[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Dec 9 20:10:32 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e563456c by security tracker role at 2020-12-09T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2020-29667
+ RESERVED
+CVE-2020-29666
+ RESERVED
+CVE-2020-29665
+ RESERVED
+CVE-2020-29664
+ RESERVED
+CVE-2020-29663
+ RESERVED
+CVE-2020-29662
+ RESERVED
+CVE-2020-29661 (A locking issue was discovered in the tty subsystem of the Linux kerne ...)
+ TODO: check
+CVE-2020-29660 (A locking inconsistency issue was discovered in the tty subsystem of t ...)
+ TODO: check
+CVE-2020-29659 (A buffer overflow in the web server of Flexense DupScout Enterprise 10 ...)
+ TODO: check
+CVE-2020-29658
+ RESERVED
+CVE-2020-29657 (In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unh ...)
+ TODO: check
+CVE-2020-29656 (An information disclosure vulnerability exists in RT-AC88U Download Ma ...)
+ TODO: check
+CVE-2020-29655 (An injection vulnerability exists in RT-AC88U Download Master before 3 ...)
+ TODO: check
+CVE-2020-29654
+ RESERVED
+CVE-2020-29653
+ RESERVED
+CVE-2020-29652
+ RESERVED
CVE-2021-1985
RESERVED
CVE-2021-1984
@@ -6752,8 +6784,8 @@ CVE-2020-28088
RESERVED
CVE-2020-28087
RESERVED
-CVE-2020-28086
- RESERVED
+CVE-2020-28086 (pass through 1.7.3 has a possibility of using a password for an uninte ...)
+ TODO: check
CVE-2020-28085
RESERVED
CVE-2020-28084
@@ -9145,9 +9177,11 @@ CVE-2020-27352
RESERVED
CVE-2020-27351
RESERVED
- - python-apt <unfixed>
+ {DSA-4809-1 DLA-2488-1}
+ - python-apt <unfixed>
CVE-2020-27350
RESERVED
+ {DSA-4808-1 DLA-2487-1}
- apt <unfixed>
CVE-2020-27349 (Aptdaemon performed policykit checks after interacting with potentiall ...)
- aptdaemon <removed>
@@ -10294,32 +10328,32 @@ CVE-2020-26840
RESERVED
CVE-2020-26839
RESERVED
-CVE-2020-26838
- RESERVED
-CVE-2020-26837
- RESERVED
-CVE-2020-26836
- RESERVED
-CVE-2020-26835
- RESERVED
-CVE-2020-26834
- RESERVED
+CVE-2020-26838 (SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, ...)
+ TODO: check
+CVE-2020-26837 (SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, ...)
+ TODO: check
+CVE-2020-26836 (SAP Solution Manager (Trace Analysis), version - 720, allows for misus ...)
+ TODO: check
+CVE-2020-26835 (SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does ...)
+ TODO: check
+CVE-2020-26834 (SAP HANA Database, version - 2.0, does not correctly validate the user ...)
+ TODO: check
CVE-2020-26833
RESERVED
-CVE-2020-26832
- RESERVED
-CVE-2020-26831
- RESERVED
-CVE-2020-26830
- RESERVED
-CVE-2020-26829
- RESERVED
-CVE-2020-26828
- RESERVED
+CVE-2020-26832 (SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 201 ...)
+ TODO: check
+CVE-2020-26831 (SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, ...)
+ TODO: check
+CVE-2020-26830 (SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, ...)
+ TODO: check
+CVE-2020-26829 (SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7. ...)
+ TODO: check
+CVE-2020-26828 (SAP Disclosure Management, version - 10.1, provides capabilities for a ...)
+ TODO: check
CVE-2020-26827
RESERVED
-CVE-2020-26826
- RESERVED
+CVE-2020-26826 (Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7. ...)
+ TODO: check
CVE-2020-26825 (SAP Fiori Launchpad (News tile Application), versions - 750,751,752,75 ...)
NOT-FOR-US: SAP
CVE-2020-26824 (SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthent ...)
@@ -10338,8 +10372,8 @@ CVE-2020-26818 (SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 75
NOT-FOR-US: SAP
CVE-2020-26817 (SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open m ...)
NOT-FOR-US: SAP
-CVE-2020-26816
- RESERVED
+CVE-2020-26816 (SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, ...)
+ TODO: check
CVE-2020-26815 (SAP Fiori Launchpad (News tile Application), versions - 750,751,752,75 ...)
NOT-FOR-US: SAP
CVE-2020-26814 (SAP Process Integration (PGP Module - Business-to-Business Add On), ve ...)
@@ -11529,16 +11563,16 @@ CVE-2020-26263
RESERVED
CVE-2020-26262
RESERVED
-CVE-2020-26261
- RESERVED
-CVE-2020-26260
- RESERVED
+CVE-2020-26261 (jupyterhub-systemdspawner enables JupyterHub to spawn single-user note ...)
+ TODO: check
+CVE-2020-26260 (BookStack is a platform for storing and organising information and doc ...)
+ TODO: check
CVE-2020-26259
RESERVED
CVE-2020-26258
RESERVED
-CVE-2020-26257
- RESERVED
+CVE-2020-26257 (Matrix is an ecosystem for open federated Instant Messaging and VoIP. ...)
+ TODO: check
CVE-2020-26256 (Fast-csv is an npm package for parsing and formatting CSVs or any othe ...)
