[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Dec 16 20:10:26 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
76eab854 by security tracker role at 2020-12-16T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2020-35482
+ RESERVED
+CVE-2020-35481
+ RESERVED
+CVE-2020-35480
+ RESERVED
+CVE-2020-35479
+ RESERVED
+CVE-2020-35478
+ RESERVED
+CVE-2020-35477
+ RESERVED
+CVE-2020-35476 (A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 ...)
+ TODO: check
+CVE-2020-35475
+ RESERVED
+CVE-2020-35474
+ RESERVED
+CVE-2020-35473
+ RESERVED
CVE-2020-35472
RESERVED
CVE-2020-35471 (Envoy before 1.16.1 mishandles dropped and truncated datagrams, as dem ...)
@@ -684,8 +704,8 @@ CVE-2020-35135 (The ultimate-category-excluder plugin before 1.2 for WordPress a
NOT-FOR-US: ultimate-category-excluder plugin for WordPress
CVE-2020-35134
RESERVED
-CVE-2020-35133
- RESERVED
+CVE-2020-35133 (irfanView 4.56 contains an error processing parsing files of type .pcx ...)
+ TODO: check
CVE-2020-35132 (An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that a ...)
- phpldapadmin <unfixed>
NOTE: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474
@@ -732,6 +752,7 @@ CVE-2020-35114
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35114
CVE-2020-35113
RESERVED
+ {DSA-4813-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
- thunderbird 1:78.6.0-1
@@ -748,6 +769,7 @@ CVE-2020-35112
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35112
CVE-2020-35111
RESERVED
+ {DSA-4813-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
- thunderbird 1:78.6.0-1
@@ -2423,8 +2445,8 @@ CVE-2020-29609
RESERVED
CVE-2020-29608
RESERVED
-CVE-2020-29607
- RESERVED
+CVE-2020-29607 (A file upload restriction bypass vulnerability in Pluck CMS before 4.7 ...)
+ TODO: check
CVE-2020-XXXX [RUSTSEC-2020-0080: miow: `miow` invalidly assumes the memory layout of std::net::SocketAddr]
- rust-miow <unfixed> (bug #976871)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0080.html
@@ -3266,20 +3288,17 @@ CVE-2020-29365
RESERVED
CVE-2020-29364 (In NetArt News Lister 1.0.0, the news headlines vulnerable to stored x ...)
NOT-FOR-US: NetArt News Lister
-CVE-2020-29363
- RESERVED
+CVE-2020-29363 (An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-base ...)
- p11-kit 0.23.22-1
NOTE: https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html
NOTE: https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5j67-fw89-fp6x
NOTE: https://github.com/p11-glue/p11-kit/commit/2617f3ef888e103324a28811886b99ed0a56346d (0.23.22)
-CVE-2020-29362
- RESERVED
+CVE-2020-29362 (An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-base ...)
- p11-kit 0.23.22-1
NOTE: https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html
NOTE: https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5wpq-43j2-6qwc
NOTE: https://github.com/p11-glue/p11-kit/commit/bda2f543ff8e0195c90e849379ef1585d00677bc (0.23.22)
-CVE-2020-29361
- RESERVED
+CVE-2020-29361 (An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple in ...)
- p11-kit 0.23.22-1
NOTE: https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html
NOTE: https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2
@@ -6343,8 +6362,8 @@ CVE-2020-28460
RESERVED
CVE-2020-28459
RESERVED
-CVE-2020-28458
- RESERVED
+CVE-2020-28458 (All versions of package datatables.net are vulnerable to Prototype Pol ...)
+ TODO: check
CVE-2020-28457 (This affects the package s-cart/core before 4.4. The search functional ...)
TODO: check
CVE-2020-28456 (The package s-cart/core before 4.4 are vulnerable to Cross-site Script ...)
@@ -11870,6 +11889,7 @@ CVE-2020-26979
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26979
CVE-2020-26978
RESERVED
+ {DSA-4813-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
- thunderbird 1:78.6.0-1
@@ -11890,6 +11910,7 @@ CVE-2020-26975
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26975
CVE-2020-26974
RESERVED
+ {DSA-4813-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
- thunderbird 1:78.6.0-1
@@ -11898,6 +11919,7 @@ CVE-2020-26974
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26974
CVE-2020-26973
RESERVED
+ {DSA-4813-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
- thunderbird 1:78.6.0-1
@@ -11910,6 +11932,7 @@ CVE-2020-26972
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26972
CVE-2020-26971
RESERVED
+ {DSA-4813-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
- thunderbird 1:78.6.0-1
@@ -13656,8 +13679,8 @@ CVE-2020-26200
RESERVED
CVE-2020-26199
RESERVED
-CVE-2020-26198
- RESERVED
+CVE-2020-26198 (Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a ...)
+ TODO: check
CVE-2020-26197
RESERVED
CVE-2020-26196
@@ -15163,18 +15186,18 @@ CVE-2020-25623 (Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Di
[buster] - erlang <not-affected> (Vulnerable code introduced later)
[stretch] - erlang <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/erlang/otp/releases/tag/OTP-23.1
-CVE-2020-25622
- RESERVED
-CVE-2020-25621
- RESERVED
-CVE-2020-25620
- RESERVED
-CVE-2020-25619
- RESERVED
-CVE-2020-25618
- RESERVED
-CVE-2020-25617
- RESERVED
+CVE-2020-25622 (An issue was discovered in SolarWinds N-Central 12.3.0.670. The Advanc ...)
+ TODO: check
+CVE-2020-25621 (An issue was discovered in SolarWinds N-Central 12.3.0.670. The local ...)
