[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Aug 21 21:10:23 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7596e6e6 by security tracker role at 2020-08-21T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-24591 (The Management Console in certain WSO2 products allows XXE attacks dur ...)
+ TODO: check
+CVE-2020-24590 (The Management Console in WSO2 API Manager through 3.1.0 and API Micro ...)
+ TODO: check
+CVE-2020-24589 (The Management Console in WSO2 API Manager through 3.1.0 and API Micro ...)
+ TODO: check
+CVE-2020-24588
+ RESERVED
+CVE-2020-24587
+ RESERVED
+CVE-2020-24586
+ RESERVED
+CVE-2020-24585 (An issue was discovered in the DTLS handshake implementation in wolfSS ...)
+ TODO: check
+CVE-2020-24584
+ RESERVED
+CVE-2020-24583
+ RESERVED
CVE-2020-24582
RESERVED
CVE-2020-24581
@@ -1074,20 +1092,20 @@ CVE-2020-24059
RESERVED
CVE-2020-24058
RESERVED
-CVE-2020-24057
- RESERVED
-CVE-2020-24056
- RESERVED
-CVE-2020-24055
- RESERVED
-CVE-2020-24054
- RESERVED
-CVE-2020-24053
- RESERVED
-CVE-2020-24052
- RESERVED
-CVE-2020-24051
- RESERVED
+CVE-2020-24057 (The management website of the Verint S5120FD Verint_FW_0_42 unit featu ...)
+ TODO: check
+CVE-2020-24056 (A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_ ...)
+ TODO: check
+CVE-2020-24055 (Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320 ...)
+ TODO: check
+CVE-2020-24054 (The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2 ...)
+ TODO: check
+CVE-2020-24053 (Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credenti ...)
+ TODO: check
+CVE-2020-24052 (Several XML External Entity (XXE) vulnerabilities in the Moog EXO Seri ...)
+ TODO: check
+CVE-2020-24051 (The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF int ...)
+ TODO: check
CVE-2020-24050
RESERVED
CVE-2020-24049
@@ -7921,10 +7939,10 @@ CVE-2020-20636
RESERVED
CVE-2020-20635
RESERVED
-CVE-2020-20634
- RESERVED
-CVE-2020-20633
- RESERVED
+CVE-2020-20634 (Elementor 2.9.5 and below WordPress plugin allows authenticated users ...)
+ TODO: check
+CVE-2020-20633 (ajax_policy_generator in admin/modules/cli-policy-generator/classes/cl ...)
+ TODO: check
CVE-2020-20632
RESERVED
CVE-2020-20631
@@ -16833,16 +16851,16 @@ CVE-2020-16243
RESERVED
CVE-2020-16242
RESERVED
-CVE-2020-16241
- RESERVED
+CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior. The software does not restr ...)
+ TODO: check
CVE-2020-16240
RESERVED
-CVE-2020-16239
- RESERVED
+CVE-2020-16239 (Philips SureSigns VS4, A.07.107 and prior. When an actor claims to hav ...)
+ TODO: check
CVE-2020-16238
RESERVED
-CVE-2020-16237
- RESERVED
+CVE-2020-16237 (Philips SureSigns VS4, A.07.107 and prior. The product receives input ...)
+ TODO: check
CVE-2020-16236
RESERVED
CVE-2020-16235
@@ -19067,8 +19085,8 @@ CVE-2020-15311 (Stash 1.0.3 allows SQL Injection via the downloadmp3.php downloa
NOT-FOR-US: Stash
CVE-2020-15310
RESERVED
-CVE-2020-15309
- RESERVED
+CVE-2020-15309 (An issue was discovered in wolfSSL before 4.5.0, when single precision ...)
+ TODO: check
CVE-2020-15308 (Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-a ...)
NOT-FOR-US: Support Incident Tracker
CVE-2020-15307 (Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS ( ...)
@@ -19403,8 +19421,8 @@ CVE-2020-15149 (NodeBB before version 1.14.3 has a bug introduced in version 1.1
NOT-FOR-US: NodeBB
CVE-2020-15148
RESERVED
-CVE-2020-15147
- RESERVED
+CVE-2020-15147 (Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execu ...)
+ TODO: check
CVE-2020-15146 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4 ...)
NOT-FOR-US: SyliusResourceBundle
CVE-2020-15145 (In Composer-Setup for Windows before version 6.0.0, if the developer's ...)
@@ -19417,8 +19435,8 @@ CVE-2020-15142 (In openapi-python-client before version 0.5.3, clients generated
TODO: check
CVE-2020-15141 (In openapi-python-client before version 0.5.3, there is a path travers ...)
TODO: check
-CVE-2020-15140
- RESERVED
+CVE-2020-15140 (In Red Discord Bot before version 3.3.11, a RCE exploit has been disco ...)
+ TODO: check
CVE-2020-15139 (In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visu ...)
NOT-FOR-US: MyBB
CVE-2020-15138 (Prism is vulnerable to Cross-Site Scripting. The easing preview of the ...)
