[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sun, 09 Aug 2020 01:10:52 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8766a87c by security tracker role at 2020-08-09T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3332,36 +3332,36 @@ CVE-2020-15833
        RESERVED
 CVE-2020-15832
        RESERVED
-CVE-2020-15831
-       RESERVED
-CVE-2020-15830
-       RESERVED
-CVE-2020-15829
-       RESERVED
-CVE-2020-15828
-       RESERVED
-CVE-2020-15827
-       RESERVED
-CVE-2020-15826
-       RESERVED
-CVE-2020-15825
-       RESERVED
-CVE-2020-15824
-       RESERVED
-CVE-2020-15823
-       RESERVED
+CVE-2020-15831 (JetBrains TeamCity before 2019.2.3 is vulnerable to reflected 
XSS in t ...)
+       TODO: check
+CVE-2020-15830 (JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS 
in the  ...)
+       TODO: check
+CVE-2020-15829 (In JetBrains TeamCity before 2019.2.3, password parameters 
could be di ...)
+       TODO: check
+CVE-2020-15828 (In JetBrains TeamCity before 2020.1.1, project parameter 
values can be ...)
+       TODO: check
+CVE-2020-15827 (In JetBrains ToolBox version 1.17 before 1.17.6856, the set of 
signatu ...)
+       TODO: check
+CVE-2020-15826 (In JetBrains TeamCity before 2020.1, users are able to assign 
more per ...)
+       TODO: check
+CVE-2020-15825 (In JetBrains TeamCity before 2020.1, users with the Modify 
Group permi ...)
+       TODO: check
+CVE-2020-15824 (In JetBrains Kotlin before 1.4.0, there is a script-cache 
privilege es ...)
+       TODO: check
+CVE-2020-15823 (JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in 
the Wor ...)
+       TODO: check
 CVE-2020-15822
        RESERVED
-CVE-2020-15821
-       RESERVED
-CVE-2020-15820
-       RESERVED
-CVE-2020-15819
-       RESERVED
-CVE-2020-15818
-       RESERVED
-CVE-2020-15817
-       RESERVED
+CVE-2020-15821 (In JetBrains YouTrack before 2020.2.6881, a user without 
permission is ...)
+       TODO: check
+CVE-2020-15820 (In JetBrains YouTrack before 2020.2.6881, the markdown parser 
could di ...)
+       TODO: check
+CVE-2020-15819 (JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF 
that all ...)
+       TODO: check
+CVE-2020-15818 (In JetBrains YouTrack before 2020.2.8527, the subtasks 
workflow could  ...)
+       TODO: check
+CVE-2020-15817 (In JetBrains YouTrack before 2020.1.1331, an external user 
could execu ...)
+       TODO: check
 CVE-2020-15862 [privilege escalation]
        RESERVED
        {DLA-2299-1}
@@ -11252,7 +11252,7 @@ CVE-2020-12697 (The direct_mail extension through 5.2.3 
for TYPO3 allows Denial
 CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a 
URL. ...)
        NOT-FOR-US: iframe plugin for WordPress
 CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 
2020-04-17  ...)
-       {DLA-2315-1}
+       {DLA-2318-1 DLA-2315-1}
        - wpa <unfixed>
        [buster] - wpa <no-dsa> (Minor issue)
        - gupnp 1.2.3-1
@@ -34142,7 +34142,7 @@ CVE-2020-4051 (In Dijit before versions 1.11.11, and 
greater than or equal to 1.
 CVE-2020-4045 (SSB-DB version 20.0.0 has an information disclosure 
vulnerability. The ...)
        NOT-FOR-US: SSB-DB
 CVE-2020-4044 (The xrdp-sesman service before version 0.9.13.1 can be crashed 
by conn ...)
-       {DSA-4737-1}
+       {DSA-4737-1 DLA-2319-1}
        - xrdp 0.9.12-1.1 (bug #964573)
        NOTE: 
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j9fv-6fwf-p3g4
        NOTE: Fixed by: 
https://github.com/neutrinolabs/xrdp/commit/e593f58a82bf79b556601ae08e9e25e366a662fb
@@ -38804,8 +38804,8 @@ CVE-2019-19706
        RESERVED
 CVE-2019-19705
        RESERVED
-CVE-2019-19704
-       RESERVED
+CVE-2019-19704 (In JetBrains Upsource before 2020.1, information disclosure is 
possibl ...)
+       TODO: check
 CVE-2019-19703 (In Ktor through 1.2.6, the client resends data from the HTTP 
Authoriza ...)
        NOT-FOR-US: Ktor
 CVE-2019-19702 (The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an 
XML Ext ...)
@@ -73121,7 +73121,7 @@ CVE-2019-10065 (An issue was discovered in Open Ticket 
Request System (OTRS) 7.0
        - otrs2 <not-affected> (Only affects 7.x series)
        NOTE: https://otrs.com/release-notes/otrs-security-advisory-2019-07/
 CVE-2019-10064 (hostapd before 2.6, in EAP mode, makes calls to the rand() and 
random( ...)
-       {DLA-2138-1}
+       {DLA-2318-1 DLA-2138-1}
        - wpa 2:2.6-7
        NOTE: https://www.openwall.com/lists/oss-security/2020/02/27/1
        NOTE: Comment from upstream: 
https://www.openwall.com/lists/oss-security/2020/02/27/2



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8766a87ceeef264e0fe8550ab49cc35124dc617a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8766a87ceeef264e0fe8550ab49cc35124dc617a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to