[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Dec 11 20:10:31 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1a0f3854 by security tracker role at 2020-12-11T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,30 @@
+CVE-2020-35151
+ RESERVED
+CVE-2020-35150
+ RESERVED
+CVE-2020-35149 (lib/utils.js in mquery before 3.2.3 allows a pollution attack because ...)
+ TODO: check
+CVE-2020-35148
+ RESERVED
+CVE-2020-35147
+ RESERVED
+CVE-2020-35146
+ RESERVED
+CVE-2020-35145
+ RESERVED
+CVE-2020-35144
+ REJECTED
+ TODO: check
+CVE-2020-35143
+ RESERVED
+CVE-2020-35142
+ RESERVED
+CVE-2020-35141
+ RESERVED
+CVE-2020-35140
+ RESERVED
+CVE-2020-35139
+ RESERVED
CVE-2020-35138
RESERVED
CVE-2020-35137
@@ -1780,12 +1807,12 @@ CVE-2020-29593
RESERVED
CVE-2020-29592
RESERVED
-CVE-2020-29591
- RESERVED
-CVE-2020-29590
- RESERVED
-CVE-2020-29589
- RESERVED
+CVE-2020-29591 (Versions of the Official registry Docker images through 2.7.0 contain ...)
+ TODO: check
+CVE-2020-29590 (Versions of the Official teamspeak Docker images through 3.6.0 contain ...)
+ TODO: check
+CVE-2020-29589 (Versions of the Official kapacitor Docker images through 1.5.0-alpine ...)
+ TODO: check
CVE-2020-29588
RESERVED
CVE-2020-29587
@@ -1814,8 +1841,8 @@ CVE-2020-29576 (The official eggdrop Docker images before 1.8.4rc2 contain a bla
NOT-FOR-US: eggdrop Docker images
CVE-2020-29575 (The official elixir Docker images before 1.8.0-alpine (Alpine specific ...)
NOT-FOR-US: elixir Docker images
-CVE-2020-29574
- RESERVED
+CVE-2020-29574 (An SQL injection vulnerability in the WebAdmin of Cyberoam OS through ...)
+ TODO: check
CVE-2020-29573 (sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) befo ...)
- glibc <unfixed>
[stretch] - glibc <no-dsa> (Minor issue)
@@ -2737,8 +2764,8 @@ CVE-2020-29256
RESERVED
CVE-2020-29255
RESERVED
-CVE-2020-29254
- RESERVED
+CVE-2020-29254 (TikiWiki 21.2 allows templates to be edited without CSRF protection. T ...)
+ TODO: check
CVE-2020-29253
RESERVED
CVE-2020-29252
@@ -3657,8 +3684,8 @@ CVE-2020-28840
RESERVED
CVE-2020-28839
RESERVED
-CVE-2020-28838
- RESERVED
+CVE-2020-28838 (Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Open ...)
+ TODO: check
CVE-2020-28837
RESERVED
CVE-2020-28836
@@ -5617,10 +5644,10 @@ CVE-2020-28442
RESERVED
CVE-2020-28441
RESERVED
-CVE-2020-28440
- RESERVED
-CVE-2020-28439
- RESERVED
+CVE-2020-28440 (All versions of package corenlp-js-interface are vulnerable to Command ...)
+ TODO: check
+CVE-2020-28439 (This affects all versions of package corenlp-js-prefab. The injection ...)
+ TODO: check
CVE-2020-28438
RESERVED
CVE-2020-28437
@@ -8680,8 +8707,8 @@ CVE-2020-27827
CVE-2020-27826
RESERVED
NOT-FOR-US: Keycloak
-CVE-2020-27825
- RESERVED
+CVE-2020-27825 (A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux ...)
+ TODO: check
CVE-2020-27824 [global-buffer-overflow read in lib-openjp2]
RESERVED
- openjpeg2 <unfixed>
@@ -9083,8 +9110,8 @@ CVE-2020-27732
RESERVED
CVE-2020-27731
RESERVED
-CVE-2020-27730
- RESERVED
+CVE-2020-27730 (In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller ...)
