[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 17 08:10:26 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
62afa193 by security tracker role at 2020-12-17T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2020-35488
+ RESERVED
+CVE-2020-35487
+ RESERVED
+CVE-2020-35486
+ RESERVED
+CVE-2020-35485
+ RESERVED
+CVE-2020-35484
+ RESERVED
+CVE-2020-35483
+ RESERVED
CVE-2020-35482
RESERVED
CVE-2020-35481
@@ -59,8 +71,8 @@ CVE-2020-35455
RESERVED
CVE-2020-35454
RESERVED
-CVE-2020-35453
- RESERVED
+CVE-2020-35453 (HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorre ...)
+ TODO: check
CVE-2020-35452
RESERVED
CVE-2020-35451
@@ -572,34 +584,34 @@ CVE-2020-35199 (Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchat
NOT-FOR-US: Ignite Realtime Openfire
CVE-2020-35198
RESERVED
-CVE-2020-35197
- RESERVED
-CVE-2020-35196
- RESERVED
-CVE-2020-35195
- RESERVED
-CVE-2020-35194
- RESERVED
+CVE-2020-35197 (The official memcached docker images before 1.5.11-alpine (Alpine spec ...)
+ TODO: check
+CVE-2020-35196 (The official rabbitmq docker images before 3.7.13-beta.1-management-al ...)
+ TODO: check
+CVE-2020-35195 (The official haproxy docker images before 1.8.18-alpine (Alpine specif ...)
+ TODO: check
+CVE-2020-35194 (The official influxdb docker images before 1.7.3-meta-alpine (Alpine s ...)
+ TODO: check
CVE-2020-35193 (The official sonarqube docker images before alpine (Alpine specific) c ...)
NOT-FOR-US: sonarqube docker images before alpine (Alpine specific)
-CVE-2020-35192
- RESERVED
-CVE-2020-35191
- RESERVED
-CVE-2020-35190
- RESERVED
-CVE-2020-35189
- RESERVED
-CVE-2020-35188
- RESERVED
-CVE-2020-35187
- RESERVED
-CVE-2020-35186
- RESERVED
-CVE-2020-35185
- RESERVED
-CVE-2020-35184
- RESERVED
+CVE-2020-35192 (The official vault docker images before 0.11.6 contain a blank passwor ...)
+ TODO: check
+CVE-2020-35191 (The official drupal docker images before 8.5.10-fpm-alpine (Alpine spe ...)
+ TODO: check
+CVE-2020-35190 (The official plone Docker images before version of 4.3.18-alpine (Alpi ...)
+ TODO: check
+CVE-2020-35189 (The official kong docker images before 1.0.2-alpine (Alpine specific) ...)
+ TODO: check
+CVE-2020-35188 (The official chronograf docker images before 1.7.7-alpine (Alpine spec ...)
+ TODO: check
+CVE-2020-35187 (The official telegraf docker images before 1.9.4-alpine (Alpine specif ...)
+ TODO: check
+CVE-2020-35186 (The official adminer docker images before 4.7.0-fastcgi contain a blan ...)
+ TODO: check
+CVE-2020-35185 (The official ghost docker images before 2.16.1-alpine (Alpine specific ...)
+ TODO: check
+CVE-2020-35184 (The official composer docker images before 1.8.3 contain a blank passw ...)
+ TODO: check
CVE-2020-35183
RESERVED
CVE-2020-35182
@@ -612,8 +624,8 @@ CVE-2020-35179
RESERVED
CVE-2020-35178
RESERVED
-CVE-2020-35177
- RESERVED
+CVE-2020-35177 (HashiCorp Vault and Vault Enterprise allowed the enumeration of users ...)
+ TODO: check
CVE-2020-35176 (In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial a ...)
- awstats <unfixed> (bug #977190)
NOTE: https://github.com/eldy/awstats/issues/195
@@ -725,8 +737,8 @@ CVE-2020-35125
RESERVED
CVE-2020-35124
RESERVED
-CVE-2020-35123
- RESERVED
+CVE-2020-35123 (In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 ...)
+ TODO: check
CVE-2020-35122 (An issue was discovered in the Keysight Database Connector plugin befo ...)
NOT-FOR-US: Keysight Database Connector plugin for Confluence
CVE-2020-35121 (An issue was discovered in the Keysight Database Connector plugin befo ...)
@@ -749,7 +761,7 @@ CVE-2020-35114
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35114
CVE-2020-35113
RESERVED
- {DSA-4813-1}
+ {DSA-4813-1 DLA-2496-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
- thunderbird 1:78.6.0-1
@@ -766,7 +778,7 @@ CVE-2020-35112
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35112
CVE-2020-35111
RESERVED
- {DSA-4813-1}
+ {DSA-4813-1 DLA-2496-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
- thunderbird 1:78.6.0-1
@@ -1845,8 +1857,8 @@ CVE-2020-29654 (Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking th
NOT-FOR-US: Western Digital Dashboard
CVE-2020-29653
RESERVED
-CVE-2020-29652
- RESERVED
+CVE-2020-29652 (A nil pointer dereference in the golang.org/x/crypto/ssh component thr ...)
+ TODO: check
CVE-2021-1985
RESERVED
CVE-2021-1984
@@ -3098,8 +3110,8 @@ CVE-2020-29438 (Tesla Model X vehicles before 2020-11-23 have key fobs that acce
NOT-FOR-US: Tesla Model X vehicles
CVE-2020-29437
RESERVED
-CVE-2020-29436
- RESERVED
+CVE-2020-29436 (Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with ...)