TODO: check
CVE-2020-26255 (Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and ...)
@@ -12807,7 +12841,7 @@ CVE-2020-25713 [Out of bounds read leads to segfault in raptor_xml_writer_start_
NOTE: https://bugs.librdf.org/mantis/view.php?id=650
CVE-2020-25712 [Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows]
RESERVED
- {DSA-4803-1}
+ {DSA-4803-1 DLA-2486-1}
- xorg-server 2:1.20.10-1 (bug #976216)
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0db9f62f4e361444f4b60501ebf67b9
CVE-2020-25711 (A flaw was found in infinispan 10 REST API, where authorization permis ...)
@@ -14150,8 +14184,8 @@ CVE-2019-20916 (The pip package before 19.2 for Python allows Directory Traversa
[buster] - python-pip <no-dsa> (Minor issue)
NOTE: https://github.com/pypa/pip/issues/6413
NOTE: https://github.com/pypa/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace (19.2)
-CVE-2020-25199
- RESERVED
+CVE-2020-25199 (A heap-based buffer overflow vulnerability exists within the WECON Lev ...)
+ TODO: check
CVE-2020-25198
RESERVED
CVE-2020-25197
@@ -17700,8 +17734,8 @@ CVE-2020-23522
RESERVED
CVE-2020-23521
RESERVED
-CVE-2020-23520
- RESERVED
+CVE-2020-23520 (imcat 5.2 allows an authenticated file upload and consequently remote ...)
+ TODO: check
CVE-2020-23519
RESERVED
CVE-2020-23518
@@ -22729,7 +22763,7 @@ CVE-2020-21011
CVE-2020-21010
RESERVED
CVE-2020-21009
- RESERVED
+ REJECTED
CVE-2020-21008
RESERVED
CVE-2020-21007
@@ -29712,10 +29746,10 @@ CVE-2020-17530
RESERVED
- libstruts1.2-java <not-affected> (Specific to 2.x)
NOTE: https://cwiki.apache.org/confluence/display/WW/S2-061
-CVE-2020-17529
- RESERVED
-CVE-2020-17528
- RESERVED
+CVE-2020-17529 (Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incuba ...)
+ TODO: check
+CVE-2020-17528 (Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incuba ...)
+ TODO: check
CVE-2020-17527 (While investigating bug 64830 it was discovered that Apache Tomcat 10. ...)
- tomcat9 9.0.40-1
- tomcat8 <removed>
@@ -37573,7 +37607,7 @@ CVE-2020-14361 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9.
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/144849ea27230962227e62a943b399e2ab304787
CVE-2020-14360 [Check SetMap request length carefully]
RESERVED
- {DSA-4803-1}
+ {DSA-4803-1 DLA-2486-1}
- xorg-server 2:1.20.10-1 (bug #976216)
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b
CVE-2020-14359
@@ -56074,8 +56108,8 @@ CVE-2020-7789
RESERVED
CVE-2020-7788
RESERVED
-CVE-2020-7787
- RESERVED
+CVE-2020-7787 (This affects all versions of package react-adal. It is possible for a ...)
+ TODO: check
CVE-2020-7786
RESERVED
CVE-2020-7785
@@ -56096,8 +56130,8 @@ CVE-2020-7778 (This affects the package systeminformation before 4.30.2. The att
NOT-FOR-US: Node systeminformation
CVE-2020-7777 (This affects all versions of package jsen. If an attacker can control ...)
NOT-FOR-US: Node jsen
-CVE-2020-7776
- RESERVED
+CVE-2020-7776 (This affects the package phpoffice/phpspreadsheet from 0.0.0. The libr ...)
+ TODO: check
CVE-2020-7775
RESERVED
CVE-2020-7774 (This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = ...)
@@ -57072,8 +57106,8 @@ CVE-2020-7339
RESERVED
CVE-2020-7338
RESERVED
-CVE-2020-7337
- RESERVED
+CVE-2020-7337 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
+ TODO: check
CVE-2020-7336
RESERVED
CVE-2020-7335 (Privilege Escalation vulnerability in Microsoft Windows client McAfee ...)
@@ -71163,8 +71197,8 @@ CVE-2020-2051
RESERVED
CVE-2020-2050 (An authentication bypass vulnerability exists in the GlobalProtect SSL ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
-CVE-2020-2049
- RESERVED
+CVE-2020-2049 (A local privilege escalation vulnerability exists in Palo Alto Network ...)
+ TODO: check
CVE-2020-2048 (An information exposure through log file vulnerability exists where th ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2020-2047
@@ -71221,8 +71255,8 @@ CVE-2020-2022 (An information exposure vulnerability exists in Palo Alto Network
NOT-FOR-US: Palo Alto Networks Panorama
CVE-2020-2021 (When Security Assertion Markup Language (SAML) authentication is enabl ...)
NOT-FOR-US: Palo Alto Networks
-CVE-2020-2020
- RESERVED
+CVE-2020-2020 (An improper handling of exceptional conditions vulnerability in Cortex ...)
+ TODO: check
CVE-2020-2019
RESERVED
CVE-2020-2018 (An authentication bypass vulnerability in the Panorama context switchi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e563456c3f23f1c99c9f3680cbdaf049c7d3e187
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e563456c3f23f1c99c9f3680cbdaf049c7d3e187
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201209/cdfcadba/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list