[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Dec 12 08:10:20 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7f49388e by security tracker role at 2020-12-12T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2020-35181
+ RESERVED
+CVE-2020-35180
+ RESERVED
+CVE-2020-35179
+ RESERVED
+CVE-2020-35178
+ RESERVED
+CVE-2020-35177
+ RESERVED
+CVE-2020-35176 (In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial a ...)
+ TODO: check
+CVE-2020-35175 (Frappe Framework 12 and 13 does not properly validate the HTTP method ...)
+ TODO: check
+CVE-2020-35174
+ RESERVED
+CVE-2020-35173
+ RESERVED
+CVE-2020-35172
+ RESERVED
+CVE-2020-35171
+ RESERVED
+CVE-2020-35170
+ RESERVED
+CVE-2020-35169
+ RESERVED
+CVE-2020-35168
+ RESERVED
+CVE-2020-35167
+ RESERVED
+CVE-2020-35166
+ RESERVED
+CVE-2020-35165
+ RESERVED
+CVE-2020-35164
+ RESERVED
+CVE-2020-35163
+ RESERVED
+CVE-2020-35162
+ RESERVED
+CVE-2020-35161
+ RESERVED
+CVE-2020-35160
+ RESERVED
+CVE-2020-35159
+ RESERVED
+CVE-2020-35158
+ RESERVED
+CVE-2020-35157
+ RESERVED
+CVE-2020-35156
+ RESERVED
+CVE-2020-35155
+ RESERVED
+CVE-2020-35154
+ RESERVED
+CVE-2020-35153
+ RESERVED
+CVE-2020-35152
+ RESERVED
CVE-2020-35151
RESERVED
CVE-2020-35150
@@ -14,7 +74,6 @@ CVE-2020-35145
RESERVED
CVE-2020-35144
REJECTED
- TODO: check
CVE-2020-35143
RESERVED
CVE-2020-35142
@@ -1147,8 +1206,8 @@ CVE-2020-29656 (An information disclosure vulnerability exists in RT-AC88U Downl
NOT-FOR-US: RT-AC88U Download Master
CVE-2020-29655 (An injection vulnerability exists in RT-AC88U Download Master before 3 ...)
NOT-FOR-US: RT-AC88U Download Master
-CVE-2020-29654
- RESERVED
+CVE-2020-29654 (Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that lea ...)
+ TODO: check
CVE-2020-29653
RESERVED
CVE-2020-29652
@@ -1872,8 +1931,8 @@ CVE-2020-29565 (An issue was discovered in OpenStack Horizon before 15.3.2, 16.x
NOTE: https://opendev.org/openstack/horizon/commit/252467100f75587e18df9c43ed5802ee8f0017fa
CVE-2020-29564 (The official Consul Docker images 0.7.1 through 1.4.2 contain a blank ...)
NOT-FOR-US: Consul Docker images
-CVE-2020-29563
- RESERVED
+CVE-2020-29563 (An issue was discovered on Western Digital My Cloud OS 5 devices befor ...)
+ TODO: check
CVE-2020-29562 (The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2 ...)
- glibc <unfixed> (bug #976391)
[stretch] - glibc <no-dsa> (Minor issue)
@@ -2321,8 +2380,8 @@ CVE-2020-29457
RESERVED
CVE-2020-29456 (Multiple cross-site scripting (XSS) vulnerabilities in Papermerge befo ...)
NOT-FOR-US: Papermerge
-CVE-2020-29455
- RESERVED
+CVE-2020-29455 (A cross-Site Scripting (XSS) vulnerability in this.showInvalid and thi ...)
+ TODO: check
CVE-2020-29454 (Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user ...)
NOT-FOR-US: Umbraco CMS
CVE-2020-29453
@@ -15512,18 +15571,18 @@ CVE-2020-25114
RESERVED
CVE-2020-25113
RESERVED
-CVE-2020-25112
- RESERVED
-CVE-2020-25111
- RESERVED
-CVE-2020-25110
- RESERVED
-CVE-2020-25109
- RESERVED
-CVE-2020-25108
- RESERVED
-CVE-2020-25107
- RESERVED
+CVE-2020-25112 (An issue was discovered in the IPv6 stack in Contiki through 3.0. Ther ...)
+ TODO: check
+CVE-2020-25111 (An issue was discovered in the IPv6 stack in Contiki through 3.0. Ther ...)
+ TODO: check
+CVE-2020-25110 (An issue was discovered in the DNS implementation in Ethernut in Nut/O ...)
+ TODO: check
+CVE-2020-25109 (An issue was discovered in the DNS implementation in Ethernut in Nut/O ...)
+ TODO: check
+CVE-2020-25108 (An issue was discovered in the DNS implementation in Ethernut in Nut/O ...)
+ TODO: check
+CVE-2020-25107 (An issue was discovered in the DNS implementation in Ethernut in Nut/O ...)
+ TODO: check
CVE-2020-25106
RESERVED
CVE-2020-25105 (eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recove ...)
@@ -17104,8 +17163,8 @@ CVE-2020-24385 (In MidnightBSD before 1.2.6 and 1.3 before August 2020, and Free
NOT-FOR-US: FreeBSD and MidnightBSD
CVE-2020-24384 (A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GU ...)
NOT-FOR-US: A10 Networks
-CVE-2020-24383
- RESERVED
+CVE-2020-24383 (An issue was discovered in FNET through 4.6.4. The code for processing ...)
+ TODO: check
CVE-2020-24382
RESERVED
CVE-2020-24381 (** DISPUTED ** GUnet Open eClass Platform (aka openeclass) through 3.9 ...)
