[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Dec 1 08:10:24 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d0d51c64 by security tracker role at 2020-12-01T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,97 @@
+CVE-2020-29442
+ RESERVED
+CVE-2020-29441 (An issue was discovered in the Upload Widget in OutSystems Platform 10 ...)
+ TODO: check
+CVE-2020-29440 (Tesla Model X vehicles before 2020-11-23 do not perform certificate va ...)
+ TODO: check
+CVE-2020-29439 (Tesla Model X vehicles before 2020-11-23 have key fobs that rely on fi ...)
+ TODO: check
+CVE-2020-29438 (Tesla Model X vehicles before 2020-11-23 have key fobs that accept fir ...)
+ TODO: check
+CVE-2020-29437
+ RESERVED
+CVE-2020-29436
+ RESERVED
+CVE-2020-29435
+ RESERVED
+CVE-2020-29434
+ RESERVED
+CVE-2020-29433
+ RESERVED
+CVE-2020-29432
+ RESERVED
+CVE-2020-29431
+ RESERVED
+CVE-2020-29430
+ RESERVED
+CVE-2020-29429
+ RESERVED
+CVE-2020-29428
+ RESERVED
+CVE-2020-29427
+ RESERVED
+CVE-2020-29426
+ RESERVED
+CVE-2020-29425
+ RESERVED
+CVE-2020-29424
+ RESERVED
+CVE-2020-29423
+ RESERVED
+CVE-2020-29422
+ RESERVED
+CVE-2020-29421
+ RESERVED
+CVE-2020-29420
+ RESERVED
+CVE-2020-29419
+ RESERVED
+CVE-2020-29418
+ RESERVED
+CVE-2020-29417
+ RESERVED
+CVE-2020-29416
+ RESERVED
+CVE-2020-29415
+ RESERVED
+CVE-2020-29414
+ RESERVED
+CVE-2020-29413
+ RESERVED
+CVE-2020-29412
+ RESERVED
+CVE-2020-29411
+ RESERVED
+CVE-2020-29410
+ RESERVED
+CVE-2020-29409
+ RESERVED
+CVE-2020-29408
+ RESERVED
+CVE-2020-29407
+ RESERVED
+CVE-2020-29406
+ RESERVED
+CVE-2020-29405
+ RESERVED
+CVE-2020-29404
+ RESERVED
+CVE-2020-29403
+ RESERVED
+CVE-2020-29402
+ RESERVED
+CVE-2020-29401
+ RESERVED
+CVE-2020-29400
+ RESERVED
+CVE-2020-29399
+ RESERVED
+CVE-2020-29398
+ RESERVED
+CVE-2020-29397
+ RESERVED
+CVE-2020-29396
+ RESERVED
CVE-2020-29395 (The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS v ...)
NOT-FOR-US: EventON plugin for WordPress
CVE-2020-29394 (A buffer overflow in the dlt_filter_load function in dlt_common.c in d ...)
@@ -92,7 +186,7 @@ CVE-2020-29366
RESERVED
CVE-2020-29365
RESERVED
-CVE-2020-29364 (In NetArt News Lister 1.0.0, the news headlines are vulnerable to stor ...)
+CVE-2020-29364 (In NetArt News Lister 1.0.0, the news headlines vulnerable to stored x ...)
NOT-FOR-US: NetArt News Lister
CVE-2020-29363
RESERVED
@@ -1014,6 +1108,7 @@ CVE-2020-28930
CVE-2020-28929
RESERVED
CVE-2020-28928 (In musl libc through 1.2.1, wcsnrtombs mishandles particular combinati ...)
+ {DLA-2474-1}
- musl <unfixed> (bug #975365)
[buster] - musl <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/20/4
@@ -7345,12 +7440,12 @@ CVE-2020-27589 (Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0
NOT-FOR-US: hub-rest-api-python
CVE-2020-27588
RESERVED
-CVE-2020-27587
- RESERVED
-CVE-2020-27586
- RESERVED
-CVE-2020-27585
- RESERVED
+CVE-2020-27587 (Quick Heal Total Security before 19.0 allows attackers with local admi ...)
+ TODO: check
+CVE-2020-27586 (Quick Heal Total Security before version 19.0 transmits quarantine and ...)
+ TODO: check
+CVE-2020-27585 (Quick Heal Total Security before 19.0 allows attackers with local admi ...)