+ TODO: check
CVE-2020-27729
RESERVED
CVE-2020-27728
@@ -9117,8 +9144,8 @@ CVE-2020-27715
RESERVED
CVE-2020-27714
RESERVED
-CVE-2020-27713
- RESERVED
+CVE-2020-27713 (In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP ...)
+ TODO: check
CVE-2020-27712
RESERVED
CVE-2020-27711
@@ -9983,8 +10010,8 @@ CVE-2020-27510
RESERVED
CVE-2020-27509
RESERVED
-CVE-2020-27508
- RESERVED
+CVE-2020-27508 (In two-factor authentication, the system also sending 2fa secret key i ...)
+ TODO: check
CVE-2020-27507
RESERVED
CVE-2020-27506
@@ -10764,12 +10791,12 @@ CVE-2020-27136
RESERVED
CVE-2020-27135
RESERVED
-CVE-2020-27134
- RESERVED
-CVE-2020-27133
- RESERVED
-CVE-2020-27132
- RESERVED
+CVE-2020-27134 (Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS ...)
+ TODO: check
+CVE-2020-27133 (Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS ...)
+ TODO: check
+CVE-2020-27132 (Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS ...)
+ TODO: check
CVE-2020-27131 (Multiple vulnerabilities in the Java deserialization function that is ...)
NOT-FOR-US: Cisco
CVE-2020-27130 (A vulnerability in Cisco Security Manager could allow an unauthenticat ...)
@@ -10778,8 +10805,8 @@ CVE-2020-27129 (A vulnerability in the remote management feature of Cisco SD-WAN
NOT-FOR-US: Cisco
CVE-2020-27128 (A vulnerability in the application data endpoints of Cisco SD-WAN vMan ...)
NOT-FOR-US: Cisco
-CVE-2020-27127
- RESERVED
+CVE-2020-27127 (Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS ...)
+ TODO: check
CVE-2020-27126 (A vulnerability in an API of Cisco Webex Meetings could allow an unaut ...)
NOT-FOR-US: Cisco
CVE-2020-27125 (A vulnerability in Cisco Security Manager could allow an unauthenticat ...)
@@ -12362,14 +12389,14 @@ CVE-2020-26423
RESERVED
CVE-2020-26422
RESERVED
-CVE-2020-26421
- RESERVED
-CVE-2020-26420
- RESERVED
-CVE-2020-26419
- RESERVED
-CVE-2020-26418
- RESERVED
+CVE-2020-26421 (Crash in USB HID protocol dissector and possibly other dissectors in W ...)
+ TODO: check
+CVE-2020-26420 (Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to ...)
+ TODO: check
+CVE-2020-26419 (Memory leak in the dissection engine in Wireshark 3.4.0 allows denial ...)
+ TODO: check
+CVE-2020-26418 (Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 t ...)
+ TODO: check
CVE-2020-26417 (Information disclosure via GraphQL in GitLab CE/EE 13.1 and later expo ...)
TODO: check
CVE-2020-26416 (Information disclosure in Advanced Search component of GitLab EE start ...)
@@ -12679,10 +12706,10 @@ CVE-2020-26267 (In affected versions of TensorFlow the tf.raw_ops.DataFormatVecP
TODO: check
CVE-2020-26266 (In affected versions of TensorFlow under certain cases a saved model c ...)
TODO: check
-CVE-2020-26265
- RESERVED
-CVE-2020-26264
- RESERVED
+CVE-2020-26265 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...)
+ TODO: check
+CVE-2020-26264 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...)
+ TODO: check
CVE-2020-26263
RESERVED
CVE-2020-26262
@@ -27593,8 +27620,8 @@ CVE-2020-19167
RESERVED
CVE-2020-19166
RESERVED
-CVE-2020-19165
- RESERVED
+CVE-2020-19165 (PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_ ...)
+ TODO: check
CVE-2020-19164
RESERVED
CVE-2020-19163
@@ -30908,8 +30935,8 @@ CVE-2020-17517
RESERVED
CVE-2020-17516
RESERVED
-CVE-2020-17515
- RESERVED
+CVE-2020-17515 (The "origin" parameter passed to some of the endpoints like '/trigger' ...)