@@ -17219,22 +17278,22 @@ CVE-2020-24342 (Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstr
- lua5.4 5.4.1-1 (bug #971012)
NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00052.html
NOTE: https://github.com/lua/lua/commit/34affe7a63fc5d842580a9f23616d057e17dfe27
-CVE-2020-24341
- RESERVED
-CVE-2020-24340
- RESERVED
-CVE-2020-24339
- RESERVED
-CVE-2020-24338
- RESERVED
-CVE-2020-24337
- RESERVED
-CVE-2020-24336
- RESERVED
+CVE-2020-24341 (An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The T ...)
+ TODO: check
+CVE-2020-24340 (An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The c ...)
+ TODO: check
+CVE-2020-24339 (An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The D ...)
+ TODO: check
+CVE-2020-24338 (An issue was discovered in picoTCP through 1.7.0. The DNS domain name ...)
+ TODO: check
+CVE-2020-24337 (An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When ...)
+ TODO: check
+CVE-2020-24336 (An issue was discovered in Contiki through 3.0 and Contiki-NG through ...)
+ TODO: check
CVE-2020-24335
RESERVED
-CVE-2020-24334
- RESERVED
+CVE-2020-24334 (The code that processes DNS responses in uIP through 1.0, as used in C ...)
+ TODO: check
CVE-2020-24333 (A vulnerability in Arista’s CloudVision Portal (CVP) prior to 20 ...)
NOT-FOR-US: Arista
CVE-2020-24332 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...)
@@ -31069,14 +31128,14 @@ CVE-2020-17472
RESERVED
CVE-2020-17471
RESERVED
-CVE-2020-17470
- RESERVED
-CVE-2020-17469
- RESERVED
-CVE-2020-17468
- RESERVED
-CVE-2020-17467
- RESERVED
+CVE-2020-17470 (An issue was discovered in FNET through 4.6.4. The code that initializ ...)
+ TODO: check
+CVE-2020-17469 (An issue was discovered in FNET through 4.6.4. The code for IPv6 fragm ...)
+ TODO: check
+CVE-2020-17468 (An issue was discovered in FNET through 4.6.4. The code for processing ...)
+ TODO: check
+CVE-2020-17467 (An issue was discovered in FNET through 4.6.4. The code for processing ...)
+ TODO: check
CVE-2020-17466 (Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by ...)
NOT-FOR-US: Turcom TRCwifiZone
CVE-2020-17465 (Dashboards and progressiveProfileForms in ForgeRock Identity Manager b ...)
@@ -31122,24 +31181,24 @@ CVE-2020-17446 (asyncpg before 0.21.0 allows a malicious PostgreSQL server to tr
{DLA-2363-1}
- asyncpg 0.21.0-1
NOTE: https://github.com/MagicStack/asyncpg/commit/69bcdf5bf7696b98ee708be5408fd7d854e910d0
-CVE-2020-17445
- RESERVED
-CVE-2020-17444
- RESERVED
-CVE-2020-17443
- RESERVED
-CVE-2020-17442
- RESERVED
-CVE-2020-17441
- RESERVED
-CVE-2020-17440
- RESERVED
-CVE-2020-17439
- RESERVED
-CVE-2020-17438
- RESERVED
-CVE-2020-17437
- RESERVED
+CVE-2020-17445 (An issue was discovered in picoTCP 1.7.0. The code for processing the ...)
+ TODO: check
+CVE-2020-17444 (An issue was discovered in picoTCP 1.7.0. The routine for processing t ...)
+ TODO: check
+CVE-2020-17443 (An issue was discovered in picoTCP 1.7.0. The code for creating an ICM ...)
+ TODO: check
+CVE-2020-17442 (An issue was discovered in picoTCP 1.7.0. The code for parsing the hop ...)
+ TODO: check
+CVE-2020-17441 (An issue was discovered in picoTCP 1.7.0. The code for processing the ...)
+ TODO: check
+CVE-2020-17440 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...)
+ TODO: check
+CVE-2020-17439 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...)
+ TODO: check
+CVE-2020-17438 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...)
+ TODO: check
+CVE-2020-17437 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...)
+ TODO: check
CVE-2020-17436
RESERVED
CVE-2020-17435
@@ -36006,10 +36065,10 @@ CVE-2020-15378
RESERVED
CVE-2020-15377
RESERVED
-CVE-2020-15376
- RESERVED
-CVE-2020-15375
- RESERVED
+CVE-2020-15376 (Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, con ...)
+ TODO: check
+CVE-2020-15375 (Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v ...)
+ TODO: check
CVE-2020-15374 (Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versio ...)
NOT-FOR-US: Brocade Fabric OS
CVE-2020-15373 (Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric ...)
@@ -39875,16 +39934,16 @@ CVE-2020-13990
RESERVED
CVE-2020-13989
RESERVED
-CVE-2020-13988
- RESERVED
-CVE-2020-13987
- RESERVED
-CVE-2020-13986
- RESERVED
-CVE-2020-13985
- RESERVED
-CVE-2020-13984
- RESERVED
+CVE-2020-13988 (An issue was discovered in Contiki through 3.0. An Integer Overflow ex ...)
+ TODO: check
+CVE-2020-13987 (An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read ...)
+ TODO: check
+CVE-2020-13986 (An issue was discovered in Contiki through 3.0. An infinite loop exist ...)
+ TODO: check
+CVE-2020-13985 (An issue was discovered in Contiki through 3.0. A memory corruption vu ...)
+ TODO: check
+CVE-2020-13984 (An issue was discovered in Contiki through 3.0. An infinite loop exist ...)
+ TODO: check
CVE-2020-13983
REJECTED
CVE-2020-13982
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f49388ee418be1caec512bd0a1a5293d3e0e9af
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f49388ee418be1caec512bd0a1a5293d3e0e9af
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201212/15eddeb4/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list