[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Dec 1 20:10:37 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
673449b1 by security tracker role at 2020-12-01T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2020-29453
+ RESERVED
+CVE-2020-29452
+ RESERVED
+CVE-2020-29451
+ RESERVED
+CVE-2020-29450
+ RESERVED
+CVE-2020-29449
+ RESERVED
+CVE-2020-29448
+ RESERVED
+CVE-2020-29447
+ RESERVED
+CVE-2020-29446
+ RESERVED
+CVE-2020-29445
+ RESERVED
+CVE-2020-29444
+ RESERVED
+CVE-2020-29443
+ RESERVED
CVE-2020-29442
RESERVED
CVE-2020-29441 (An issue was discovered in the Upload Widget in OutSystems Platform 10 ...)
@@ -284,8 +306,8 @@ CVE-2020-29317
RESERVED
CVE-2020-29316
RESERVED
-CVE-2020-29315
- RESERVED
+CVE-2020-29315 (ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows r ...)
+ TODO: check
CVE-2020-29314
RESERVED
CVE-2020-29313
@@ -946,8 +968,8 @@ CVE-2020-28995
RESERVED
CVE-2020-28994 (A SQL injection vulnerability was discovered in Karenderia Multiple Re ...)
NOT-FOR-US: Karenderia Multiple Restaurant System
-CVE-2020-28993
- RESERVED
+CVE-2020-28993 (A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadba ...)
+ TODO: check
CVE-2020-28992
RESERVED
CVE-2020-28991 (Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git proto ...)
@@ -1001,10 +1023,10 @@ CVE-2020-XXXX [RUSTSEC-2020-0070: lock_api: Some lock_api lock guard objects can
- rust-lock-api <unfixed> (bug #975319)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
NOTE: https://github.com/Amanieu/parking_lot/pull/262
-CVE-2020-28971
- RESERVED
-CVE-2020-28970
- RESERVED
+CVE-2020-28971 (An issue was discovered on Western Digital My Cloud OS 5 devices befor ...)
+ TODO: check
+CVE-2020-28970 (An issue was discovered on Western Digital My Cloud OS 5 devices befor ...)
+ TODO: check
CVE-2020-28969
RESERVED
CVE-2020-28968
@@ -1075,8 +1097,8 @@ CVE-2020-28941 (An issue was discovered in drivers/accessibility/speakup/spk_tty
- linux 5.9.11-1
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/19/3
-CVE-2020-28940
- RESERVED
+CVE-2020-28940 (On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admi ...)
+ TODO: check
CVE-2020-28939
RESERVED
CVE-2020-28938
@@ -2836,10 +2858,10 @@ CVE-2020-28585
RESERVED
CVE-2020-28584
RESERVED
-CVE-2020-28583
- RESERVED
-CVE-2020-28582
- RESERVED
+CVE-2020-28583 (An improper access control information disclosure vulnerability in Tre ...)
+ TODO: check
+CVE-2020-28582 (An improper access control information disclosure vulnerability in Tre ...)
+ TODO: check
CVE-2020-28581 (A command injection vulnerability in ModifyVLANItem of Trend Micro Int ...)
NOT-FOR-US: Trend Micro
CVE-2020-28580 (A command injection vulnerability in AddVLANItem of Trend Micro InterS ...)
@@ -2848,8 +2870,8 @@ CVE-2020-28579 (A vulnerability in Trend Micro InterScan Web Security Virtual Ap
NOT-FOR-US: Trend Micro
CVE-2020-28578 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...)
NOT-FOR-US: Trend Micro
-CVE-2020-28577
- RESERVED
+CVE-2020-28577 (An improper access control information disclosure vulnerability in Tre ...)
+ TODO: check
CVE-2021-1125
RESERVED
CVE-2021-1124
@@ -3000,14 +3022,14 @@ CVE-2021-1052
RESERVED
CVE-2021-1051
RESERVED
-CVE-2020-28576
- RESERVED
-CVE-2020-28575
- RESERVED
+CVE-2020-28576 (An improper access control information disclosure vulnerability in Tre ...)
+ TODO: check
+CVE-2020-28575 (A heap-based buffer overflow privilege escalation vulnerability in Tre ...)
+ TODO: check
CVE-2020-28574 (A unauthenticated path traversal arbitrary remote file deletion vulner ...)
NOT-FOR-US: Trend Micro
-CVE-2020-28573
- RESERVED
+CVE-2020-28573 (An improper access control information disclosure vulnerability in Tre ...)