+ TODO: check
CVE-2020-29435
RESERVED
CVE-2020-29434
@@ -4214,12 +4226,12 @@ CVE-2020-28933
RESERVED
CVE-2020-28932
RESERVED
-CVE-2020-28931
- RESERVED
-CVE-2020-28930
- RESERVED
-CVE-2020-28929
- RESERVED
+CVE-2020-28931 (Lack of an anti-CSRF token in the entire administrative interface in E ...)
+ TODO: check
+CVE-2020-28930 (A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete us ...)
+ TODO: check
+CVE-2020-28929 (Unrestricted access to the log downloader functionality in EPSON EPS T ...)
+ TODO: check
CVE-2020-28928 (In musl libc through 1.2.1, wcsnrtombs mishandles particular combinati ...)
{DLA-2474-1}
- musl <unfixed> (bug #975365)
@@ -11417,8 +11429,8 @@ CVE-2020-27201
RESERVED
CVE-2020-27200
RESERVED
-CVE-2020-27199
- RESERVED
+CVE-2020-27199 (The Magic Home Pro application 1.5.1 for Android allows Authentication ...)
+ TODO: check
CVE-2020-27198
RESERVED
CVE-2020-27197 (** DISPUTED ** TAXII libtaxii through 1.1.117, as used in EclecticIQ O ...)
@@ -11888,7 +11900,7 @@ CVE-2020-26979
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26979
CVE-2020-26978
RESERVED
- {DSA-4813-1}
+ {DSA-4813-1 DLA-2496-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
- thunderbird 1:78.6.0-1
@@ -11909,7 +11921,7 @@ CVE-2020-26975
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26975
CVE-2020-26974
RESERVED
- {DSA-4813-1}
+ {DSA-4813-1 DLA-2496-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
- thunderbird 1:78.6.0-1
@@ -11918,7 +11930,7 @@ CVE-2020-26974
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26974
CVE-2020-26973
RESERVED
- {DSA-4813-1}
+ {DSA-4813-1 DLA-2496-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
- thunderbird 1:78.6.0-1
@@ -11931,7 +11943,7 @@ CVE-2020-26972
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26972
CVE-2020-26971
RESERVED
- {DSA-4813-1}
+ {DSA-4813-1 DLA-2496-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
- thunderbird 1:78.6.0-1
@@ -13509,8 +13521,8 @@ CVE-2020-26276
RESERVED
CVE-2020-26275
RESERVED
-CVE-2020-26274
- RESERVED
+CVE-2020-26274 (In systeminformation (npm package) before version 4.31.1 there is a co ...)
+ TODO: check
CVE-2020-26273 (osquery is a SQL powered operating system instrumentation, monitoring, ...)
TODO: check
CVE-2020-26272
@@ -16366,12 +16378,12 @@ CVE-2020-25098
RESERVED
CVE-2020-25097
RESERVED
-CVE-2020-25096
- RESERVED
-CVE-2020-25095
- RESERVED
-CVE-2020-25094
- RESERVED
+CVE-2020-25096 (LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Us ...)
+ TODO: check
+CVE-2020-25095 (LogRhythm Platform Manager (PM) 7.4.9 allows CSRF. The Web interface i ...)
+ TODO: check
+CVE-2020-25094 (LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit ...)
+ TODO: check
CVE-2020-25093 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.p ...)
NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
CVE-2020-25092 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in _parts ...)
@@ -16561,10 +16573,10 @@ CVE-2020-25013 (JetBrains ToolBox before version 1.18 is vulnerable to a Denial
NOT-FOR-US: JetBrains
CVE-2020-25012
RESERVED
-CVE-2020-25011
- RESERVED
-CVE-2020-25010
- RESERVED
+CVE-2020-25011 (A sensitive information disclosure vulnerability in Kyland KPS2204 6 P ...)
+ TODO: check
+CVE-2020-25010 (An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Man ...)
+ TODO: check
CVE-2020-25009
RESERVED
CVE-2020-25008
@@ -34955,7 +34967,7 @@ CVE-2020-16043
RESERVED
CVE-2020-16042
RESERVED
- {DSA-4813-1}
+ {DSA-4813-1 DLA-2496-1}
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
- firefox 84.0-1
@@ -65644,16 +65656,16 @@ CVE-2020-4910
RESERVED
CVE-2020-4909
RESERVED
-CVE-2020-4908
- RESERVED
-CVE-2020-4907
- RESERVED
-CVE-2020-4906
- RESERVED
-CVE-2020-4905
- RESERVED
-CVE-2020-4904
- RESERVED
+CVE-2020-4908 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...)
+ TODO: check
+CVE-2020-4907 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...)
+ TODO: check
+CVE-2020-4906 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...)
+ TODO: check
+CVE-2020-4905 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...)
+ TODO: check
+CVE-2020-4904 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...)
+ TODO: check
CVE-2020-4903
RESERVED
CVE-2020-4902
@@ -66147,10 +66159,10 @@ CVE-2020-4660 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access
NOT-FOR-US: IBM
CVE-2020-4659
RESERVED
-CVE-2020-4658
- RESERVED
-CVE-2020-4657
- RESERVED
+CVE-2020-4658 (IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cro ...)
+ TODO: check
+CVE-2020-4657 (IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition i ...)
+ TODO: check
CVE-2020-4656
RESERVED
CVE-2020-4655 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...)
@@ -185645,6 +185657,7 @@ CVE-2018-1312 (In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest a
- apache2 2.4.33-1
NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/7
CVE-2018-1311 (The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-fre ...)
+ {DSA-4814-1}
- xerces-c 3.2.3+debian-2 (bug #947431)
[buster] - xerces-c <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - xerces-c <postponed> (Minor issue, revisit when fixed upstream)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62afa193acdd2cc96db2cf8c558cd1bdde890608
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62afa193acdd2cc96db2cf8c558cd1bdde890608
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201217/b20b6b25/attachment.html>
More information about the debian-security-tracker-commits
mailing list