[Git][security-tracker-team/security-tracker][master] various bugs

Moritz Muehlenhoff Thu, 29 Oct 2020 11:53:12 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
91e443d5 by Moritz Mühlenhoff at 2020-10-29T19:52:21+01:00
various bugs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -698,13 +698,13 @@ CVE-2020-27743 (libtac in pam_tacplus through 1.5.1 lacks 
a check for a failure
        - libpam-tacplus <unfixed> (bug #973250)
        NOTE: https://github.com/kravietz/pam_tacplus/pull/163
 CVE-2020-27742 (An Insecure Direct Object Reference vulnerability in Citadel 
WebCit th ...)
-       - webcit <unfixed>
+       - webcit <unfixed> (bug #973385)
 CVE-2020-27741 (Multiple cross-site scripting (XSS) vulnerabilities in Citadel 
WebCit  ...)
-       - webcit <unfixed>
+       - webcit <unfixed> (bug #973385)
 CVE-2020-27740 (Citadel WebCit through 926 allows unauthenticated remote 
attackers to  ...)
-       - webcit <unfixed>
+       - webcit <unfixed> (bug #973385)
 CVE-2020-27739 (A Weak Session Management vulnerability in Citadel WebCit 
through 926  ...)
-       - webcit <unfixed>
+       - webcit <unfixed> (bug #973385)
 CVE-2020-27738
        RESERVED
 CVE-2020-27737
@@ -20855,10 +20855,10 @@ CVE-2020-18187
 CVE-2020-18186
        RESERVED
 CVE-2020-18185 (class.plx.admin.php in PluXml 5.7 allows attackers to execute 
arbitrar ...)
-       - pluxml <unfixed>
+       - pluxml <unfixed> (bug #973382)
        NOTE: https://github.com/pluxml/PluXml/issues/321
 CVE-2020-18184 (In PluxXml V5.7,the theme edit function 
/PluXml/core/admin/parametres_ ...)
-       - pluxml <unfixed>
+       - pluxml <unfixed> (bug #973382)
        NOTE: https://github.com/pluxml/PluXml/issues/320
 CVE-2020-18183
        RESERVED
@@ -52570,19 +52570,19 @@ CVE-2020-6110 (An exploitable partial path traversal 
vulnerability exists in the
 CVE-2020-6109 (An exploitable path traversal vulnerability exists in the Zoom 
client, ...)
        NOT-FOR-US: Zoom
 CVE-2020-6108 (An exploitable code execution vulnerability exists in the 
fsck_chk_orp ...)
-       - f2fs-tools <unfixed>
+       - f2fs-tools <unfixed> (bug #973380)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1050
 CVE-2020-6107 (An exploitable information disclosure vulnerability exists in 
the dev_ ...)
-       - f2fs-tools <unfixed>
+       - f2fs-tools <unfixed> (bug #973380)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1049
 CVE-2020-6106 (An exploitable information disclosure vulnerability exists in 
the init ...)
-       - f2fs-tools <unfixed>
+       - f2fs-tools <unfixed> (bug #973380)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1048
 CVE-2020-6105 (An exploitable code execution vulnerability exists in the 
multiple dev ...)
-       - f2fs-tools <unfixed>
+       - f2fs-tools <unfixed> (bug #973380)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1047
 CVE-2020-6104 (An exploitable information disclosure vulnerability exists in 
the get_ ...)
-       - f2fs-tools <unfixed>
+       - f2fs-tools <unfixed> (bug #973380)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1046
 CVE-2020-6103 (An exploitable code execution vulnerability exists in the 
Shader funct ...)
        NOT-FOR-US: AMD Radeon DirectX 11 Driver atidxx64.dll
@@ -54101,7 +54101,7 @@ CVE-2020-5423
 CVE-2020-5422 (BOSH System Metrics Server releases prior to 0.1.0 exposed the 
UAA pas ...)
        NOT-FOR-US: BOSH System Metrics Server
 CVE-2020-5421 (In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 
5.0.0 - 5. ...)
-       - libspring-java <unfixed>
+       - libspring-java <unfixed> (bug #973381)
        [buster] - libspring-java <no-dsa> (Minor issue)
        [stretch] - libspring-java <no-dsa> (Minor issue)
        NOTE: https://tanzu.vmware.com/security/cve-2020-5421
@@ -93816,7 +93816,7 @@ CVE-2019-11029 (Mirasys VMS before V7.6.1 and 8.x 
before V8.3.2 mishandles the D
 CVE-2019-11028 (GAT-Ship Web Module before 1.40 suffers from a vulnerability 
allowing  ...)
        NOT-FOR-US: GAT-Ship Web Module
 CVE-2015-9284 (The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) 
is vuln ...)
-       - ruby-omniauth <unfixed>
+       - ruby-omniauth <unfixed> (bug #973384)
        [buster] - ruby-omniauth <no-dsa> (Minor issue)
        [stretch] - ruby-omniauth <no-dsa> (Minor issue)
        [jessie] - ruby-omniauth <no-dsa> (Fix is in additional gem and needs 
CSRF protection in apps)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91e443d5b9629243e306928b6bd820e17e9e1bde

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91e443d5b9629243e306928b6bd820e17e9e1bde
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] various bugs

Reply via email to