+ TODO: check
CVE-2020-28572 (A vulnerability in Trend Micro Apex One could allow an unprivileged us ...)
NOT-FOR-US: Trend Micro
CVE-2020-28571
@@ -9236,8 +9258,8 @@ CVE-2020-26764
RESERVED
CVE-2020-26763
RESERVED
-CVE-2020-26762
- RESERVED
+CVE-2020-26762 (A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3. ...)
+ TODO: check
CVE-2020-26761
RESERVED
CVE-2020-26760
@@ -12960,16 +12982,16 @@ CVE-2020-25183
RESERVED
CVE-2020-25182
RESERVED
-CVE-2020-25181
- RESERVED
+CVE-2020-25181 (WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer over ...)
+ TODO: check
CVE-2020-25180
RESERVED
CVE-2020-25179
RESERVED
CVE-2020-25178
RESERVED
-CVE-2020-25177
- RESERVED
+CVE-2020-25177 (WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer ove ...)
+ TODO: check
CVE-2020-25176
RESERVED
CVE-2020-25175
@@ -22040,6 +22062,7 @@ CVE-2020-20742
CVE-2020-20741
RESERVED
CVE-2020-20740 (PDFResurrect before 0.20 lack of header validation checks causes heap- ...)
+ {DLA-2475-1}
- pdfresurrect 0.21-1
[buster] - pdfresurrect <no-dsa> (Minor issue)
NOTE: https://github.com/enferex/pdfresurrect/commit/1b422459f07353adce2878806d5247d9e91fb397 (v0.21)
@@ -37878,7 +37901,7 @@ CVE-2020-13802 (Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS comm
NOTE: https://github.com/erlang/rebar3/commit/2e2d1a6bb141a969b6483e082a2afd361fc2ece2
CVE-2020-13801
RESERVED
-CVE-2020-13799 (Western Digital iNAND devices through 2020-06-03 allow Authentication ...)
+CVE-2020-13799 (Western Digital has identified a security vulnerability in the Replay ...)
NOT-FOR-US: Western Digital iNAND devices
CVE-2020-13798 (An issue was discovered in Navigate CMS through 2.8.7. It allows XSS b ...)
NOT-FOR-US: Navigate CMS
@@ -42600,8 +42623,8 @@ CVE-2020-11992
REJECTED
CVE-2020-11991 (When using the StreamGenerator, the code parse a user-provided XML. A ...)
- cocoon <removed>
-CVE-2020-11990
- RESERVED
+CVE-2020-11990 (We have resolved a security issue in the camera plugin that could have ...)
+ TODO: check
CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic ...)
{DLA-2273-1}
- shiro <unfixed>
@@ -52833,8 +52856,8 @@ CVE-2020-8541 (OX App Suite through 7.10.3 allows XXE attacks. ...)
NOT-FOR-US: OX App Suite
CVE-2020-8540 (An XML external entity (XXE) vulnerability in Zoho ManageEngine Deskto ...)
NOT-FOR-US: Zoho ManageEngine Desktop Central
-CVE-2020-8539
- RESERVED
+CVE-2020-8539 (Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.00 ...)
+ TODO: check
CVE-2020-8538
RESERVED
CVE-2020-8537
@@ -55342,14 +55365,14 @@ CVE-2020-7550 (A CWE-119 Improper Restriction of Operations within the Bounds of
NOT-FOR-US: IGSS Definition (Def.exe)
CVE-2020-7549
RESERVED
-CVE-2020-7548
- RESERVED
-CVE-2020-7547
- RESERVED
-CVE-2020-7546
- RESERVED
-CVE-2020-7545
- RESERVED
+CVE-2020-7548 (A CWE-330 - Use of Insufficiently Random Values vulnerability exists i ...)
+ TODO: check
+CVE-2020-7547 (A CWE-284: Improper Access Control vulnerability exists in EcoStruxure ...)
+ TODO: check
+CVE-2020-7546 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ TODO: check
+CVE-2020-7545 (A CWE-284:Improper Access Control vulnerability exists in EcoStruxure& ...)
+ TODO: check
CVE-2020-7544 (A CWE-269 Improper Privilege Management vulnerability exists in EcoStr ...)
