From fc9ff6fd8af00ff55be9dd700e9639d0b5ec3d71 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Sun, 9 Aug 2020 08:10:21 +0000 Subject: automatic update --- data/CVE/2019.list | 6 +++--- data/CVE/2020.list | 60 +++++++++++++++++++++++++++--------------------------- 2 files changed, 33 insertions(+), 33 deletions(-) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 4e570967c0..59145dc8da 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -3131,8 +3131,8 @@ CVE-2019-19706 RESERVED CVE-2019-19705 RESERVED -CVE-2019-19704 - RESERVED +CVE-2019-19704 (In JetBrains Upsource before 2020.1, information disclosure is possibl ...) + TODO: check CVE-2019-19703 (In Ktor through 1.2.6, the client resends data from the HTTP Authoriza ...) NOT-FOR-US: Ktor CVE-2019-19702 (The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML Ext ...) @@ -28595,7 +28595,7 @@ CVE-2019-10065 (An issue was discovered in Open Ticket Request System (OTRS) 7.0 - otrs2 (Only affects 7.x series) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2019-07/ CVE-2019-10064 (hostapd before 2.6, in EAP mode, makes calls to the rand() and random( ...) - {DLA-2138-1} + {DLA-2318-1 DLA-2138-1} - wpa 2:2.6-7 NOTE: https://www.openwall.com/lists/oss-security/2020/02/27/1 NOTE: Comment from upstream: https://www.openwall.com/lists/oss-security/2020/02/27/2 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 2ba611aa04..3845cdfa50 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -3328,36 +3328,36 @@ CVE-2020-15833 RESERVED CVE-2020-15832 RESERVED -CVE-2020-15831 - RESERVED -CVE-2020-15830 - RESERVED -CVE-2020-15829 - RESERVED -CVE-2020-15828 - RESERVED -CVE-2020-15827 - RESERVED -CVE-2020-15826 - RESERVED -CVE-2020-15825 - RESERVED -CVE-2020-15824 - RESERVED -CVE-2020-15823 - RESERVED +CVE-2020-15831 (JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in t ...) + TODO: check +CVE-2020-15830 (JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the ...) + TODO: check +CVE-2020-15829 (In JetBrains TeamCity before 2019.2.3, password parameters could be di ...) + TODO: check +CVE-2020-15828 (In JetBrains TeamCity before 2020.1.1, project parameter values can be ...) + TODO: check +CVE-2020-15827 (In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signatu ...) + TODO: check +CVE-2020-15826 (In JetBrains TeamCity before 2020.1, users are able to assign more per ...) + TODO: check +CVE-2020-15825 (In JetBrains TeamCity before 2020.1, users with the Modify Group permi ...) + TODO: check +CVE-2020-15824 (In JetBrains Kotlin before 1.4.0, there is a script-cache privilege es ...) + TODO: check +CVE-2020-15823 (JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Wor ...) + TODO: check CVE-2020-15822 RESERVED -CVE-2020-15821 - RESERVED -CVE-2020-15820 - RESERVED -CVE-2020-15819 - RESERVED -CVE-2020-15818 - RESERVED -CVE-2020-15817 - RESERVED +CVE-2020-15821 (In JetBrains YouTrack before 2020.2.6881, a user without permission is ...) + TODO: check +CVE-2020-15820 (In JetBrains YouTrack before 2020.2.6881, the markdown parser could di ...) + TODO: check +CVE-2020-15819 (JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that all ...) + TODO: check +CVE-2020-15818 (In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could ...) + TODO: check +CVE-2020-15817 (In JetBrains YouTrack before 2020.1.1331, an external user could execu ...) + TODO: check CVE-2020-15862 [privilege escalation] RESERVED {DLA-2299-1} @@ -10680,7 +10680,7 @@ CVE-2020-12697 (The direct_mail extension through 5.2.3 for TYPO3 allows Denial CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a URL. ...) NOT-FOR-US: iframe plugin for WordPress CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-04-17 ...) - {DLA-2315-1} + {DLA-2318-1 DLA-2315-1} - wpa [buster] - wpa (Minor issue) - gupnp 1.2.3-1 @@ -30987,7 +30987,7 @@ CVE-2020-4051 (In Dijit before versions 1.11.11, and greater than or equal to 1. CVE-2020-4045 (SSB-DB version 20.0.0 has an information disclosure vulnerability. The ...) NOT-FOR-US: SSB-DB CVE-2020-4044 (The xrdp-sesman service before version 0.9.13.1 can be crashed by conn ...) - {DSA-4737-1} + {DSA-4737-1 DLA-2319-1} - xrdp 0.9.12-1.1 (bug #964573) NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j9fv-6fwf-p3g4 NOTE: Fixed by: https://github.com/neutrinolabs/xrdp/commit/e593f58a82bf79b556601ae08e9e25e366a662fb -- cgit v1.2.3