+ TODO: check
CVE-2020-27584
RESERVED
CVE-2020-27583
@@ -21947,6 +22042,7 @@ CVE-2020-20740 (PDFResurrect before 0.20 lack of header validation checks causes
NOTE: https://github.com/enferex/pdfresurrect/commit/1b422459f07353adce2878806d5247d9e91fb397 (v0.21)
NOTE: https://github.com/enferex/pdfresurrect/issues/14
CVE-2020-20739 (im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips befo ...)
+ {DLA-2473-1}
- vips 8.9.0-1
[buster] - vips <no-dsa> (Minor issue)
NOTE: https://github.com/libvips/libvips/commit/2ab5aa7bf515135c2b02d42e9a72e4c98e17031a (v8.9.0-alpha1)
@@ -29790,10 +29886,10 @@ CVE-2020-16852 (An elevation of privilege vulnerability exists when the OneDrive
NOT-FOR-US: Microsoft
CVE-2020-16851 (An elevation of privilege vulnerability exists when the OneDrive for W ...)
NOT-FOR-US: Microsoft
-CVE-2020-16850
- RESERVED
-CVE-2020-16849
- RESERVED
+CVE-2020-16850 (Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthent ...)
+ TODO: check
+CVE-2020-16849 (An issue was discovered on Canon MF237w 06.07 devices. An "Improper Ha ...)
+ TODO: check
CVE-2020-16848
RESERVED
CVE-2020-16847 (Extreme Analytics in Extreme Management Center before 8.5.0.169 allows ...)
@@ -33699,8 +33795,7 @@ CVE-2020-15259 (ad-ldap-connector's admin panel before version 5.0.13 does not p
NOT-FOR-US: ad-ldap-connector
CVE-2020-15258 (In Wire before 3.20.x, `shell.openExternal` was used without checking ...)
NOT-FOR-US: Wire app
-CVE-2020-15257
- RESERVED
+CVE-2020-15257 (containerd is an industry-standard container runtime and is available ...)
- containerd 1.4.3~ds1-1
- docker.io <unfixed>
NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4
@@ -36721,8 +36816,8 @@ CVE-2020-14195 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the in
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-14194 (Zulip Server before 2.1.5 allows reverse tabnapping via a topic header ...)
- zulip-server <itp> (bug #800052)
-CVE-2020-14193
- RESERVED
+CVE-2020-14193 (Affected versions of Automation for Jira - Server allowed remote attac ...)
+ TODO: check
CVE-2020-14192
RESERVED
CVE-2020-14191 (Affected versions of Atlassian Fisheye/Crucible allow remote attackers ...)
@@ -43433,8 +43528,8 @@ CVE-2020-11868 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an o
NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5deb5269ieF1tee6Mp3UJyZOk8DB-Q
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1716665
NOTE: https://gitlab.com/NTPsec/ntpsec/issues/651
-CVE-2020-11867
- RESERVED
+CVE-2020-11867 (Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USE ...)
+ TODO: check
CVE-2020-11866 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-aft ...)
- libemf 1.0.12-1
[buster] - libemf <no-dsa> (Minor issue)
@@ -51287,14 +51382,14 @@ CVE-2020-9119
RESERVED
CVE-2020-9118
RESERVED
-CVE-2020-9117
- RESERVED
-CVE-2020-9116
- RESERVED
-CVE-2020-9115
- RESERVED
-CVE-2020-9114
- RESERVED
+CVE-2020-9117 (HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM ...)
+ TODO: check
+CVE-2020-9116 (Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection ...)
+ TODO: check
+CVE-2020-9115 (ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B ...)
+ TODO: check
+CVE-2020-9114 (FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a pri ...)
+ TODO: check
CVE-2020-9113 (HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buf ...)
NOT-FOR-US: Huawei
CVE-2020-9112 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a priv ...)
@@ -63730,14 +63825,14 @@ CVE-2020-4131
RESERVED
CVE-2020-4130
RESERVED
-CVE-2020-4129
- RESERVED
+CVE-2020-4129 (HCL Domino is susceptible to a lockout policy bypass vulnerability in ...)
+ TODO: check
CVE-2020-4128
RESERVED
-CVE-2020-4127
- RESERVED
-CVE-2020-4126
- RESERVED
+CVE-2020-4127 (HCL Domino is susceptible to a Login CSRF vulnerability. With a valid ...)
+ TODO: check
+CVE-2020-4126 (HCL iNotes is susceptible to a sensitive cookie exposure vulnerability ...)
+ TODO: check
CVE-2020-4125 (Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious ...)
NOT-FOR-US: HCL
CVE-2020-4124
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0d51c649d2a7857445b725023ca9919ea18733f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0d51c649d2a7857445b725023ca9919ea18733f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201201/2bf08e22/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list