[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Dec 18 20:10:39 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
05944fbd by security tracker role at 2020-12-18T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2020-35570
+ RESERVED
+CVE-2020-35569
+ RESERVED
+CVE-2020-35568
+ RESERVED
+CVE-2020-35567
+ RESERVED
+CVE-2020-35566
+ RESERVED
+CVE-2020-35565
+ RESERVED
+CVE-2020-35564
+ RESERVED
+CVE-2020-35563
+ RESERVED
+CVE-2020-35562
+ RESERVED
+CVE-2020-35561
+ RESERVED
+CVE-2020-35560
+ RESERVED
+CVE-2020-35559
+ RESERVED
+CVE-2020-35558
+ RESERVED
+CVE-2020-35557
+ RESERVED
+CVE-2020-35556
+ RESERVED
+CVE-2020-35555 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...)
+ TODO: check
+CVE-2020-35554 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
+ TODO: check
+CVE-2020-35553 (An issue was discovered on Samsung mobile devices with Q(10.0) and R(1 ...)
+ TODO: check
+CVE-2020-35552 (An issue was discovered in the GPS daemon on Samsung mobile devices wi ...)
+ TODO: check
+CVE-2020-35551 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ TODO: check
+CVE-2020-35550 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ TODO: check
+CVE-2020-35549 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ TODO: check
+CVE-2020-35548 (An issue was discovered in Finder on Samsung mobile devices with Q(10. ...)
+ TODO: check
CVE-2021-21005
RESERVED
CVE-2021-21004
@@ -2151,37 +2197,35 @@ CVE-2020-35482
RESERVED
CVE-2020-35481
RESERVED
-CVE-2020-35480 [Divergent behavior for contributions and user pages of hidden users and missing users]
- RESERVED
+CVE-2020-35480 (An issue was discovered in MediaWiki before 1.35.1. Missing users (acc ...)
+ {DSA-4816-1}
- mediawiki 1:1.35.1-1
NOTE: https://phabricator.wikimedia.org/T120883
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
-CVE-2020-35479 [BlockLogFormatter can output raw html]
- RESERVED
+CVE-2020-35479 (MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language ...)
+ {DSA-4816-1}
- mediawiki 1:1.35.1-1
NOTE: https://phabricator.wikimedia.org/T268938
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
-CVE-2020-35478 [BlockLogFormatter can output raw html]
- RESERVED
+CVE-2020-35478 (MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWik ...)
- mediawiki 1:1.35.1-1
[buster] - mediawiki <not-affected> (Introduced in 1.33)
[stretch] - mediawiki <not-affected> (Introduced in 1.33)
NOTE: https://phabricator.wikimedia.org/T268938
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
-CVE-2020-35477 [Unable to change visibility of log entries when MediaWiki:Mainpage uses Special:MyLanguage]
- RESERVED
+CVE-2020-35477 (MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries ...)
+ {DSA-4816-1}
- mediawiki 1:1.35.1-1
NOTE: https://phabricator.wikimedia.org/T205908
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
CVE-2020-35476 (A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 ...)
NOT-FOR-US: OpenTSDB
-CVE-2020-35475 [Messages userrights-expiry-current and userrights-expiry-none can contain raw html]
- RESERVED
+CVE-2020-35475 (In MediaWiki before 1.35.1, the messages userrights-expiry-current and ...)
+ {DSA-4816-1}
- mediawiki 1:1.35.1-1
NOTE: https://phabricator.wikimedia.org/T268917
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
-CVE-2020-35474 [Message recentchanges-legend-watchlistexpiry can contain raw html]
- RESERVED
+CVE-2020-35474 (In MediaWiki before 1.35.1, the combination of Html::rawElement and Me ...)
- mediawiki 1:1.35.1-1
[buster] - mediawiki <not-affected> (Introduced in 1.35)
[stretch] - mediawiki <not-affected> (Introduced in 1.35)
@@ -12178,8 +12222,8 @@ CVE-2020-27689 (The Relish (Verve Connect) VH510 device with firmware before 1.0
NOT-FOR-US: Relish (Verve Connect) VH510 device
CVE-2020-27688 (RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt ...)
NOT-FOR-US: RVTools
-CVE-2020-27687
- RESERVED
+CVE-2020-27687 (ThingsBoard before v3.2 is vulnerable to Host header injection in pass ...)