@@ -20808,8 +20826,8 @@ CVE-2020-14520 (The affected product is vulnerable to an information leak, which
NOT-FOR-US: Inductive Automation Ignition
CVE-2020-14519
RESERVED
-CVE-2020-14518
- RESERVED
+CVE-2020-14518 (Philips DreamMapper, Version 2.24 and prior. Information written to lo ...)
+ TODO: check
CVE-2020-14517
RESERVED
CVE-2020-14516
@@ -21908,8 +21926,8 @@ CVE-2020-14203 (WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Req
NOT-FOR-US: WebFOCUS Business Intelligence
CVE-2020-14202 (WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrar ...)
NOT-FOR-US: WebFOCUS Business Intelligence
-CVE-2020-14201
- RESERVED
+CVE-2020-14201 (Dolibarr CRM before 11.0.5 allows privilege escalation. This could all ...)
+ TODO: check
CVE-2020-14200
RESERVED
CVE-2020-14199 (BIP-143 in the Bitcoin protocol specification mishandles the signing o ...)
@@ -26310,8 +26328,8 @@ CVE-2020-12458 (An information-disclosure flaw was found in Grafana through 6.7.
- grafana <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1827765
NOTE: https://github.com/grafana/grafana/issues/8283
-CVE-2020-12457
- RESERVED
+CVE-2020-12457 (An issue was discovered in wolfSSL before 4.5.0. It mishandles the cha ...)
+ TODO: check
CVE-2020-12456
RESERVED
CVE-2020-12455
@@ -33445,8 +33463,8 @@ CVE-2020-10292
RESERVED
CVE-2020-10291
RESERVED
-CVE-2020-10290
- RESERVED
+CVE-2020-10290 (Universal Robots controller execute URCaps (zip files containing Java- ...)
+ TODO: check
CVE-2020-10289 (Use of unsafe yaml load. Allows instantiation of arbitrary objects. Th ...)
TODO: check
CVE-2020-10288 (IRC5 exposes an ftp server (port 21). Upon attempting to gain access y ...)
@@ -35992,8 +36010,8 @@ CVE-2020-9248 (Huawei FusionComput 8.0.0 have an improper authorization vulnerab
NOT-FOR-US: Huawei
CVE-2020-9247
RESERVED
-CVE-2020-9246
- RESERVED
+CVE-2020-9246 (FusionCompute 8.0.0 has an information leak vulnerability. A module do ...)
+ TODO: check
CVE-2020-9245 (HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUA ...)
NOT-FOR-US: Huawei
CVE-2020-9244 (HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8); ...)
@@ -36276,8 +36294,8 @@ CVE-2020-9106
RESERVED
CVE-2020-9105
RESERVED
-CVE-2020-9104
- RESERVED
+CVE-2020-9104 (HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2 ...)
+ TODO: check
CVE-2020-9103 (HUAWEI Mate 20 smartphones with 9.0.0.205(C00E205R2P1) have a logic er ...)
NOT-FOR-US: Huawei
CVE-2020-9102 (There is a information leak vulnerability in some Huawei products, and ...)
@@ -36292,10 +36310,10 @@ CVE-2020-9098 (Huawei OceanStor 5310 product with version of V500R007C60SPC100 h
NOT-FOR-US: Huawei
CVE-2020-9097
RESERVED
-CVE-2020-9096
- RESERVED
-CVE-2020-9095
- RESERVED
+CVE-2020-9096 (HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(C00E1 ...)
+ TODO: check
+CVE-2020-9095 (HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E16 ...)
+ TODO: check
CVE-2020-9094
RESERVED
CVE-2020-9093
@@ -39164,8 +39182,8 @@ CVE-2020-7925
RESERVED
CVE-2020-7924
RESERVED
-CVE-2020-7923
- RESERVED
+CVE-2020-7923 (A user authorized to perform database queries may cause denial of serv ...)
+ TODO: check
CVE-2020-7922 (X.509 certificates generated by the MongoDB Enterprise Kubernetes Oper ...)
NOT-FOR-US: MongoDB Enterprise
CVE-2020-7921 (Improper serialization of internal state in the authorization subsyste ...)
@@ -39705,8 +39723,8 @@ CVE-2020-7712
RESERVED
CVE-2020-7711
RESERVED
-CVE-2020-7710
- RESERVED
+CVE-2020-7710 (This affects all versions of package safe-eval. It is possible for an ...)
+ TODO: check
CVE-2020-7709
RESERVED
CVE-2020-7708 (The package irrelon-path before 4.7.0; the package @irrelon/path befor ...)
@@ -40567,8 +40585,8 @@ CVE-2020-7312
RESERVED
CVE-2020-7311
RESERVED
-CVE-2020-7310
- RESERVED
+CVE-2020-7310 (Privilege Escalation vulnerability in the installer in McAfee McAfee T ...)