+ TODO: check
+CVE-2020-25620 (An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded ...)
+ TODO: check
+CVE-2020-25619 (An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH co ...)
+ TODO: check
+CVE-2020-25618 (An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo c ...)
+ TODO: check
+CVE-2020-25617 (An issue was discovered in SolarWinds N-Central 12.3.0.670. The Advanc ...)
+ TODO: check
CVE-2020-25616
RESERVED
CVE-2020-25615
@@ -31707,6 +31730,7 @@ CVE-2020-17529 (Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (
CVE-2020-17528 (Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incuba ...)
NOT-FOR-US: Apache NuttX
CVE-2020-17527 (While investigating bug 64830 it was discovered that Apache Tomcat 10. ...)
+ {DLA-2495-1}
- tomcat9 9.0.40-1
- tomcat8 <removed>
NOTE: https://github.com/apache/tomcat/commit/d56293f816d6dc9e2b47107f208fa9e95db58c65 (9.0.40)
@@ -34931,6 +34955,7 @@ CVE-2020-16043
RESERVED
CVE-2020-16042
RESERVED
+ {DSA-4813-1}
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
- firefox 84.0-1
@@ -39957,8 +39982,8 @@ CVE-2020-14256
RESERVED
CVE-2020-14255
RESERVED
-CVE-2020-14254
- RESERVED
+CVE-2020-14254 (TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v ...)
+ TODO: check
CVE-2020-14253
RESERVED
CVE-2020-14252
@@ -39969,8 +39994,8 @@ CVE-2020-14250
RESERVED
CVE-2020-14249
RESERVED
-CVE-2020-14248
- RESERVED
+CVE-2020-14248 (BigFix Inventory up to v10.0.2 does not set the secure flag for the se ...)
+ TODO: check
CVE-2020-14247
RESERVED
CVE-2020-14246
@@ -58029,8 +58054,8 @@ CVE-2020-7839
RESERVED
CVE-2020-7838
RESERVED
-CVE-2020-7837
- RESERVED
+CVE-2020-7837 (An issue was discovered in ML Report Program. There is a stack-based b ...)
+ TODO: check
CVE-2020-7836
RESERVED
CVE-2020-7835
@@ -58145,8 +58170,8 @@ CVE-2020-7783
RESERVED
CVE-2020-7782
RESERVED
-CVE-2020-7781
- RESERVED
+CVE-2020-7781 (This affects the package connection-tester before 0.2.1. The injection ...)
+ TODO: check
CVE-2020-7780 (This affects the package com.softwaremill.akka-http-session:core_2.13 ...)
TODO: check
CVE-2020-7779 (All versions of package djvalidator are vulnerable to Regular Expressi ...)
@@ -63370,10 +63395,10 @@ CVE-2020-5685
RESERVED
CVE-2020-5684
RESERVED
-CVE-2020-5683
- RESERVED
-CVE-2020-5682
- RESERVED
+CVE-2020-5683 (Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v ...)
+ TODO: check
+CVE-2020-5682 (Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Seri ...)
+ TODO: check
CVE-2020-5681
RESERVED
CVE-2020-5680 (Improper input validation vulnerability in EC-CUBE versions from 3.0.5 ...)
@@ -64106,10 +64131,10 @@ CVE-2020-5362 (Dell Client Consumer and Commercial platforms include an improper
NOT-FOR-US: Dell
CVE-2020-5361
RESERVED
-CVE-2020-5360
- RESERVED
-CVE-2020-5359
- RESERVED
+CVE-2020-5360 (Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable ...)
+ TODO: check
+CVE-2020-5359 (Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable ...)
+ TODO: check
CVE-2020-5358 (Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suit ...)
NOT-FOR-US: Dell Encryption
CVE-2020-5357 (Dell Dock Firmware Update Utilities for Dell Client Consumer and Comme ...)
@@ -67450,8 +67475,8 @@ CVE-2020-4010
RESERVED
CVE-2020-4009
RESERVED
-CVE-2020-4008
- RESERVED
+CVE-2020-4008 (The installer of the macOS Sensor for VMware Carbon Black Cloud prior ...)
+ TODO: check
CVE-2020-4007
RESERVED
CVE-2020-4006 (VMware Workspace One Access, Access Connector, Identity Manager, and I ...)
@@ -92411,22 +92436,22 @@ CVE-2019-14485
RESERVED
CVE-2019-14484
RESERVED
-CVE-2019-14483
- RESERVED
-CVE-2019-14482
- RESERVED
-CVE-2019-14481
- RESERVED
-CVE-2019-14480
- RESERVED
-CVE-2019-14479
- RESERVED
-CVE-2019-14478
- RESERVED
-CVE-2019-14477
- RESERVED
-CVE-2019-14476
- RESERVED
+CVE-2019-14483 (AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user ...)
+ TODO: check
+CVE-2019-14482 (AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerabil ...)
+ TODO: check
+CVE-2019-14481 (AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vu ...)
+ TODO: check
+CVE-2019-14480 (AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerabi ...)
+ TODO: check
+CVE-2019-14479 (AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCr ...)
+ TODO: check
+CVE-2019-14478 (AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vu ...)
+ TODO: check
+CVE-2019-14477 (AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage since the ...)
+ TODO: check
+CVE-2019-14476 (AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) v ...)
+ TODO: check
CVE-2019-14475 (eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use s ...)
NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
CVE-2019-14474 (eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76eab854b5106ac4c2d06b47468a418a2456bc21
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76eab854b5106ac4c2d06b47468a418a2456bc21
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201216/b5f0d9f5/attachment.html>
More information about the debian-security-tracker-commits
mailing list