+ TODO: check
CVE-2020-27686
RESERVED
CVE-2020-27685
@@ -12665,10 +12709,10 @@ CVE-2020-27642 (A cross-site scripting (XSS) vulnerability exists in the 'merge
NOT-FOR-US: BigBlueButton
CVE-2020-27641
REJECTED
-CVE-2020-27640
- RESERVED
-CVE-2020-27639
- RESERVED
+CVE-2020-27640 (The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with ...)
+ TODO: check
+CVE-2020-27639 (The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phone ...)
+ TODO: check
CVE-2020-27637
RESERVED
CVE-2020-27636
@@ -13328,8 +13372,8 @@ CVE-2020-27342
RESERVED
CVE-2020-27341
RESERVED
-CVE-2020-27340
- RESERVED
+CVE-2020-27340 (The online help portal of Mitel MiCollab before 9.2 could allow an att ...)
+ TODO: check
CVE-2020-27339
RESERVED
CVE-2020-27338
@@ -13721,8 +13765,8 @@ CVE-2020-27156 (Veritas APTARE versions prior to 10.5 did not perform adequate a
NOT-FOR-US: Veritas
CVE-2020-27155 (An issue was discovered in Octopus Deploy through 2020.4.4. If enabled ...)
NOT-FOR-US: Octopus Deploy
-CVE-2020-27154
- RESERVED
+CVE-2020-27154 (The chat window of Mitel BusinessCTI Enterprise (MBC-E) Client for Win ...)
+ TODO: check
CVE-2020-27152 (An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioap ...)
- linux 5.9.6-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -15704,8 +15748,8 @@ CVE-2020-26282
RESERVED
CVE-2020-26281
RESERVED
-CVE-2020-26280
- RESERVED
+CVE-2020-26280 (OpenSlides is a free, Web-based presentation and assembly system for m ...)
+ TODO: check
CVE-2020-26279
RESERVED
CVE-2020-26278
@@ -15769,8 +15813,8 @@ CVE-2020-26253 (Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6
NOT-FOR-US: Kirby CMS
CVE-2020-26252
RESERVED
-CVE-2020-26251
- RESERVED
+CVE-2020-26251 (Open Zaak is a modern, open-source data- and services-layer to enable ...)
+ TODO: check
CVE-2020-26250 (OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthent ...)
NOT-FOR-US: JupyterHub login mechanism
CVE-2020-26249 (Red Discord Bot Dashboard is an easy-to-use interactive web dashboard ...)
@@ -15929,22 +15973,22 @@ CVE-2020-26180
RESERVED
CVE-2020-26179
RESERVED
-CVE-2020-26178
- RESERVED
-CVE-2020-26177
- RESERVED
-CVE-2020-26176
- RESERVED
-CVE-2020-26175
- RESERVED
-CVE-2020-26174
- RESERVED
-CVE-2020-26173
- RESERVED
-CVE-2020-26172
- RESERVED
-CVE-2020-26171
- RESERVED
+CVE-2020-26178 (In tangro Business Workflow before 1.18.1, knowing an attachment ID, i ...)
+ TODO: check
+CVE-2020-26177 (In tangro Business Workflow before 1.18.1, a user's profile contains s ...)
+ TODO: check
+CVE-2020-26176 (An issue was discovered in tangro Business Workflow before 1.18.1. No ...)
+ TODO: check
+CVE-2020-26175 (In tangro Business Workflow before 1.18.1, an attacker can manipulate ...)
+ TODO: check
+CVE-2020-26174 (tangro Business Workflow before 1.18.1 requests a list of allowed file ...)
+ TODO: check
+CVE-2020-26173 (An incorrect access control implementation in Tangro Business Workflow ...)
+ TODO: check
+CVE-2020-26172 (Every login in tangro Business Workflow before 1.18.1 generates the sa ...)
+ TODO: check
+CVE-2020-26171 (In tangro Business Workflow before 1.18.1, the documentId of attachmen ...)
+ TODO: check
CVE-2020-26170
RESERVED
CVE-2020-26169
@@ -16565,8 +16609,8 @@ CVE-2020-25903
RESERVED
CVE-2020-25902
RESERVED
-CVE-2020-25901
- RESERVED
+CVE-2020-25901 (Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to r ...)
+ TODO: check
CVE-2020-25900
RESERVED
CVE-2020-25899
@@ -17429,20 +17473,20 @@ CVE-2020-25613 (An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6
- jruby <unfixed> (bug #972230)
NOTE: https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/
NOTE: Fix in webrick: https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7
-CVE-2020-25612
- RESERVED
-CVE-2020-25611
- RESERVED
-CVE-2020-25610
- RESERVED
-CVE-2020-25609
- RESERVED
-CVE-2020-25608
- RESERVED
+CVE-2020-25612 (The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an atta ...)