NOT-FOR-US: EcoStruxure Operator Terminal Expert runtime
CVE-2020-7543
@@ -55372,8 +55395,8 @@ CVE-2020-7535
RESERVED
CVE-2020-7534
RESERVED
-CVE-2020-7533
- RESERVED
+CVE-2020-7533 (A CWE-255: Credentials Management vulnerability exists in Web Server o ...)
+ TODO: check
CVE-2020-7532 (A CWE-502 Deserialization of Untrusted Data vulnerability exists in SC ...)
NOT-FOR-US: SCADAPack x70 Security Administrator
CVE-2020-7531 (A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x ...)
@@ -55795,8 +55818,8 @@ CVE-2020-7337
RESERVED
CVE-2020-7336
RESERVED
-CVE-2020-7335
- RESERVED
+CVE-2020-7335 (Privilege Escalation vulnerability in Microsoft Windows client McAfee ...)
+ TODO: check
CVE-2020-7334 (Improper privilege assignment vulnerability in the installer McAfee Ap ...)
NOT-FOR-US: McAfee
CVE-2020-7333 (Cross site scripting vulnerability in the firewall ePO extension of Mc ...)
@@ -56903,8 +56926,8 @@ CVE-2020-6882
RESERVED
CVE-2020-6881
RESERVED
-CVE-2020-6880
- RESERVED
+CVE-2020-6880 (A ZXELINK wireless controller has a SQL injection vulnerability. A rem ...)
+ TODO: check
CVE-2020-6879 (Some ZTE devices have input verification vulnerabilities. The devices ...)
NOT-FOR-US: ZTE
CVE-2020-6878
@@ -63832,8 +63855,8 @@ CVE-2020-4130
RESERVED
CVE-2020-4129 (HCL Domino is susceptible to a lockout policy bypass vulnerability in ...)
NOT-FOR-US: HCL Domino
-CVE-2020-4128
- RESERVED
+CVE-2020-4128 (HCL Domino is susceptible to a lockout policy bypass vulnerability in ...)
+ TODO: check
CVE-2020-4127 (HCL Domino is susceptible to a Login CSRF vulnerability. With a valid ...)
NOT-FOR-US: HCL Domino
CVE-2020-4126 (HCL iNotes is susceptible to a sensitive cookie exposure vulnerability ...)
@@ -81253,8 +81276,8 @@ CVE-2019-16960
RESERVED
CVE-2019-16959
RESERVED
-CVE-2019-16958
- RESERVED
+CVE-2019-16958 (Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 1 ...)
+ TODO: check
CVE-2019-16957
RESERVED
CVE-2019-16956
@@ -87396,6 +87419,7 @@ CVE-2019-14936 (Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive In
CVE-2019-14935 (3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA% ...)
NOT-FOR-US: 3CX Phone 15 on Windows
CVE-2019-14934 (An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_ki ...)
+ {DLA-2475-1}
- pdfresurrect 0.18-1
[buster] - pdfresurrect <no-dsa> (Minor issue)
[jessie] - pdfresurrect <no-dsa> (Minor issue)
@@ -91885,13 +91909,13 @@ CVE-2016-10763 (The CampTix Event Ticketing plugin before 1.5 for WordPress allo
NOT-FOR-US: CampTix Event Ticketing plugin for WordPress
CVE-2016-10762 (The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV ...)
NOT-FOR-US: CampTix Event Ticketing plugin for WordPress
-CVE-2019-13647 (Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of ...)
+CVE-2019-13647 (** DISPUTED ** Firefly III before 4.7.17.3 is vulnerable to stored XSS ...)
NOT-FOR-US: Firefly
-CVE-2019-13646 (Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack ...)
+CVE-2019-13646 (** DISPUTED ** Firefly III before 4.7.17.3 is vulnerable to reflected ...)
NOT-FOR-US: Firefly
-CVE-2019-13645 (Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of ...)
+CVE-2019-13645 (** DISPUTED ** Firefly III before 4.7.17.3 is vulnerable to stored XSS ...)
NOT-FOR-US: Firefly
-CVE-2019-13644 (Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of ...)
+CVE-2019-13644 (** DISPUTED ** Firefly III before 4.7.17.1 is vulnerable to stored XSS ...)
NOT-FOR-US: Firefly
CVE-2019-13643 (Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute ...)
NOT-FOR-US: EspoCRM
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/673449b1852621d850d82a8f569506c8e81aa730
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/673449b1852621d850d82a8f569506c8e81aa730
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201201/a7aa7584/attachment.html>
More information about the debian-security-tracker-commits
mailing list