+ TODO: check
CVE-2020-17514
RESERVED
CVE-2020-17513
@@ -36017,8 +36044,8 @@ CVE-2020-15360 (com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege esc
NOT-FOR-US: Docker Desktop on Windows
CVE-2020-15359
RESERVED
-CVE-2020-15357
- RESERVED
+CVE-2020-15357 (Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and ...)
+ TODO: check
CVE-2020-15358 (In SQLite before 3.32.3, select.c mishandles query-flattener optimizat ...)
- sqlite3 3.32.3-1
[buster] - sqlite3 3.27.2-3+deb10u1
@@ -36842,8 +36869,8 @@ CVE-2020-15025 (ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allow
NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5e84aa07N2NcL4sE_0dW35Tizc74SA
CVE-2020-15024 (An issue was discovered in the Login Password feature of the Password ...)
NOT-FOR-US: Avast Antivirus
-CVE-2020-15023
- RESERVED
+CVE-2020-15023 (Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected b ...)
+ TODO: check
CVE-2020-15022
RESERVED
CVE-2020-15021
@@ -44655,10 +44682,10 @@ CVE-2020-12151
RESERVED
CVE-2020-12150
RESERVED
-CVE-2020-12149
- RESERVED
-CVE-2020-12148
- RESERVED
+CVE-2020-12149 (The configuration backup/restore function in Silver Peak Unity ECOSTM ...)
+ TODO: check
+CVE-2020-12148 (A command injection flaw identified in the nslookup API in Silver Peak ...)
+ TODO: check
CVE-2020-12147 (In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, ...)
NOT-FOR-US: Silver Peak Unity Orchestrator
CVE-2020-12146 (In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, ...)
@@ -57250,18 +57277,18 @@ CVE-2020-7795
RESERVED
CVE-2020-7794
RESERVED
-CVE-2020-7793
- RESERVED
-CVE-2020-7792
- RESERVED
-CVE-2020-7791
- RESERVED
-CVE-2020-7790
- RESERVED
-CVE-2020-7789
- RESERVED
-CVE-2020-7788
- RESERVED
+CVE-2020-7793 (The package ua-parser-js before 0.7.23 are vulnerable to Regular Expre ...)
+ TODO: check
+CVE-2020-7792 (This affects all versions of package mout. The deepFillIn function can ...)
+ TODO: check
+CVE-2020-7791 (This affects the package i18n before 2.1.15. Vulnerability arises out ...)
+ TODO: check
+CVE-2020-7790 (This affects the package spatie/browsershot from 0.0.0. By specifying ...)
+ TODO: check
+CVE-2020-7789 (This affects the package node-notifier before 9.0.0. It allows an atta ...)
+ TODO: check
+CVE-2020-7788 (This affects the package ini before 1.3.6. If an attacker submits a ma ...)
+ TODO: check
CVE-2020-7787 (This affects all versions of package react-adal. It is possible for a ...)
TODO: check
CVE-2020-7786
@@ -61965,12 +61992,12 @@ CVE-2020-5952
RESERVED
CVE-2020-5951
RESERVED
-CVE-2020-5950
- RESERVED
-CVE-2020-5949
- RESERVED
-CVE-2020-5948
- RESERVED
+CVE-2020-5950 (On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allo ...)
+ TODO: check
+CVE-2020-5949 (On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic ...)
+ TODO: check
+CVE-2020-5948 (On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, ...)
+ TODO: check
CVE-2020-5947 (In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP plat ...)
NOT-FOR-US: F5 BIG-IP
CVE-2020-5946 (In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0 ...)
@@ -65300,8 +65327,8 @@ CVE-2020-4635
RESERVED
CVE-2020-4634
RESERVED
-CVE-2020-4633
- RESERVED
+CVE-2020-4633 (IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbi ...)
+ TODO: check
CVE-2020-4632 (IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-sid ...)
NOT-FOR-US: IBM
CVE-2020-4631 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-de ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0f38540c17b4c74fc18b396dfe8048ebf150f6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0f38540c17b4c74fc18b396dfe8048ebf150f6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201211/5e3153e8/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list