+ TODO: check
+CVE-2020-25611 (The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to ...)
+ TODO: check
+CVE-2020-25610 (The AWV component of Mitel MiCollab before 9.2 could allow an attacker ...)
+ TODO: check
+CVE-2020-25609 (The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow ...)
+ TODO: check
+CVE-2020-25608 (The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to ...)
+ TODO: check
CVE-2020-25607
RESERVED
-CVE-2020-25606
- RESERVED
+CVE-2020-25606 (The AWV component of Mitel MiCollab before 9.2 could allow an attacker ...)
+ TODO: check
CVE-2020-25605
RESERVED
CVE-2020-25604 (An issue was discovered in Xen through 4.14.x. There is a race conditi ...)
@@ -17690,10 +17734,10 @@ CVE-2020-25497
RESERVED
CVE-2020-25496
RESERVED
-CVE-2020-25495
- RESERVED
-CVE-2020-25494
- RESERVED
+CVE-2020-25495 (A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerl ...)
+ TODO: check
+CVE-2020-25494 (Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute ...)
+ TODO: check
CVE-2020-25493
RESERVED
CVE-2020-25492
@@ -19452,8 +19496,8 @@ CVE-2020-24695
RESERVED
CVE-2020-24694
RESERVED
-CVE-2020-24693
- RESERVED
+CVE-2020-24693 (The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 co ...)
+ TODO: check
CVE-2020-24692 (The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 co ...)
NOT-FOR-US: Mitel
CVE-2020-24691
@@ -28376,12 +28420,12 @@ CVE-2020-20302
RESERVED
CVE-2020-20301
RESERVED
-CVE-2020-20300
- RESERVED
-CVE-2020-20299
- RESERVED
-CVE-2020-20298
- RESERVED
+CVE-2020-20300 (SQL injection vulnerability in the wp_where function in WeiPHP 5.0. ...)
+ TODO: check
+CVE-2020-20299 (WeiPHP 5.0 does not properly restrict access to pages, related to usin ...)
+ TODO: check
+CVE-2020-20298 (Eval injection vulnerability in the parserCommom method in the ParserT ...)
+ TODO: check
CVE-2020-20297
RESERVED
CVE-2020-20296
@@ -28406,8 +28450,8 @@ CVE-2020-20287
RESERVED
CVE-2020-20286
RESERVED
-CVE-2020-20285
- RESERVED
+CVE-2020-20285 (There is a XSS in the user login page in zzcms 2019. Users can inject ...)
+ TODO: check
CVE-2020-20284
RESERVED
CVE-2020-20283
@@ -28422,10 +28466,10 @@ CVE-2020-20279
RESERVED
CVE-2020-20278
RESERVED
-CVE-2020-20277
- RESERVED
-CVE-2020-20276
- RESERVED
+CVE-2020-20277 (There are multiple unauthenticated directory traversal vulnerabilities ...)
+ TODO: check
+CVE-2020-20276 (An unauthenticated stack-based buffer overflow vulnerability in common ...)
+ TODO: check
CVE-2020-20275
RESERVED
CVE-2020-20274
@@ -68149,8 +68193,8 @@ CVE-2020-4766
RESERVED
CVE-2020-4765
RESERVED
-CVE-2020-4764
- RESERVED
+CVE-2020-4764 (IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery ...)
+ TODO: check
CVE-2020-4763 (IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through ...)
NOT-FOR-US: IBM
CVE-2020-4762
@@ -86893,12 +86937,12 @@ CVE-2019-16959
RESERVED
CVE-2019-16958 (Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 1 ...)
NOT-FOR-US: SolarWinds Web Help Desk
-CVE-2019-16957
- RESERVED
+CVE-2019-16957 (SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of ...)
+ TODO: check
CVE-2019-16956
RESERVED
-CVE-2019-16955
- RESERVED
+CVE-2019-16955 (SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG documen ...)
+ TODO: check
CVE-2019-16954
RESERVED
CVE-2019-16953
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05944fbdbae5cd67ec040c6b7d19eed98c4f256b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05944fbdbae5cd67ec040c6b7d19eed98c4f256b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201218/0705c844/attachment.html>
More information about the debian-security-tracker-commits
mailing list