2, the Oracle protocol dissector has a
heap-based bu ...)
- ndpi <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780
@@ -1230,8 +1260,8 @@ CVE-2020-15393 (In the Linux kernel through 5.7.6,
usbtest_disconnect in drivers
NOTE:
https://git.kernel.org/linus/28ebeb8db77035e058a510ce9bd17c2b9a009dba
CVE-2020-15392 (A user enumeration vulnerability flaw was found in Venki
Supravizio BP ...)
NOT-FOR-US: Venki
-CVE-2020-15391
- RESERVED
+CVE-2020-15391 (The UI in DevSpace 4.13.0 allows web sites to execute actions
on pods ...)
+ TODO: check
CVE-2020-15390
RESERVED
CVE-2020-15389 (jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a
use-after-free th ...)
@@ -4214,8 +4244,8 @@ CVE-2020-14177
RESERVED
CVE-2020-14176
RESERVED
-CVE-2020-14175
- RESERVED
+CVE-2020-14175 (Affected versions of Atlassian Confluence Server and Data
Center allow ...)
+ TODO: check
CVE-2020-14174 (Affected versions of Atlassian Jira Server and Data Center
allow remot ...)
NOT-FOR-US: Atlassian
CVE-2020-14173 (The file upload feature in Atlassian Jira Server and Data
Center in af ...)
@@ -11540,12 +11570,12 @@ CVE-2020-11627 (An issue was discovered in EJBCA
before 6.15.2.6 and 7.x before
NOT-FOR-US: EJBCA / PrimeKey
CVE-2020-11626 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x
before 7.3.1. ...)
NOT-FOR-US: EJBCA / PrimeKey
-CVE-2020-11625
- RESERVED
-CVE-2020-11624
- RESERVED
-CVE-2020-11623
- RESERVED
+CVE-2020-11625 (An issue was discovered in AvertX Auto focus Night Vision HD
Indoor/Ou ...)
+ TODO: check
+CVE-2020-11624 (An issue was discovered in AvertX Auto focus Night Vision HD
Indoor/Ou ...)
+ TODO: check
+CVE-2020-11623 (An issue was discovered in AvertX Auto focus Night Vision HD
Indoor/Ou ...)
+ TODO: check
CVE-2020-11622 (A vulnerability exists in Arista’s Cloud EOS VM / vEOS
4.23.2M a ...)
NOT-FOR-US: Cloud EOS
CVE-2020-11621
@@ -22168,20 +22198,20 @@ CVE-2020-7522
RESERVED
CVE-2020-7521
RESERVED
-CVE-2020-7520
- RESERVED
-CVE-2020-7519
- RESERVED
-CVE-2020-7518
- RESERVED
-CVE-2020-7517
- RESERVED
-CVE-2020-7516
- RESERVED
-CVE-2020-7515
- RESERVED
-CVE-2020-7514
- RESERVED
+CVE-2020-7520 (A CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
vulnera ...)
+ TODO: check
+CVE-2020-7519 (A CWE-521: Weak Password Requirements vulnerability exists in
Easergy ...)
+ TODO: check
+CVE-2020-7518 (A CWE-20: Improper input validation vulnerability exists in
Easergy Bu ...)
+ TODO: check
+CVE-2020-7517 (A CWE-312: Cleartext Storage of Sensitive Information
vulnerability ex ...)
+ TODO: check
+CVE-2020-7516 (A CWE-316: Cleartext Storage of Sensitive Information in Memory
vulner ...)
+ TODO: check
+CVE-2020-7515 (A CWE-321: Use of hard-coded cryptographic key stored in
cleartext vul ...)
+ TODO: check
+CVE-2020-7514 (A CWE-327: Use of a Broken or Risky Cryptographic Algorithm
vulnerabil ...)
+ TODO: check
CVE-2020-7513 (A CWE-312: Cleartext Storage of Sensitive Information
vulnerability ex ...)
NOT-FOR-US: Schneider
CVE-2020-7512 (A CWE-1103: Use of Platform-Dependent Third Party Components
with vuln ...)
@@ -22226,8 +22256,8 @@ CVE-2020-7493 (A CWE-89: Improper Neutralization of
Special Elements used in an
NOT-FOR-US: Schneider
CVE-2020-7492 (A CWE-521: Weak Password Requirements vulnerability exists in
the GP-P ...)
NOT-FOR-US: Schneider
-CVE-2020-7491
- RESERVED
+CVE-2020-7491 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port
account in ...)
+ TODO: check
CVE-2020-7490 (A CWE-426: Untrusted Search Path vulnerability exists in Vijeo
Designe ...)
NOT-FOR-US: Schneider
CVE-2020-7489 (A CWE-74: Improper Neutralization of Special Elements in Output
Used b ...)
@@ -39588,8 +39618,8 @@ CVE-2019-18835 (Matrix Synapse before 1.5.0 mishandles
signature checking on som
- matrix-synapse 1.5.0-1 (bug #944355)
NOTE: https://github.com/matrix-org/synapse/pull/6262
NOTE: https://github.com/matrix-org/synapse/releases/tag/v1.5.0
-CVE-2019-18834
- RESERVED
+CVE-2019-18834 (Persistent XSS in the WooCommerce Subscriptions plugin before
2.6.3 fo ...)
+ TODO: check
CVE-2019-18833 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow
Informa ...)
NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
CVE-2019-18832 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have
incorrec ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50c3f052a0ac73b1246d255b7a7d87b1d3fe9ad9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50c3f052a0ac73b1246d255b7a7d87b1d3fe9ad9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