+ TODO: check
CVE-2020-7309
RESERVED
CVE-2020-7308
@@ -44528,10 +44546,10 @@ CVE-2020-5777
RESERVED
CVE-2020-5776
RESERVED
-CVE-2020-5775
- RESERVED
-CVE-2020-5774
- RESERVED
+CVE-2020-5775 (Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, ...)
+ TODO: check
+CVE-2020-5774 (Nessus versions 8.11.0 and earlier were found to maintain sessions lon ...)
+ TODO: check
CVE-2020-5773 (Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allow ...)
NOT-FOR-US: Teltonika firmware
CVE-2020-5772 (Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 all ...)
@@ -48835,10 +48853,10 @@ CVE-2020-3978
RESERVED
CVE-2020-3977
RESERVED
-CVE-2020-3976
- RESERVED
-CVE-2020-3975
- RESERVED
+CVE-2020-3976 (VMware ESXi and vCenter Server contain a partial denial of service vul ...)
+ TODO: check
+CVE-2020-3975 (VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior ...)
+ TODO: check
CVE-2020-3974 (VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11. ...)
NOT-FOR-US: VMware
CVE-2020-3973 (The VeloCloud Orchestrator does not apply correct input validation whi ...)
@@ -56714,19 +56732,19 @@ CVE-2019-19186
CVE-2019-19185
RESERVED
CVE-2019-19184
- RESERVED
+ REJECTED
CVE-2019-19183
- RESERVED
+ REJECTED
CVE-2019-19182
RESERVED
CVE-2019-19181
- RESERVED
+ REJECTED
CVE-2019-19180
RESERVED
CVE-2019-19179
- RESERVED
+ REJECTED
CVE-2019-19178
- RESERVED
+ REJECTED
CVE-2019-19177
RESERVED
CVE-2019-19176
@@ -56736,7 +56754,7 @@ CVE-2019-19175
CVE-2019-19174
RESERVED
CVE-2019-19173
- RESERVED
+ REJECTED
CVE-2019-19172
RESERVED
CVE-2019-19171
@@ -56842,13 +56860,13 @@ CVE-2019-19125
CVE-2019-19124
RESERVED
CVE-2019-19123
- RESERVED
+ REJECTED
CVE-2019-19122
RESERVED
CVE-2019-19121
- RESERVED
+ REJECTED
CVE-2019-19120
- RESERVED
+ REJECTED
CVE-2019-19119 (An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficie ...)
NOT-FOR-US: PRTG Network Monitor
CVE-2019-19118 (Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model ...)
@@ -82340,38 +82358,38 @@ CVE-2019-11864
RESERVED
CVE-2019-11863
RESERVED
-CVE-2019-11862
- RESERVED
+CVE-2019-11862 (The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic pr ...)
+ TODO: check
CVE-2019-11861
RESERVED
CVE-2019-11860
RESERVED
-CVE-2019-11859
- RESERVED
-CVE-2019-11858
- RESERVED
-CVE-2019-11857
- RESERVED
-CVE-2019-11856
- RESERVED
-CVE-2019-11855
- RESERVED
+CVE-2019-11859 (A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0 ...)
+ TODO: check
+CVE-2019-11858 (Multiple buffer overflow vulnerabilities exist in the AceManager Web A ...)
+ TODO: check
+CVE-2019-11857 (Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 ...)
+ TODO: check
+CVE-2019-11856 (A nonce reuse vulnerability exists in the ACEView service of ALEOS bef ...)
+ TODO: check
+CVE-2019-11855 (An RPC server is enabled by default on the gateway's LAN of ALEOS befo ...)
+ TODO: check
CVE-2019-11854
RESERVED
-CVE-2019-11853
- RESERVED
-CVE-2019-11852
- RESERVED
+CVE-2019-11853 (Several potential command injections vulnerabilities exist in the AT c ...)
+ TODO: check
+CVE-2019-11852 (An out-of-bounds reads vulnerability exists in the ACEView Service of ...)
+ TODO: check
CVE-2019-11851
RESERVED
-CVE-2019-11850
- RESERVED
-CVE-2019-11849
- RESERVED
-CVE-2019-11848
- RESERVED
-CVE-2019-11847
- RESERVED
+CVE-2019-11850 (A stack overflow vulnerabiltity exist in the AT command interface of A ...)
+ TODO: check
+CVE-2019-11849 (A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS ...)
+ TODO: check
+CVE-2019-11848 (An API abuse vulnerability exists in the AT command API of ALEOS befor ...)
+ TODO: check
+CVE-2019-11847 (An improper privilege management vulnerabitlity exists in ALEOS before ...)
+ TODO: check
CVE-2018-20837 (include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu ...)
NOT-FOR-US: Typesetter CMS
CVE-2019-11846 (/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XS ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7596e6e6e4bd8c22ceba4a6a363a6ce652a1435e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7596e6e6e4bd8c22ceba4a6a363a6ce652a1435e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200821/23079482/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list